Aligning Security to          Business       1          Cloud Meets Big Data           16-17 November 2011. Grand Hyatt - ...
Challenge: Expanding Identities                            Remote Employees                    Partners                   ...
Challenge: Expanding Infrastructure       Mobility                                                            Cloud       ...
Challenge: Increasing Threats                            Remote Employees                         Partners                ...
The Dark Cloud                                                            Dark Cloud                                      ...
Corporations are a new target for Cybercriminals• Cybercriminals increasingly targeting corporations• Value of extracted c...
Online Financial Fraud targeted at Financial Institutes             Technical                                             ...
QuestionDo you think Banks should implement a stronger form of authenticationTo identify online banking customers (other t...
Consumers Want Stronger Security for Online Banking Impact: Stronger Security Can Drive Portal Usage                      ...
CSO/CIO Balancing Act                            Business Requirement         Business Enablement                         ...
Managing Information Infrastructure Security                                                                   people     ...
The RSA Approach                                             Comprehensive Solutions                                     G...
QuestionIn the light of the RSA approach to Risk Management, do you feel?                       A. Proactive solution is t...
Reserve Bank of India - Guidelines on Informationsecurity, Electronic Banking, Technology riskmanagement and cyber frauds ...
Customer Case Study                                                            BEFORE                           AFTERPROGR...
Information Security                                               RSA                                               Objec...
The RSA Approach                                             Comprehensive Solutions                                      ...
Protection with Multiple Layers and of Multiple Channels                                                                  ...
Protecting Fraud Channels using MultifactorAuthentication               Mobile Channel                                    ...
RSA Adaptive Authentication with TransactionMonitoring                                                         20      Clo...
Securing Identities and Access using Multifactor RSA Authentication and Access Solutions                   Username/      ...
DLP Covers Your Entire Infrastructure                                                                DLP Enterprise Manage...
RSA Risk Remediation Manager (RRM)   SharePoint                                                                     Busine...
RSA Data Loss Prevention Suite                                                                     DLP  Unified Policy Mgm...
Information Security                                               RSA                                               Objec...
The RSA Approach                                             Comprehensive Solutions                                      ...
How SIEM Enhances Security OperationsRisk and Operations Efficiency Monitoring(Manager)Incident Big Board         Web SOC ...
RSA Security Incident Management in Action                                                                                ...
RSA enVision Enterprise/Security Operations Model      Correlation                 ReportingReal-time Correlation/Base-lin...
RSA enVision Deployment  …to a distributed, enterprise-wide architecture                      Scheduled                   ...
Information Security                                               RSA                                               Objec...
The RSA Approach                                             Comprehensive Solutions                                      ...
The Security Incident Management Solution                               Infrastructure Audit Trail                        ...
Introducing the NetWitness Network SecurityAnalysis Platform                                                           Aut...
RSA Incident Management                                                   • Industry leading Security Incident and Event  ...
Creating Actionable Intel. from Data Overload                                            ITGRC: Data Governance , Risk, In...
GRC Processes Automation Framework                                                                Assessments (Risk,      ...
Enabling Effective Security Incident Management With RSA’s Security Incident Management Solution you can:     • Collect se...
Conclusion: End-to-End Layered Protection isrequired. “A Lock on the Door” is Not Enough                                  ...
RSA overall solution implementation                                                                                       ...
Cloud Compliance Architecture                                                         41      Cloud Meets Big Data© Copyri...
Positive Business OutcomeThe objectives of the customer were met with a cost effective IntegratedSolution   • Increase cus...
SummaryKey Take aways:  A breach/Incident is inevitable the key is to reduce the “Window of  Vulnerability”  Use technolog...
QuestionWith the presentation as a backdrop, what course would to take?                       A. I would go ahead with an ...
THANK YOU                                                         45      Cloud Meets Big Data© Copyright 2011 EMC Corpora...
Upcoming SlideShare
Loading in …5
×

Track 2, session 5, aligning security with business kartik shahani

1,391 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,391
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
45
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Fraud has been evolving all the while we have been preparing to fight fraudPhishing attacks require very few resources to launchPhishers are getting smarterPhishers NEVER get caughtTrojans have entered the arenaTrojan attacks are targeted attacks impacting only specific organizationsThere is no one silver Bullet.
  • This has caused user’s to want more security. Well this is actually a good thing! One of the biggest barriers to secuirty is usability and the impact it has on user’s perceptions about any type of portal. The more willing user’s are to accept security, the better value the business will get out of deploying security. As you can see a strong majority of users want online banking security beyond a username and password.
  •  IntroHDFC Bank is one of India’s leading financial institutions and one of the 50 best companies in Asia Pacific according to Forbes MagazineDeveloped one of the first online banking services in India, supporting third-party transactions, but needed to protect customers from growing threat of frauds like phishing, pharming and TrojansRSA Adaptive Authentication platform powered by RSA® Risk Engine enables risk-based authentication and fraud detectionRSA FraudAction service offers 24x7 monitoring and alerting to online security risksPhishing attacks against HDFC Bank customers significantly reducedComprehensive layered security platform gives bank better visibility of threats ChallengeHDFC Bank is committed to maintaining its position as a leader in the Asia Pacific financial industry through delivery of innovative banking servicesIt wanted to launch online support for third-party transactions but needed to ensure customers’ private personal and financial data was protected from increasing threat of online fraud from activities such as phishing, pharming and Trojans Needed a security platform that would be easy for customers to use while enabling HDFC Bank to maintain complete visibility and control of any risks to its online environment SolutionSelected RSA Adaptive Authentication – an intelligent system powered by the RSA Risk Engine to enable authentication of users behind-the-scenes by measuring a series of risk indicators – only challenging users in higher risk scenariosAlso deployed RSA FraudAction service which provides constant monitoring of online security threats and real-time alerting when one is detectedHDFC Bank therefore able to determine whether fraud might be taking place, and require additional pre-registered security questions to be answered before access is granted ResultsPhishing attacks against HDFC Bank’s online banking customers have reduced by 60% with successful fraud attacks down to almost zero.Response time to phishing attacks has reduced to a little as five hours – well below the industry averageMulti-layered online security strategy gives customers peace-of-mind and easy online experience while bank can be more responsive to any threats that arrive
  • Key talking PointsTypically you see risk in one or more of the areas shown here. From L-R, corporate email (SMTP email), web traffic (includes web mail, FTP traffic, blogs, wikis, social posting onto Linked In or Facebook, IM, etc.), file shares, SharePoint sites or other content repositories, databases, PCs connected to your corporate network and the last is laptops not connected to your networks but still are capable of transmitting data to the web or peripheral devices.You want to map the four phases we just talked about with these risk sources.RSA offer solutions for every phase for every risk source.Starting with DLP Network for email and web traffic. This is for all data in motion.DLP Datacenter for all data at rest that resides on file shares, databases, repositories, etc.DLP Endpoint for data in use on laptops and PCs.One key point to note is the manageability of DLP across all the four phases and all the risk sources. RSA offers a single console to manage anything and everything to do with DLP. It’s called the RSA DLP Enterprise Manager. It’s a powerful management console, to manage policies, configure devices, collect incidents or violations, generate reports, etc.
  • Talking points:This is how RSA solves the challenge of risk of sensitive data at rest. You want to think beyond basic discovery of data (most vendors stop at discovering the data) and think about the right process for remediating the exposed risk.Depending on the type of infrastructure you have you can leverage RSA grid technology or agent based scanning to discovery all the sensitive data in various file repositories. RSA has native support for SharePoint 2010 (we take advantage of SharePoint APIs to scan files, blogs, notes saved in SharePoint).Once the location of sensitive data is identified you might want to communicate with the business user to figure out the right remediation for the file. If you do not involve the business user or understand the business context and apply a blanket control such as encryption it will potentially have a HUGE negative impact to business.RSA offers a robust framework to facilitate the workflow of identifying the business user/owner and communicating with them about sensitive files. RSA’s Risk Remediation Manager (RRM) module can map data from File Activity Monitoring systems (such as Imperva or Varonis) and provide insight into what files are sensitive and who has been using these filesYou can leverage RRM to group this data and send out questionnaires to the business owners. Instead of managing the communication through 1000s of emails and 100s of spreadsheets you can now have a central repository that offers a auditable and repeatable process for remediation.Once all the business context is added and remediation options are determined you can enforce controls through DLP or other IT tools. Note: the remediation information from RRM does not automatically flow into DLP. Remediation has to be done manually (automated scripts to delete files for example).
  •  
  •  
  • NetWitness is an enterprise security platform. In order to understand why it provides unique value to leading security teams, it’s important to understand a bit about the architecture.NetWitness includes a pervasive infrastructure that captures everything crossing the wire, for example at key Internet gateways, critical network choke points, or partner network connections. While NetWitness captures all the data to disk, it also uses a patented process to extract the metadata depicted in the data cube. These 100’s of metadata are the key characteristics or descriptors of the network traffic that are essential to network security analysis by security teams. No other technology provides this depth and breath of network analysis and indexing at line speed at capture time.NetWitness also stands alone in this space by using a content management framework known as NetWitness Live, which permits the real-time integration and fusion of security intelligence from global security community, or from your own organization or community of interest. Live manages this real-time data fusion that also includes objects such as new protocol parsers, rules, alerts, apps and other content. All of this information is made available via an open API, and our core applications leverage this interface to provide unique visibility into what is happening on the network, and to address specific information risk problems.Spectrum provides automated malware analysis and prioritization focused on zero-day and targeted malware.Informer facilitates real-time reporting and alerting around specific problem sets such as APTs, hacker/malware, inappropriate use, data leakage, and much more. It also facilities integration with both enVision and 3rd party SIEM products.Investigator is the award winning, interactive network analysis tool, permitting freeform analysis of hundreds of terabytes of data and giving the security team the power to answer any question – past, present, or future with precision and detail.Visualize provides a graphic rendering of queries from investigator or Informer, presenting a “Minority Report”-like, multi-touch interface for rapid visualization and review of content.NetWitness is designed with one idea in mind: once you record everything, you can re-use the data to answer any question you have about any type of security problem. This approach saves you time and money.
  • The RSA Security Incident Management Solution differentiates itself from the competition by:Seamlessly integrating industry leading Security Incident and Event Management (SIEM) technology RSA enVision for the automated identification and escalation of high priority security incidents – unlike other IT GRC vendors like Symantec, RSAM or AgilienceIncorporating business context like the business criticality of assets involved, the business processes affected, or the history of similar incidents affecting the group managing those affected systems – unlike other SIEM vendors like ArcSight, Q1 Labs or NitroIncluding a full-blown, industry strength Incident Management solution that can handle incidents no matter how they are detected, and give unprecedented flexibility in managing incident workflow unlike other SIEM vendors like ArcSight, Q1 Labs or NitroProviding a platform that can automatically incorporate security incidents into wider enterprise risk management and compliance reporting processes unlike other enterprise GRC vendors like IBM, BWise
  • Trusted Virtualization EnvironmentWhile IaaS components have been relatively safe in the past, data centers are increasingly finding their servers under attack – not just by the more common viruses and Trojans, but by more sophisticated, coordinated security threats. As companies expand their use of clouds and as the exploitable value of information and business transactions handled within clouds continue to grow, it’s only reasonable to expect that clouds will become stronger magnets for malware attacks Need to “harden” hypervisorsVMware offers detailed set of hardening guidelines to mitigate security risksHardware Root of TrustThe foundation of Trusted Computing Infrastructure is the hardware root of trust, which establishes a bottoms-up security posture based on hardware components embedded with inalterable security technology.In servers equipped with these secure computing chips, such as Intel’s Trusted Execution Technology, the embedded security technology examines and measures all processing components to attest to a trusted profile every time the server is turned on or reset(Click)As an industry, we now have the opportunity to build security controls, such as Data Loss Prevention, into the infrastructure
  • Track 2, session 5, aligning security with business kartik shahani

    1. 1. Aligning Security to Business 1 Cloud Meets Big Data 16-17 November 2011. Grand Hyatt - Mumbai
    2. 2. Challenge: Expanding Identities Remote Employees Partners Customers Channels Channels Channels Partner Entry Points Customer Entry Points VPN Endpoint Network Apps/DB FS/CMS Storage Contractors Privileged Users Privileged Users Privileged Users Privileged Users Enterprise Production File Server Backup Tape Applications DatabaseInternal Employees Business Replica SharePoint Disk Backup Analytics eRoom, etc. Arrays Disk 2 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 2
    3. 3. Challenge: Expanding Infrastructure Mobility Cloud Remote Employees Partners Customers Partner Entry Points Partner Entry Points VPN Endpoint Network Apps/DB FS/CMS Storage Contractors Privileged Users Privileged Users Privileged Users Privileged Users Virtualization Enterprise Apps Backup TapeInternal Employees File Server Production Disk Arrays SharePoint Replica eRoom, etc. Backup Disk Business Analytics 3 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 3
    4. 4. Challenge: Increasing Threats Remote Employees Partners Customers IP Sent to Channels App, DB or Encryption Channels Channels Stolen Stolen IP Fraud non trusted user Key Hack Credentials Partner Entry Points Partner Entry Points VPN Endpoint Network Apps/DB FS/CMS Storage Contractors Endpoint Privileged Leak Network Users Privileged Users Privileged Privileged Users Inappropriate Privileged Users Tapes lost or Email-IM-HTTP- theft/loss FTP-etc. User Breach Access stolen Enterprise Production File Server Backup Tape Data Leak Public Infrastructure Applications Database Unintentional (Semi) Trusted Discarded diskInternal Employees Via USB/Print Access Hack Distribution User Misuse exploited Business Replica SharePoint Disk Backup Analytics eRoom, etc. Arrays Disk 4 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 4
    5. 5. The Dark Cloud Dark Cloud Phishing Mule Attacks Network Trojans Fraud Forum Attacks Discussion Cloud Stolen Credentials Stolen Database Cards Shop Financial Institutes 5 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 5
    6. 6. Corporations are a new target for Cybercriminals• Cybercriminals increasingly targeting corporations• Value of extracted corporate resources is on the rise• Social networks make it easier to launch targeted attacks• Corporations required to harden their infrastructure 6 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 6
    7. 7. Online Financial Fraud targeted at Financial Institutes Technical Operational Infrastructure Infrastructure Tools Hosting Delivery Mules Drops Monetizing Phishing Purchase Online Trojans Money Pharming Identity Communication Cash Out Transfer through Internet Banking Harvester Fraud forum / chat room Fraudster ATM Physical withdrawal Theft / Card Skimming IVR/Mobile Other Social Channel Engineering Withdrawal Techniques Mechanisms User Account 7 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 7
    8. 8. QuestionDo you think Banks should implement a stronger form of authenticationTo identify online banking customers (other than user name & Password)when they log on and transact? A. Yes B. NO C. I have no preference 8 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 8
    9. 9. Consumers Want Stronger Security for Online Banking Impact: Stronger Security Can Drive Portal Usage 9 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 9
    10. 10. CSO/CIO Balancing Act Business Requirement Business Enablement Regulatory Customer Controls Services Information Innovation Protection Customer Productivity Protection Brand Globalization Protection 10 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 10
    11. 11. Managing Information Infrastructure Security people Ensure the right have access to the right information over a trusted infrastructure Identities Infrastructure Information Endpoints Internet Corporate networks Enable Block Applications Public Sensitive Authorized Harmful Databases and files Marketing Health customers employees records Storage Earnings Partners Criminals IP/ PII Product Info Employees Spies Financial in a system/process that is easy and efficient to manage 11 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 11
    12. 12. The RSA Approach Comprehensive Solutions GRC Real Time Analytics Actionable SIEM Policy Aggregate Orchestrate - Monitor Consoles Map Monitor Enforce - Protect Identities Information Servers/Apps 12 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 12
    13. 13. QuestionIn the light of the RSA approach to Risk Management, do you feel? A. Proactive solution is the way forward B. Benefits seem marginal compared to the effort and cost C. I am happy with the current setup 13 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 13
    14. 14. Reserve Bank of India - Guidelines on Informationsecurity, Electronic Banking, Technology riskmanagement and cyber frauds Requirements Tools GRC• Information Technology Governance• Information Security – Audit Management• IT Operations – Policy Management• It Services Outsourcing – User Awareness / communication tool• IS Audit – Incident Management• Cyber Frauds Security Operations Centre• Business Continuity Planning BS25599 compliance• Customer Education Risk Based Authentication and• Legal Issues Transaction Monitoring 14 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 14
    15. 15. Customer Case Study BEFORE AFTERPROGRESSIVE BANK NEEDS Easy-to-implement , Deliver innovative online convenient risk-based banking services to authentication fraud down Investing in customer maintain industry-leading by 80% banking protection position. Combat growing with an online anti- threat of online fraud 24x7 monitoring and fraud strategy alerting on online/network Get Visibility of the network security risks “…RSA Adaptive and have proactive action Authentication and RSA taken FraudAction have accelerated Layered approach the route to market for our enhanced online banking Ensure Compliance as per resulted in >60% reduction security features…” regulator and corporate in phishing attacks and , SVP and CISO, Information governance accelerated route to Security Group, market with GRC 15 Cloud Meets Big Data 15 © Copyright 2011 EMC Corporation. All rights reserved. MENU 17-18 November 2011. Grand Hyatt - Mumbai 15
    16. 16. Information Security RSA Objective 1: “Deliver innovative online banking services to maintain industry-leading position. Combat growing threat of online fraud” 16 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 16
    17. 17. The RSA Approach Comprehensive Solutions Enforce - ProtectLayer 1 Identities Identities Information Information Servers/Apps Servers/Apps Multi factor2FA / IPV authentication &RE DLP DLP 17 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 17
    18. 18. Protection with Multiple Layers and of Multiple Channels  Adaptive FraudAction Anti-  Adaptive Authentication  Access Manager Authentication Phishing  Adaptive Authentication for  Adaptive Authentication  ACS Services FraudAction Anti- eCommerce  Transaction Monitoring  Transaction Trojan  Identity Verification Monitoring  Identity Verification FraudAction  Adaptive Intelligence Authentication for Identity Verification eCommerce  Identity Verification 18 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 18
    19. 19. Protecting Fraud Channels using MultifactorAuthentication Mobile Channel Analyze Access Risk EPI Channel Create risk score for access to sensitive resources Risk Engine Adaptive Authentication IVR Transactions, URLs, Logins, Web services Challenge eFraud OTP OOB (Phone Call) Questions Network Web Channel Ecommerce Protected Applications: Retail Net Banking and Cards Money Transfers Add Payee/ Beneficiary View Statement Support Financial Non Financial Financial Transactions Internal/NEFT /RTGS • TPT Request Statement • Internal • TPCC • External (TPT) Update Profile Visa Money Transfer • Address Bill Payment • Mobile /Email Electronic Payment Stop Cheques Interface Request Cheque book Third Party Credit Card Credit Card • Auto Pay • Enhance Credit Limit • Get Loan / Cash 19 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 19
    20. 20. RSA Adaptive Authentication with TransactionMonitoring 20 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 20
    21. 21. Securing Identities and Access using Multifactor RSA Authentication and Access Solutions Username/ Analyze Access Risk Create risk score for access to sensitive resources Password RSA Adaptive Authentication Higher Risk Multi-Factor User Authentication Low Risk Strong Authentication for access to sensitive resources RSA SecurID HW RSA SecurID SW On-Demand RSA Authentication Manager Multi-Access Control Control access to multiple resources Resource(s) RSA Access Manager (logins, URLs, web services, etc.) SAML Assertion Manage Trust Relationships Establish and control trust between organizationsTrusted External Users RSA Federated Identity Manager 21 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 21
    22. 22. DLP Covers Your Entire Infrastructure DLP Enterprise Manager DLP DLP Network DLP Datacenter Endpoint Connected Disconnected Email Web File shares SharePoint Databases PCs PCs DISCOVER        MONITOR        EDUCATE        ENFORCE        22 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 22
    23. 23. RSA Risk Remediation Manager (RRM) SharePoint Business Grid Users Apply DRM Databases Virtual Grid Encrypt RSA DLP RSA DLP Delete / Shred NAS/SAN Datacenter RRM Change Permissions Temp Agents File File Activity GRC Policy Exception Servers Tools Systems Agents Endpoints Manage Remediation Apply Discover Sensitive Data Workflow Controls 23 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 23
    24. 24. RSA Data Loss Prevention Suite DLP Unified Policy Mgmt & Incident Workflow Enterprise Manager Dashboard & User & System Enforcement Reporting Administration DLP Datacenter DLP Network DLP Endpoint Discover Monitor Discover File shares, SharePoint sites, Email, webmail, IM/Chat, FTP, Local drives, PST files, Office files, Databases, SAN/NAS HTTP/S, TCP/IP 300+ file types Remediate Enforce Enforce Delete, Move, Quarantine Allow, Notify, Block, Encrypt Allow, Justify, Block on Copy, Save As, Print, USB, Burn, etc. eDRM (e.g. RMS) Encryption Access Controls 24 24 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 24
    25. 25. Information Security RSA Objective 2: “Get Visibility of the network and have proactive action taken” 25 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 25
    26. 26. The RSA Approach Comprehensive Solutions Aggregate Orchestrate - MonitorLayer 2 Consoles Map Monitor Enforce - ProtectLayer 1 Identities Information Servers/Apps Multifactor Authentication &RE DLP 26 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 26
    27. 27. How SIEM Enhances Security OperationsRisk and Operations Efficiency Monitoring(Manager)Incident Big Board Web SOC asset, exposure, incident, vulnerability reportsSecurity Operations monitorDashboardIncidentManagement Workflow(Analyst) Management open, reassign, add logs, notate, escalate, close incidentAutomatic correlation, alerting, auto assignment, prioritization, escalation NotificationProcesses(System) Log Vulnerabiltiy Repository Asset DB KnowledgeBase bulk patch imports info CVEs events firewalls intrusion servers applications configuration scanners 27 Cloud Meets Big Data detection © Copyright 2011 EMC Corporation. All rights reserved. management tools 17-18 November 2011. Grand Hyatt - Mumbai 27
    28. 28. RSA Security Incident Management in Action Events occur on critical systems indicating a potential 1 security breach. RSA enVision enVision collects the events for immediate triage and 2 reporting. Based on Event Rules, an Alert is triggered and 3 security administrators are notified. The RSA Connector Framework automatically creates an RSA Connector Framework Incident in RSA Archer Incident Management associating the specific Event data to the Incident. RSA Archer Incident Management Security Administrators use the Incident 4 Management capabilities in RSA Archer along with information from the RSA Archer Enterprise Management to assess the situation. An investigation is initiated and the incident is tracked and resolved. The CISO has complete visibility through the entire RSA Archer Enterprise Management 5 process via dashboards and reporting.Business BusinessHierarchy Product/Services Processes Information Applications Devices Facilities 28 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 28
    29. 29. RSA enVision Enterprise/Security Operations Model Correlation ReportingReal-time Correlation/Base-lining Alerter Collaborative Incident Management Task Triage Auto-assignment Auto-prioritization Open Task EE Event Auto-escalation Trace Reassign Task Annotate EE EE Auto- Watch False IDS Alert DB Escalation lists Suppression Event Close Task Log Collection Trace Asset Escalate Task Vulnerabilities Events Asset Feedback Ticketing Vulnerability IPDB DB Loop System Discovered KB Changes Web SOC Monitor Bulk VA Logs Config VAM 1. IncidentRisk Big Board Imports Reports Actions Reporting 2. SOC Efficiency Monitor Asset Reports Exposure Reports Incident Reports Web Vulnerability KB Reports FWs IDSs Apps CMDBs Scanners Farm & Config Managers 29 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 29
    30. 30. RSA enVision Deployment …to a distributed, enterprise-wide architecture Scheduled Ad Hoc Realtime Realtime Realtime eMail Reports Reports Alerting Correlation Alerting Alerts Analyze Analyze Collect Remotely Manage Manage Manage Manage Windows Servers Stockholm Collect Collect Collect Collect Collect Collect Collect Collect Collect Collect RemotelyStorage Oracle Windows Netscreen Windows Trend Micro Storage Oracle Cisco IPS Cisco IPSDevice Financial Server Firewall Workstation Antivirus Device Financial Mexico India Europe ChinaLocal Collection with Global AnalysisFine Grain Role-Based Access Control 30 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 30
    31. 31. Information Security RSA Objective 3: “Ensure Compliance as per regulator and corporate governance” 31 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 31
    32. 32. The RSA Approach Comprehensive Solutions Real Time Analytics RSA Archer (eGRC) (Netwitness)Layer 3 Panorama SIEM (Envision) Policy Aggregate Orchestrate - MonitorLayer 2 Consoles Map Monitor Enforce - ProtectLayer 1 Identities Information Servers/Apps 32 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 32
    33. 33. The Security Incident Management Solution Infrastructure Audit Trail Collectors Collects and manages enVision RSA enVision event data; Identifies critical issues from log data. Event Database Reporting Event Rules Alerts Seamlessly integrates RSA Connector Framework SEIM infrastructure and GRC platform.Network Forensic Analysis• Automated Malware analysis and prioritization RSA Archer Incident Management Supports complete• Network Session Modeling incident lifecycle• Network Forensic Store management from identification to Investigations Incidents Incident Events resolution. RSA Archer Enterprise Management Brings business context of asset information to Incident Management for prioritization and reporting events in the context of IT GRC. Business Business Hierarchy Product/Services Processes Information Applications Devices Facilities 33 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 33
    34. 34. Introducing the NetWitness Network SecurityAnalysis Platform Automated Malware Analysis and Prioritization Automated Threat Reporting, Alerting and Integration Freeform Analytics for Investigations and Real-time Answers Revolutionary Visualization of Content for Rapid Review 34 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 34
    35. 35. RSA Incident Management • Industry leading Security Incident and Event Management (SIEM) technology for the automated identification and escalation of high priority security incidents • Industry leading Incident Management solution that can handle proactive incidents no matter how they are detected giving complete flexibility in managing incident workflow using Panorama reporting into GRC • A GRC platform that brings unprecedented business context to Incident Management processes and incorporates security incidents into wider enterprise Business risk management and compliance reporting and Processes actionable decisions.Information Devices Applications 35 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 35
    36. 36. Creating Actionable Intel. from Data Overload ITGRC: Data Governance , Risk, Incident BCM &RBI Compliance Compliance Management Assessment Process Controls Technical Controls •Nessus, Qualys, VA and Threat Veracode, External Process Control Testing Vulnerabilities Extreme Management threat feeds etc. PCI DSS SAQ Self Assessment Compliance High • Control Exception Exception Management Management • Documented ISO 27001 Assessment Mis-Configurations High Exceptions ISO 27001 • User Groups Assessment Access Extreme User Access • Roles and BS25999 Assessment Permissions Management BS25999 Incidents Priority Incidents Feed Assessment Assets Classification Envision Policy Comp. Assessment Inputs and Process Automation Layer Other Incidents Asset Feed Asset Feed DLP Violations Feed BCM Physical Security Information Asset DLP Incidents Incidents Assets Management (CMDB) 36 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 36
    37. 37. GRC Processes Automation Framework Assessments (Risk, Compliance, Audit, BCM, and Vendor) • Audit Management • Audit Programs • Risk Assessments Governance • Compliance Assessments Monitoring • Vendor Management • Holistic GRC Reporting • BCM • Frauds • Dashboard: Risk & Compliance • Monitoring of Compliance, • Key Perf. Indicators (KPI) Vulnerabilities and Threats • Key Risks Indicators (KRI) • Monitoring of the KRI, KPIs • Key Controls • Findings Management • Performance Mgmt • Remediation Plan Management • Process Performance • Exception Management • Governance (e.g. coverage) • Global SOC • Performance & Quality Reviews • Global CERTEnterprise Management GRC Portal• Targets of Evaluation: Business • Corporate Communication Processes, Business Units, • Content Delivery Information Assets, • Compliance, Risk , BCM and Security• Target of Reporting: Business Hierarchy:• Asset Classification• Policy Management Archer Awareness, Trainings, Surveys • Website (single entry point) • Incidents Reporting: • Compliance,• Risk Register • Security/Loss event• Identification of the Risk from various sources 37 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 37
    38. 38. Enabling Effective Security Incident Management With RSA’s Security Incident Management Solution you can: • Collect security relevant events across your infrastructure • Prioritize incidents based upon business context • Manage incidents and investigations proactively to combat APT • Report on your security and compliance posture 38 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 38
    39. 39. Conclusion: End-to-End Layered Protection isrequired. “A Lock on the Door” is Not Enough Enterprise Governance Risk and Compliance Internal SOC On-Demand 39 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 39
    40. 40. RSA overall solution implementation Business Reporting enVision Geo Info Division Identity Data IPS ArcherEvent Aggregation AV EP Auth Incidents Policies Threats WAF Data Enhancement DLP FW WLAN URL Department Location Regulation Asset Value AD Panorama SOC Investigations Netwitness 40 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 40
    41. 41. Cloud Compliance Architecture 41 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 41
    42. 42. Positive Business OutcomeThe objectives of the customer were met with a cost effective IntegratedSolution • Increase customer confidence in online transactions (30% increase YoY) • Reduce the Fraud and AntiPhishing / Anti Trojan for customers (>60%) • Provide 24X7 Visibility of the Network and report critical incidents • Proactive monitoring to save against APT’s • Automated Compliance Reporting meeting Corporate and regulations 42 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 42
    43. 43. SummaryKey Take aways: A breach/Incident is inevitable the key is to reduce the “Window of Vulnerability” Use technology as a Business Enhancer rather than a cost Your technology provider is a Partner not a Vendor choose Wisely Risk Management is Strategic not Tactical - Scalable, Adaptive , Layered RSA –EMC Can be that Partner 43 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 43
    44. 44. QuestionWith the presentation as a backdrop, what course would to take? A. I would go ahead with an Integrated solution B. I would go ahead with a Best of Breed Solution C. I would go ahead with a Best for Need Solution 44 Cloud Meets Big Data © Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 44
    45. 45. THANK YOU 45 Cloud Meets Big Data© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai 45

    ×