Best Practices to Improve Breach Readiness

Similar documents

Security Analytics for Smart Grid

Intelligence Driven Security

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Rashmi Knowles Chief Security Architect EMEA

Advanced Threats: The New World Order

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

IBM QRadar Security Intelligence April 2013

QRadar SIEM and Zscaler Nanolog Streaming Service

CYBER SECURITY SERVICES PWNED

QRadar SIEM and FireEye MPS Integration

After the Attack. The Transformation of EMC Security Operations

Continuous Network Monitoring

The SIEM Evaluator s Guide

Average annual cost of security incidents

RSA Security Analytics

The Next Generation Security Operations Center

Detect & Investigate Threats. OVERVIEW

RFP Attachment C Classifications

The session is about to commence. Please switch your phone to silent!

What s New in Security Analytics Be the Hunter.. Not the Hunted

State of Security Monitoring of Public Cloud

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Business Resilience Communications. Planning and executing communication flows that support business continuity and operational effectiveness

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

The Benefits of an Integrated Approach to Security in the Cloud

Discover & Investigate Advanced Threats. OVERVIEW

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

How To Create Situational Awareness

Click to edit Master title style. How To Choose The Right MSSP

應用 SIEM 偵測與預防 APT 緩攻擊

Accenture Cyber Security Transformation. October 2015

IBM Security IBM Corporation IBM Corporation

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

After the Attack: RSA's Security Operations Transformed

Getting Ahead of Advanced Threats

Security strategies to stay off the Børsen front page

Cyber Security key emerging risk Q3 2015

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Security and Privacy

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Security Business Intelligence Big Data for Faster Detection/Response

Intelligence-Driven Security

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

DYNAMIC DNS: DATA EXFILTRATION

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

The webinar will begin shortly

Q1 Labs Corporate Overview

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Changing the Enterprise Security Landscape

HP NonStop Server Security and HP ArcSight SIEM

What is Security Intelligence?

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Log management & SIEM: QRadar Security Intelligence Platform

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

The Value of Vulnerability Management*

Lot 1 Service Specification MANAGED SECURITY SERVICES

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

The Future of the Advanced SOC

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Italy. EY s Global Information Security Survey 2013

IBM SECURITY QRADAR INCIDENT FORENSICS

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

場次 :C-3 公司名稱 :RSA, The Security Division of EMC 主題 : 如何應用網路封包分析對付資安威脅主講人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Information Technology Policy

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Metrics that Matter Security Risk Analytics

Active Response: Automated Risk Reduction or Manual Action?

End-user Security Analytics Strengthens Protection with ArcSight

White paper. Creating an Effective Security Operations Function

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Transcription:

Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1

Security Breaches 2

Security Breaches today Source 2013 Information Breaches Survey PwC 3

Organisation and Cost of Breaches Source 2013 Information Breaches Survey PwC 4

Security Incidents are Going Unnoticed * ESG white Paper The Big Data Security Analytics is Here, January 2014 Security Attacks are Sophisticated Too Many False Positive Responses Too Many Non-Integrated Tools Too Many Manual Processes Lack of Staff 5

Taking Charge of Security Organisations taking responsibility Conducting assessments of business risk Most breaches result from stumbling on basics: Neglecting basic security hygiene Relying only on threat prevention and detection Mistaking compliance for security Inadequate user training 6

What is the right level of Security? Organisations risk and requirements Value of Information assets Risk and Threat the organisation can expect to face Prevailing security practices for the organisation s peers 7

People Infrequent/irrelevant user training Inadequate security staff Teams roles and responsibilities not defined 8

Process Poor patch management Ad hoc incident response, no well defined processes Respond to fire drills no time to improve from learning 9

Technology No central monitoring or alerting Poor incident response and workflow Insufficient tools for forensics No threat intelligence collection or analysis 10

Best Practices 11

Transparency Trust Imperatives Relevance Resilience 12

Best Practices for Breach Readiness - 1 Conduct on-going, all-inclusive Risk Assessments Facilities and suppliers How you sell your goods and services Channel Partners Global coverage Annually baked into new services RISK 13

Best Practices for Breach Readiness - 2 Locate and track High Value Digital Assets What are they? Where are they? Who has access to them? Who in the business owns the risk? How can the risk be managed? 14

Best Practices for Breach Readiness - 3 Model Threats and Vulnerabilities Start with threat modelling Collaborative and multi-disciplinary Think like an attacker! Forensic evaluations of previous threats 15

Best Practices for Breach Readiness - 4 Master Change Management Not an administrative tick box Must be part of project management Qualify and quantify risk to stakeholders Identify and document dependencies 16

Best Practices for Breach Readiness - 5 Integrated Security Bring together Process + Technology + People People Process Incident Response Technology 17

Readiness, Response & Resilience (R3) A/V IDS/IPS Firewall/VPN Proxy Controls SIEM Log Alerts Visibility Single UI Incident Management & Reporting Context Business Context Line of Business Owner Policy DLP DLP Alerts Risk Context Assessments Criticality Vulnerability Packets Host File Signature less Alerts Threat Context Subscriptions Community Open Source Device Administration Security Architecture Team Workflow & Automation, Rules, Alerts & Reports Content Intelligence Level 1 Triage Level 2 Triage Analytic Intelligence Expertise Level 3 Triage Threat Triage Threat Intelligence Data Warehouse & Ticketing System IT Team 18

Best Practices for Breach Readiness - 6 Build Security Staff Define roles and responsibilities Establish capabilities in four key areas : Cyber risk intelligence and cyber analytics Security Data Management Risk Consultancy Controls design and assurance Response planning 19

Best Practices for Breach Readiness - 7 Invest in Threat Intelligence METRICS ANALYSIS ACTIONS 20

Best Practices for Breach Readiness - 8 Quantify Impact of Security investments Model what if scenarios Full costs : business, reputation and risk Deploying Backup systems Prioritizing budget 21

To... not prepare is the greatest of crimes; to be prepared beforehand for any contingency is the greatest of virtues Sun Tzu The Art of War 22

Resources Breach readiness http://www.emc.com/collateral/data-sheet/11814-acd-dsbreachreadiness.pdf http://www.otalliance.org/resources/incident/2014otadatabreachguide.p df Breach reports http://www.idtheftcenter.org/images/breach/itrc_breach_report_2014.p df http://www.pwc.co.uk/audit-assurance/publications/2013-informationsecurity-breaches-survey.jhtml Intelligence-driven security http://www.esg-global.com/blogs/esg-report-on-big-data-securityanalytics/ 23