AT&T Security Consulting Services

italiansaucySoftware and s/w Development

Dec 13, 2013 (3 years and 10 months ago)

69 views

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

AT&T Security Consulting Services

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Payment Card

Industry Solutions

Governance, Risk,

Compliance

Security Strategy

& Roadmap

Secure Infrastructure

Services

Vulnerability

& Threat

Management

Application

Security Services

S e c u r i t y

Security Consulting Services

2

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

3

Our Mission


To build trusted advisor customer
relationships by delivering forward thinking,
world
-
class infrastructure consulting services

Our Customers


Strategic clientele with large scale, complex
& custom infrastructure needs


Public and private sector, domestic and
multinational presence

Who We Are

Our Scope


Pure play consulting services


independent
and objective solutions


Life cycle capabilities: Plan, Architect,
Integrate, Optimize


Project
-
based engagement model aligned to
specific business
outcomes

Our Team


Part of AT&T Business Services


Seasoned consultants averaging 12 years
industry experience


Executive team averaging 20 years leading
global professional services


11 offices across the U.S. & UK

AT&T Consulting Solutions At A Glance

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Security Business Drivers

Evolving threats, increasing complexity



Evolution of Malware /
Botnets


Cyber Protests / Events


Mobile Device Security


Re
-
emergence of Old Attacks


Security In The Cloud


Advanced Persistent Threats


Logical Attacks Against Physical
Infrastructure


Social Media and
Geolocation


Insider Attacks


Ipv4/Ipv6 Attacks


Compliance



4

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

AT&T Security Consulting Practice Towers

Protecting business assets & enhancing enterprise Governance


5

Security Strategy

& Roadmap

Advisory and development services
providing programmatic frameworks

for operational alignment,
advanced
technology deployments (mobility and
cloud) and
a life cycle approach to

security and risk

management.


Governance, Risk

& Compliance

Security assessment services addressing
regulatory requirements and/or industry
standards, as well as security program
development with an

emphasis on usable

frameworks for

policy and security

management aligned with the adoption
of emerging technologies such as
mobility, cloud.


Payment Card Industry Solutions

A range of comprehensive PCI
compliance services that objectively
help achieve and maintain PCI
compliance including PCI assessments,
readiness assessments,

remediation assistance,

and other

related solutions.

Vulnerability & Threat
Management

Services designed to provide an
independent baseline and validation

of the overall security posture from

within or outside of

the
enterprise .


Application

Security Services

Strategic and tactical security services
focused on the applications supporting
critical business
processes

such as
mobile , web based.
Includes technical
assessments,

secure development

life cycle reviews and

program management

consulting.

Secure Infrastructure

Services

A suite of life cycle offerings aligned
with planning, architecting,

integrating, and optimizing

a secure network

and infrastructure

aligned with

business and

security
goals.


©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Security Strategy & Roadmap

An advisory service to assist with the development of comprehensive information
security strategies that are effective, manageable and offering maximum return

on your security investments while addressing any emerging threats/risks specific
to your business operations.


6

Strategy Development

Security Roadmap


Develop a comprehensive information
security framework that can address the
organization’s requirements for
information protection, incident
prevention, detection and response based
on the organization’s risk and alignment
with industry best practice frameworks


Develop customized roadmap with
detailed project plans, identifying
ownership, timelines and resource
allocation for the effective
implementation of the security strategies

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Mobility and Cloud Security
Risk
Assessments


Risk Analysis


Remediation Roadmap


Implementation

FTC Mandated Assessments


Security Assessments


Initial & biennial


Planning & Remediation

Business Continuity Planning


Business Impact Analysis


Strategy & Plan


Training & Testing

Regulatory and Industry
Standards
-
based
Assessments


HIPAA, HITECH, HITRUST


GLBA


State Privacy Law

ISO 27001/2 Assessments

& Certification


Readiness Assessment


Planning

& Implementation


Certification

AT&T SureSeal Security

Certified


Trust & Assurance


Security

Assessment


Remediation

Roadmap

Governance, Risk & Compliance

7

End
-
to
-
end consulting and advisory services for Information Security, Governance,
Risk Management, Compliance and Implementation of standards, regulatory,
contractual and internal security requirements.

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

AT&T Payment Card Industry Service Offerings

Annual Security
Assessment

Performed by QSAs on
-
site

for
Level 1 and Level 2 entities
(i.e. merchants)

Readiness

Assessment

Pre
-
assessment service

that helps
clients

identify
gaps
prior to
the
actual assessment

Trusted Advisor

Bucket of hours for
our
clients to
use for assistance
in closing
gaps between the

PCI DSS
requirements and
their current
state, and any
other PCI related tasks

Vulnerability

& Threat

Management

Design and implement
programmatic controls

and
processes to
maintain
compliance throughout

the
year

Approved Scanning
Vendor (ASV)

Payment Application
Assessments

For clients who develop and
resell payment applications to
more than one entity, we can
perform assessments per
requirements of PCI’s Payment
Application Data Security
Standard

Qualified
Forensic
Investigator

8

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Secure Infrastructure Services

9

Networks have become complex and fragmented due to rapid growth and
acquisitions. An enterprise
-
based network security approach can provide tangible
reduction in TCO, and enable a business to be more agile and competitive.

Firewall Assessment Services


Implementation and administration


Migration and consolidation


Tuning (performance and compliance)

Data Discovery & Data Loss
Prevention


Know where the data resides

and traverses


Preventing data escaping the organization

Secure Network Architecture


Planning, design and segmentation


Configuration reviews


Data center management


Mobile Security / Cloud Computing

Security Event Management

(SEM/SIM/SIEM)


Log consolidation, alerting and reporting


Intrusion Detection / Prevention /

NAC placement and tuning

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Vulnerability and Threat Management


10

Provides an independent baseline and validation of the organization’s security posture.

AT&T Consulting can simulate real
-
world attacks to identify vulnerabilities in the network,
evaluate risks, and develop remediation plans that are tailored to unique business
requirements and security needs

Vulnerability Assessments

Penetration Testing
(aka Ethical Hacking)


Scanning of the target infrastructure, establishing a
baseline and making compliance easier by validating
external posture


Providing an overall security picture at a lower cost with
repeatable exercises


Periodically verifying assets are properly protected;
evaluating recurring differentials and managing
vulnerabilities


Takes Vulnerability Assessment to the next level


Manual testing and exploits, in addition to false positive
reduction of automated results


Taken from the perspective of a malicious external
entity, or rogue internal resource


Verifying that defense in depth and response capabilities
are working as designed, along with security controls
validation


Required by many industry regulations and standards


Vulnerability Management


VoIP Penetration Testing


Wi
-
Fi Penetration Testing


War Dial


Social Engineering


Mobile Security Assessments


Denial of Service based testing


Virtualization Security


Remote Access Assessment


Breach/Incident

Response Testing

©
2012
AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Application Security

The Application Security solution portfolio consists of tactical and strategic services to help
organizations assess, manage, and reduce security risks arising from unsafe software development
practices.


Application Security Assessments


Automated and manual testing designed to
circumvent the logic of the application

in order to gain elevated access to systems

or information


Web Based


Mobile Applications


Application Security

Program Management


Application inventory, identification and
assignment of risk classification, development

of testing plans, management and execution

of program





Security Code Review


Industry common practice and PCI requirement


PCI DSS v1.2, section 6.3.7: Review of custom
code prior to release to production or customers
in order identify any potential coding
vulnerability


OWASP Orizon Code Review, and Top 10


PCI PA
-
QSA Application

Security Assessment


Visa & MasterCard encourage application
development companies to certify their payment
applications in accordance with the PCI Payment
Application Best Practices program


Applications that meet these standards can be
listed on the Visa web site as PCI
-
approved
payment applications

11

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T

marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated

companies. All other marks contained herein are the property of their respective owners.

Trusted Advisors

12

Helping our customers navigate complex IT Transformation


Compliance &
Risk Reduction

In deployments,
upgrades,
operations, and
security

Cost
Performance

Reduce CapEx/OpEx

Consolidation

Shared Services

Technology
Strategy


Technology
roadmap,
refresh,
migrations

Rapidly introduce
new services into
production

Revenue
Growth

Governance
and Sourcing

Process
Frameworks &
Sourcing
Strategies

CIO

Agenda