Security Analytics for Smart Grid

Similar documents
The session is about to commence. Please switch your phone to silent!

Getting Ahead of Advanced Threats

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Best Practices to Improve Breach Readiness

The Next Generation Security Operations Center

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Rashmi Knowles Chief Security Architect EMEA

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

Using Network Forensics to Visualize Advanced Persistent Threats

Security and Privacy

Advanced Persistent Threats

After the Attack. The Transformation of EMC Security Operations

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Advanced Threats: The New World Order

Intelligence Driven Security

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

The Future of the Advanced SOC

RSA Security Analytics

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Detect & Investigate Threats. OVERVIEW

Discover & Investigate Advanced Threats. OVERVIEW

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Can We Become Resilient to Cyber Attacks?

DYNAMIC DNS: DATA EXFILTRATION

Modern Approach to Incident Response: Automated Response Architecture

RSA Security Anatomy of an Attack Lessons learned

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

What s New in Security Analytics Be the Hunter.. Not the Hunted

Joining Forces: Bringing Big Data to your Security Team

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

IBM Security Strategy

Using SIEM for Real- Time Threat Detection

A New Perspective on Protecting Critical Networks from Attack:

Speed Up Incident Response with Actionable Forensic Analytics

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

How To Create Situational Awareness

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Unified Security, ATP and more

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Comprehensive Advanced Threat Defense

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Cisco Advanced Malware Protection for Endpoints

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Defending Against Cyber Attacks with SessionLevel Network Security

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Data Science Transforming Security Operations

Performing Advanced Incident Response Interactive Exercise

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Evolution Of Cyber Threats & Defense Approaches

After the Attack: RSA's Security Operations Transformed

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

SourceFireNext-Generation IPS

IBM Security IBM Corporation IBM Corporation

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Intelligence-Driven Security

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Security Business Intelligence Big Data for Faster Detection/Response

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Advanced Threat Protection with Dell SecureWorks Security Services

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

Combating a new generation of cybercriminal with in-depth security monitoring

Innovations in Network Security

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Security strategies to stay off the Børsen front page

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Redefining SIEM to Real Time Security Intelligence

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Software that provides secure access to technology, everywhere.

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

State of Security Monitoring of Public Cloud

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Transcription:

Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1

No Shortage of Hard Security Challenges Mobile Cloud Big Extended Workforce Networked Value Chains APTs Sophisticated Fraud Infrastructure Transformation Business Transformation Threat Landscape Transformation Less control over access device and back-end infrastructure More hyper-extended, more digital Fundamentally different tactics, more formidable than ever http://www.emc.com/collateral/industry-overview/h11391-rpt-informationsecurity-shake-up.pdf?pid=sbiclandingpage-sbicspecialreport-122112 2

Emergence of New Attackers Petty criminals Organized crime Criminals Unsophisticated Organized, sophisticated supply chains (PII, financial services, retail) Nation state actors PII, government, defense industrial base, IP rich organizations Terrorists Anti-establishment vigilantes Non-state actors PII, Government, critical infrastructure Hacktivists Targets of opportunity 3

Targeted Attacks 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time Attack Identified Response 1 Decrease Dwell Time 2 Speed Response Time 4

Intelligence is the Game Changer 5

Security Analytics Use Cases Distributed Collection Capture Time Enrichment Incident Response PACKETS LOGS PARSING & METADATA TAGGING PACKET METADATA LOG METADATA Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis Endpoint Visibility & Analysis Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 6

Network Security Use Case (capture) Distributed Collection Capture Time Enrichment Incident Response PARSING & METADATA TAGGING PACKETS PACKET METADATA Reporting & Alerting Investigation & Forensics Compliance Malware Analysis Endpoint Visibility & Analysis Optional Intelligence Feeds Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 7

Incident Detection Use Case (streaming) Distributed Collection Capture Time Enrichment Incident Response PARSING & METADATA TAGGING LOGS LOG METADATA Reporting & Alerting Investigation & Forensics Compliance Malware Analysis Endpoint Visibility & Analysis Intelligence Feeds Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 8

Advanced Analysis Use Case (historical) Distributed Collection Capture Time Enrichment Incident Response PARSING & METADATA TAGGING PACKETS LOGS PACKET METADATA LOG METADATA Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis Endpoint Visibility & Analysis Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 9

Archived Storage Analysis Use Case (historical) Distributed Collection Capture Time Enrichment Incident Response PACKETS LOGS PARSING & METADATA TAGGING PACKET METADATA LOG METADATA Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis Endpoint Visibility & Analysis Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 10

Anomalous Behavior Detection Differentiating Cyber Criminals from Online Customers Velocity Page Sequence Origin Contextual Information Homepage Sign-in My Account Add Bill Payee Bill Pay Home Select Bill Payee Enter Pay Amount Submit Checking Account View Checking 11

Compromised Host Investigation Find compromised Server or Workstation acting as SPAM host Multiple outbound SMTP connections from workstation. Multiple internet DNS connections from workstation Find out how the workstation got infected User clicked on the link and got infected by Trojan from drive-by download. 1 2 4 Recreate phishing e-mail message Determine whether targeted phishing attack at play 3 Analyze malware Determine whether targeted or vanilla malware in use 12

Applying Security Analytics Readiness, Response & Resilience (R3) Controls Visibility Context A/V IDS/IPS Firewall/VPN Proxy SIEM Log Alerts Single UI Incident Management & Reporting Business Context Line of Business Owner Policy DLP DLP Alerts Risk Context Assessments Criticality Vulnerability Packets Host File Signature less Alerts Threat Context Subscriptions Community Open Source Device Administration Security Architecture Team Workflow & Automation, Rules, Alerts & Reports Content Intelligence Level 1 Triage Level 2 Triage Analytic Intelligence Level 3 Triage Threat Triage Threat Intelligence Warehouse & Ticketing System IT Team Expertise 13

Questions for Discussion Are the concerns regarding changes in threat landscape, information technology and business models relevant and significant? Are there use cases for security analytic for Smart Grid that would be a good place to start or particularly important? If you do security analytics currently, what information sources do you use to inform your security analyses? Security and safety analysis are closely related. Do you perform safety-related analysis currently? What is the main challenge SPARKS should address in the area of security analytics? Are there issues that you see in terms of applying security analytics to Smart Grid? 14

Thank You 15

Additional Questions for Discussion How much data does your smart-grid generate on average daily? How much of this data do you analyze? What is the most important device in terms of security in your smart grid network? What are the procedures that you use to check that it is properly working? 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information