BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY Shaun McLagan General Manager, RSA Australia and New Zealand 1
Things have changed #2 Buzz word 2012 Big Data only behind something called Fiscal Cliff - TIME Magazine 2
Market Disruptors Mobile Cloud Big Data Extended Workforce Networked Value Chains APTs Sophisticated Fraud Infrastructure Transformation Less control over access device and back-end infrastructure Business Transformation More hyper-extended, more digital Threat Landscape Transformation Fundamentally different tactics, more formidable than ever 3
Traditional Security is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 4
Big Data Is everywhere Volume, Variety, Velocity 5
How Big is Big Data? Social and Personal 1,000,000,000 Queries a Day 900ms Average Response Time 250,000,000 New Photo s/day 900,000,000 Active Users 47,000 Apps Downloads per Minute 125,000,000 Users (icloud) 290,000,000 Updates/Day 135,000,000 Resumes Archived 6
Business and Transactional European Organization for Nuclear Research Generates 40TB of Scientific Data per Second More than 1 Million Transactions per Hour Generates 1 TB of New Trading Data per Day Credit Card Fraud Detection System Protects 2.1 Billion Active Accounts World-wide 137 Million Customers, 895 Million Products Real-time Recommendations 7
Big Data The world we live in. 8
BIG Data driving change 9
Opportunities $ 10
Challenges. 11
Bridge to Anatomy 12
Anatomy of an attack Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) 14
Anatomy of a response TIME Physical Security Threat Analysis Defender Discovery Attack Forecast Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) Monitoring & Controls Attack Identified Incident Reporting Containment & Eradication Impact Analysis Damage Identification System Reaction Response Recovery 15
Reducing Attacker Free Time Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME ATTACKER FREE TIME TIME Physical Security Threat Analysis Defender Discovery Attack Forecast Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) Monitoring & Controls Incident Reporting Attack Identified Containment & Eradication Damage Identification Impact Analysis Respons e Recovery System Reaction 16
Must learn to live in a state of compromise Constant compromise does not mean constant loss 17
Big Data and Analytics Addressing the Challenges 18
Companies require Comprehensive Visibility Agile Analytics Analyze everything that s happening in my infrastructure Enable me to efficiently analyze and investigate potential threats Actionable Intelligence Optimised Incident Management Help me identify targets, threats & incidents Enable me to manage these incidents 19
Changing The Security Management Status Unified platform for security monitoring, incident investigations and compliance reporting SIEM Compliance Reports Device XMLs Log Parsing RSA Security Analytics Fast & Powerful Analytics Logs & Packets Unified Interface Analytics Warehouse Network Security Monitoring High Powered Analytics Big Data Infrastructure Integrated Intelligence SEE DATA YOU DIDN T SEE BEFORE, UNDERSTAND DATA YOU DIDN T EVEN CONSIDER BEFORE 20
Trend Analysis and Pattern Detection Big Data Analytics Enables Risk Mitigation and Behavioral Prediction Security Analytics Live Trend Detected Small Grain, Continuous Streaming Data Web packets Email traffic Intra-org traffic Server Logs Security Logs Data Models Parsers& Alerts Fast Active Data Trend Validated & Details Big Historical Data 21
Summary Things have changed and continue to rapidly Traditional security is not working Existing tools are becoming less effective Combating advanced threats requires a new approach to security operations Security Analytics is RSAs new tool to support this approach 22
Next Steps - Recommendations Create a transformational security strategy Migrate from point products to a unified security architecture using open and scalable Big Data Tools Strengthen your operation s data science skills Leverage external threat intelligence Finally, create a shared data architecture for security information 23
Security Management Architecture 24
THANK YOU 25