Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Transcription

1 Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges

2 The opportunity to improve cyber security has never been greater 229 2,287 67% Average days breached before discovery Days of longest presence Notified by external entities Source: Mandiant M-Trends 2014 Threat Report Source: Verizon 2014 Data Breach Investigations Report 2

3 Cyber criminals follow a common attack lifecycle Advanced threat agents are mature, organized, well funded and have strong motivations to achieve their objectives Threat Agents Nation States Organized Crime Activists Competitors Cyberwarfare, intellectual property theft, and espionage Monetization of data theft, fraud, attacker for hire services, etc. Drawing support for a cause, or drawing negative attention to a target Corporate espionage, reputation damage, disruption of operations Initial Compromise Target Acquisition Establish attack target (systems/ services, data, resources) Recon Perform technical and human reconnaissance Infiltration Period of Presence Silent Egress Remove evidence and/or retain covert access 3

4 Organizations need to move beyond a control or audit-centric mindset COMPLIANCE Audit-centric Controls based Driven largely by regulatory requirements Sample based Scope limited by audit domain Evaluated on a quarterly or annual basis SECURITY Business-centric Policy based Driven by business requirements Scope is holistic enterprise and extended community (i.e. 3 rd parties, suppliers, partners) Evaluated on a near real-time basis 4

5 Intelligent security adopts new capabilities to secure organizations Threat Intelligence Active Defense Vulnerability Management Security Incident Management Risk Management Advanced Security Analytics Operational Monitoring 5

6 Intelligent security utilizes sophisticated technologies AUTOMATION INCIDENT RESPONSE VISUALIZATION ANALYTICS BIG DATA PLATFORM Threat Network Logs Endpoint Intelligence Data Context 6

7 The Intelligent Security Operating Model integrates these capabilities SECURITY AUTOMATION & SERVICE MANAGEMENT A business measurement program focused on overall security posture and cyber security effectiveness Vulnerability Context VULNERABILITY MANAGEMENT Identification and management of organizational vulnerabilities Vulnerability Context OPERATIONAL MONITORING Centralized monitoring of infrastructure, users, and data events for alerts Events Operationalize Analytics Alerts Focused Monitoring Requests SECURITY INCIDENT MANAGEMENT The identification, response to, and recovery from security incidents Incidents EXPLORATORY SECURITY ANALYTICS Contextualization, data modeling, and visualization of operational monitoring data Intelligence Gathering Triggers THREAT INTELLIGENCE Collection, modeling, and analysis of organizational threats ACTIVE DEFENSE Dynamic response and counter-measures to active attacks Intelligence Gathering 7

8 RSA s portfolio contains solutions to meet today s challenges RSA Advanced Security Operations Center Solutions Security Analytics ECAT Data Loss Prevention RSA IT Security Risk Management Solutions Vulnerability Risk Management Security Operations Management RSA Archer GRC Solutions Regulatory Compliance Management Business Continuity Management Operational Risk RSA Live Intelligence Many more 8

9 RSA s portfolio aligns with the Intelligent Security Operating Model SECURITY AUTOMATION & SERVICE MANAGEMENT RSA Security Operations and RSA Archer GRC Vulnerability Context VULNERABILITY MANAGEMENT RSA Vulnerability Risk Manager Vulnerability Context OPERATIONAL MONITORING RSA Security Analytics for Network RSA Security Analytics for Logs Events Operationalize Analytics Alerts Focused Monitoring Requests SECURITY INCIDENT MANAGEMENT RSA Security Operations RSA ECAT Incidents EXPLORATORY SECURITY ANALYTICS Warehouse Visualization Intelligence Gathering Triggers ACTIVE DEFENSE RSA Archer GRC VMware Intelligence Gathering THREAT INTELLIGENCE RSA Live Intelligence 9

10 RSA Archer provides context and workflow to intelligent security RSA Archer Enterprise Management Business hierarchy Asset catalog Asset Risk information RSA Security Operations (SecOps) Security event triage Program Management Breach Communication Workflow RSA Vulnerability Risk Manager (VRM) Vulnerability Risk Prioritization Vulnerability Repair Workflow RSA Security Analytics (SA) Network Packet collection Event Log collection Alerting Security event analysis tools RSA ECAT Endpoint Breach Analysis 10

11 RSA Vulnerability Risk Manager is built on Archer and Analytics RSA VRM IT Security Analyst CISO VULNERABILITY ANALYTICS ANALYTICS ENGINE DATA COLLECTOR Devices Tickets Exceptions KPIs Administrator ARCHER VULNERABILITY RISK MANAGEMENT REPORTS WORKFLOWS RISK MANAGEMENT CONNECTION WITH GRC 11

12 RSA Security Analytics is integrated with Archer RSA SecOps CONTEXT ALERTS Incident Response Breach Response LAUNCH TO SA Aggregate Alerts to Incidents SOC Program Management Dashboard & Report Capture & Analyze Packets, Logs & Threat Feeds RSA Archer Enterprise Management (Context) RSA Archer BCM (Crisis Events) 12

13 Getting Started A Roadmap for Intelligent Security 13

14 Getting Started on Intelligent Security Foundational capabilities Establish capabilities to enable detection and response to known attack vectors Contextual awareness Develop deep contextualization of security events, uncover advanced threats early Adaptive threat management Deploy a flexible control model to proactively deter attacks by increasing the attacker s cost CAPABILITIES CAPABILITIES CAPABILITIES Define core metrics for program success Form security operations center (SOC) and incident response (IR) teams Develop incident response processes and procedures Collect system logs and network traffic Develop vulnerability management and threat intelligence capabilities Secure business application development Supplement SOC with breach hunters looking to identify earlystage attacks Deploy a big data advanced analytics platform Supplement SOC with data science capabilities Optimize SOC based upon performance metrics Orchestrate and automate responses Share threat intelligence information 14

15 Great opportunity to improve cyber security Intelligent security addresses this opportunity New capabilities Sophisticated technologies Integrated operating model RSA s portfolio is well aligned to enable intelligent security 15

16 THANK YOU