Partner. Copyright 2011 EMC Corporation. All rights reserved.

Transcription

1 Partner

2 WELCOME Corné van Rooij, DM Benelux & Switzerland 2

3 RSA Partner Kick Off 26 January 2012 Agenda: Welcome - Corné van Rooij, DM Benelux & Switzerland 12.30:13.00 Strategy 2012, Market Trends Corné van Rooij, DM Benelux & Switzerland 13:00 ~ Starter ~ 13.30:14.00 RSA SecurWorld Channel 2012 Stuart Brinicombe, EMEA Director Channels & Alliance ~ Main course ~ 14.45:15.15 Security Management according to RSA Dominique Dessy, Senior Technology Consultant ~ Dessert ~ 3

4 RSA Partner Kick off 26 January 2012 Agenda: 15.30:15.35 Wrap up Corné van Rooij, DM Benelux & Switzerland 15.35:16.30 Networking drink 4

5 Market Trends Corné van Rooij, District Manager Benelux & Switzerland 5

6 Agenda 2011 Market Trends affecting the Enterprise 2012 Changing IT security approach within the Enterprise How RSA addresses these changes How do partners fit in? Q&A 6

7 Market Trends & developments in Security 7

8 8

9 9

10 10

11 Anonymous. it s all in the name. They are not there to show who they are and we will (only virtually not) see a lot of them. Ethical hacking with a greater course a treat for most enterprises and governments when according to them you have done something wrong. 11

12 12

13 Trojan Horses used to be spread like candy. Now some of them are used by starting a spear fishing attack with a zero-day expoit downloading the custom trojan. It s undetectable by current perimeter defense systems, often signature based. 13

14 14

15 To talk about 0-day these ones sneak in and are there to stay for preferable years. To do these kind of things (heavy development, lots of knowledge needed, keep the secret multi-year) and still to gain something from it, you must be a country 15

16 16

17 That was a special one for us. Gain access to IP / conf. material from a security vendor (or actually 6-7) and then target a military contractor. Works well at company espionage too! 17

18 18

19 are the New Perimeter People 19

20 Threat Landscape 60% OF FORTUNE 500 had addresses compromised by malware Source : RSA Security Brief, February 2011 Malware and the Enterprise 20

21 Threat Landscape 88% of Fortune 500 had BOTNET ACTIVITY associated with their networks Source : RSA Security Brief, February 2011 Malware and the Enterprise 21

22 Threat Landscape Of the 60 million variants of malware in existence today ONE-THIRD were created last year alone Source : RSA Security Brief, February

23 Advanced Threats 83% of organizations believe they have been the victim of an Advanced Threats 65% of organizations don t believe they have sufficient resources to prevent Advanced Threats 91% of breaches led to data compromise within days or less 79% of breaches took weeks or more to discover Source: Ponemon Institute Survey Conducted Growing Risk of Advanced Threats Source: Verizon 2011 Data Breach Investigations Report 23

24 Must learn to live in a state of compromise Constant compromise does not mean constant loss 24

25 Top Security Trends 2012 (no specific order) 1. Mobile malware is on the rise 2. Criminals target, infiltrate and infect app stores 3. Emergence of bank-friendly applications with built-in security 4. Hyper-connectivity leads to growing identity and privacy challenges 5. Social-engineering threats resurface 6. Monitoring and Analysis Capability will increase, but not Enough 7. Bring Your Own Device (BYOD) 25

26 Top Security Trends Social Media will be used and targeted 7. Big Data will get bigger, and so will security needs 8. Safeguarding online identities will no longer be optional 9. As cloud services gain in popularity, related breach incidents will flourish 10. Breach notification laws will gain traction outside of the US. 11. Memory Scraping Will Become More Common 26

27 And the biggest treat all times.. 27

28 28

29 Today s Reality 29

30 Today s Reality in Organizations Threat Persistent Dynamic Intelligent Compliance Approach Inflexible Inefficient Distracting Traditional Security Perimeter-based Signature-based Compliance Driven 30

31 Transforming Security address the pervasiveness of dynamic, focused adversaries Traditional Security Advanced Security Signature-based Perimeter oriented Compliance Driven Advanced Threat Agile Definitive Intelligent 31

32 The Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer Services IT Consumerization Virtualization and Cloud Computing Hyperextended Enterprise Complex Risk, Security and Compliance Environment Expanding Identities Evolving Infrastructure Increasing Regulations 32

33 Market Trends affecting the Enterprise More sophisticated attacks targeting the Enterprise Economic situation is affecting how budgets are spend Increase of attacks on databases with end user details is a worry of the Business Increasing number of mobile devices entering the network introducing new threats The Enterprise network is extending itself into virtual and cloud infrastructures and are there for more difficult to monitor & secure Business will be more demanding towards IT. Currently 80% of IT budgets are spent on keeping the lights on Data usage/information is exploding and therefore introduces more threats 33

34 Changing IT security approach within the Enterprise Security needs to invest in more advanced security tooling in order to detect the more advanced attacks (APT, Malware). There will be a move from traditional static security approach towards a dynamic risk based model. CISO needs to explain towards Management and the Business how security investments will improve the bottom line. Commodity infra will move towards cloud and IT needs to support the business in expanding into new markets and save costs. More legislation and compliance requirements will demand more efficient way s to prove control. 34

35 How RSA addresses these changes 35

36 Traditional Security is Not Working 91% of breaches led to data compromise within days or less 79% of breaches took weeks or more to discover Source: Verizon 2011 Data Breach Investigations Report 36

37 How RSA addresses these changes Summary Monitor and detect application and at data level and correlate this information. More importantly: look at behavior instead of things we know are malicious. Align IT better to the Business and make Risks and impacts better visible. Share information between good guy s. The Bad guy s are doing it and are way ahead because of it. 37

38 Evolution of Security Management PAST Acquire security tools to meet compliance checklist Focus investments on the broadest set of prevention controls FUTURE Acquire security tools that minimize both compliance and threat risk Invest in proactive and reactive controls and management tools Produce periodic IT-centric reports for auditors and executives Continuous monitoring of organizational risk, operational status, and security incidents 38

39 Critical Questions RSA Answers Governance Pervasive Visibility Actionable Intelligence What Matters? What is going on? How do I address it? 39

40 SMC Architecture Delivering Visibility, Intelligence and Governance 40

41 How do partners fit in? 41

42 Security Management Maturity Model Where are we going? Step 4: Business-Oriented Approach Scope Technology Step 1: Threat Defense Security is necessary evil Reactive and decentralized monitoring Tactical point products Step 2: Compliance and Defense-in-Depth Check-box mentality Collect data needed primarily for compliance Tactical threat defenses enhanced with layered security controls Step 3: Risk-Based Security Proactive and assessment based Collect data needed to assess risk and detect advanced threats Security tools integrated with common data and management platform Security fully embedded in enterprise processes data fully integrated with business context drives decision-making Security tools integrated with business tools We need you to help customers move into that direction? 42

43 So what do you want? Sell only SecurID, and perhaps a bit of SIEM or Become a strategic security provider helping these customers move into a business and risk driven way of detecting and mitigating threats, resulting in a long term partnership with less price pressure and competition? My advice: Get on the Bus! 43

44 THANK YOU 44

45 Lunch ~ starter ~ 45

46 RSA Partner Kick Off 26 Januari 2012 Agenda: Welcome - Corné van Rooij, DM Benelux & Switserland 12.30:13.00 Strategie 2012, Market Trends Corné van Rooij, DM Benelux & Switserland 13:00 ~ Starter ~ 13.30:14.00 RSA SecurWorld Channel 2012 Stuart Brinicombe, EMEA Director Channels & Alliance ~ Main course ~ 14.45:15.15 Security Management according to RSA Dominique Dessy, Senior Technology Consultant ~ Dessert ~ 46

47 RSA Partner Kick off 26 Januari 2012 Agenda: 15.30:15.35 Wrap up Corné van Rooij, DM Benelux & Zwitserland 15.35:16.30 Networking drink 47

48 EMEA Alliances & Channels Benelux Partner Kickoff Stuart Brinicombe Director, EMEA Alliances & Channels January

49 RSA: Security Management Partner Value Proposition January

50 Agenda The Security Landscape & Market Opportunity Customer Challenges & the RSA Solution Set Partnering with RSA Next Steps 50

51 The Security Domain Security Landscape Challenges Opportunity 51

52 The Hyperextended Enterprise Expanding entities, explosive information growth, increased regulation Enterprise HQ Hijacks Data Theft Application Hacking Remote Offices Cookies Screen Scraping Service Theft Spoofing, BOTNETS Phishing Virtualization, Cloud Computing & other ISPs Threats are Everywhere Cyber Attacks on Apps. & Infrastructure Retail Stores Service Provider Distribution Centers Industrial Espionage Extortion Identity Theft, Privacy Viruses, Worms, P2P Content Piracy, SPAM Solicitation Mobile Workers Supply Chain & Collaboration Partners Telecommuters Consumers 52

53 The Attacking Community is Professionalizing Governments Enterprise HQ Hijacks Data Theft Application Hacking Remote Offices Cookies Screen Scraping Organized Crime PII, Government, Defense, Industrial Base, IP Rich Enterprises Anti-Establishment Vigilantes Service Theft Spoofing, BOTNETS Phishing Virtualization, Cloud Computing & other ISPs Threats are Everywhere Cyber Attacks on Apps. & Infrastructure Retail Stores Service Provider Distribution Centers Industrial Espionage Extortion Identity Theft, Privacy Viruses, Worms, P2P Content Piracy, SPAM Solicitation Mobile Workers Supply Chain & Collaboration Partners Telecommuters Consumers Organized, sophisticated Supply chains (PII, Financial Services, Retail) Terrorists Hacktivists Targets of Opportunity In % of the Global 500 had BOTNET activity Agencies associated with their domains RSA Security Brief, February 2011 Malware and the Enterprise Between 2006 and 2010 there was a 660% increase in Agencies Cyber Incidents reported from Government Agencies Government Accountability Office and Time Magazine, July 2011 PII, Government Critical Infrastructure 53

54 Advanced Persistent Threats The New Norm 18 months of high-profile sophisticated cyber attacks; pandemic levels, not a passing fad Advanced Persistent Threats have moved from realm of military to mainstream Highly targeted, well researched and well funded Moving beyond credit card data to intellectual property Multiple vectors: social engineering, zero-day vulnerabilities, application-layer exploits, etc. The primary attack vector has shifted from technology to people Of companies 83% 71% 65% believe that they have been the victim of advanced threat have seen an increase in advanced threats in the last 12 months Of advanced persistent threats believe they have insufficient resources to prevent advanced threats 51% 45% 44% result in IT downtime result in the theft of intellectual property result in the theft of confidential or sensitive information Source: Ponemon Institute Survey Growing Risk of Advanced Threats It is now not a question of IF but WHEN you are attacked but more importantly will you notice, and can you react? 54

55 Security is a Top CIO Priority The security market is large and growing rapidly $25Bn security products market in 2009 growing with a CAGR of 8.9% to $38.4Bn (IDC 2011) The new security threat cannot be solved by Technology alone, there are also Business and Operational issues Businesses need Products AND People, WITH Policies, Processes & Reporting Significant services attach opportunity for RSA s partners $39.5Bn security services revenues (2011), CAGR of 13.5% (IDC) ü ü ü Server Virtualization Security Cloud computing ü ü ü ü ü Windows 7 upgrade cycle Desktop Virtualization Mobile messaging/app Storage / Virtualization Labor Optimization ü Green Computing

56 The RSA Solution Set Pedigree Customer Challenges Solutions 56

57 RSA Pedigree Inventors of public key cryptography The foundation of network and Internet security and a key enabler of e-commerce Deployed in over 1 billion applications worldwide Market leader worldwide; over 3 times the market share of our nearest rivals (Frost & Sullivan) Acquired by EMC 2 in 2006 Adding corporate strength Combining security with storage and virtualization (Vmware) Investment in Security Management Archer (egrc), envision (SIEM), DLP, NetWitness (network forensics) Addressing advanced persistent threats An integrated, business holistic approach to security management 25 Years of Security Innovation and Leadership 25 Years of Working with Partners 57

58 Security: Traditional Approach Policy Team Point Tool Policy Team Point Tool Policy Team Point Tool Network Endpoint Applications Siloed Inflexible Inconsistent Costly is prohibitively costly to address key customer challenges Am I secure? Am I compliant? Where do I have gaps? How do I prioritize? Can I do this affordably? Am I aligned with the business? and cannot react fast enough to advanced persistent threats 58

59 Identities Service Theft Spoofing, BOTNETS Phishing Hijacks Data Theft Application Hacking Cyber Attacks on Apps. & Infrastructure Industrial Espionage Extortion Identity Theft, Privacy Viruses, Worms, P2P Content Piracy, SPAM Solicitation Cookies Screen Scraping Integrated Advanced Security Manage Governance, Risk and Compliance BUSINESS DRIVERS GOVERNANCE, RISK AND COMPLIANCE MANAGEMENT DASHBOARD DEFINE POLICIES POLICIES AND PROCESSES CONTROLS PROTECT AND DEFEND Monitor DETECT Enterprise HQ Virtualization, Cloud Computing & other ISPs Threats are Everywhere Remote Offices Service Provider Retail Stores Supply Chain & Collaboration Partners Distribution Centers Mobile Workers Telecommuters Consumers Information INVESTIGATE REMEDIATE Infrastructure Update controls 59

60 Identities Service Theft Spoofing, BOTNETS Phishing Hijacks Data Theft Application Hacking Cyber Attacks on Apps. & Infrastructure Industrial Espionage Extortion Identity Theft, Privacy Viruses, Worms, P2P Content Piracy, SPAM Solicitation Cookies Screen Scraping Integrated Advanced Security The RSA Solution Map BUSINESS DRIVERS GOVERNANCE, RISK AND COMPLIANCE MANAGEMENT DASHBOARD DEFINE POLICIES RSA Archer egrc Suite (Governance, Risk & Compliance) POLICIES AND PROCESSES CONTROLS CONTROLS Authentication SecurID PROTECT Provision AND DEFEND Authentication Enterprise HQ Data Loss Prevention Adaptive Auth. Virtualization, Cloud Computing & other ISPs Threats are Everywhere Security Identity Feeds Verification Access Fraud Access & Prevention Provision Access Manager Distribution Centers Remote Offices Infrastructure Fraud Action Mobile Workers Information Telecommuters Encryption & Configuration Service Provider Consumers Federated Tokenization Management Transaction IdentityRetail Stores Monitoring Supply Chain & Manager Collaboration Partners Endpoint Feeds efraud Network Fraud Prevention Infrastructure Feeds Data Loss Prevention DLP Cisco IronPort Network Partners Endpoint Partners MONITORING & INCIDENT MANAGEMENT Monito r RKM App. RKM DC Tokenization Microsoft RMS DETECT Encryption and Tokenization RSA envision BSAFE (Incident and Event Management) Update controls Configuration Management And Feeds Ionix Configuration Management INVESTIGATE Network Security Feeds RSA NetWitness (Network forensics) Endpoint Security Feeds Infrastructure Feeds REMEDIATE 60

61 Identities Service Theft Spoofing, BOTNETS Phishing Hijacks Data Theft Application Hacking Cyber Attacks on Apps. & Infrastructure Industrial Espionage Extortion Identity Theft, Privacy Viruses, Worms, P2P Content Piracy, SPAM Solicitation Cookies Screen Scraping Integrated Advanced Security The Services Opportunity BUSINESS DRIVERS SERVICES GOVERNANCE, RISK AND COMPLIANCE MANAGEMENT DASHBOARD Business Security Solution Services DEFINE POLICIES RSA Archer egrc Suite (Governance, Risk & Compliance) POLICIES AND PROCESSES Security & Compliance Consulting Standards and Compliance, Virtualization and Private Could, Fraud and Identity, Infrastructure and Operations CONTROLS CONTROLS MONITORING & INCIDENT MANAGEMENT Authentication SecurID PROTECT Provision AND DEFEND Authentication Enterprise HQ Data Loss Prevention Adaptive Auth. Virtualization, Cloud Computing & other ISPs Threats are Everywhere Security Identity Feeds Verification Access Fraud Access & Prevention Provision Access Manager Distribution Centers Remote Offices Infrastructure Fraud Action Mobile Workers Information Telecommuters Encryption & Configuration Service Provider Consumers Federated Tokenization Management Transaction IdentityRetail Stores Monitoring Supply Chain & Manager Collaboration Partners Endpoint Feeds efraud Network Fraud Prevention Infrastructure Feeds Data Loss Prevention DLP Cisco IronPort Network Partners Endpoint Partners Encryption and Tokenization RKM App. RKM DC RSA envision BSAFE (Incident and Event Management) Tokenization Microsoft RMS Configuration Management And Feeds Ionix Configuration Management Network Security Feeds RSA NetWitness (Network forensics) Endpoint Security Feeds Infrastructure Feeds IT Security Solution Services Solution Design Implementation Optimization Residency Customer Services 61

62 What s Different about RSA? Leading, Complete & Integrated Leader Leader Leader Leader Leader Leader LEADING Authentication Data Loss Prevention Web Fraud Detection SIEM GRC Network Analysis & Forensics COMPLETE The only security solution portfolio to include governance, risk and compliance management with controls, monitoring and network forensics Out-of-the-Box expertise about regulations, threats and best practices, built by teams of experts and community sharing INTEGRATED A single view of your security landscape - connecting governance, control, monitoring, evidence and incident management Built-in vs. Bolted-on security embedding controls directly into the infrastructure Integrated with the cloud and virtualization Lowers the overall cost of safeguarding an organization and handles advanced persistent threats 62

63 Partnering with RSA Market Maturity The Security Opportunity Realising the Opportunity 63

64 Security Management Maturity Model Maturity Stage and Typical Solutions Driven by Business Risk vs. the Cost of Protection Threat Defense Security is a necessary evil Reactive and tactical Technology centric Compliance Driven Compliance centric view of the enterprise Check box approach Tactical tools with compliance reporting IT Risk Oriented Proactive and assessment based view of the enterprise Enterprise view; but tied to IT assets Integrated security tools Business Risk Oriented Security fully embedded in the core enterprise business processes Data driven view of risk and allocation of (security) resources Security tools integrated with business tools TACTICAL STRATEGIC Typical Solutions Typical Solutions Typical Solutions Typical Solutions Anti Spam Anti Virus Firewall Authentication SIEM Authentication, ID Management Anti spam, Anti Virus, Firewall DLP, Network Forensics SIEM Authentication, ID Management Anti Spam, Anti Virus, Firewall egrc SIEM, DLP Authentication, ID Management Anti Spam, Anti Virus, Firewall 64

65 Security Management Maturity Model End Users and Solution Providers Threat Defense Compliance Driven IT Risk Oriented Business Risk Oriented Typical Solutions Typical Solutions Typical Solutions Typical Solutions Anti Spam Anti Virus Firewall Authentication SIEM Authentication, ID Management Anti spam, Anti Virus, Firewall DLP, Network Forensics SIEM Authentication, ID Management Anti Spam, Anti Virus, Firewall egrc SIEM, DLP Authentication, ID Management Anti Spam, Anti Virus, Firewall Typical End Users Typical End Users Typical End Users Typical End Users Organisations without significant risk or IP assets or legislative and compliance pressure Enterprise and SME with legislative and compliance pressure Enterprise and large SME with significant risk and/or IT assets Governments and large enterprise with significant risk and IP assets e.g. Finance, Retail, Defense, Government Threat Defense Security Partner IT Security Solution Partner Business Security Solution Partner Off the shelf, pre-integrated and packaged products/solutions Fast and efficient fulfillment IT centric, integrated approach to security management Medium service attach Business centric, integrated approach to security management High service attach PRODUCT SOLUTION BIAS SERVICE 65

66 Partnering with RSA Threat Defense Compliance Driven IT Risk Oriented Business Risk Oriented Threat Defense Security Partner IT Security Solution Partner Business Security Solution Partner Off the shelf, pre-integrated and packaged products/solutions Fast and efficient fulfillment IT centric, integrated approach to security management Medium service attach Business centric, integrated approach to security management High service attach PRODUCT SOLUTION BIAS SERVICE Opportunities to partner with RSA exist across the complete security posture spectrum From the high volume Threat Defense area to the rapidly growing Business Security Solution domain RSA s enablement capabilities can help you realize the opportunity Strategic Alignment Work together to build the offering for the market Aligned with your security strategy / offering and market position Corporate Enablement To enable you to deliver on your strategy and address your customer s needs Go-to-Market Execution Joint activity to identify, progress and close business opportunities 66

67 Partnering with RSA Threat Defense Compliance Driven IT Risk Oriented Business Risk Oriented Threat Defense Security Partner IT Security Solution Partner Business Security Solution Partner Off the shelf, pre-integrated and packaged products/solutions Fast and efficient fulfillment IT centric, integrated approach to security management Medium service attach Business centric, integrated approach to security management High service attach PRODUCT SOLUTION BIAS SERVICE Partnership opportunities exist across the security spectrum Product Exploit High Growth Market Product & Service Product Drive Revenues & Margins Services Attach Product, Pricing, Configuration, Support & Maintenance Enablement Consulting, Architecture, Implementation, Support & Maint. Sales Incentives, MDF, Joint Demand Generation and Programs Go-to-Market Support Sales process, opportunity and consulting support 67

68 Summary The threat landscape and attacking community has changed Increased legislation, professionalized attackers Advanced persistent threats are the new norm Driving a significant opportunity in Security Management It s large, growing and a top CIO priority It s not just a technology issue, there is also a significant services opportunity Different organizations have a different security posture RSA can help you take advantage of that opportunity Leverage RSA s leading, complete and integrated security management portfolio Deliver repeatable, integrated security solutions to your customers whatever their security posture Gain product margins and drive service revenues RSA APTs Leading Complete & Integrated Growing Market Services Growth World Class Security Solutions 68

69 RSA SecurWorld Program for 2012 EMEA Partners January

70 Highlights of the SecurWorld 2012 Program Driving partner profitability and enhancing ease of doing business 70

71 SecurWorld 2012 Highlights More flexible program better aligned with our partners GTM model (2 tracks, 5 specializations) New training framework that is role based and more solution-centric Partners that specialize successfully in 1 RSA solution can now reach Affiliate Elite status Enhanced Deal Registration program: get specialized and earn higher benefits 1-year compliance period (no demotion for 1 year) and soft quarterly compliance reviews for early promotion New Authorized tier that replaces the registered tier with access to deal registration 71

72 SecurWorld Partners Can Specialize Tracks (2) Specializations (5) RSA SIEM Solutions Security Management & Compliance RSA DLP Solutions RSA Network Monitoring Solutions RSA GRC Solutions All Tracks and Specializations are available to Affiliate, Affiliate Elite and Premier Partners RSA Authentication Solutions Authentication & Identity Protection NA Future plans NA Future plans NA Future plans 1 Choose your track 2 Specialize 72

73 RSA Accreditation & Certification Framework Individuals Not available in 2012 Access to Specialization and higher deal registration Sales (In person workshop), SE (online) Required for Premier and Affiliate Elite Available to Affiliate Access to Track and deal registration Free training, online Required for Premier Affiliate Elite & Affiliate Available to Authorized 73

74 SecurWorld 2012 Premier Partners Resell entire RSA portfolio: Security Management AND Authentication Multiple specializations (3 required) Affiliate Elite Tier Choose between the Authentication OR the Security Management Track 1 Specialization required (earn higher deal registration discount) Affiliate Tier Choose between the Authentication OR the Security Management Track All Tracks and Specializations available (to earn higher deal registration discount) New Authorized tier Manage RSA Volume Authentication business (SecurID, AMX) 5% Deal registration (Training Required) 74

75 SecurWorld 2012 Program Requirements & Benefits EMEA Growth and EMEA Emerging 75

76 SW Program Requirements EMEA Emerging SecurWorld Program Minimum Requirements Tier Revenue* Track Specialization Premier $1,500K+ 2 Security Management AND Authentication 3 1 Specialization in Authentication track AND 2 Specializations in Security Management Track Afilliate Elite $150K Affiliate $20K 1 Security Management OR Authentication 1 Security Management OR Authentication 1 1 Specialization required within chosen track Available but not required Authorized $1K NA NA *Annual Minimum Revenue Requirement 76

77 SW Program Requirements EMEA Emerging Track Requirements Track Sales Associate SE Associate Authentication & Identity Protection 2 1 Security Management & Compliance 2 1 Specialization Requirements Specialization Sales Professional SE Professional Authentication Solutions 1 1 DLP Solutions 1 GRC Solutions Only 1 Sales Professional Accreditation In Security 1 SIEM Solutions Management is required for 1 or more security management specializations 1 NM Solutions

78 SecurWorld Benefits 2012 EMEA Growth & Emerging Region SecurWorld Program Benefits EMEA Growth & Emerging Tier Premier Afilliate Elite Incremental Joint Marketing Performance RSA Professional Services Deal Registration* RSA Reward Co-op GAF** ASN Rebate Enhanced Deal Registration Program Reward 4% OR Public Sector 2% Reward 2% OR Public Sector 2% 3% 2% 3.0% at % 3.5% at % 4.0% at 150%+ (KPO +0.5%) 1.5% at % 2.0% at % 2.5% at 150%+ 1% Foundation 2% Implementation 3% Optimization 0.5% Foundation 1.0% Implementation 1.5% Optimization Affiliate Reward 1% OR Public Sector 2% NA NA NA Authorized 5% deal registration available NA NA NA NA *See Deal Registration Program for more details ** GAF target for both Authentication and Security Management (even for Authentication-only partners) 78

79 New 1-year compliance period 1 year compliance period from July 1 to June 30 the following year: partners maintain their tier for 1 year (no demotion) Soft Quarterly compliance reviews for early promotion Timing: October 1, January 1, April 1 Revenue requirement applies: Achievement of yearly revenue requirement (revenue will not be pro-rated) Training requirements apply Benefit payment and cadence Partners that are promoted during one of the quarterly compliance reviews will enjoy the higher benefits of their new tiers (Regardless of when partners reach the requirements to be promoted to the next tier Promotion and associated benefits will only start at the quarterly review point) If Partners are promoted during the first or second quarterly compliance reviews, they will be issued a GAF for second half in January 79

80 Next Steps Assess Strategic Fit Identify Partnership Opportunity Enable & Drive 80

81 Q&A 81

82 THANK YOU 82

83 Lunch ~ main course ~ 83

84 RSA Partner Kick Off 26 Januari 2012 Agenda: Welcome - Corné van Rooij, DM Benelux & Switserland 12.30:13.00 Strategie 2012, Market Trends Corné van Rooij, DM Benelux & Switserland 13:00 ~ Starter ~ 13.30:14.00 RSA SecurWorld Channel 2012 Stuart Brinicombe, EMEA Director Channels & Alliance ~ Main course ~ 14.45:15.15 Security Management according to RSA Dominique Dessy, Senior Technology Consultant ~ Dessert ~ 84

85 RSA Partner Kick off 26 Januari 2012 Agenda: 15.30:15.35 Wrap up Corné van Rooij, DM Benelux & Switserland 15.35:16.30 Networking drink 85

86 RSA Security Management Overview Dominique Dessy, Senior Technology Consultant 86

87 Security Is Not Working 91% of breaches led to data compromise within days or less 79% of breaches took weeks or more to discover Source: Verizon 2011 Data Breach Investigations Report 87

88 Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent Costly 88

89 Security Management Maturity Model Where are we going? Step 4: Business-Oriented Approach Scope Technology Step 1: Threat Defense Security is necessary evil Reactive and decentralized monitoring Tactical point products Step 2: Compliance and Defense-in-Depth Check-box mentality Collect data needed primarily for compliance Tactical threat defenses enhanced with layered security controls Step 3: Risk-Based Security Proactive and assessment based Collect data needed to assess risk and detect advanced threats Security tools integrated with common data and management platform Security fully embedded in enterprise processes data fully integrated with business context drives decision-making Security tools integrated with business tools 89

90 Security Management Framework What do we need to consider? Business Governance Business objectives Critical business processes and assets Risk tolerance Security Risk Management Identify threats and vulnerabilities Prioritize projects and investments to mitigate risk Operations Management Optimize operational efficiency Maximize visibility and monitoring Incident Management Fast detection and response Incident lifecycle management Reassess business risk and critical assets Security Management framework: ISO

91 Strategic Plan How will we get there? (hypothetical organization) Business Governance Current state Security buried inside IT Basic guidelines defined by business Desired state Security is part of every business process Security Risk Management Newspaper view of risk Follow industry practices Manage businessspecific risks Operations Management Bare minimum tools Compliancedriven controls Risk-based controls and monitoring Incident Management Siloed monitoring Correlation and prioritization Advanced analytics TACTICAL STRATEGIC 91

92 Core Security Management Suite RSA Archer egrc Manage the enterprise Policy Risk Compliance Incidents Threats RSA NetWitness Network capture and analysis Real-time investigation Forensics Malware detection Reporting RSA DLP Protect sensitive data Datacenter Network Endpoint RSA envision Event collection and analysis Collect all the data Alerting Forensic analysis Compliance reporting 92

93 Security Management Framework RSA Products & Solutions Business & IT Governance Archer Policy Management Archer Enterprise Management Archer Compliance Management Core Products Solutions Security Risk Management Archer Risk and Threat Management NetWitness Spectrum DLP Risk Remediation Manager and Policy Workflow Manager Operations Management Archer Policy and Enterprise Management envision SIEM Solution for Cloud Security and Compliance Incident Management DLP NetWitness Investigator Panorama Security Incident Management Security Management framework: ISO

94 Phishing s John received a phishing that was customized for him. 1 94

95 Attack Scenario Phishing s John received a phishing that was customized for him. Drive-by Download John clicked on the link and got infected by Trojan from drive-by download. 1 2 Attacker gain access to a critical server Trojan installed backdoor which allows reverse connection to infected machine. Hacker dump password hash and gain access to a critical server via RDP. 3 4 PASSWORD Data ex-filtration Attacker encrypted sensitive files found on the critical server and transfer out via FTP 95

96 DLP detected file transfer activity MENU DLP Network detects a transfer of encrypted file over FTP protocol 96

97 Correlation alert triggered from envision MENU EnVision generates alert from two correlated events 1. Successful RDP connection to critical server 2. DLP activity on the same server 97

98 Incident escalation to Archer Dashboard MENU EnVision alerts sent to RSA Archer via RCF RSA Archer links this incident with business context and prioritize it as HIGH priority 98

99 Seamless integration to NetWitness MENU Instant integration from Archer Console to NetWitness with two clicks SIEMLink transparently retrieves full session detail from NextGen 99

100 Spectrum Automated Malware Analysis MENU Spectrum instantly provides detailed analysis of the executable file in question 100

101 Interactive Analysis with Investigator MENU Context of all network activities to/from critical server Confirm John s machine ( ) as source of RDP session 101

102 Interactive Analysis with Investigator MENU Drill into all network sessions from John s machine Small executable file Transfer over HTTP Suspicious filename & extension Malware?!? Suspicious domain name 102

103 DLP Network detect a transfer of encrypted file over FTP protocol Lessons Learned Continuous Monitoring Network Segregation Server access restriction Strong Authentication of users and admin PASSWORD 5 Firewall blocking of FTP transmitting to external unauthorized servers 4 Data encryption or tokenization for sensitive data on server 103

104 Leading Products, Better Together Use Case Name Arch env DLP NW VMw Investigate advanced threats NetWitness Panorama End-to-end incident mgmt Security Incident Mgmt Mitigate risk of sensitive files DLP Risk Remediation Mgr Let data owners set DLP policy DLP Policy Workflow Mgr Add data context to events DLP-enVision integration Enable cloud security Sol n for Cloud Sec & Cpl Secure virtual desktops Sol n for VMware View Product integrations Leader IT-GRC Leader SIEM Leader Data Loss Prevention 104

105 THANK YOU 105

106 Lunch ~ Dessert ~ 106

107 RSA Partner Kick off 26 Januari 2012 Agenda: 15.30:15.35 Wrap up Corné van Rooij, DM Benelux & Switzerland 15.35:16.30 Networking drink 107

108 Wrap up Corné van Rooij, DM Benelux & Switzerland 108

109 Networking drink 109

110 Thank you for attending! 110