Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Transcription

1 RSA envision: Transform your Security Operations A Technical overview & demo of RSA envision The Information Log Management Platform for Security and Compliance Success Eoin Thornton Senior Security Architect Zinopy Security Ltd.

2 Changing Threats and More Demanding Regulations External attacks Malicious insiders taking financial info Data Center R&D Careless users leaking IP Costly audit requirements Executive Financial DMZ Ever changing business requirements New Web 2.0 and P2P technologies

3 IT Staff Feels the Pressure Security team lacks visibility into the IT environment. Overwhelming to process raw log and event volume. Compliance is costly and resource intensive. Real time security posture is difficult to understand.

4 Issues and Needs Security team cannot see into the IT environment. Non intrusive log collection to access all event sources. Overwhelming to process raw log and event volume. Complete information lifecycle management process. Real time security posture is difficult to understand. Real time risk based prioritization of events. Compliance is timeconsuming. Compliance reports in minutes not weeks.

5 RSA envision 3 in 1 SIEM Platform Simplifying Compliance Enhancing Security Optimizing IT & Network Operations Compliance reports for regulations and internal policy Real time security alerting and analysis IT monitoring across the infrastructure Reporting Auditing Forensics Alert / correlation Network baseline Visibility Purpose built database (IPDB) RSA envision Log Management platform security devices network devices applications / databases servers storage

6 Simplifying Compliance Robust Alerting & Reporting 1400 reports+ included out of the box Easily customizable Grouped according to standards, e.g. National Laws (SOX, Basel II, JSOX), Industry Regulations (PCI), Best Practices & Standards (ISO 27002, ITIL)

7 Enhancing Security Support the 3 key aspects of Security Operations Turn Turn real real time time events, e.g. e.g. threats, into into actionable data data Create a a closed loop incident handling process Report Report on on the the effectiveness of of security management SIEM technology provides real time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis. Mark Nicolette, Gartner

8 Benefits Turns raw log data into actionable information Increases visibility into security, compliance and operational issues Saves time through compliance reporting Streamlines the security incident handling process Lowers operational costs

9 Why envision? Any Data Any Scale Collection of any type of log data, real time correlation, and best inbreed scalability Lowest TCO SIEM solution Appliance form factor, agentless architecture Flexible but simple customization Most Complete Security Knowledge Comprehensive combination of event sources, correlation rules and reports Frequent updates to security knowledgebase Broad partner eco system of strategic technology partners plus frontline security and compliance expertise Proven Solution with a large and active install base Unparalleled installed base of more than 1600 production customers Active online customer Intelligence Community for shared best practices and knowledge All from EMC/RSA Simplified IT operations, single point of contact, and global customer support Integration with RSA and EMC solutions (e.g. Access Manager, Authentication Manager, Voyence, Celerra, Symmetrix)

10 300, EPS RSA envision Stand alone Appliances to Distributed Solutions LS Series ES Series # DEVICES ,000

11 RSA envision Deployment Scales from a single appliance. Baseline Correlated Alerts Report Realtime Analysis Forensics Interactive Integrated Incident Query Mgmt. Event Explorer Analyze Manage Collect Collect Collect UDS Windows Server Netscreen Firewall Cisco IPS Juniper IDP Microsoft ISS Trend Micro Antivirus Device Device RSA envision Supported Devices Legacy

12 RSA envision Deployment to a distributed, enterprise wide architecture A SRV D SRV NAS D SRV LC NAS LC Chicago WW Security Operations London European Headquarters A SRV D SRV D SRV Mumbai Remote Office NAS LC LC A SRV: D SRV: LC: RC: Analysis Server Data Server Local Collector Remote Collector New York WW Compliance Operations

13 Technical demo

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63 Thank You! Any questions?