An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009
Changing Threats and More Demanding Regulations External attacks Malicious insiders taking financial info Data Center R&D Careless users leaking IP Costly audit requirements Executive Financial DMZ Ever-changing business requirements New Web 2.0 and P2P technologies
IT Staff Feels the Pressure Security team lacks visibility into the IT environment. Overwhelming to process raw log and event volume. Compliance is costly and resource-intensive. Real-time security posture is difficult to understand.
Issues and Needs Security team cannot see into the IT environment. Non-intrusive log collection to access all event sources. Overwhelming to process raw log and event volume. Complete information lifecycle management process. Real-time security posture is difficult to understand. Real-time risk-based prioritization of events. Compliance is timeconsuming. Compliance reports in minutes not weeks.
RSA envision 3-in-1 SIEM Platform Simplifying Compliance Enhancing Security Optimizing IT & Network Operations Compliance reports for regulations and internal policy Real-time security alerting and analysis IT monitoring across the infrastructure Reporting Auditing Forensics Alert / correlation Network baseline Visibility Purpose-built database (IPDB) RSA envision Log Management platform security devices network devices applications / databases servers storage
Simplifying Compliance Robust Alerting & Reporting 1400 reports+ included out of the box Easily customizable Grouped according to standards, e.g. National Laws (SOX, Basel II, JSOX), Industry Regulations (PCI), Best Practices & Standards (ISO 27002, ITIL)
Benefits Turns raw log data into actionable information Increases visibility into security, compliance and operational issues Saves time through compliance reporting Streamlines the security incident handling process Lowers operational costs
Why envision? Any Data - Any Scale Collection of any type of log data, real-time correlation, and best-in-breed scalability Lowest TCO SIEM solution Appliance form factor, agentless architecture Flexible but simple customization Most Complete Security Knowledge Comprehensive combination of event sources, correlation rules and reports Frequent updates to security knowledgebase Broad partner eco-system of strategic technology partners plus front-line security and compliance expertise Proven Solution with a large and active install base Unparalleled installed base of more than 1600 production customers Active online customer Intelligence Community for shared best practices and knowledge All from EMC/RSA Single strategic vendor with strong balance sheet Simplified IT operations, single point of contact, and global customer support Integration with RSA and EMC solutions (e.g. Access Manager, Authentication Manager, Voyence, Celerra, Symmetrix)
Compliance Case Study Flybe Airline Challenge Comply with PCI DSS requirements to monitor and track access to cardholder data and systems Respond to business growth Solution Log management platform for automated security information and event management Implementation services from RSA partner Gradian Results Automated collection, processing and reporting on thousands of event logs to demonstrate compliance Effortlessly scalable solution
Next Steps Read related materials: Best Practices in Log Management for Security and Compliance Security Information Lifecycle: Data Retention of Event Logs for Compliance Creating an Effective Security Operations Function Attend weekly product demo Help educate colleagues/peers Work with RSA to do a readiness assessment
Simplifying Compliance
Compliance challenges Historically compliance processes involved dedicated resources performing multiple tasks, manually and repetitively The process for Data collection was long and laborious Valuable Data was often missed or not included Analysis and reporting was expensive and slow, and involved multiple log collection and analysis tools Companies struggle to keep pace with understanding and complying to relevant laws and regulations
A multitude of Laws/ Rules/ Regulations to which an organization must comply PCI DSS HIPAA Internal Policy GLBA HSPD 12 CSB 1386 FISMA Country Privacy Laws COCOM SOX EU CDR UK RIPA Data Security Act FACTA EU Data Privacy FFIEC BASEL II J-SOX IRS 97-22 NERC NISPOM Partner Rules ACSI 33 NIST 800 State Privacy Laws
Regulations around the world America SOX (US) HIPPA (US) GLBA (US) USA Patriot Act (US) Tax Act (US) NASD rules (US) FDA 21 CFR 11 (US) SEC Rule 17a-3 & 17a-4 (US) CAN-SPAM Act (US) FTC Do-Not-Call List (US) COPPA (US) NIIPA (US) SB 1386 (California) PIPEDA (Canada) FATF (Latin America) International Basel II Information Security Forum OECD guidelines ISO EU LSF (France) KonTraG (Germany) BDSG (Germany) SigG (Germany) RIP (UK) Tumbull Report (UK) HRA and DPA (UK) NERC (Ukraine) South Africa King II Report EU Convention of Human Rights EU Privacy Directive EU Signature Directive WEE Directive RoHS Directive Antitrust Rule Asia Protection for Personal Information Act JSOX Australia Federal Privacy Act Privacy Amendment Act Spam Bill PSM ACSI 33
The Compliance Lifecycle RSA Professional Services can be engaged to provide consultancy Understand Regulations/ Laws and how it affects the organization Discover Assets, Determine necessary controls Identify Gaps Implement Controls (Technologies & Procedures) to meet specific Regulations/ Laws Monitor, Measure, Report RSA envision can help: Build a list of assets in the network Provide automated reports that provide specific information required by auditors Correct, Improve Customize reports to help track non-compliance & progress of improvements
RSA envision simplifies the Compliance Lifecycle By electronically capturing, processing and analyzing event logs, RSA envision digitises the monotonous, repetitive collection, analysis and reporting of relevant log data required by laws, regulations and standard, thus Freeing up resource to focus on other activities Saving organizations money
Automated Analysis for Simplifying the Compliance Lifecycle RSA envision automatically sorts event log data into information categories required for adhering to compliance requirements: Access Control Configuration Control Malicious Code Detection User Monitoring and Management Policy Enforcement Environmental & Transmission Security
RSA envision and the Compliance Lifecycle : The information gathered by RSA envision can be used to help an organization understand If it is compliant with regulations and laws What it needs to do to become compliant To show/ prove that it is compliant to auditors To provide evidence on compliance that can be used in a court of law
RSA envision Compliance Reporting RSA envision provides over 1100 reports included with the solution Market leading solution for comprehensive reporting for multiple standards, e.g.: National Laws Industry Regulations Best Practices & Standards Sarbanes-Oxley PCI ISO 27002
Top 5 Things SIEM must do to Simplify Compliance 1 Collect ALL the event log data, ALL the time! 2 Store the data from across the organization in a secure common data repository for global analysis 3 Ensure that the data is not filtered, edited, or changed in anyway 4 Ensure that the data is verifiable and authentic 5 Maintain an audit trail of all activity
How to comply with future regulations NOW! The only way to ensure that you will have the data that the auditor will want is to COSTS OF POWER AND COOLING Make sure you have 100% of the data
Summary RSA envision enables enterprises to use a single platform to simply their compliance processes for multiple laws and regulations: All of the Data, Verifiable and Authentic Automated, Out-of-the-Box reporting for multiple compliance requirements PCI DSS HIPAA Internal Policy GLBA HSPD 12 CSB 1386 FISMA Country Privacy Laws COCOM SOX EU CDR UK RIPA Data Security Act FACTA EU Data Privacy FFIEC BASEL II J-SOX IRS 97-22 NERC NISPOM Partner Rules ACSI 33 NIST 800 State Privacy Laws
RSA envision Stand-alone Appliances to Distributed Solutions 300,000 30000 EPS LS Series 10000 7500 5000 ES Series 2500 1000 500 # DEVICES 100 200 400 750 1250 1500 2048 30,000
RSA envision Deployment Scales from a single appliance. Baseline Correlated Alerts Report Realtime Analysis Forensics Interactive Query Integrated Incident Mgmt. Event Explorer Analyze Manage Collect Collect Collect UDS Windows Server Netscreen Firewall Cisco IPS Juniper IDP Microsoft ISS Trend Micro Antivirus Device Device RSA envision Supported Devices Legacy
RSA envision Deployment to a distributed, enterprise-wide architecture Realtime Correlation Scheduled Reports Realtime Alerting email Alerts Ad Hoc Reports Realtime Alerting Analyze Analyze Collect Remotely Manage Manage Manage Manage Collect Collect Collect Collect Collect Collect Collect Collect Collect Windows Servers Stockholm Collect Remotely Storage Device Oracle Financial Windows Server Netscreen Firewall Windows Workstation Cisco IPS Trend Micro Antivirus Storage Device Oracle Financial Cisco IPS New York Boston London Paris Local Collection with Global Analysis Fine Grain Role-Based Access Control
RSA envision Deployment to a distributed, enterprise-wide architecture A-SRV D-SRV NAS D-SRV LC NAS LC Chicago WW Security Operations London European Headquarters A-SRV D-SRV D-SRV Mumbai Remote Office LC NAS LC A-SRV: Analysis Server D-SRV: Data Server LC: Local Collector RC: Remote Collector New York WW Compliance Operations
RSA envision Market Proven Global Scalability Organization Driver Locations Events Devices Security Configuration Control Access Control Enforcement Privileged User Monitoring 34 240K/ Sec 20B/ Day 76.8T/ Year 30,000 Compliance & Security Real-Time Monitoring False Positive Reduction Access Control Enforcement 18 180K/ Sec 15.5B/ Day 5.6T/ Year 20,000 Compliance SAS 70 Compliance 28 450K/ Sec 38.8T/ Day 148T/ Year 28,000 Compliance & Security Log Management Monitoring Firewalls For Audits 4 80K/ Sec 6.9B/ Day 2.5T/ Year 4,000 Compliance Internal Audit 3 95K/ Sec 8.2T/ Day 2.9T/ Year 17,000 I-6