The Next Generation Security Operations Center



Similar documents
Getting Ahead of Advanced Threats

The Future of the Advanced SOC

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Advanced Persistent Threats

Security Analytics for Smart Grid

RSA Security Anatomy of an Attack Lessons learned

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

Security and Privacy

The session is about to commence. Please switch your phone to silent!

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Advanced Threats: The New World Order

After the Attack. The Transformation of EMC Security Operations

Using Network Forensics to Visualize Advanced Persistent Threats

Rashmi Knowles Chief Security Architect EMEA

THE EVOLUTION OF SIEM

Defending Against Cyber Attacks with SessionLevel Network Security

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

RSA Security Analytics

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

Defending Against Data Beaches: Internal Controls for Cybersecurity

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Developing Secure Software in the Age of Advanced Persistent Threats

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Discover & Investigate Advanced Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW

The SIEM Evaluator s Guide

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

Combating a new generation of cybercriminal with in-depth security monitoring

Teradata and Protegrity High-Value Protection for High-Value Data

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

IBM Security IBM Corporation IBM Corporation

Incident Response. Six Best Practices for Managing Cyber Breaches.

Advanced Threat Protection with Dell SecureWorks Security Services

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

How To Create An Insight Analysis For Cyber Security

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Using SIEM for Real- Time Threat Detection

Intelligence Driven Security

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

SANS Top 20 Critical Controls for Effective Cyber Defense

Information Security Threats and Strategies. Ted Ericson Product Marketing - ASI

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Evolution Of Cyber Threats & Defense Approaches

Fighting Advanced Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Security strategies to stay off the Børsen front page

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Continuous Network Monitoring

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Practical Steps To Securing Process Control Networks

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Discover Security That s Highly Intelligent.

Best Practices to Improve Breach Readiness

SIEM and DLP Together: A More Intelligent Information Risk Management Strategy


DYNAMIC DNS: DATA EXFILTRATION

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

SIEM Orchestration. How McAfee Enterprise Security Manager can drive action, automate remediation, and increase situational awareness

Network Security Monitoring: Looking Beyond the Network

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

A Primer on Cyber Threat Intelligence

IBM Security Intelligence Strategy

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Enterprise Cybersecurity: Building an Effective Defense

Protecting against cyber threats and security breaches

Unified Security, ATP and more

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Obtaining Enterprise Cybersituational

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

External Supplier Control Requirements

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Transcription:

The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1

Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized crime Organized, sophisticated supply chains (PII, financial services, retail) Nation state actors PII, government, defense industrial base, IP rich organizations Non-state actors Terrorists PII, Government, critical infrastructure Anti-establishment vigilantes Hacktivists Targets of opportunity 2

Characteristics of advanced threats Single minded, determined and innovative Target individuals over systems Through reconnaissance will understand our processes, people & systems better than us Will exploit ANY weakness Countermeasures increase sophistication Custom malware, NOT detectable by signatures Are not in a hurry will take as long as it takes Goal is long term & persistent access 3

Business & IT are evolving rapidly too 4

Traditional Security is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 5

Transforming Security address the pervasiveness of dynamic, focused adversaries Advanced Traditional Security Security Close the risk gap Signature-based Deliver Perimeter new intelligence oriented Compliance Driven Enable agility Advanced Threat Agile Definitive Intelligent 6

Offense in Depth: Reducing Attacker Free Time Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Cover-up Starts Discovery/ Persistence Leap Frog Attacks Complete Cover-up Complete Maintain foothold ATTACKER FREE TIME Detect earlier 2 1 Need to collapse attacker free time TIME Need to collapse free time TIME Physical Security Threat Analysis Defender Discovery Attack Forecast Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) Monitoring & Controls Attack Identified Incident Reporting Containment & Eradication Impact Analysis Damage Identification System Reaction Response Recovery 7

8

9

Like air traffic control, NextGen SOCs require: Comprehensive Visibility Agile Analytics Analyze everything that s happening in my infrastructure Enable me to efficiently analyze and investigate potential threats Actionable Intelligence Optimize Incident Management Help me identify targets, threats & incidents Enable me to manage these incidents 10

EMC Critical Incident Response Center, Bedford, MA

Dealing with a Big Data situation Capture and analysis of network traffic and log event data Indexing data for real-time analysis Covering layers 2 to 7 Fusion of external threat intelligence from both public and private communities with internally captured network data Inclusion of other perimeter tools and infrastructure data 12

Security Analytics Example: Ripping away the hay with automated queries Start with all network traffic and logs SHOW ME all downloads of executable content (pdf, doc, exe, xls, jar etc) SHOW ME files where file type does not match extension ALERT ME for sessions to/from critical assets No SIEM will let you do this! 13

How does Security Analytics Get Deployed? Infrastructure Analytic Layer 14

Getting to the NextGen SOC Recognize Recognize a new approach is needed Focus Focus on your high value assets Examine Examine the impact of people and processes Quantify Quantify risks exposed through 3 rd party vendors Integrate Integrate advanced threat activity into overall security program. 1 Suzanne Wildup, The leaking vault: Five years of data breaches, Digital Forensics Association. July 2010. Available online at http://www.digitalforensicsassociation.org/storage/the_leaking_vault-five_years_of_data_breaches.pdf. 15

THANK YOU 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information