Ralf Kaltenbach, Regional Director Germany. Arrow Sommerforum 2015

Similar documents

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Rashmi Knowles Chief Security Architect EMEA

Advanced Threats: The New World Order

RSA Security Analytics

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Security Analytics for Smart Grid

The session is about to commence. Please switch your phone to silent!

What s New in Security Analytics Be the Hunter.. Not the Hunted

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Security and Privacy

THE EVOLUTION OF SIEM

Getting Ahead of Advanced Threats

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

After the Attack. The Transformation of EMC Security Operations

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

The Next Generation Security Operations Center

Joining Forces: Bringing Big Data to your Security Team

REVOLUTIONIZING ADVANCED THREAT PROTECTION

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

The Future of the Advanced SOC

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

RSA Security Anatomy of an Attack Lessons learned

Intelligence Driven Security

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

The Benefits of an Integrated Approach to Security in the Cloud

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

How To Create Situational Awareness

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Combating a new generation of cybercriminal with in-depth security monitoring

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Unified Security, ATP and more

IBM QRadar Security Intelligence April 2013

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Detect & Investigate Threats. OVERVIEW

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Sabine Bendiek, Geschäftsführerin EMC Deutschland GmbH

Enabling Security Operations with RSA envision. August, 2009

Best Practices to Improve Breach Readiness

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

Logging In: Auditing Cybersecurity in an Unsecure World

McAfee Network Security Platform

After the Attack: RSA's Security Operations Transformed

Find the needle in the security haystack

Security Information & Event Management (SIEM)

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

The SIEM Evaluator s Guide

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

IBM Security Strategy

Advanced Threat Protection with Dell SecureWorks Security Services

Data Science Transforming Security Operations

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

Cisco ASA und FirePOWER Services

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi

Integrating MSS, SEP and NGFW to catch targeted APTs

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Security Operations. Key technologies for your Security Operations Center. Davide Veneziano - RSA Technology Consultant

Using SIEM for Real- Time Threat Detection

IBM Security Intelligence Strategy

The webinar will begin shortly

How to Choose the Right Security Information and Event Management (SIEM) Solution

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Intelligence-Driven Security

Using Network Forensics to Visualize Advanced Persistent Threats

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

IT Security Strategy and Priorities. Stefan Lager CTO Services

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Discover & Investigate Advanced Threats. OVERVIEW

Palo Alto Networks. October 6

Vertrauen in Cloud Dienste schaffen

Glasnost or Tyranny? You Can Have Secure and Open Networks!

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Security strategies to stay off the Børsen front page

Symantec Endpoint Security Management Solutions Presentation and Demo for:

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

White. Paper. Rethinking Endpoint Security. February 2015

Italy. EY s Global Information Security Survey 2013

2012 North American Managed Security Service Providers Growth Leadership Award

IBM Security IBM Corporation IBM Corporation

Payment Card Industry Data Security Standard

RETHINKING CYBER SECURITY Changing the Business Conversation

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Transcription:

Ralf Kaltenbach, Regional Director Germany Arrow Sommerforum 2015

Unsere IT ist doch sicher 2

oder vielleicht doch nicht? 3

2015 VDBIR 4

VDBR - Hintergründe und High level Fakten Dozens of TBs of data One of the most collaborative, data-driven information security (InfoSec) reports in existence 70 contributors IR/forensic firms, CSIRTs, vendors & gov. agencies EMC CIRC Contributes The New York Times 2014: 700 articles related to data beaches 2013: Fewer than 125 5

High Level Findings Top 3 Ziele für Cyberangriffe: Public, Information companies, Financial Services (i.e. Banken und Versicherungen) Gefahren von innen signifikant, Schwerpunkt liegt jedoch immer noch auf Angriffen von extern. 6

Cyber-Espionage Detektion 99% % der Angriffe wurden NICHT durch logbasierende Technologien entdeckt % der Angriffe, bis zu deren Entdeckung mehrere 83% Wochen oder mehr vergingen - VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT 7

Hohe Angreifergeschwindigkeit In 60 % aller analysierten Fälle waren die Angreifer dazu in der Lage, präventive Hürden binnen 60% Minuten zu überwinden. - VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT 8

Hase und Igel: Angreifer haben die Nase vorn Attacker Capabilities The defender-detection deficit Defender Capabilities VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT 9

Zwei Oberziele um ACD Angriffe abzuwehren 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time 1 Dwell Time reduzieren Attack Identified Response 2 Reaktionsgeschwindigkeit erhöhen 10

BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS Source: IDC, 2012 RSA CONFIDENTIAL INTERNAL USE ONLY 11

12

Aktuelle Herausforderungen Ursache und Wirkung Identifikation neuer Bedrohungen Cloud Customers Partners Third-Parties Zugriffs- und Identitäts- Management Mobile Employees BYOD On- Prem Shadow IT Abwehr von Cybercrime Sicherstellung von Compliance 13

Neue Angriffsarten erfordern neue Qualität von Abwehr THREAT Simple Hacks Attacks Attack Campaigns NETWORK PROTECTION Firewall IDS NGFW / UTM IPS HOST PROTECTION A/V Malware Analytics DLP Host Forensics VISIBILITY ad hoc logging SIEM Network Forensics Network Forensics & Analytics REMEDIATION SERVICES N/A Specialists RSA CONFIDENTIAL INTERNAL USE ONLY 14

Threat Actors Firewall IDS/IPS Evolution of Threat Actors & Detection Implications At first, there were HACKS Preventative controls filter known attack paths AntiVirus Malicious Traffic Whitespace Successful HACKS Corporate Assets 15

Threat Actors Evolution of Threat Actors & Detection Implications Firewall IDS/IPS AntiVirus Malicious Traffic More Logs Blocked Session Blocked Session Blocked Session Alert S I E M At first, there were HACKS Preventative controls filter known attack paths Then, ATTACKS Despite increased investment in controls, including SIEM Whitespace Successful ATTACKS Corporate Assets 16

Threat Actors Firewall IDS/IPS AntiVirus Malicious Traffic Logs Endpoint VIsibility Network VIsibility Blocked Session Blocked Session Blocked Session Alert Process Network Sessions Security Analytics Evolution of Threat Actors & Detection Implications Now, successful ATTACK CAMPAIGNS target any and all whitespace. Complete visibility into every process and network sessions is required to eradicate the attacker opportunity. Unified platform for advanced threat detection & investigations, Corporate Assets 17

INTELLIGENCE DRIVEN SECURITY IN AKTION GOVERNANCE, RISK, & COMPLIANCE ANALYSE Threat Fraud Compliance Identity Cloud DATEN LOGS, PACKETS, NETFLOW, ENDPOINT, ID, VULNS, THREAT (INT & EXT) IDENTITY & ACCESS On Prem 18

Paradigmenwechsel in Security Monitoren 15% Reagieren 5% Monitoren 33% Reagieren 33% Vorsorge 80% Vorsorge 33% Prioritäten Heute Intelligence-Driven Security 19

RSA Security Analytics Architecture Visibility Analysis Action LIVE Cloud Packets Logs Capture Time Data Enrichment LIVE Security Operations Security Operations LIVE On Prem NetFlow Endpoint RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Feeds Reports RSA Research 20

ASOC Portfolio Security Analytics Log Monitoring (SIEM) Security Analytics Network Monitoring & Forensics ECAT Web Threat Detection Security Operations (Archer) RSA s Incident Response Services 21

Kernelemente ACD Services 8 core ACD domains Reporting Business Alignment Assess maturity Comprehensive report RSA Methodology Recommendations Roadmap Incident response Defense In-depth Analytic Intelligence Core domains Threat Intelligence Risk alignment Content intelligence 22

MATURITY LEVEL PER DOMAIN 23

SA 10.5 Themes & Capabilities Verfügbar seit Ende Q2 2015 Expanded Visibility Log collection from AWS Event Source Monitoring Integrated visibility into Web and mobile applications via WTD Enhanced Investigations Enhanced Reconstruction Streamlined Workflow Investigate restored compliance data Expanded SIEM Capabilities Hierarchical Alerting (Beta) Improved Alert tuning options Incident & Alert Workflow Platform Maturity Health & Wellness Data Privacy Alerting Audit Logging Centralized Role Context sensitive Based Permissions help Packaging & GTM Trust-based licensing model Use Case Packaging & Subscriptions 3 rd Party Storage Options This roadmap documents contains forward looking statements and are plans, not commitments 24

SOC-Organisationen und Skaleneffekte Tier 1 Analyst Tier 2 Analyst Analysis & Tools Support Analyst Threat Intelligence Analyst SOC Manager 25

Driver: Secure Access Driver: Achieve Compliance Multi-factor Auth Single-Sign On Federation Via Access Entitlements Via Governance Roles Policies Fulfillment Certifications Governance Reviews Authorization Request Via Lifecycle Collections Copyright 2015 EMC Corporation. Confidential and Proprietary. NDA Required 26

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.