Rashmi Knowles Chief Security Architect EMEA

Transcription

1 Rashmi Knowles Chief Security Architect EMEA

2 AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2

3 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE FEDERATION OF COMPANIES Delivering The Software-Defined Enterprise. Solutions & Choice. BIG DATA SOLUTIONS PLATFORM AS A SERVICE AGILE APPLICATION DEVELOPMENT ENTERPRISE MOBILITY SOFTWARE-DEFINED DATA CENTER INFORMATION INFRASTRUCTURE CONVERGED INFRASTRUCTURE Partners vcloud Hybrid Service SERVICE PROVIDER 3

4 BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 4

5 DEMANDS OF NEW IT Customers & Employees Want Immediate, Frictionless Access Through Mobile Devices Process Vast Quantities Of Customer & Partner Data In Real Time & Build Predictive Models Of The Future 5

6 DEMANDS OF NEW IT Immediate Access To Low Cost, Elastic Compute, Storage & Network Infrastructure Build New Customer-Centric Applications & Rapidly Iterate Based On Community Feedback. 6

7 CYBER SECURITY TRANSFORMATION Old IT New IT 64% PREVENT MONITOR RESPOND NETWORK PACKETS LOG FILES IT ASSETS INFORMATION ASSETS Security Is Perimeter-Based & Focused On Intrusion Prevention Big Data Store Adaptive, Data-Driven Security 7

8 A New Security Model and Approach Inevitability of Compromise DOESN T EQUATE TO INEVITABILITY OF LOSS 8

9 OUR EVOLVING IT INFRASTRUCTURE We can no longer rely on infrastructure as a point of control Cloud Customers Partners Third-Parties Mobile Employees BYOD On- Prem Shadow IT 9

10 SECURITY & RISK CHALLENGES We must mitigate risks as the org uses IT to drive forward Threats Cloud Customers Partners Third-Parties Identity & Access Management Mobile Employees BYOD On- Prem Shadow IT Fraud & Cybercrime Compliance 10

11 ATTACK TYPES Trojans Man-in-the-browser Tatanga DDos Cross-site scripting BOT Attacks Malware Stuxnet Ice 9 Gozi Watering hole SQL Injection Dugat Citadel Keyloggers Zero Day Drive-by download Zeus Odd Ball 11

12 A NEW SECURITY WORLD It will become increasingly difficult to secure infrastructure We must focus on people, the flow of data and on transactions 12

13 INTELLIGENCE DRIVEN SECURITY Visibility, Analysis, Action in Context of Business & IT Risk BUSINESS & IT RISK CONTEXT ACTION ANALYSIS VISIBILITY Act to mitigate business damage or loss Detect Anomalies that indicate risks or threats Collect data about what matters Identities-flow of data-transactions 13

14 INTELLIGENCE DRIVEN SECURITY Solution that turns security issues into intelligence driven actions giving you priority, results and progress. Security Issue Analytics Action Metrics Visibility + Analytics =Priority Priority + Action = Results Results + Metrics = Progress 14

15 ADVANCED THREATS ARE DIFFERENT System Intrusion 1 TARGETED SPECIFIC OBJECTIVE Attack Begins Cover-Up Discovery Leap Frog Attacks 2 INTERACTIVE HUMAN INVOLVEMENT Cover-Up Complete 3 STEALTHY LOW AND SLOW TIME Dwell Time Response Time 1 Decrease Dwell Time Attack Identified 2 Speed Response Time Response 15

16 SHIFT IN PRIORITIES AND CAPABILITIES Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 16

17 ORGANISATIONS MUST GET CREATIVE Focus on early detection of breaches to minimize your window of vulnerability. Move backward in the Kill chain The key is actively preserving, aggregating and reviewing data to detect a potential intrusion but also for post-event forensics 17

18 A MODERN INVESTIGATION is a big data analytics problem Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME Transactions Information Infrastructure Traffic Identity Are we seeing suspicious transactions against sensitive/high value apps/assets Sources WFD Transaction Monitoring SIEM SQL server logs What kind of data does this system store, transmit, process? Is this a regulatory issue? High value IP? Sources DLP Data Classification GRC Has the server been manipulated? Is it vulnerable? Has its config changed recently? Is it compliant with policy? Sources GRC System Config Mgmt Vul. Mgmt Are there traffic anomalies to/from these servers Protocol Distribution Encryption Suspicious destinations Sources Netflow Network Forensics Web Proxy Logs SIEM Which users were logged onto them Have their priv. been escalated? Where did they log in What else did they touch? Sources Active Directory Netflow Server Logs Asset Management SIEM 18

19 Advanced Security Operations Identity and Access Management Governance, Risk and Compliance Big Data Fuels Intelligence Driven Security 19

20 BIG DATA SOLUTION FOR BIG DATA PROBLEM Solutions engineered to deal with the volume, velocity and variety of data sources you need to process INGEST STORE ANALYZE SURFACE ACT CAPTURE & ENRICH MULTIPLE DATA SOURCES OUT OF THE BOX DATA SCIENCE & ANALYTICS TO DETECT COVERT CHANNELS REPORT & BUILD DATA DRIVEN APPS TO ACT ON INSIGHT Packets Endpoint Logs Netflow Security Operations RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Feeds Reports RSA Research 20

21 RSA SECURITY ANALYTICS Data Enrichment Alerts & Reporting Incident Response NETWORK SYSTEM PACKET METADATA LOG METADATA LIVE Investigation & Forensics Compliance Malware Analysis Intel Feeds Endpoint Visibility & Analysis LIVE Parsing & Tagging LIVE Business & IT Context Rules Parsers Alerts Feeds Apps Directories Reports & Custom Actions 21

22 DATA SCIENCE WITHOUT DATA SCIENTISTS Real threats don t advertise themselves use data science to find threat activity hiding in covert channels PACKETS LOGS Respond and Report ENDPOINT NETFLOW SCIENCE Triage SECURITY OPERATIONS Investigate RSA LIVE INTELLIGENCE 22

23 BENEFITS Data science brings new capabilities to security operations helping you meet your business goals Detect security attacks early in the attack cycle Identify what attackers did, and the business impact Improve productivity of security operations Build analytics that tackle your specific security challenges Build a single platform for security and IT 23

24 PLANNING YOUR JOURNEY Siloed point solutions, multiple management consoles, basic reporting Managed integrated security, expanded visibility, improved analysis/metrics Advantaged fully risk aware, identify opportunity Integrate data sources Reactive Manage known & unknown risks Proactive Make risk-based decisions Intelligent 24

25 Rashmi Knowles Chief Security Architect EMEA 25

26 EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.