Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Similar documents
Attack Intelligence: Why It Matters

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and GLBA

CORE Insight Enterprise

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Becoming the APT. Thwarting Advanced Persistent Threats in Your Environment

IBM Security QRadar Risk Manager

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Risk Manager

How RSA has helped EMC to secure its Virtual Infrastructure

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Extreme Networks Security Analytics G2 Vulnerability Manager

The Cyber Threat Profiler

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

FIVE PRACTICAL STEPS

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Best Practices for Building a Security Operations Center

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

2011 Forrester Research, Inc. Reproduction Prohibited

Advanced Threats: The New World Order

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Securing Endpoints without a Security Expert

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Extreme Networks Security Analytics G2 Risk Manager

Continuous Network Monitoring

Cyber Situational Awareness for Enterprise Security

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

RSA Security Analytics

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Boosting enterprise security with integrated log management

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Advanced Threat Protection with Dell SecureWorks Security Services

I D C A N A L Y S T C O N N E C T I O N

BlackStratus for Managed Service Providers

Reference Architecture: Enterprise Security For The Cloud

What is Security Intelligence?

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

The Benefits of an Integrated Approach to Security in the Cloud

IBM Security IBM Corporation IBM Corporation

nfx One for Managed Service Providers

Breaking down silos of protection: An integrated approach to managing application security

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

IBM QRadar Security Intelligence April 2013

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Securing the Database Stack

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Eight Essential Elements for Effective Threat Intelligence Management May 2015

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

Gaining the upper hand in today s cyber security battle

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Cisco Advanced Services for Network Security

Q1 Labs Corporate Overview

Content Security: Protect Your Network with Five Must-Haves

1 Introduction Product Description Strengths and Challenges Copyright... 5

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security re-defines enterprise endpoint protection against advanced malware

Streamlining Web and Security

A HELPING HAND TO PROTECT YOUR REPUTATION

Vulnerability Management

The Sophos Security Heartbeat:

PCI White Paper Series. Compliance driven security

Tivoli Security Information and Event Manager V1.0

End-user Security Analytics Strengthens Protection with ArcSight

The Importance of Cybersecurity Monitoring for Utilities

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

CyberArk Privileged Threat Analytics. Solution Brief

Protecting Your Organisation from Targeted Cyber Intrusion

Countering Insider Threats Jeremy Ho

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Things To Do After You ve Been Hacked

QRadar SIEM 6.3 Datasheet

The Emergence of Security Business Intelligence: Risk

Optimizing Network Vulnerability

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Managing the Unpredictable Human Element of Cybersecurity

IBM Security Strategy

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

PCI DSS Reporting WHITEPAPER

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

What Do You Mean My Cloud Data Isn t Secure?

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

EXECUTIVE SUMMARY THE STATE OF BEHAVIORAL ANALYSIS

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Managed Security Services for Data

How To Build Security By Silo

Fighting Advanced Threats

Transcription:

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions Change is coming and it s coming fast. Like many sophisticated organizations, yours has discovered that two decades of investment in conventional IT security technology such as antivirus software, firewalls and intrusion detection tools are no longer enough to stop hackers armed with spear phishing e- mail messages, automated, web- based exploit kits and SQL injection attacks. These sophisticated adversaries - some driven by profit, others by political or ideological aims troll for sensitive information, vulnerable and misconfigured systems that can be used to throw open the doors to your critical IT assets. For your IT staff, this great and widening imbalance between threats and defenses demands new tools and strategies tailored to the attacks you now face. To keep the attackers at bay, you have a forest of security products: Firewalls. Antivirus. Intrusion detection. Access Management. Log management. Data leak protection. Vulnerability scanners. It s a complicated, silo d environment that has grown ever more crowded in the last decade, as each wrinkle in the threat landscape or new regulation spawns a new security solution. At the center of this is your RSA envision Security Information and Event Management (SIEM) system. It s your most important tool in keeping your network secure and compliant. Properly deployed and configured, SIEM systems like RSA envision enable you to capture, store, analyze and recall logged data from a wide range of network devices, applications, security tools, endpoints and storage infrastructure. EnVision s powerful analysis and reporting tools help you sift through and understand the output of networked infrastructure and security products and give you insight into what activity is transpiring in your environment. There s just one problem. Your SIEM can t help you with the issue you really care about: knowing what sophisticated hackers are thinking, and what they ll do before they do it. That s where CORE Security s CORE Insight Enterprise comes in. Optimizing Controls: Automated Attack Path Analysis with CORE Insight True: your envision deployment saves you thousands or tens of thousands of dollars merely by culling out duplicate and low- priority events. By automating log collection, aggregating data feeds and filtering out false positives, envision leaves your IT staff to deal with the dozens or hundreds of events that actually matter. But the fact is that there are limits to what your SIEM can do in its current configuration. Yes, it helps you to isolate the signal of meaningful security events from the noise of server logs and IDS events. But could that database breach your SIEM detected in Toronto lead to your Category 5 Market Sensitive Data? And how does the Toronto incident relate (if at all) to the file server compromise in the Boston office? Are they part of the same, larger attack, or are they isolated incidents? CORE Insight helps you answer those questions in real- time by helping you to better understand how a skilled hacker might attack your network. 2

CORE s patented, Predictive Security Intelligence Engine collects data about your network, then thinks like a hacker - - traversing all the possible paths attackers could use to get to high value assets, then identifying and predicting the paths that are most likely to succeed. Rather than relying on educated guesswork to make sense of envision s output, Insight s one- of- a- kind attack correlation engine collects and inspects alerts from SIEM products like RSA envision and validates them against known attack paths specific to your current network configuration with an eye to assessing each against factors such as exploitability, asset value and business impact. Using Insight, your team can fast- forward or predict a potential attacker s moves, pinpointing exploitable weaknesses in your network defenses and the business impact they could have. After the analysis is complete, that information is then turned back to envision in the form of high- value correlation rules in a fraction of the time it would take your IT staff to create similar rules manually. Once your IT team understands the downstream effects of an incident or threat detected in your environment and isolated by your SIEM, prioritizing and responding to it are simple matters. 3

Enforcing Security Best Practice with Real- time Intelligence Your IT environment is complex and growing more so every day. Sophisticated organizations today run distributed IT environments that span multiple geographic locations and comprise traditional network infrastructure along with virtual IT assets, cloud computing environments and mobile endpoints. Add to this the tendency of compliance programs to be narrowly focused, rather than broad in scope, and you have a recipe for chaos: as too few IT staff chase overlapping compliance objectives across a fast- changing and distributed environment. Tools like RSA s Archer egrc help connect the dots between disparate regulations and compliance programs and actual IT controls. But a critical blind spot still exists, namely: what is the actual security and compliance posture of the network at any moment in time? By marrying Insight s predictive security intelligence with envision s monitoring and alerting features and RSA s Archer egrc, you can verify that your IT controls are working as intended and your compliance requirements are aligned with the corporate plans. How? CORE Insight couples an automated system- wide threat assessment and attack planning security solution with powerful artificial intelligence (AI) that continuously and proactively assesses the security of critical information assets in real time. Customers define critical IT assets that are important to their organization, including systems handling sensitive data, data types, transactions, operations controls, and more. Next, Insight allows companies to emulate advanced attacks against those targets in a safe and controlled manner, making the same decisions that malicious hackers would make in traversing exploitable web application, network and client- side weaknesses in your environment. Rather than simply noting conformity with the letter of your organization s security policies, Insight s AI engine allows you to spot gaps in your compliance framework and verify that security controls like firewalls or policies actually thwart the kinds of attacks they were designed to stop, and immediately provides documented proof. At the same time, CORE Insight s attack intelligence is continually learning and adapting: replaying attacks that fail to find alternative paths to vulnerable systems and, in the process, discovering IT assets that your organization may not have considered important or even known about. The results of those iterative tests can then be fed back into your egrc and SIEM platforms, helping to tweak and refine policies and security infrastructure to account for alternative attack methods. 4

The Value of Security Intelligence to your Security Ecosystem Crippling attacks can happen to any organization, regardless of means. In an age of advanced persistent threats and targeted attacks, even sophisticated and well- resourced companies fall victim to faceless hackers if they fail to secure and monitor critical assets. After all: stopping a receptionist or support desk employee from clicking on a malicious Web link may be impossible. However, hardening application servers, databases that store critical customer account information or transaction processing systems is a more defined and achievable task. And, when critical systems are properly secured, the attacks that inevitably come will be less likely to succeed or spread from less sensitive to more sensitive systems, limiting the scope of compromises. Your organization has invested heavily in tools to help with this massive task. Technology like RSA s envision SIEM and Archer egrc help you make sense of your complex IT environment and map your security controls to actual compliance objectives. However, more is needed. To prevent state- of- the- art attacks, you need to do more than monitor your environment. You need to think and act like a hacker. This means identifying the exploitable vulnerabilities on their network and likely paths of attack that sophisticated hackers might use to gain access to sensitive systems and data. CORE Insight adds a valuable layer of security intelligence to your SIEM deployment that allows your staff to see your network in the way that likely adversaries see it with a focus on critical exposures and at risk data and systems. By predicting and mimicking the actions of hackers, Insight enhances the value of your other security investments: providing a layer of security intelligence and ongoing monitoring and measurement so that products like envision will get a real- time picture of an organization s security posture highlighting the highest risk for compromise within your IT ecosystem. To learn more about CORE Insight and how it can add value to your RSA envision and Archer egrc deployments, visit CORE s web site. (http://www.coresecurity.com/content/core- INSIGHT- Enterprise) About CORE Security CORE Security is the leading provider of predictive security intelligence solutions. We help more than 1,400 customers worldwide preempt critical security threats and more effectively communicate business risk. Our award- winning enterprise solutions are backed by over 15 years of expertise from the company s CORE Labs research center. Learn more at www.coresecurity.com. 5

41 Farnsworth Street Boston, MA 02210 USA Ph: +1 617.399.6980 www.coresecurity.com Blog: blog.coresecurity.com Twitter: @coresecurity Facebook: CORE Security LinkedIn: CORE Security 2012 CORE Security and the CORE Security logo are trademarks or registered trademarks of CORE SDI, Inc. All other brands & products are trademarks of their respective holders. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information