Joining Forces: Bringing Big Data to your Security Team

Similar documents
Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

RSA Security Anatomy of an Attack Lessons learned

Using Network Forensics to Visualize Advanced Persistent Threats

RSA Security Analytics

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Advanced Threats: The New World Order

The session is about to commence. Please switch your phone to silent!

Security Analytics for Smart Grid

Rashmi Knowles Chief Security Architect EMEA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

IBM QRadar Security Intelligence April 2013

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Getting Ahead of Advanced Threats

Detect & Investigate Threats. OVERVIEW

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

REVOLUTIONIZING ADVANCED THREAT PROTECTION

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Discover & Investigate Advanced Threats. OVERVIEW

Security and Privacy

After the Attack: RSA's Security Operations Transformed

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

What s New in Security Analytics Be the Hunter.. Not the Hunted

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

After the Attack. The Transformation of EMC Security Operations

Comprehensive Advanced Threat Defense

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Security Operations. Key technologies for your Security Operations Center. Davide Veneziano - RSA Technology Consultant

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

The Next Generation Security Operations Center

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

A New Perspective on Protecting Critical Networks from Attack:

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Data Science Transforming Security Operations

Enabling Security Operations with RSA envision. August, 2009

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM Security Strategy

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Unified Security, ATP and more

KEY STEPS FOLLOWING A DATA BREACH

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Breach Found. Did It Hurt?

The Sophos Security Heartbeat:

Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH

DYNAMIC DNS: DATA EXFILTRATION

Compliance Risks in APT Response & Defense

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

Active Response: Automated Risk Reduction or Manual Action?

SourceFireNext-Generation IPS

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Security Information & Event Management (SIEM)

Security strategies to stay off the Børsen front page

Analyzing HTTP/HTTPS Traffic Logs

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

A Case for Managed Security

Content Security: Protect Your Network with Five Must-Haves

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Intelligence Driven Security

Incident Response. Six Best Practices for Managing Cyber Breaches.

The Cloud App Visibility Blindspot

Cisco Advanced Malware Protection for Endpoints

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

THE EVOLUTION OF SIEM

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

The Hillstone and Trend Micro Joint Solution

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Find the needle in the security haystack

Countering Insider Threats Jeremy Ho

The Future of the Advanced SOC

Overcoming PCI Compliance Challenges

Bridging the gap between COTS tool alerting and raw data analysis

SANS Top 20 Critical Controls for Effective Cyber Defense

Advanced Threat Protection with Dell SecureWorks Security Services

Cisco Cloud Web Security

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

D. Grzetich 6/26/2013. The Problem We Face Today

IT Security Strategy and Priorities. Stefan Lager CTO Services

The User is Evolving. July 12, 2011

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Modular Network Security. Tyler Carter, McAfee Network Security

Cisco Advanced Malware Protection for Endpoints

Transcription:

Joining Forces: Bringing Big Data to your Security Team Alaa Abdulnabi, CISSP RSA Regional Pre-Sales Manager Turkey, Middle East & Africa @AlaaAbdulnabi 1

Facteurs de mutation du marché Appareils mobiles Cloud Big Data Effectifs étendus Chaînes de valeur interconnectées Menaces avancées persistantes Techniques de fraude élaborées Transformation de l infrastructure Moins de contrôle sur les périphériques d accès et sur l infrastructure back-end Transformation de l entreprise Encore plus hyperétendue et numérique Transformation du paysage des menaces Des tactiques fondamentalement différentes, plus redoutables que jamais 2

Old World Threats ATTACK FOCUS ON INTRUSION DEFENSE FOCUS ON PREVENTION 3

New World Advanced Threats 85% of breaches weeks or more to discover Breach response under 2 hours 60% reduced risk Source: Verizon 2012 Data Breach Investigations Report 4

Des menaces avancées radicalement différentes 1 CIBLÉES OBJECTIF PRÉCIS 2 FURTIVES 3 INTERACTIVES INTERVENTION HUMAINE DISCRÈTES ET LENTES Intrusion dans le système Début de l attaque Découverte de la dissimulation Attaques par rebonds Fin de la dissimulation TEMPS Fenêtre d attaque Temps de réponse 1 Réduire la fenêtre d attaque Identification de l attaque 2 Accélérer le temps de réponse Réponse 5

Profile of Attack: Data Exfiltration Unusual Network Traffic Multi-connections tunneled over non-standard port Authentication Check Directory logs authorized credentials from unknown IP 1 PASSWORD ****** 2 4 3 Ex-filtration Encrypted ZIP transmitted out of corporate network Authorization Checks VPN & Host log multiple credentials on multiple servers 6

Réallocation des ressources budgétaires et humaines Surveillance 15 % Réponse 5 % Surveillance 33 % Réponse 33 % Prévention 80 % Prévention 33 % Priorités actuelles Sécurité intelligente 7

To improve detection, investigation, & response organizations need COMPREHENSIVE VISIBILITY Analyze everything that s happening in my infrastructure AGILE ANALYTICS Enable me to efficiently analyze and investigate potential threats ACTIONABLE INTELLIGENCE Help me identify targets, threats & incidents OPTIMIZED INCIDENT MANAGEMENT Enable me to manage the incidents 8

IS WHERE SECURITY MEETS BIG DATA 9

Traditional: Collect and report on existing data to monitor and manage risk Advanced: Advanced analytics and algorithms generate predictive insights and active controls as direct result of data Security Analytics Source: EMC Study, Data Science Revealed: A Data-Driven Glimpse into the Burgeoning New Field, December 5, 2011 10

Security Analytics Platform Big Data Analytics Governance Data Apps Systems Network Alert & Report Investigate & Analyze SECURITY ANALYTICS + Store Visualize Respond Compliance ARCHER GRC Incident Management Remediation Public & Private Threat Intelligence 11

RSA FirstWatch RSA s elite, highly trained global threat research & intelligence team Providing covert and strategic threat intelligence on advanced threats & actors Focused on threats unknown to the security community Malicious code & content analysis Threat research & ecosystem analysis Profiling threat actors Research operationalized automatically via RSA Live 12

Prioritize Security Analyst Efforts Finding the Right Needle in a Stack of Needles All Network Traffic & Logs Downloads of executables Type does not match extension! Terabytes of Data 100% of total Thousands of Data Points 5% of total Hundreds of Data Points 0.2% of total Create Critical Asset Alerts A few dozen alerts 13

Asset Criticality Intelligence Asset Intelligence Asset List IT Info Device Type Device IDs Content (DLP) Category IP/MAC Add CMDBs, DLP scans, etc. Biz Context Device Owner Business Owner Business Unit Process RPO / RTO RSA ACI Criticality Rating IP Address Criticality Rating Business Unit Facility RSA Security Analytics Security analysts now have asset intelligence and business context to better analyze and prioritize alerts. 14

Asset Criticality Intelligence in Security Analytics Helps analyst better understand risk To prioritize investigation & response Asset criticality represented as metadata 15

Advanced Incident Management Offload response from security analyst Enhances management visibility Accelerates remediation Manage entire incident lifecycle 16

RSA Data Discovery for Security Analytics Discover sensitive data & improve investigations with DLP SharePoint File Servers Databases RSA Data Discovery Data Discovery Feed NAS/SAN Endpoints RSA Security Analytics Content-level Intelligence Security Analyst 17

RSA Data Discovery for Security Analytics Investigative Interface Data Discovery attributes available in SA Investigation UI help Security Analysts identify high risk assets and prioritize investigations 18

RSA ECAT Key Functionality & Benefits File Whitelisting Multi-engine AV scan Certificate Validation Network Traffic analysis Full System Inventory Direct physical disk inspection Live Memory Analysis X-ray view of what s happening on endpoints Identify behavior related to malware Highlight likely infections with Machine Suspect Level (MSL) Quickly triage results to gain actionable intelligence Find other infected machines & gauge scope of breach Forensic data gathering 19

Advanced Threat Detection & Incident Management with RSA SMC Portfolio RSA Security Analytics RSA Advanced Incident Mgmt. for Security (AIMS) Alerts Based on Rules Capture & Analyze NW Packets, Logs & Threat Feeds Syslog alert of high Machine Suspect Levels RSA ECAT Group Alerts Manage Workflows Provide Visibility Business & Security Users Detect suspicious endpoint activity 20

21