Getting Ahead of Advanced Threats

Similar documents
The Next Generation Security Operations Center

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Security Analytics for Smart Grid

The Future of the Advanced SOC

The session is about to commence. Please switch your phone to silent!

Using Network Forensics to Visualize Advanced Persistent Threats

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Security and Privacy

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

Rashmi Knowles Chief Security Architect EMEA

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

After the Attack. The Transformation of EMC Security Operations

Advanced Persistent Threats

RSA Security Anatomy of an Attack Lessons learned

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

THE EVOLUTION OF SIEM

Discover & Investigate Advanced Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW

RSA Security Analytics

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Advanced Threats: The New World Order

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

What s New in Security Analytics Be the Hunter.. Not the Hunted

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

Using SIEM for Real- Time Threat Detection

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

IBM Security IBM Corporation IBM Corporation

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Ahead of the threat with Security Intelligence

Combating a new generation of cybercriminal with in-depth security monitoring

ECOMMERCE AND MERCHANT FRAUD PREVENTION

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Mucho Big Data y La Seguridad para cuándo?

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Bridging the gap between COTS tool alerting and raw data analysis

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Joining Forces: Bringing Big Data to your Security Team

The SIEM Evaluator s Guide

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Teradata and Protegrity High-Value Protection for High-Value Data

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Defending Against Cyber Attacks with SessionLevel Network Security

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Modern Approach to Incident Response: Automated Response Architecture

Data Science Transforming Security Operations

CYBER SECURITY INFORMATION SHARING & COLLABORATION

IBM SECURITY QRADAR INCIDENT FORENSICS

Increase insight. Reduce risk. Feel confident.

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

A Primer on Cyber Threat Intelligence

Dr. Konstantinos Ap. Eleftherianos Dr. Konstantinos Papapanagiotou. ISACA Athens Chapter Conference Athens 4/11/2013

Become a hunter: fi nding the true value of SIEM.

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection


CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Data Analytics for a Secure Smart Grid

How To Create An Insight Analysis For Cyber Security

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cyber Situational Awareness for Enterprise Security

Best Practices to Improve Breach Readiness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

A New Perspective on Protecting Critical Networks from Attack:

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Advanced Threat Protection with Dell SecureWorks Security Services

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

KNOW THE UNKNOWN WITH SECURITY ANALYTICS

IBM Security Intelligence Strategy

QRadar SIEM and FireEye MPS Integration

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Speed Up Incident Response with Actionable Forensic Analytics

Security for the Cloud of Clouds

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Cyber Defense & Breach Response Privacy Issues

HP NonStop Server Security and HP ArcSight SIEM

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

How To Buy Nitro Security

Comprehensive Advanced Threat Defense

IBM QRadar Security Intelligence April 2013

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Discover Security That s Highly Intelligent.

Endpoint Threat Detection without the Pain

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Transcription:

Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1

Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized crime Organized, sophisticated supply chains (PII, financial services, retail) Nation state actors Non-state actors Terrorist s PII, government, defense industrial base, IP rich organizations PII, Government, critical infrastructure Anti-establishment vigilantes Hacktivists Targets of opportunity 2

Business & IT are evolving rapidly too 3

Traditional Security is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 4

Traditional Security is Unreliable Signature -based Perimeter oriented Compliance Driven 5

Effective Security Systems need to be: Agile Contextual Risk-Based 6

Resource Shift: Budgets and People Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 7

Reducing Attacker Free Time Attacker Surveillance Target Analysis Access Probe Attack Setup System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME ATTACKER FREE TIME Need to collapse free time TIME Physical Security Threat Analysis Attack Forecast Monitoring & Controls Defender Discovery Attack Identified Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) Incident Reportin g Containment & Eradication Impact Analysis System Reaction Damage Identification Response Recovery 8

How do Advanced Threats impact the business? 9

The Aftermath of an Advanced Attack Hard costs hurt Emergency cleanup costs Regulatory penalties Customer restitution Business process re-engineering Soft costs really hurt Missed opportunity due to cleanup focus Loss of customer confidence Decline in employee morale & goodwill 10

What is the approach for the future? 11

Today s Security Requirements Big Data Infrastructure Need a fast and scalable infrastructure to conduct short term and long term analysis Comprehensive Visibility See everything happening in my environment and normalize it High Powered Analytics Give me the speed and smarts to discover and investigate potential threats in near real time Integrated Intelligence Help me understand what to look for and what others have discovered 12

RSA Security Analytics: Changing The Security Management Status Quo Unified platform for security monitoring, incident investigations and compliance reporting SIEM Compliance Reports Device XMLs Log Parsing RSA Security Analytics Fast & Powerful Analytics Logs & Packets Unified Interface Analytics Warehouse Network Security Monitoring High Powered Analytics Big Data Infrastructure Integrated Intelligence SEE DATA YOU DIDN T SEE BEFORE, UNDERSTAND DATA YOU DIDN T EVEN CONSIDER BEFORE 13

RSA Live Integrated Intelligence How Do I Know What To Look For? Gathers advanced threat intelligence and content from the global security community & RSA FirstWatch Aggregates & consolidates the most pertinent information and fuses it with your organization's data Automatically distributes correlation rules, blacklists, parsers, views, feeds Operationalize Intelligence: Take advantage of what others have already found and apply against your current and historical data 14

DISTRIBUTED COLLECTION Security Analytics Architecture Enrichment Data Logs Packets EUROPE THE ANALYTICS Incident Management Reporting and Alerting Complex Event Processing NORTH AMERICA REAL-TIME Investigation Malware Analytics Administration Free Text Search Correlation Metadata Tagging Asset Criticality ASIA WAREHOUSE Compliance LONG-TERM RSA LIVE INTELLIGENCE SYSTEM Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information