TAKING CHARGE OF SECURITY IN A HYPERCONNECTED WORLD
|
|
- Adrian Harper
- 8 years ago
- Views:
Transcription
1 TAKING CHARGE OF SECURITY IN A HYPERCONNECTED WORLD How Organizations Can Improve Breach Readiness and Cyber Security Maturity October 2013 Authors James Lugabihl, Global CIRC Senior Manager, EMC Corp. Dylan Owen, Cybersecurity Manager for Cybersecurity and Special Missions, Raytheon Company Timothy A. Rand, Senior Manager, Advanced Cyber Defense Practice, RSA, The Security Division of EMC Peter M. Tran, Senior Director, Advanced Cyber Defense Practice, RSA, The Security Division of EMC KEY POINTS Organizations are taking responsibility for proactively improving security, not just for themselves but for customers and business/supply chain partners. Rising numbers of organizations are conducting assessments of their business risks and security practices before breaches occur. Most breaches result from organizations stumbling on basic security practices. The following deficiencies play a contributing role in most security breaches: Neglecting basic security hygiene Relying exclusively on traditional threat prevention and detection tools Mistaking compliance for security Inadequate end user training An organization s optimal security posture will change as its business, risk, and threat environment changes. Good security is less about achieving a static goal state as it is about building capabilities for continuous evaluation and improvement. Of the many recommendations that emerge from security assessments, 20 percent will likely yield 80 percent of the benefits. The following areas for improvement typically generate high impact: Conduct all-inclusive risk and security assessments Locate and track high-value digital assets Model threats and address top vulnerabilities Master change management processes Deploy security staff selectively and strategically Integrate security processes and technologies to scale resources Invest in threat intelligence capabilities Quantify the impact of security investments RSA Security Brief
2 RSA Security Briefs provide security leaders and risk management executives with essential guidance on today s most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today s forward-thinking security and risk management practitioners. Contents Good security is a relative condition... 3 Security programs still stumble on the basics... 4 Neglecting basic security hygiene... 4 Relying exclusively on traditional threat prevention and detection tools... 5 Mistaking compliance for good security... 5 Inadequate user training... 6 Beyond the basics... 6 Security stewardship means continuous improvement... 7 Conduct all-inclusive risk and security assessments... 7 Locate and track high-value digital assets... 7 Model threats and address top vulnerabilities...8 Master change management processes...8 Deploy security staff selectively and strategically... 9 Integrate security processes and technologies to scale resources... 9 Invest in threat intelligence capabilities Quantify the impact of security investments Conclusion...11 About the Authors Security Solutions for Improving Breach Readiness...14 From Raytheon Company...14 From RSA, The Security Division of EMC...14
3 The boundaries have blurred between internal and external networks. Employees increasingly use their own devices, home networks, and public Wi-Fi to access corporate resources. Partners, customers, and vendors have greater access to what were exclusively internal resources, and the integration of private networks with public clouds has culminated in hybrid clouds with dynamic and complex boundaries. In a world where digital boundaries are ever-changing and hard to define, building stronger perimeter defenses, while still necessary, are inadequate to ensure sufficient security. Attackers look for the easiest means of compromise. That s why attacks are moving from more security-mature organizations down to less mature, typically smaller, partners. Attackers can exploit the trust relationships between companies to infiltrate well-protected targets through supply chain partners with less security experience. Dylan Owen, Raytheon Company In today s highly interconnected business environment, information security can no longer be an isolated endeavor: it must be the responsibility of an entire business ecosystem or value-chain. This idea has gained widespread recognition at the international level. For example, the World Economic Forum (WEF) is exploring how responsibility for cyber security can be shared among companies, industries, and governments. In its 2012 report, Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience, the WEF concluded: Increasing dependence on connectivity for the normal functioning of society makes the protection of connectivity a critical issue for all; it is a shared resource, like clean air or water. No one organization can resolve the issue by itself; a collaborative, multi-stakeholder approach must be taken. Even competitors in a given industry must become partners in the effort to ensure a stable and trusted environment. The idea that creating a stable, trusted cyber environment should be a collaborative endeavor also appears to be gaining traction among private enterprise and governments. Two trends in the global security community point to this: 1. Participation in threat intelligence-sharing groups has widened over the past few years beyond the traditional circles of defense and financial services. Nowadays, it s common to see industrial manufacturers, retail chains, utilities, and technology companies exchanging cyber threat intelligence. 2. Rising numbers of organizations are conducting assessments of their business risks and security practices to improve their overall security posture proactively. These security assessments have historically been done in the wake of serious incidents or breaches, but they are now increasingly done as a precautionary measure before trouble has been detected. GOOD SECURITY IS A RELATIVE CONDITION Organizations are conducting proactive assessments not only to improve their own security postures but to protect their business relationships. Advanced cyber attacks have been known to attack their primary targets by exploiting business partners with weaker defenses. Rather than combat the well-protected computer networks of a target company, cyber attackers try instead to infiltrate the organization through its connections to trusted partners with less-developed security practices. In recent incidents, cyber attackers have sought to cover their tracks by routing data stolen from a company through the computer networks of a business partner. page 3
4 Because information security within a supply chain is only as strong as its weakest link, organizations today must improve security measures not just for themselves but for their partners and customers. Every organization should achieve appropriate levels of security for their business requirements and risks which also means evaluating how their security practices could affect customers and partners, should something go wrong. Of course, appropriate security measures will vary greatly from organization to organization. For example, security practices considered appropriate for an industrial manufacturer might have very different characteristics than security practices for a regional consulting firm or a global technology company. We see security assessments trending toward improvement and a more proactive approach. There s a general sense that, because my buyer or my business partner just got hacked, maybe I should think about this now. The tough part is getting your stakeholders to realize they re on borrowed time, because they re still thinking, Well, nothing has happened to us, so why should we do this? Peter Tran, RSA Identifying appropriate levels of security can prove challenging, because it s an exercise based on risk and relativity. Appropriate security should be determined by four factors: 1. The organization s risks and requirements, which change over time and are unique for each organization 2. The value of information assets being protected, with high-value assets monitored more closely and subject to more controls 3. The security risks and threats the organization can reasonably expect to face, considering that attack techniques are constantly changing and rising in sophistication 4. Prevailing security practices for the organization s peers, with the organization aiming to be at or above the group average so as to not make itself an easy target The first three conditions listed above are associated with internal assessments. The fourth condition is a relative measure that relies in part on external knowledge of reasonable security practices within an industry peer group. Industry associations, information sharing and analysis centers (ISACs), or outside consultants can often help provide this comparative context. Another way organizations can diagnose security performance on a relative basis is through self-assessment tools. Many consulting firms and security service providers offer proprietary security maturity models. Each has merits and deficiencies, but they all aim to provide a progressive framework for measuring security performance. An example of a security maturity framework is shown in Figure 1. SECURITY PROGRAMS STILL STUMBLE ON THE BASICS In analyzing security programs across different industries, it seems many organizations today still fall down on basic execution. The following deficiencies commonly contribute to security breaches. Neglecting basic security hygiene In forensic evaluations following attacks, missed software updates frequently surface as exploited vulnerabilities. Sometimes, these are zero-day vulnerabilities, but in most cases antivirus and software updates had simply not been done. Perhaps a system was scheduled for patching at a later date after the organization could compatibility-test the patch. More likely, the system was overlooked for patching entirely because it had been added to the network without being properly cataloged: IT didn t know the system existed so they did not know to patch it. Basic security maintenance is an all-toocommon deficiency. page 4
5 Figure 1: Security Maturity Framework Level 1. Product-driven security Level 2. Compliance-driven security Level 3. IT Risk-driven security Level 4. Business Risk-driven security policy uenforcement vupdate trigger Sporadic and inconsistent None Enforced employee compliance Changes in policies and regulations Management reinforces cooperation Changes in IT threats Reasons for non-compliance explored Continuous business risk assessments process wreporting schedule xupdate trigger No reporting None Ad-hoc incident reports Auditor checklist Scheduled reporting IT infrastructure checklist Real-time reporting Business risk checklist yleadership capabilities Technology: low Business: low Technology: medium Business: low Technology: high Business: medium Technology: high Business: high people zmanagement communication None Contingent on policy changes and incidents Regular communication Pro-active, two-way communication between security and businesses {Employee training Product training (not mandatory) Regulations training (mandatory for some) IT infrastructure threats (mandatory for all) Role-specific training (mandatory for all) product Selection criteria }Technology focus Trends, vendors Managing patchwork of security tools Legal/regulatory requirements Compliance monitoring and reporting Specific to IT infrastructure Threat detection and response Based on business implications Business risk monitoring and predictive analytics There s no magic bullet for improving security or your breach readiness. There s no secret to it, other than you have to master the basics before you take on anything else. You have to execute get your hands dirty, move rocks. James Lugabihl, EMC Relying exclusively on traditional threat prevention and detection tools In general, organizations relying on firewalls, antivirus scanners, and intrusion detection systems (IDS) for security will never discover the truly serious problems. Yet, most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own. Part of the reason for this is most security teams have not done the hard work of integrating their logs, security processes, and tools, making it challenging to correlate events or determine causality. Mistaking compliance for good security Many companies are on an accelerating treadmill with their compliance programs. They re so busy keeping up with mounting compliance requirements, whether from increased government regulations or internal oversight requirements, that proving compliance becomes a goal in and of itself. Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security. For example, organizations may audit their privileged IT administrator accounts only once a quarter because that s the interval specified by internal policies. However, cyber adversaries waging targeted page 5
6 Developing a highperforming security program what we call an intelligence-driven organization is a journey. Focus on the basics first, paying attention to the people, process, and technology. Then, you can make improvements incrementally by adding capabilities such as forensic analysis, malware reverse engineering, and threat intelligence. Timothy A. Rand, RSA attacks often phish for privileged accounts to do the most damage in the shortest amount of time. In most cases, the quarterly intervals for inspecting privileged accounts may be woefully inadequate for managing risk. The Payment Card Industry Data Security Standard (PCI DSS) serves as an example in which good compliance does not always translate into breach avoidance. Companies compliant with PCI DSS have been hacked. For this reason, the latest version of PCI DSS provides direction for implementing security into business-as-usual (BAU) activities and underscores the need to maintain ongoing compliance. Inadequate end user training Employees and other end users of corporate IT assets should be regarded as the organization s first line of defense even more so than firewalls and IDS. Threats will inevitably get through perimeter defenses, but employees can alert security teams to suspicious s, unusual activity, or performance changes in systems. Many organizations don t invest enough time and resources in user training. While annual security training is the interval frequently mandated in corporate policies, it s not frequent enough to protect end users from phishing, malicious links, and other security hazards. Also, most organizations fail to provide differentiated training for employees more likely to be targeted by cyber attackers: finance executives, IT administrators, R&D scientists, and others. Beyond the basics While the basic deficiencies described above contribute to the majority of security breaches, other shortcomings also surface over and over again. The chart in Figure 2 itemizes ten of the most common problems identified in security assessments. Figure 2: Top 10 security deficiencies found in security assessments Infrequent user training on security hazards such as spear-phishing People Inadequate security staff, both in terms of numbers and training Security team s roles and responsibilities not clearly defined Poor patch management processes Process Reliant on ad hoc incident response and other security procedures in the absence of well-defined processes Enterprise amnesia resulting from responding nonstop to fire drills without taking time to improve based on post-incident lessons learned No centralized or real-time monitoring and alerting analysts must log into different consoles to collect alerts Technology Poor incident response-tracking and workflow systems Insufficient tools to conduct forensic analysis No threat intelligence collection or analysis capabilities page 6
7 SECURITY STEWARDSHIP MEANS CONTINUOUS IMPROVEMENT An organization s optimal state of security will vary as its business, risk, and threat environment changes. What this means is that good security is not about achieving a static optimal state; it s about building capabilities, or agility, for continuous assessment and improvement. The focus on improving security seems to have intensified. Two years ago, organizations commissioning outside security assessments were primarily interested in remediating vulnerabilities following a breach. Now, more organizations are requesting proactive help to improve breach readiness and incident response. Even medium-size companies, under pressure from larger business partners, are striving to proactively advance their security practices ahead of a serious incident. Because good security is not a one-size-fits-all condition, the needed improvements will vary greatly from organization to organization. Any organization that has conducted a rigorous security assessment can attest that the list of recommendations resulting from such assessments is almost endless. The key to executing a successful security improvement plan is to identify and implement the 20 percent of changes that will yield 80 percent of the benefits. The recommendations and best practices described below often fall into the top 20 percent of changes that generate the greatest improvement in organizational readiness for responding to and recovering from cyber threats. Conduct all-inclusive risk and security assessments Risk assessments should include not just digital assets but an all-inclusive risk evaluation of facilities, suppliers, and even how you sell your goods and services. For example, if your organization sells in distant geographic regions through channel partners, these partners should be factored into risk evaluations for two reasons. First, these partners are essentially your organization s face to the world within their respective regions. Second, they re likely to be attractive, vulnerable targets for spearphishing, as they potentially represent a convenient vector for attacking your company. Digital risk assessments should be done at least once per year. If you stand up a new service or enter a new market, a corresponding risk assessment should be included as part of the project management process, baking security into the implementation. Locate and track high-value digital assets While keeping track of valuable digital assets sounds straightforward, many companies say this is one of the toughest challenges they face. Tracking high-value information assets can be tricky because of shadow IT in which processes run on systems that aren t managed by the enterprise IT team. This could run the gamut from a business unit storing sensitive information in a SaaS application to an accountant in your finance department running a spreadsheet of critical financial data on his unsecure home computer. Tracking high-value information is a critical capability in incident response and remediation. When threats or problems are first detected, you have to know how to isolate or effectively protect critical assets as fast as possible. Organizations must document where high-value assets are, who has access to them, who within the business owns the risk, and how the risk can be managed. IT and security teams can provide the right frameworks and tools for auto-discovery, including creating a single repository to track and manage key assets. page 7
8 Model threats and address top vulnerabilities Part of any security assessment should be threat modeling, which can be boiled down to a simple formula: Threat x Vulnerability x Potential Cost of Loss = Risk Stakeholders in business units and IT often don t understand the need for threat modeling, and many security practitioners don t have sufficient experience to do it well. A common pitfall is organizations tend to underestimate internal threats. The mostoverlooked internal risks are not disgruntled employees acting out of malice; they re often well-intentioned employees making critical mistakes oversights in documenting changes to an IT system s software application is a typical example. Threat modeling should be a collaborative, multi-disciplinary process, not an isolated exercise within the security team. Participants should work together on scoping out threats to the organization and how each may affect business units or assets. Ideally, threat modeling should be a creative process: organizations must plan with the same imagination and cunning as prospective adversaries. Threat models should also build on forensic evaluations of previous threats observed in your environment with the goal of identifying ways to neutralize cyber adversaries. For example, threat models should identify the organization s most frequent historical threat vectors. Then, if you discover that the number one point of compromise for your organization is phishing attacks, you ll know to implement processes, technology, and training programs to reduce the effectiveness of spear phishing. Good change management can have a huge preventive impact. Some people think that change management just slows them down, but consider what s the cost to your business if you don t do this and something gets compromised? It s rarely worth the risk. Dylan Owen, Raytheon Company Master change management processes Security change management procedures help track and respond to changes in IT assets and business processes that have material impact on security risks. It s a hard discipline to manage consistently, especially since many stakeholders in IT, the business, and even in security mistake it for an administrative checkbox that simply slows them down. So, they may forego documenting systems and processes because they re under pressure to complete a project quickly and believe they can circle back and report on additions and modifications later. But then key people on the implementation team leave, first-hand knowledge is lost, and dependencies are never recorded. Such omissions present unnecessary risks that can have serious consequences later. Change management processes should be factored into project management schedules. You should qualify the risks and rewards of change management requirements so stakeholders understand the potential cost to the business if something gets missed and contributes to a compromise. Train people to understand the impact of their actions. Simultaneously, stakeholders should evaluate how to fulfill change management requirements in the most efficient and expedient way possible. Part of change management is the discipline of identifying and documenting interdependencies between systems so IT and security teams are aware of how changes made to one system affect the state of another. Reconfiguring one part of your IT environment could create vulnerabilities somewhere else. For example, if an organization s back-end database provider releases a patch that s incompatible with the ERP implementation to which the organization s database is tied, then the database can t be patched until a fix can be arranged. Instead, the IT team must document why the patch was not installed and work with the security group to make sure vulnerabilities in the database system can be mitigated until updates can take effect. page 8
9 Deploy security staff selectively and strategically In many security operations centers (SOCs) a designation that this paper also uses to refer to critical incident response centers or teams (CIRCs/CIRTs) the roles and responsibilities for in-house personnel are not clearly defined. Analysts are accountable for many things simultaneously without clear direction on priorities. The adage if you try to do everything, you wind up doing nothing well applies here. Many SOCs would benefit from revisiting their staffing models, evaluating the capabilities of individual team members to put the right people in the right roles. That way, people with advanced or specialized skills are deployed in a way that best serves the needs of the security organization. A recent report from the Security for Business Innovation Council titled Transforming Information Security: Designing a State-of-the-art Extended Team recommends that organizations focus on building security capabilities in four key areas that will be new to most SOCs: cyber risk intelligence and data analytics, security data management, risk consultancy, and controls design and assurance. These emerging skills are seen by the Council s members as essential to providing the security capabilities needed to defend organizations against escalating cyber threats. Integrate security processes and technologies to scale resources Almost every security operations team today faces staffing shortages. The capabilities of in-house security personnel are usually stretched, and new headcount is hard to authorize. Most security professionals spend too much time on mundane tasks such patch management or manually pulling data from different systems or sorting through volumes of event logs, alerts, and threat intelligence with no categorization of relevance or importance. The productivity of security personnel can be dramatically raised through technology and process integration initiatives. As detailed in a February 2013 RSA Technical Brief Building an Intelligence-driven Security Operations Center, integrating security operations processes and technologies is arguably the single most beneficial thing that SOCs can do to boost staff productivity. Process and technology integration provides valuable context for analyzing triggered events. For example, proper context can determine whether events are related to highvalue assets such as mission-critical systems and applications, business processes handling sensitive data, or privileged users such as CIOs, CFOs, and IT administrators. This type of context can help establish event severity and criticality, directing analysts attention to where it s needed most. Another huge potential time-saver involves integrating various security tools so they feed into a central incident management console. Many security teams have yet to invest in centralized, real-time monitoring, and alerting. Instead, they compel security analysts to log into different systems (firewalls, IDS, and more) to collect alerts. Security tools should be integrated to push alerts into a central repository that provides a single-console view of aggregated events and alerts. Such consoles should track and coordinate workflows. This way, multiple analysts and users can work in parallel on different aspects of the same incident. A unified console presents all the contextual information for threats in one place; analysts don t have to chase down data scattered among disparate systems and locations to get the background needed for accurate decision-making. In addition to saving analysts time, tool integration can also manage workflows to facilitate adherence to procedural best practices. page 9
10 Data aggregation could happen within a traditional log/event-oriented SIEM system, for example. For organizations with mature SIEM capabilities, the next phase of improvement is to enhance their central data monitoring with greater visibility (network and endpoint) as well as analytic capabilities that can automate the early phases of threat detection and shorten analysts investigation times. In threat intelligence, data is king and context is queen. You can t be secure without mastering both. James Lugabihl, EMC Invest in threat intelligence capabilities Threat intelligence, long the domain of large enterprises and government agencies, is now being used by mid-sized and smaller companies to become more proactive and to protect their business relationships. Threat intelligence can sound daunting, but it does not necessarily need to involve ISACs and government agencies. For example, if you learn that the registrant of a bad domain linked to threat activity on your network has also registered 50 other domains, you could block them all. This is an example of leveraging intelligence to proactively improve your defenses. The simplest way to mine threat intelligence is to leverage the information already on your systems and networks. Many organizations don t fully mine logs from their perimeter devices and public-facing web servers for threat intelligence. For instance, organizations could review access logs from their web servers and look for connections coming from particular countries or IP addresses that could indicate reconnaissance activity. Or they could set up alerts when biographies of employees with privileged access to high-value systems attract unusual amounts of traffic, which could then be correlated with other indicators of threat activity to uncover signs of impending spearphishing attacks. Quantify the impact of security investments Finding budget is a common constraint that security teams cite for not making the investments needed to improve incident response and readiness. ROI is very difficult to prove because it requires that organizations measure return on solutions to security problems that may never materialize. Yet, to build support from business units for funding security initiatives, it helps to compare the cost of proactive remediation with the potential cost of compromise. The cost of security controls needs to be balanced against the business harm likely to result from security failures. That s where what if scenarios can prove helpful. In modeling what if scenarios, try to capture the full costs. For example, in addition to projecting the business and reputational costs of a breach within critical systems, also consider the costs for deploying backup systems while infected systems are taken down and cleaned. Quantifying the potential impact of new security investments can help security teams win support for new investments. It can also help organizations identify and prioritize investments that are most likely to result in substantial security improvements. page 10
11 CONCLUSION As information security becomes an ecosystem-wide endeavor, organizations will have to demonstrate they re doing their part to improve security for all. Organizations will have to become more disciplined about basic security hygiene, which remains a consistent stumbling block. Organizations will also have to embark on thorough assessments to improve their organizational readiness in responding to and recovering from cyber threats. Security assessments can be handled in-house by experienced staff, but many organizations choose to enlist outside help. External consultants can provide objective evaluations of the organization s current security practices, as well as contribute insights on best practices from multiple industries. Regardless of who conducts security assessments or what recommendations emerge for improvement, organizations should prioritize a limited number of investments that can deliver the greatest security benefits. Targeting the highest-impact investments can be done by quantifying the risks that would be mitigated by new controls or by seeking outside counsel on what has proven beneficial to other organizations. page 11
12 ABOUT THE AUTHORS James Lugabihl Global CIRC Senior Manager EMC Corporation James Lugabihl took over EMC s Critical Incident Response Center in June of He is responsible for monitoring EMC s global network and responding to threats that directly impact the organization. Since February 2005, James has been a part of EMC s Global Security Organization developing the framework for risk and security administration services and worked as an internal consultant for the CSO. Mr. Lugabihl began his information security career more than 15 years ago with the U.S. Navy s Fleet Information Warfare Center handling network monitoring and incident response. Dylan Owen CISSP, ISSEP, ISSMP, GPEN, GCFA, ITIL Cybersecurity Manager for Cybersecurity and Special Missions Raytheon Company Dylan Owen is responsible for developing and providing computer network defense solutions to Raytheon s government and commercial customers. He helps Raytheon customers review and improve their security readiness, focusing on organizational alignment as well as reviewing security architectures and SOPs. Mr. Owen has helped design and implement SOCs/CERTs and threat intelligence programs for government organizations and large companies. He has also helped clients stand up CERTs, including developing core processes, hiring staff, and implementing technology solutions. In previous positions at Raytheon, Mr. Owen developed expertise in certifying and accrediting IT systems, conducting computer security awareness training, managing vulnerability assessments, and investigating many different types of computer-related breaches. Timothy A. Rand Senior Manager Advanced Cyber Defense Practice RSA, The Security Division of EMC Tim Rand is responsible for professional services engagements for incident response/ discovery (IR/D), breach readiness, remediation, SOC/CIRC design, and proactive computer network defense. Prior to RSA, he was a lead security engineer for the Mitre Corporation. Earlier, he led enterprise-wide computer emergency response, attack sensing and warning, and proactive cyber operations for the Raytheon Company s Cyber Threat Operations team. Mr. Rand has more than 16 years of experience in developing technical staff and programs, cyber investigations, Advanced Persistent Threat (APT) defense, focused threat analysis, operations, and projects. He has held various technical leadership roles, including director for an environmental analysis laboratory and senior scientist for various enterprises such as the Lockheed Martin Company. (Continued on the next page) page 12
13 Peter M. Tran Senior Director Advanced Cyber Defense Practice RSA, The Security Division of EMC Peter Tran leads RSA s Advanced Cyber Defense Practice, which offers world-class professional services for global incident response and discovery (IR/D), breach readiness, remediation, SOC/CIRC redesign, and proactive computer network defenses. Mr. Tran has more than 18 years of government, commercial, and research experience in the fields of computer forensics, information assurance, and security. He is a recognized expert within the Department of Defense and U.S. federal law enforcement communities on computer forensics, malicious code, computer crime investigations, foreign counterintelligence, technology transfer, network security, and cyber espionage. He has authored several defense periodicals for his work involving distributed computer forensics and data analysis. Prior to RSA, Mr. Tran led Raytheon s commercial cyber professional services, as well as its enterprise Cyber Threat Operation Programs for SOC/CERT, IR/D, intelligence, APT threat analysis, technical operations, exploitation analysis, adversarial attack methodologies, and research and tools development. He held senior technical leadership roles with Northrop Grumman and Booz Allen Hamilton. Mr. Tran also worked as a Federal Law Enforcement Special Agent, forensic analyst, systems/security engineer, software product designer, and consultant in both technology prototyping and production. page 13
14 SECURITY SOLUTIONS FOR IMPROVING BREACH READINESS The products and services described below are designed to align with the best practices described in this RSA Security Brief. This security solutions overview is not intended to provide a comprehensive list of applicable products and services. Rather, it s intended to serve as a starting point for security practitioners wanting to learn about some of the options available to them. From Raytheon Company Insider Threat and Counter Intelligence Raytheon is the largest provider of insider threat solutions to the U.S. Government. Raytheon s SureView product enables safe and effective use of mission-critical technologies by capturing human behavior technical observables, which include policy violations, compliance incidents, or malicious acts that could be warning signs of a security breach. Trusted Thin Client (TTC) Trusted Thin Client is Raytheon s commercial-off-theshelf (COTS) solution that provides end users access to all allowable networks from a single device. TTC ensures homeland and corporate security while enabling the fast-paced exchange of data to foster seamless global collaboration across disparate classified or sensitive networks. Trusted Gateway System (TGS) A commercial-off-the-shelf (COTS) transfer solution, Trusted Gateway System provides exceptional built-in manual review and automatic validations, such as virus scanning, file type verification, dirty word search, and deep content inspection, enabling safe and simultaneous data movement between networks at different sensitivity levels. From RSA, The Security Division of EMC RSA Advanced Cyber Defense Practice has been developed to help clients safeguard their organizational mission by focusing on the protection of high-value assets, which are often the object of targeted attacks, and by developing the readiness, response, and resilience of their security operations. The practice s consultants are highly skilled security practitioners, each with 10-plus years average experience in incident response planning and in building, operating, and managing SOCs. RSA s security consultants don t just provide reports and recommendations; they also provide hands-on assistance with developing and improving incident-handling processes and procedures, automating securityrelated workflows to drive operational efficiencies, and generating actionable intelligence by gathering multiple sources of information and cultivating data analytics capabilities. Finally, the practice s consultants provide technology-neutral guidance on selecting and implementing security solutions that adapt to variable levels of risk. Collectively, the practice s consultants and services help clients shift from a reactive security stance to a proactive, advanced cyber-defense posture. RSA Archer GRC Suite is a market-leading solution for managing enterprise governance, risk, and compliance (GRC). It is designed to provide a flexible, collaborative platform to manage enterprise risks, automate business processes, demonstrate compliance, and gain visibility into exposures and gaps across the organization. The RSA Archer GRC platform is engineered to draw data from a wide variety of systems to serve as a central repository for risk-, compliance-, and security-related information. The RSA Archer Security Operations Management module is designed to provide a software system that manages incident workflows, page 14
15 reporting and notification requirements, staffing and work allocations, as well as other capabilities needed to efficiently manage a security operations center. This system also provides the required business and technical context (such as asset information) for incidents during investigations. RSA Education Services provide training courses on information security geared to IT staff, software developers, security professionals, and an organization s general employees. Courses combine theory, technology, and scenario-based exercises to engage participants in active learning. RSA Advanced Cyber Defense Training offerings are a series of instructional courses focused on improving the skills of security analysts in areas such as incident handling, the use of threat intelligence, malware analysis, and the detection and investigation of advanced threats. These courses are taught by expert personnel from the RSA Advanced Cyber Defense Practice. RSA Enterprise Compromise Assessment Tool (ECAT) is an enterprise threat detection and response solution designed to monitor and protect IT environments from undesirable software and the most elusive malware including deeply hidden rootkits, advanced persistent threats (APTs), and unidentified viruses. RSA ECAT is engineered to automate the detection of anomalies within computer applications and memory without relying on virus signatures. Instead of analyzing malware samples to create signatures, RSA ECAT establishes a baseline of anomalies from known good applications, filtering out background noise to uncover malicious activity in compromised machines. The RSA ECAT console presents a centralized view of activities occurring within a computer s memory, which can be used to quickly identify malware, regardless of whether a signature exists or if the malware has been seen before. Once a single malicious anomaly is identified, RSA ECAT can scan across thousands of machines to identify other endpoints that have been compromised or are similarly at risk. The RSA Live platform is engineered to help organizations capitalize on the collective intelligence and analytical skills of the global security community in detecting and countering advanced threats and other cyber attacks. The RSA Live platform is designed to gather advanced threat intelligence from a broad range of respected, reliable security service providers, including RSA researchers. RSA s expert researchers and analysts process security information from these myriad sources and deliver the most relevant data to the RSA Live community directly through RSA Security Analytics. RSA Security Analytics is designed to provide security organizations with the situational awareness needed to deal with their most pressing security issues. By analyzing network traffic and log event data, the RSA Security Analytics system helps organizations gain a comprehensive view of their IT environment, enabling security analysts to detect threats quickly, investigate and prioritize them, make remediation decisions, take action, and automatically generate reports. The RSA Security Analytics solution s distributed data architecture is engineered to collect, analyze, and archive massive volumes of data often hundreds of terabytes and beyond at very high speed using multiple modes of analysis. The RSA Security Analytics platform also is designed to ingest threat intelligence about the latest tools, techniques, and procedures in use by the attacker community to alert organizations to potential threats that are active in their enterprise. page 15
16 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, data loss prevention and fraud protection with industry leading egrc capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and EMC2, EMC, the EMC logo, RSA, Archer, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Raytheon, SureView, Trusted Thin Client, and Trusted Gateway System are registered trademarks or trademarks of Raytheon Company. All other products or services mentioned are trademarks of their respective companies. Copyright 2013 EMC Corporation. All rights reserved. Published in the USA. H12485 TCSHW-BRF-1013v2
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationBest Practices to Improve Breach Readiness
Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper
ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationThe Sophos Security Heartbeat:
The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationHP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise
HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationCLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL
CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL OVERVIEW This e-book contains insights on breach readiness, response and resiliency based on in-depth interviews
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationIBM Software IBM Business Process Management Suite. Increase business agility with the IBM Business Process Management Suite
IBM Software IBM Business Process Management Suite Increase business agility with the IBM Business Process Management Suite 2 Increase business agility with the IBM Business Process Management Suite We
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationWhite paper. Creating an Effective Security Operations Function
White paper Creating an Effective Security Operations Function Awareness of security issues is fundamental to an effective policy. When we think of a security operations center (SOC), we often have an
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More information