Rashmi Knowles Chief Security Architect EMEA

Similar documents
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Security Analytics for Smart Grid

Getting Ahead of Advanced Threats

RSA Security Analytics

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Advanced Threats: The New World Order

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Security and Privacy

The session is about to commence. Please switch your phone to silent!

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

The Next Generation Security Operations Center

Data Science Transforming Security Operations

How To Create Situational Awareness

RSA Security Anatomy of an Attack Lessons learned

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Bridging the gap between COTS tool alerting and raw data analysis

Advanced Persistent Threats

Joining Forces: Bringing Big Data to your Security Team

What s New in Security Analytics Be the Hunter.. Not the Hunted

IBM Security Intelligence Strategy

Using Network Forensics to Visualize Advanced Persistent Threats

IBM QRadar Security Intelligence April 2013

Intelligence Driven Security

Ralf Kaltenbach, Regional Director Germany. Arrow Sommerforum 2015

Unified Security, ATP and more

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Best Practices to Improve Breach Readiness

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

The Future of the Advanced SOC

I D C A N A L Y S T C O N N E C T I O N

Security strategies to stay off the Børsen front page

The Hillstone and Trend Micro Joint Solution

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Logging In: Auditing Cybersecurity in an Unsecure World

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

After the Attack. The Transformation of EMC Security Operations

2010 Data Breach Investigations Report

Intelligence-Driven Security

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

IBM Security Strategy

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Enterprise Cybersecurity: Building an Effective Defense

Hunting for the Undefined Threat: Advanced Analytics & Visualization

IBM Security IBM Corporation IBM Corporation

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Westcon Presentation on Security Innovation, Opportunity, and Compromise

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Bernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.

Cyber Security Metrics Dashboards & Analytics

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Innovations in Network Security

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

Cyber Situational Awareness for Enterprise Security

Effective Methods to Detect Current Security Threats

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

THE EVOLUTION OF SIEM

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Effective Log Management

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

The Benefits of an Integrated Approach to Security in the Cloud

Integrating MSS, SEP and NGFW to catch targeted APTs

Cisco Advanced Malware Protection for Endpoints

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

A New Perspective on Protecting Critical Networks from Attack:

The Cloud App Visibility Blindspot

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

How to Choose the Right Security Information and Event Management (SIEM) Solution

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

DYNAMIC DNS: DATA EXFILTRATION

A COMPLETE APPROACH TO SECURITY

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Evolution Of Cyber Threats & Defense Approaches

Combating a new generation of cybercriminal with in-depth security monitoring

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

McAfee Network Security Platform

integrating cutting-edge security technologies the case for SIEM & PAM

Transcription:

Rashmi Knowles Chief Security Architect EMEA

AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2

ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE FEDERATION OF COMPANIES Delivering The Software-Defined Enterprise. Solutions & Choice. BIG DATA SOLUTIONS PLATFORM AS A SERVICE AGILE APPLICATION DEVELOPMENT ENTERPRISE MOBILITY SOFTWARE-DEFINED DATA CENTER INFORMATION INFRASTRUCTURE CONVERGED INFRASTRUCTURE Partners vcloud Hybrid Service SERVICE PROVIDER 3

BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 4

DEMANDS OF NEW IT 10101010100101010 011001010101110010 1101010100101011111 Customers & Employees Want Immediate, Frictionless Access Through Mobile Devices Process Vast Quantities Of Customer & Partner Data In Real Time & Build Predictive Models Of The Future 5

DEMANDS OF NEW IT Immediate Access To Low Cost, Elastic Compute, Storage & Network Infrastructure Build New Customer-Centric Applications & Rapidly Iterate Based On Community Feedback. 6

CYBER SECURITY TRANSFORMATION Old IT New IT 64% PREVENT MONITOR RESPOND NETWORK PACKETS LOG FILES IT ASSETS INFORMATION ASSETS Security Is Perimeter-Based & Focused On Intrusion Prevention Big Data Store Adaptive, Data-Driven Security 7

A New Security Model and Approach Inevitability of Compromise DOESN T EQUATE TO INEVITABILITY OF LOSS 8

OUR EVOLVING IT INFRASTRUCTURE We can no longer rely on infrastructure as a point of control Cloud Customers Partners Third-Parties Mobile Employees BYOD On- Prem Shadow IT 9

SECURITY & RISK CHALLENGES We must mitigate risks as the org uses IT to drive forward Threats Cloud Customers Partners Third-Parties Identity & Access Management Mobile Employees BYOD On- Prem Shadow IT Fraud & Cybercrime Compliance 10

ATTACK TYPES Trojans Man-in-the-browser Tatanga DDos Cross-site scripting BOT Attacks Malware Stuxnet Ice 9 Gozi Watering hole SQL Injection Dugat Citadel Keyloggers Zero Day Drive-by download Zeus Odd Ball 11

A NEW SECURITY WORLD It will become increasingly difficult to secure infrastructure We must focus on people, the flow of data and on transactions 12

INTELLIGENCE DRIVEN SECURITY Visibility, Analysis, Action in Context of Business & IT Risk BUSINESS & IT RISK CONTEXT ACTION ANALYSIS VISIBILITY Act to mitigate business damage or loss Detect Anomalies that indicate risks or threats Collect data about what matters Identities-flow of data-transactions 13

INTELLIGENCE DRIVEN SECURITY Solution that turns security issues into intelligence driven actions giving you priority, results and progress. Security Issue Analytics Action Metrics Visibility + Analytics =Priority Priority + Action = Results Results + Metrics = Progress 14

ADVANCED THREATS ARE DIFFERENT System Intrusion 1 TARGETED SPECIFIC OBJECTIVE Attack Begins Cover-Up Discovery Leap Frog Attacks 2 INTERACTIVE HUMAN INVOLVEMENT Cover-Up Complete 3 STEALTHY LOW AND SLOW TIME Dwell Time Response Time 1 Decrease Dwell Time Attack Identified 2 Speed Response Time Response 15

SHIFT IN PRIORITIES AND CAPABILITIES Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 16

ORGANISATIONS MUST GET CREATIVE Focus on early detection of breaches to minimize your window of vulnerability. Move backward in the Kill chain The key is actively preserving, aggregating and reviewing data to detect a potential intrusion but also for post-event forensics 17

A MODERN INVESTIGATION is a big data analytics problem Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME Transactions Information Infrastructure Traffic Identity Are we seeing suspicious transactions against sensitive/high value apps/assets Sources WFD Transaction Monitoring SIEM SQL server logs What kind of data does this system store, transmit, process? Is this a regulatory issue? High value IP? Sources DLP Data Classification GRC Has the server been manipulated? Is it vulnerable? Has its config changed recently? Is it compliant with policy? Sources GRC System Config Mgmt Vul. Mgmt Are there traffic anomalies to/from these servers Protocol Distribution Encryption Suspicious destinations Sources Netflow Network Forensics Web Proxy Logs SIEM Which users were logged onto them Have their priv. been escalated? Where did they log in What else did they touch? Sources Active Directory Netflow Server Logs Asset Management SIEM 18

Advanced Security Operations Identity and Access Management Governance, Risk and Compliance Big Data Fuels Intelligence Driven Security 19

BIG DATA SOLUTION FOR BIG DATA PROBLEM Solutions engineered to deal with the volume, velocity and variety of data sources you need to process INGEST STORE ANALYZE SURFACE ACT CAPTURE & ENRICH MULTIPLE DATA SOURCES OUT OF THE BOX DATA SCIENCE & ANALYTICS TO DETECT COVERT CHANNELS REPORT & BUILD DATA DRIVEN APPS TO ACT ON INSIGHT Packets Endpoint Logs Netflow Security Operations RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Feeds Reports RSA Research 20

RSA SECURITY ANALYTICS Data Enrichment Alerts & Reporting Incident Response NETWORK SYSTEM PACKET METADATA LOG METADATA LIVE Investigation & Forensics Compliance Malware Analysis Intel Feeds Endpoint Visibility & Analysis LIVE Parsing & Tagging LIVE Business & IT Context Rules Parsers Alerts Feeds Apps Directories Reports & Custom Actions 21

DATA SCIENCE WITHOUT DATA SCIENTISTS Real threats don t advertise themselves use data science to find threat activity hiding in covert channels PACKETS LOGS Respond and Report ENDPOINT NETFLOW SCIENCE Triage SECURITY OPERATIONS Investigate RSA LIVE INTELLIGENCE 22

BENEFITS Data science brings new capabilities to security operations helping you meet your business goals Detect security attacks early in the attack cycle Identify what attackers did, and the business impact Improve productivity of security operations Build analytics that tackle your specific security challenges Build a single platform for security and IT 23

PLANNING YOUR JOURNEY Siloed point solutions, multiple management consoles, basic reporting Managed integrated security, expanded visibility, improved analysis/metrics Advantaged fully risk aware, identify opportunity Integrate data sources Reactive Manage known & unknown risks Proactive Make risk-based decisions Intelligent 24

Rashmi Knowles Chief Security Architect EMEA 25

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information