Visie RSA 2009-2010
Upcoming SlideShare
Loading in...5
×
 

Visie RSA 2009-2010

on

  • 790 views

 

Statistics

Views

Total Views
790
Views on SlideShare
788
Embed Views
2

Actions

Likes
0
Downloads
8
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • RSA Data Security System Briefing May 25, 2010 - Confidential -
  • RSA Data Security System Briefing May 25, 2010 - Confidential -
  • RSA Data Security System Briefing May 25, 2010 - Confidential -
  • RSA Data Security System Briefing May 25, 2010 - Confidential -

Visie RSA 2009-2010 Visie RSA 2009-2010 Presentation Transcript

  •  
  • Visie RSA 2009-2010 Positionering RSA Visie Informatie Beveiliging Vertaling in product ontw. Data Leakage & Microsoft
  • RSA, De Security Divisie van EMC
    • EMC is het leidende informatie infrastructuur bedrijf wat organisaties helpt om informatie maximaal te benutten binnen hun bedrijf.
    RSA beschermd de confidentialiteit en integriteit van deze informatie, waar deze zich ook bevind. Protect Infrastructure Add Intelligence Virtualize and Automate Store
  • SECURITY .... Waar hebben we het over dan? IT security versus Informatie beveiliging
    • Technologie georiënteerd
    • Reactief
    • Perimeter-focused
    IT security Informatie beveiliging
    • Firewalls
    • Intrusion detection
    • Viruses, worms
    • System & app hardening
    • Encryptie
    • Penetratie testen
    • Patching
    • Authenticatie
    • Intellectual property
    • Business / financiële integriteit
    • Compliancy
    • Misbruik / fraude binnenuit
    • Industriële spionage
    • Privacy
    • Governance
    • Business georiënteerd
    • Proactief
    • Data-, persoon-, en activiteit-focused
    • Access & Identity Management
  • RSA Past & Present
    • Van pure IAM speler
      • Authenticatie, PKI, Web Access Management, Identity Management, SSO, Smart Cards, Card management enz.
    • Naar Informatie Beveiligings speler
      • SIEM tooling voor compliancy, SOC enz.
      • Fraude preventie (consumer)
      • Data Leakage protectie
      • Data classificatie tooling
      • Encryptie tooling
      • Centraal Key management
      • Security Consultancy, product agnostic
      • Authenticatie, Access Control en andere IAM tooling
    • … en de lijn daarbij is: Information Centric Security
  • Visie RSA 2009-2010 Positionering RSA Visie Informatie Beveiliging Vertaling in product ontw. Data Leakage & Microsoft
  • Security issues en bedreigingen bevinden zich overal binnen een bedrijf Worden onze policies eigenlijk wel gevolgd? Ja.. Denk het wel… Toch?
  • Jericho
  • De-perimeterisatie
    • Mobiliteit en collaboratie groeit
      • Huidige business (samen)werkmodellen veranderen infrastructuur eisen
        • Data wordt breder verspreidt, meer gedeeld, zowel geografisch als organisatorisch.
        • Veel meer vraag naar grotere mobiliteit & collaboratie mogelijkheden
      • Security is daarbij een grote inhibitor / vertrager
        • Management maakt zich druk over security in de mobiele infra
        • Business owners vrezen dat de data die ze delen met partners minder beveiligd / veilig is.
      • Aansprakelijkheid
        • Bedrijven worden door regelgeving steeds vaker met hun neus op hun aansprakelijkheid & verantwoordelijkheid gedrukt.
  • De-perimeterisatie
    • Het is al fundamenteel geaccepteerd, meeste security exploits omzeilen eenvoudig perimeters:
      • We laten e-mail door
      • We laten webverkeer door incl. bi-directional file transport
      • We zullen ook VoIP door moeten laten, als we dat al niet doen.
      • We laten encrypted verkeer toe (SSL, SMTP-TLS, VPN)
      • We hebben meerdere connecties met “partners”
      • Business vereist snelle(re) inter-company connectiviteit, zaken worden ge-outsourced, kennis wordt tijdelijk ingehuurd, enz.
  • Dus Informatie Beveiliging is moeilijk …omdat gevoelige informatie altijd in beweging & transformatie is Endpoint Storage Disk storage Back up disk Back up tape Outsourced Development Enterprise email Business Analytics Customer Portal File Server Applications Files Network Production Data Data warehouse DR Staging WW Campuses WW Customers WW Partners Remote Employees WAN WAN WWW VPN
  • Dus Informatie Beveiliging is moeilijk …want met elke beweging & transformatie worden risico’s geïntroduceerd Media Theft Device Theft Takeover Fraud Intercept Endpoint Storage Production Data Disk storage Back up disk Back up tape Outsourced Development Enterprise email Business Analytics Customer portal Media Loss Unauthorized Access DOS Corruption Unavailability Eavesdropping Data Theft Data Loss Device Loss Unintentional Distribution Unauthorized Access Unauthorized Activity Unauthorized Activity Network File Server Applications Files Data warehouse DR Staging WW Campuses WW Customers WAN WAN WWW VPN Remote Employees WW Partners
  • Information Centric Security + Perimeter-Centric Security Goal: Bouw en bescherm perimeters Information-Centric Security Goal: Manage en bescherm informatie Bouw en bescherm de bedrijfsgrens Manage en bescherm informatie en transacties
  • Bescherm het meest kritische bedrijfs asset: Informatie
    • Forrester: Data Centric Security framework:
    Policy definition Enforcement Monitoring & Response Measurement DATA Audit & risk management framework Forensics Information Leak protection Enterprise encryption & key mgnt. Enterprise rights management Identity & access mgnt. SIM Dataloss prevention Risicomanagement Policy Compliance
  • Leiderschap in Information Centric Security Data Loss Prevention MQ June 2008 “ RSA is vastly more than user authentication; it is a key portion of how companies, particularly in the financial industry, protect critical records and comply with critical regulations .” -- “ EMC Addresses the 2009 ‘OMG’ Budget”, ITBusiness Edge, Rob Enderle, Enderle Group, Dec. 9, 2008 Web Fraud Detection MQ Dec. 2008 SIEM MQ May 2008
  • RSA’s groeiende rol in het beschermen van Identiteiten
      • * Embedded in Microsoft, HP, Sun and IBM operating systems, Internet Explorer and Netscape browsers,
      • Ericsson, Nokia, Motorola phones, major US government agencies and the list goes on
    25+ Year legacy in information security 200 Million+ Identities protected 1 Billion+ Applications shipped with BSAFE® Encryption 34,000+ Organizations protected 120,000+ Phishing attacks shut down 200 Million+ online identities protected with RSA identification and protection technology 1 Billion+ applications shipped with RSA BSAFE ® encryption most widely deployed software in the world* 25+ year legacy in information security and risk management 34,000+ organizations protected by RSA technology 120,000+ online phishing attacks shut down by the RSA Anti-Fraud Command Center
  • Beveiliging van Internet Identiteiten zoals nodig voor Telebankieren.
  • Visie RSA 2009-2010 Positionering RSA Visie Informatie Beveiliging Vertaling in product ontw. Data Leakage & Microsoft
  • Risk-based uitgangspunt
    • Protect Important Information
    • Sensitive/Legal/Financial
    • PII
    • IP
    • Ignore Unimportant Information
    • Product Literature
    • Marketing Collateral
    • Corporate Information
    • Disable
    • Inexperienced Users
    • Disgruntled Employees
    • Criminals
    • Spies
    IDENTITIES INFRASTRUCTURE End Points Networks Apps/DB FS/CMS Storage RISK INFORMATION
    • Enable
    • Employees
    • Customer
    • Partners
    POLICY COLLECT – ANALYZE – REPORT – RESPOND
  • Het “RSA System” INFRASTRUCTUUR IDENTITIES Are my controls working? Am I compliant? End Points RSA Confidential Networks Apps/DB FS/CMS Storage INFRASTRUCTURE External Threat Protection Anti-Fraud RISK POLICY INFORMATION POLICY SIEM COLLECT – ANALYZE – REPORT – RESPOND POLICY Authentication Access Controls DLP Encrypt / Key Mgmt Policy Management Console POLICY SIEM Anti-Threat
  • Van Risico’s hebben -> In Control zijn
  • RSA enVision 3-in-1 SIEM Platform servers storage applications / databases security devices network devices Simplifying Compliance Compliance reports for regulations and internal policy Auditing Reporting Enhancing Security Real-time security alerting and analysis Forensics Alert / correlation Optimizing IT & Network Operations IT monitoring across the infrastructure Visibility Network baseline Purpose-built database (IPDB) RSA enVision Log Management platform
  • Vereenvoudig het Compliant zijn Robuste Alerting & Reporting
    • 1400+ rapporten “out of the box”
    • Eenvoudig aan te passen
    • Conform standaarden & regels zoals SOX, Basel II, Industrie Regels (PCI), Best Practices (ISO 27002, ITIL)
  • Verhoog het veilig zijn Zet real time events in een data formaat waarmee je wat kan. SIEM technology provides real-time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis. Mark Nicolette, Gartner Ondersteunt een closed-loop incident handling proces Rapporteert de effectiviteit van het security management
  • Real Time Incident Detectie Lokaliseer echte Incidents uit een bulk aan log-data Incidenten Gecorreleerde alerts Duizenden security-relevant events Miljoenen ruwe events ! ! ! CASES
  • Voorbeeld correlatie regel Correlation Rule Name: W32.Blaster Worm This correlated rule looks for a sequence and pattern of network activity that indicates the presence of the “Blaster worm or variants” within the network.
  • Optimaliseer IT & Network Operations Breng afwijkingen in kaart, eenvoudiger troubleshooten EMC Celerra System Shutdown System Failure
  • Voordelen van een centrale SIEM
    • Zet ruwe log data om in bruikbare informatie.
    • Verhoogd het zicht op security, compliancy en operationele problemen.
    • Bespaar tijd die anders besteed wordt aan compliance rapportages (excel)
    • Stroomlijn het Security Incident afhandel proces.
    • Verlaag operationele kosten die samenhangen met diverse logs, ILM, geassocieerde regels/wetgeving enz.
  • De rol van enVision in de Compliance Lifecycle Monitor, Meet, Rapporteer Implementeer de Controls (Technologie & Procedures) om aan de Regels/Wetten te voldoen “ Discover Assets”, Bepaal noodzakelijke controls Kijk waar de GAPS zijn Begrijp Regels/Wetten en hoe deze van toepassing zijn op je organization Corrigeer, Verbeter Consultancy RSA (enVision) helpt: Een lijst met assets te bouwen Automatisch rapportages over specifieke info voor auditors op te leveren. Rapportages aan te passen om niet-compliancy aan te pakken en te zien hoe de verbeteringen vorderen.
  • Visie RSA 2009-2010 Positionering RSA Visie Informatie Beveiliging Vertaling in product ontw. Data Leakage & Microsoft
    • 245M persoonlijke records openbaar geworden sinds 2005.
    • Compliancy wordt daardoor steeds strikter en moeilijker te realiseren en handhaven.
    DLP’s business uitdaging
    • Balans nodig tussen beveiliging en toegang.
    • Toenemende vraag & behoefte aan het delen van informatie voorbij de bedrijfsgrenzen.
    Source: Privacy Rights Clearinghouse Companies face growing risks of data leaks & increase in compliance requirements Data must be protected, but also be accessible
  • Enforce Allow, Notify, Block, Encrypt Enforce Allow, Justify, Block on Copy, Save As, Print, USB, Burn, etc. Remediate Delete, Move, Quarantine Discover Local drives, PST files, Office files, 300+ file types Monitor Email, webmail, IM/Chat, FTP, HTTP/S, TCP/IP Discover File shares, SharePoint sites, Databases, SAN/NAS RSA Data Loss Prevention Suite Unified Policy Mgmt & Enforcement Incident Workflow Dashboard & Reporting User & System Administration eDRM (e.g. RMS) Encryption Access Controls DLP Enterprise Manager DLP Datacenter DLP Network DLP Endpoint
  • Microsoft’s RMS (Rights Management) Access Control List Perimeter … but not usage Authorized Users Firewall Perimeter Unauthorized Users Authorized Users Unauthorized Users YES Information Leakage Location-based solutions protect initial access…
  • MS Rights Management Services Overview Persistent Protection +
    • RMS provides identity-based protection for sensitive data
      • Controls access to information across the information lifecycle
      • Allows only authorized access based on trusted identity – works online and offline, inside and outside the firewall
      • Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted
      • Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery
    Encryption Policy:
    • Access Permissions
    • Use Right Permissions
  • Gecombineerde RSA DLP en Microsoft RMS oplossing
    • RMS-only solutions are not content aware, requiring users to know and follow company policies regarding treatment of sensitive information
      • Legacy documents residing throughout the enterprise are often not protected
    • DLP-only solutions do not apply persistent protection controls to sensitive information
    • RMS protection is automatically applied based on RSA’s content classification
      • Reduces risk of data owners not applying policies properly
      • Protects most important data by applying controls based on data sensitivity
    • Automatically discover and apply RMS to sensitive legacy docs (file shares, SharePoint, Documentum, other content management systems)
      • Discover existing sensitive data at rest using DLP Datacenter and DLP Endpoint Discover
      • Apply RMS controls to persistently protect legacy documents
    • Securely share Intellectual Property (IP) and Regulatory data
    BEFORE: RMS and DLP Standalone AFTER: Integrated DLP with RMS Solution
  • Use Case: Bescherm Intellectual Property op Files 1. RMS admin creates RMS templates for data protection 2. RSA DLP admin designs policies to find sensitive data and protect it using RMS 3. RSA DLP discovers and classifies sensitive files 4. RSA DLP applies RMS controls based on policy
    • Automate the application of AD RMS protection based on sensitive information identified by RSA DLP
    • Apply RMS to sensitive legacy documents
    Find Patent Documents Apply Intellectual Property RMS Patents DLP Policy 5. Users request files - RMS provides policy based access R&D department Marketing department Others Microsoft AD RMS R&D Department Marketing Department Others View, Edit, Print View No Access Intellectual Property RMS RSA DLP Laptops/desktops SharePoint File Share
  • Uitgebreide whitepaper hierover op de website van Motiv
  • Vragen & Opmerkingen ? &