Your SlideShare is downloading. ×

101 ab 1530-1600

75
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
75
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Advanced SecuritySolution for TrustedITGary LauManager, Technology ConsultantGreater China 1
  • 2. The Changing Landscape 2
  • 3. Evolution of Attackers Petty Organized criminals crime Organized, sophisticated Criminals Unsophisticated supply chains (PII, financial services, retail)Nation state PII, government, defense industrial actors base, IP rich organizations Anti-establishment Terrorists vigilantes Non-state PII, Government, “Hacktivists” actors critical infrastructure Targets of opportunity 3
  • 4. Evolution of Attack Vectors Significant impact on business bottom line  Targeted malware  APTs Damage/Sophisticati  Hybrid Worms  Coordinated attacks  Web-application  Rootkits attacks  Financial Backdoor  Botnets  DoS/DDoS Trojans  Worms  Spyware  Spam  Viruses  Phishing on Minor Annoyance Hobbiest / Script Kiddies Threat Actors Nation States Petty Criminals Organize Crime Non-State Actors / Cyber Terrorists 4
  • 5. Anatomy of an Attack AttackerSurveillanc Attack e Target Attack Begins Discovery/ Leap Frog Analysis Set- Persistenc Access up System Attacks Cover-up e Probe Intrusion Complete Cover-up Starts Complete Maintain foothold TIME Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf) 5
  • 6. Anatomy of a Response TIME Physical Monitoring & Containme Security Controls nt & Impact Respons Eradication Incident e Threat Attack Analysi Forecast Reportin Recover Analysi s g System y s Defender Damage Reactio Discovery Attack n Identificati Identified onSource: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf) 6
  • 7. Reducing Attacker Free Time AttackerSurveillanc Attack e Target Attack Begins Discovery/ Leap Frog Analysis Set- Persistenc Access up System Attacks Cover-up e Probe Intrusion Complete Cover-up Starts Complete Maintain foothold TIME ATTACKER FREE TIME TIME Need to collapse free time Physical Monitoring & Containme Security Controls nt & Impact Respons Eradication Incident e Threat Attack Analysi Analysi Forecast Reportin Recover s s g System y Defender Reactio Discovery Damage Attack n Identificati Identified on Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf) 7
  • 8. Then: Infrastructure-Centric Now: User/Identity-Centric Public Cloud Hybrid Cloud Mobile Apps SaaS Static Static Static Dynamic Dynamic Dynamic Attacks Infrastructure Defenses Attacks Infrastructure Defenses Generic, Physical, IT- Signature-Based, Targeted Virtual, Analytics &Code-Based Controlled, Perimeter-Centric Human- User-Centric Risk-Based Hard Perimeter Centric & Connected 9
  • 9. Advanced Threats 83% of organizations believe they have 65% of organizations don’t believe they have been the victim of an Advanced sufficient resources to prevent Threats Advanced Threats 91% of breaches led to data compromise 79% of breaches took “weeks” within “days” or less or more to discoverSource: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”Source: Verizon 2011 Data Breach Investigations Report 10
  • 10. Mean Time to Detect (MTTD)Source: Ponemon Institute 11
  • 11. The Changing Mindset 12
  • 12. Must learn to live in astate of compromise Constant compromise does not mean constant loss 13
  • 13. The New Security Model 14
  • 14. Traditional Security isUnreliableSignature Perimeter Compliance -based oriented Driven 15
  • 15. As a resultOrganizations are…poorly unable to responding in aprepared for detect attacks manner that isadvanced in a timely chaotic andthreats manner uncoordinated 16
  • 16. EffectiveSecurity Systems need to be: agile contextual risk- based 17
  • 17. Security must Ensure… Enterprise …only theAdmins Users right people Data Center Applications …access ITaaS Management CRM ERP BI *** critical applications & Information information Infrastructure …over an I/F we trust. 18
  • 18. Disruptive Forces Enterprise …only the Mobile User AccessAdmins Users right people Transformation Data Center Applications …access Advanced ITaaS Management CRM ERP BI *** critical Threat Landscape Threats applications & Transformation Information information Infrastructure …over an I/F Cloud we trust. Back-end I/F Transformation 19
  • 19. The New IT Model Enterprise Clouds• Scenario Managed Unmanaged Web Devices Devices Admins Users From the Cloud To DC Mobile Apps Data Center Direct to Apps Direct to Cloud SaaS Applications VPN into DC ITaaS Management ITaaS Management CRM ERP BI *** PaaS Information Private Cloud IaaS Infrastructure Community 20
  • 20. The Security Stack ENTERPRISE CONTROL LAYER MANAGEMENT LAYER IDENTITY ADMIN & PROVISIONING IDENTITY  DEFINE POLICYAdmins Users ACCESS CONTROLS To DC  MAP POLICY GRC IDENTITY & ACCESS GOVERNANCE  MEASURE POLICY Data Center DLP CONTROLS INFORMATI Applications ON ENCRYPTION/TOKENIZATION I/F ITaaS Management CRM ERP BI *** OPERATIONS (SOC) INFORMATION RIGHTS Information MANAGEMENT SECURITY  DETECT Potential Threats ENDPOINT CONTROLS INFRASTRU  INVESTIGATE Attacks CTURE Infrastructure NETWORK/MESSAGING CONTROLS  RESPOND to Attacks APPLICATION CONTROLS 21
  • 21. THE CONTROL LAYER ENTERPRISE CONTROL LAYER CONTROL LAYER MANAGEMENT LAYER IDENTITY ADMIN & IDENTITY ADMIN & PROVISIONING PROVISIONING IDENTITY  DEFINE POLICYAdmins Users ACCESS CONTROLS ACCESS CONTROLS To DC  MAP POLICY GRC IDENTITY & ACCESS GOVERNANCE IDENTITY & ACCESS GOVERNANCE  MEASURE POLICY Data Center ENCRYPTION/TOKENIZATION I/F ENCRYPTION/TOKENIZATION I/F INFORMATI Applications ON DLP CONTROLS DLP CONTROLS ITaaS Management CRM ERP BI *** OPERATIONS (SOC) INFORMATION RIGHTS INFORMATION RIGHTS Information MANAGEMENT MANAGEMENT SECURITY  DETECT Potential Threats ENDPOINT CONTROLS ENDPOINT CONTROLS INFRASTRU  INVESTIGATE Attacks CTURE Infrastructure NETWORK/MESSAGING CONTROLS NETWORK/MESSAGING CONTROLS  RESPOND to Attacks APPLICATION CONTROLS APPLICATION CONTROLS 22
  • 22. The Management Layer ENTERPRISE CONTROL LAYER MANAGEMENT LAYER MANAGEMENT LAYER IDENTITY ADMIN & PROVISIONING IDENTITY  DEFINE POLICY  DEFINE POLICYAdmins Users ACCESS CONTROLS To DC  MAP POLICY  MAP POLICY GRC IDENTITY & ACCESS GOVERNANCE  MEASURE POLICY  MEASURE POLICY Data Center ENCRYPTION/TOKENIZATION I/F INFORMATI Applications ON DLP CONTROLS ITaaS Management CRM ERP BI *** OPERATIONS (SOC) INFORMATION RIGHTS Information MANAGEMENT SECURITY  DETECT Potential Threats  DETECT Potential Threats ENDPOINT CONTROLS INFRASTRU  INVESTIGATE Attacks  INVESTIGATE Attacks CTURE Infrastructure NETWORK/MESSAGING CONTROLS  RESPOND to Attacks  RESPOND to Attacks APPLICATION CONTROLS 23
  • 23. Critical Questions what what is how do I matters? going on? address it? Governance Comprehensive Visibility Actionable Intelligence 24
  • 24. Traditional SIEM Is Not Enough• How do you: –quickly determine how an attack happened? –reduce the “attacker free time” in your infrastructure? –prevent similar future attacks? ...SIEM needs to evolve Requires network and log data visibility Requires the fusion of internal & external intelligence Makes security a Big Data problem Resisting all attacks is not realistic, reacting fast to mitigate damage is © Copyright 2011 EMC Corporation. All rights reserved. 25
  • 25. Full Packet Capture is a must• Full packet capture is necessary to – Identify malware entering the environment and prioritize actions related to it (a very common source of advanced threat) – Track the lateral movement of an attacker once inside the organization, and – Prove exactly what happened and what data was exfiltrated, whether it was encrypted or not If SIEM is to address todays threats then it requires this information© Copyright 2011 EMC Corporation. All rights reserved. 26
  • 26. The Next Gen SOC Comprehensive Agile Visibility Analytics “Analyze everything that’s “Enable me to efficiently happening in my analyze and investigate infrastructure” potential threats” Actionable Optimized Incident Intelligence Management “Help me identify targets, “Enable me to manage threats & incidents” these incidents” 27
  • 27. next gen security operations 28
  • 28. Value of RSA Solutions Traditional Approach RSA’s Approach GOVERNANCE INTELLIGENCE GOVERNANCE INTELLIGENCE VISIBILITY VISIBILITY• Discrete products in silos • Transparent data flow between• Multiple vendors for each products product • Single vendor – tested integrations• Manual process to transfer data • Very high operational efficiencies• High TCO and low efficiency • Lower TCO and faster time to value 29
  • 29. RSA Approach Manage Business Risk, GOVERNANCE Policies and Workflows ADVANCED Collect, Retain and Analyze Internal VISIBILITY AND and External Intelligence ANALYTICS INTELLIGENT Rapid Response and Containment CONTROLS Cloud Network Mobility 30
  • 30. Meeting our Customers’ Challengeswith RSA Thought Leadership Manage Risk Prove Secure Access Secure and Threats Compliance for Increased Virtualization Throughout Consistently & Mobility & & Cloud Enterprise Affordably Collaboration Computing 31