Presentation crafting your active security management strategy 3 keys and 4 steps


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Presentation crafting your active security management strategy 3 keys and 4 steps

  1. 1. Crafting Your Active Security Management Strategy: 3 Keys and 4 StepsEMC CONFIDENTIAL—INTERNAL USE ONLY 1
  2. 2. Agenda• Security Challenges: A Root-Cause Analysis• 3 Keys to Effective Security Management• RSA’s 4-Step ApproachEMC CONFIDENTIAL—INTERNAL USE ONLY 2
  3. 3. EMC eGRC Strategy eGRC Business Solutions Business Security Information Continuity Management Governance Management RSA Archer eGRC Management Platform Consulting/Implementation Best PracticesEMC CONFIDENTIAL—INTERNAL USE ONLY 3
  4. 4. Pop Quiz You have not maximized your security management program if… You are assessing compliance one regulation at a time You can’t prioritize your projects by risk You handle incidents like playing Whack-a-Mole You have mountains of security data and don’t use it Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget)EMC CONFIDENTIAL—INTERNAL USE ONLY 4
  5. 5. Security Challenges: A Root-Cause AnalysisEMC CONFIDENTIAL—INTERNAL USE ONLY 5
  6. 6. Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent CostlyEMC CONFIDENTIAL—INTERNAL USE ONLY 6
  7. 7. Result: Uncontrolled Risk Risk = Likelihood × Impact • threats • detection • vulnerabilities • response • value of target • value of target PRIORITIZE BY RISK: LIKELIHOOD IMPACT HIGH MEDIUM MEDIUM LOWEMC CONFIDENTIAL—INTERNAL USE ONLY 7
  8. 8. PlayStation suffersBusiness Impact massive data breach… Uncontrolled risk leads to… Increased Exposure to Inhibited Business Catastrophic Loss Objectives • Theft of trade secrets • Virtualization • Headline-making breaches • Consumer web services • Fines and penalties • Geographic expansionEMC CONFIDENTIAL—INTERNAL USE ONLY 8
  9. 9. Security is about… Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent. Hugh Thompson, Chief Security Strategist People SecurityEMC CONFIDENTIAL—INTERNAL USE ONLY 9
  10. 10. The 3 Keys to Effective Security ManagementEMC CONFIDENTIAL—INTERNAL USE ONLY 10
  11. 11. #1: Begin and End with Business Context Executive Audit Risk Legal, HR, etc Committee Committee Committee Business Authoritative Business Policies Objectives Sources Criticality Governance Security Monitoring ManagementEMC CONFIDENTIAL—INTERNAL USE ONLY 11
  12. 12. #2: Follow an Integrated Approach How? Define business objectives Business Define business-level risk targets Governance Define business-critical assets Security Risk Understand external and internal threat landscape Identify vulnerabilities Management Classify high-value assets Prioritize work by risk Operations Add security controls where needed Management Maximize monitoring and visibility Identify security events Incident Prioritize by business impact Management Report to business owners Reassess business risk and critical assetsSecurity Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 12
  13. 13. #3: Develop a Maturity Strategy Where do you want to be in 3 years? Current state Desired state Business Governance Security buried Basic guidelines Security is part of every inside IT defined by business business processSecurity RiskManagement Newspaper view Follow industry Manage business- of risk practices specific risks OperationsManagement Bare minimum tools Compliance- Risk-based controls driven controls and monitoring IncidentManagement Siloed monitoring Correlation and Advanced analytics prioritization Tactical Maturity Strategic EMC CONFIDENTIAL—INTERNAL USE ONLY 13
  15. 15. RSA Enables Security Management Archer Policy Management Business Archer Enterprise Management Governance Archer Compliance Management Security Risk Archer Risk and Threat Management DLP Risk Remediation Manager and Policy Workflow Manager Management NetWitness Spectrum Archer Enterprise Management Operations Solution for Cloud Security and Compliance Management EMC Ionix Integrations with asset managers Archer Incident Management Incident enVision SIEM Management DLP (Data Loss Prevention) NetWitness InvestigatorSecurity Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
  16. 16. Step 1:Security Risk Management Context Identification Assessment Mitigation EstablishmentEMC CONFIDENTIAL—INTERNAL USE ONLY 16
  17. 17. Security Risk Management Example: DLP Risk Remediation Manager Day 40 90% of files remediatedDay 3 Repeatable and1200 Owners continuously monitoredin 43 CountriesIdentified Analyst work space and executive metrics in RRM. Day 10 Day 1 RRM sends initial 30K files discovered questionnaire to data by RSA DLP owners “The new process was more than 4 times faster and much less disruptive to business.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 17
  18. 18. Step 2:Operations Management Control Configuration Operation Monitoring StandardsEMC CONFIDENTIAL—INTERNAL USE ONLY 18
  19. 19. Operations Management Example: RSA Solution for Cloud Security and Compliance Component Discovery and Population Configuration Measurement (40% automated) > 130 VMware Specific Archer Control Procedures Connector Framework alerts enVision >380 log messagesEMC CONFIDENTIAL—INTERNAL USE ONLY 19
  20. 20. Step 3:Incident Management Collection/ Correlation/ Investigation Remediation Detection PrioritizationEMC CONFIDENTIAL—INTERNAL USE ONLY 20
  21. 21. Incident Management Example:RSA Solution for Security Incident Management Enterprise and Policy MgrenVision alerts are put in context with enterprise assets, risk, process, Context Policy teams, etc. Connector Framework Incident Dashboards Near Real-time feed into Archer and Workflow Plug-in Architecture for additional Incidents are assigned in work incident and compliance solutions queues, workflow automates the case management process. Metrics are rolled up into an executive level dashboard SIEM Formatted XML data out of enVision Task Triage – Incident details with “We saved 1,500 associated notes hours a month due to the integration.” - EMC CIRCEMC CONFIDENTIAL—INTERNAL USE ONLY 21
  22. 22. Step 4:Business-Driven Management IT Risk Operations Incident Management Management Management “MassMutual’s approach to security is now based on a more current holistic view of the enterprise.” - Mike Foley, CIO, MassMutualEMC CONFIDENTIAL—INTERNAL USE ONLY 22
  23. 23. Business Driven Customer Success BEFORE AFTER NEEDS Protect More current, holistic view • 6,000 employees and PCs of the enterpriseManaging risk in a • Thousands of servers andfinancial services network devices Faster response to critical • 700 applicationsfirm with $420B in threats and potential • Personal information of moreassets than 12 million customers exploitsMassMutual’s approach See big picture and drill Consolidated all critical ITto security is “now down on specifics risks into real timebased on a morecurrent holistic view of executive dashboards Identify & Prioritizethe enterprise.” critical risks Mike Foley, CIO 97.5% cost reduction in MassMutual the risk analysis process Information Week Article Automate risk assessmentsEMC CONFIDENTIAL—INTERNAL USE ONLY 23
  24. 24. Leading Products, Better Together Archer enVision DLP VMware Integration & Solution Sol’n for Security Incident Mgmt DLP Risk Remediation Manager DLP Policy Workflow Manager Content-aware SIEM Sol’n for Cloud Security & Compliance SecurBook for VMware View (VDI) NetWitness: integrations to be announced! Leader Leader Leader eGRC SIEM Data Loss PreventionEMC CONFIDENTIAL—INTERNAL USE ONLY 24
  25. 25. Take a Strategic Approach with RSA Step 4: Most organizations are here Business-Oriented • Security fully Step 3: embedded in IT Risk-Oriented enterprise processes • data fully integrated • Proactive and with business context Step 2: assessment based • Security tools Compliance-Driven • Collect data needed to integrated with detect advanced business tools • Check-box mentality threats Step 1: • Collect data needed • Security tools Legacy for compliance integration providing • Tactical tools with technical visibility Approach • Security is “necessary compliance reporting evil”Information • No monitoringTechnology • Reactive and tactical point products “Security management is going to be baked into many layers of business operations. That’s what I’m seeing in my organization.” - Member, RSA Security Management Working Group EMC CONFIDENTIAL—INTERNAL USE ONLY 25
  26. 26. In Action: Critical Incident Response CenterEMC Critical Incident Response Center, Bedford, MA Integrated Business Context Process Automation Visibility Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 26
  27. 27. Next Steps and Resources • Round Table Discussion on Privacy • Incident Management Solution Brief • Privacy Survey • eGRC White Paper • Ovum ResearchEMC CONFIDENTIAL—INTERNAL USE ONLY 27
  29. 29. These backup slides just provide more product details on the 4 stepsEMC CONFIDENTIAL—INTERNAL USE ONLY 29
  30. 30. Step 1:Security Risk Management Context Identification Assessment Mitigation Establishment Archer • Capture and relate risks to business objectives • Import data from vulnerability assessments, threat feeds (eGRC) • Build and deliver online assessments • Resolve findings to reduce risk to tolerable levels DLP • Map DLP policies to business policies • Identify sensitive data in vulnerable locations • Just-in-time education of end-users reduce future risksNetWitness • Risk-based identification of malicious codeEMC CONFIDENTIAL—INTERNAL USE ONLY 30
  31. 31. Step 2:Operations Management Control Configuration Operation Monitoring Standards Archer • Control Standards: 900+ standards • Configuration: 4500+ control procedures (eGRC) • Monitoring: 8500+ question library enVision • Real-time monitoring from the most event sources • Reporting: 1200+ out of box reports (SIEM)EMC CONFIDENTIAL—INTERNAL USE ONLY 31
  32. 32. Step 3:Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization Archer • Business-level incident management including Legal, HR, BUs enVision • Unmatched depth and breadth of event collection (SIEM) • Some of the largest SIEM deployments in the world • Prioritize by vulnerability feeds and watch listsNetWitness • Capture and visualize all network traffic for real time analysis • Unparalleled network forensics DLP • Data-centric view of policy violations everywhere • Automatically quarantine emails, block file transfersEMC CONFIDENTIAL—INTERNAL USE ONLY 32
  33. 33. Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management RSA Archer eGRC Suite• Central repository for policies, risks, and incidents• All data presented in business context• Integration with key security systems• Comprehensive audits and reports EMC CONFIDENTIAL—INTERNAL USE ONLY 33