The session is about to commence. Please switch your phone to silent!

Similar documents
Security Analytics for Smart Grid

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Getting Ahead of Advanced Threats

After the Attack. The Transformation of EMC Security Operations

The Future of the Advanced SOC

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

The Next Generation Security Operations Center

Advanced Threats: The New World Order

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Security and Privacy

Rashmi Knowles Chief Security Architect EMEA

Intelligence Driven Security

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Security Operations. Key technologies for your Security Operations Center. Davide Veneziano - RSA Technology Consultant

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

What s New in Security Analytics Be the Hunter.. Not the Hunted

Intelligence-Driven Security

Joining Forces: Bringing Big Data to your Security Team

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Using Network Forensics to Visualize Advanced Persistent Threats

Advanced Persistent Threats

RSA Security Anatomy of an Attack Lessons learned

THE EVOLUTION OF SIEM

A Primer on Cyber Threat Intelligence

Detect & Investigate Threats. OVERVIEW

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

RSA Security Analytics

Data Science Transforming Security Operations

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Combating a new generation of cybercriminal with in-depth security monitoring

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

CIAB FINANCE & DISRUPTION

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Endpoint Threat Detection without the Pain

Integrating a Big Data Platform into Government:

After the Attack: RSA's Security Operations Transformed

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

the challenge our mission our advisors

Best Practices to Improve Breach Readiness

Using SIEM for Real- Time Threat Detection

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

White. Paper. Rethinking Endpoint Security. February 2015

IBM Security Strategy

A New Perspective on Protecting Critical Networks from Attack:

Palo Alto Networks. October 6

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

How To Create Situational Awareness

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Gregg Gerber. Strategic Engagement, Emerging Markets

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

DYNAMIC DNS: DATA EXFILTRATION

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Discover & Investigate Advanced Threats. OVERVIEW

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

WHITE PAPER: THREAT INTELLIGENCE RANKING

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Unified Security, ATP and more

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Trends and the Customer Challenges in Identity and Access Management

Extending security intelligence with big data solutions

Information-driven Security and RSA Security Analytics and RSA ECAT

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Splunk Company Overview

The Big Data Paradigm Shift. Insight Through Automation

IBM QRadar Security Intelligence April 2013

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

TOP INNOVATIONS FOR CYBERSECURITY

Speed Up Incident Response with Actionable Forensic Analytics

Towards Threat Wisdom


Perspectives on Cyber Security Strategies & Tactics

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Ralf Kaltenbach, Regional Director Germany. Arrow Sommerforum 2015

7 Things All CFOs Should Know About Cyber Security

Situational Awareness A Discussion

Transcription:

The session is about to commence. Please switch your phone to silent! 1

Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2

TRUST? Years to earn, seconds to break 3

Market Disruptors Mobile Cloud Big Data Extended Workforce Networked Value Chains UNLOCKING THE FUTURE ENTERPRISE 2013 APTs Sophisticated Fraud Infrastructure Transformation Less control over access device and back-end infrastructure Business Transformation More hyper-extended, more digital Threat Landscape Transformation Fundamentally different tactics, more formidable than ever 4

Advanced Threats Are Different UNLOCKING THE FUTURE ENTERPRISE 2013 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time 1 Decrease Dwell Time Attack Identified 2 Speed Response Time Response 5

Who Are you Dealing with? UNLOCKING THE FUTURE ENTERPRISE 2013 NATION STATE ACTORS Nation states Government, defense industrial base, IP rich organizations, waterholes CRIMINALS NON-STATE ACTORS Petty criminals Unsophisticated, but noisy Insiders Various reasons, including collaboration with the enemy Organized crime Organized, sophisticated supply chains (PII, PCI, financial services, retail) Cyber-terrorists / Hacktivists Political targets of opportunity, mass disruption, mercenary 6

Organisations view of their security UNLOCKING THE FUTURE ENTERPRISE 2013 Prevention FTW!!!! 7

What It Looks Like to the Advance Adversaries loopholes loopholes 8

9

INCIDENT RESPONSE It starts with identifying the incident 10

Resource Shift: Budgets and People UNLOCKING THE FUTURE ENTERPRISE 2013 Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 11

12

Days of Investigation Completed In Hours ALERT!!... Multiple indicators to escalate a potential incident Session Recreated To Investigate PASSWORD 4 Additional Context Answers More Questions Incident Management Initiated 13

Security is Complex! UNLOCKING THE FUTURE ENTERPRISE 2013 SIEM Incident Process Malware Analyst Threat Analysis SOC Analyst Threat Analyst Centralize Alerts SOC Manager Network Manager Host Visibility Breach Coordinator Breach Process Legal Shift Handoff CISO Report KPIs IT HR Measure Efficacy Network Visibility Finance IT Handoff efraud DLP 14

People : Advanced Cyber Defense Training 15

Process : RSA Security Operations User Personas Security Operations Management Threat Intel Analyst L1 Analyst L2 Analyst SOC Analysts Incident Management Threat Intelligence Management SOC Manager Persona Driven Design CISO/CSO SOC Management Breach Management SOC Program Management CIO Business Mgr. Privacy Officer Compliance Legal HR Cross Functional Teams IT Security Risk Management Business-driven Security Operations Management 16

TECHNOLOGY : Advanced Security Ops Center SharePoint Asset Context Incident Management Vulnerability Risk Management RSA Security Operations Management Security Operations Management Windows Clients/Servers File Servers RSA Security Analytics Databases NAS/SAN RSA Data Discovery Enabled by RSA DLP Distributed Data Collection Capture Time Data Enrichment LIVE LIVE RSA ECAT Endpoints RSA Live Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 17

RSA Security Analytics Malware Analysis Integrated workflow streams enables you to see the before, during and after an event Allows customization of the analytical scoring logic 18

SHOW ME THE BIG DATA 19

Big Data Security Challenges 1. Big Data Infrastructure 2. Common Meta-Framework 3. Analytic Applications FAIL Database Ip.source src_ip Source_IP Ip-source Packet collection & processing Log collection & processing COMMON META FRAME WORK ETL ETL Hadoop HAWQ HIVE PIG R MAHOUT Analytic Application Machine Learning Predictive Analytics Neural Networks 20

BIG DATA Use Cases UNLOCKING THE FUTURE ENTERPRISE 2013 Blacklist IP Generator Identify new traffic that behaviorally consistent in traffic patterns to a known command-and-control IP Social Network Analyzer Discover closely clustered communication events that is known to be associated with infected unmanaged devices and dynamic command-and-control structure Machine Generated Domain Detector Measure readability of domain names to detect malware that uses domain generation algorithm 21

Today s Security Requirements UNLOCKING THE FUTURE ENTERPRISE 2013 Big Data Infrastructure Need a fast and scalable infrastructure to conduct real time and long term analysis Comprehensive Visibility See everything happening in my environment and normalize it High Powered Analytics Give me the speed and smarts to detect, investigate and prioritize potential threats Integrated Intelligence Help me understand what to look for and what others have discovered 22

Nicholas.Chia@RSA.com 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information