More Related Content
Similar to vip_day_2._1130_cloud
Similar to vip_day_2._1130_cloud (20)
vip_day_2._1130_cloud
- 1. © Copyright 2013 EMC Corporation. All rights reserved. 1
UNLOCKING THE FUTURE ENTERPRISE 2013
The session is about to commence. Please switch your phone to silent!
- 2. © Copyright 2013 EMC Corporation. All rights reserved. 2
UNLOCKING THE FUTURE ENTERPRISE 2013
Defend with
Confidence
Against Advanced
Threats
Nicholas Chia
SE Manager,
SEA RSA
- 3. © Copyright 2013 EMC Corporation. All rights reserved. 3
UNLOCKING THE FUTURE ENTERPRISE 2013
TRUST? Years to earn, seconds to break
- 4. © Copyright 2013 EMC Corporation. All rights reserved. 4
UNLOCKING THE FUTURE ENTERPRISE 2013
Market Disruptors
Infrastructure Transformation
Mobile
Cloud
Less control over access device and back-end infrastructure
Threat Landscape Transformation
APTs
Sophisticated Fraud
Fundamentally different tactics, more formidable than ever
Business
Transformation
More hyper-extended, more digital
Extended Workforce
Networked Value Chains
Big Data
- 5. © Copyright 2013 EMC Corporation. All rights reserved. 5
UNLOCKING THE FUTURE ENTERPRISE 2013
Speed
Response Time
2
Decrease
Dwell Time
1
TIME
Attack Identified
Response
System
Intrusion
Attack Begins
Cover-Up Complete
Advanced Threats Are Different
Cover-Up Discovery
Leap Frog Attacks
1
TARGETED
SPECIFIC OBJECTIVE
STEALTHY
LOW AND SLOW
2
3
INTERACTIVE
HUMAN INVOLVEMENT
Dwell Time
Response Time
- 6. © Copyright 2013 EMC Corporation. All rights reserved. 6
UNLOCKING THE FUTURE ENTERPRISE 2013
CRIMINALS
Unsophisticated, but noisy
Organized, sophisticated supply chains (PII, PCI, financial services, retail)
Organized crime
Petty criminals
NON-STATE ACTORS
Various reasons, including collaboration with the enemy
Political targets of opportunity, mass disruption, mercenary
Cyber-terrorists / Hacktivists
Insiders
NATION STATE ACTORS
Government, defense industrial base, IP rich organizations, waterholes
Nation states
Who Are you Dealing with?
- 7. © Copyright 2013 EMC Corporation. All rights reserved. 7
UNLOCKING THE FUTURE ENTERPRISE 2013
Organisations view of their security
Prevention FTW!!!!
- 8. © Copyright 2013 EMC Corporation. All rights reserved. 8
UNLOCKING THE FUTURE ENTERPRISE 2013
What It Looks Like to the Advance Adversaries
loopholes
loopholes
- 9. © Copyright 2013 EMC Corporation. All rights reserved. 9
UNLOCKING THE FUTURE ENTERPRISE 2013
- 10. © Copyright 2013 EMC Corporation. All rights reserved. 10
UNLOCKING THE FUTURE ENTERPRISE 2013
INCIDENT RESPONSE It starts with identifying the incident
- 11. © Copyright 2013 EMC Corporation. All rights reserved. 11
UNLOCKING THE FUTURE ENTERPRISE 2013
Resource Shift: Budgets and People
Today’s Priorities
Prevention
80%
Monitoring
15%
Response
5%
Prevention
33%
Intelligence-Driven Security
Monitoring
33%
Response
33%
- 12. © Copyright 2013 EMC Corporation. All rights reserved. 12
UNLOCKING THE FUTURE ENTERPRISE 2013
- 13. © Copyright 2013 EMC Corporation. All rights reserved. 13
UNLOCKING THE FUTURE ENTERPRISE 2013
ALERT!!... Multiple indicators to escalate a potential incident
Days of Investigation Completed In Hours
Session Recreated To Investigate
Incident Management Initiated
4
●●●●●●●●
PASSWORD
Additional Context Answers More Questions
- 14. © Copyright 2013 EMC Corporation. All rights reserved. 14
UNLOCKING THE FUTURE ENTERPRISE 2013
Shift
Handoff
SOC
Manager
Network
Manager
CISO
Finance
Legal
Incident
Process
Threat
Analysis
Report
KPIs
Breach
Process
IT
Handoff
Centralize
Alerts
Measure
Efficacy
SOC
Analyst
Breach
Coordinator
HR
IT
Malware
Analyst
Threat
Analyst
SIEM
DLP
Network
Visibility
eFraud
Host
Visibility
Security is Complex!
- 15. © Copyright 2013 EMC Corporation. All rights reserved. 15
UNLOCKING THE FUTURE ENTERPRISE 2013
People : Advanced Cyber Defense Training
- 16. © Copyright 2013 EMC Corporation. All rights reserved. 16
UNLOCKING THE FUTURE ENTERPRISE 2013
Incident
Management
Threat
Intelligence
Management
Breach
Management
SOC
Program
Management
IT Security
Risk
Management
Process : RSA Security Operations
User Personas
Security Operations Management
Persona Driven Design
Business-driven Security Operations Management
SOC Analysts
L1 Analyst
L2 Analyst
Threat Intel Analyst
SOC Management
SOC Manager
CISO/CSO
Cross Functional Teams
CIO
Business Mgr.
Privacy Officer
Compliance
Legal
HR
- 17. © Copyright 2013 EMC Corporation. All rights reserved. 17
UNLOCKING THE FUTURE ENTERPRISE 2013
TECHNOLOGY : Advanced Security Ops Center
RSA Live Intelligence
Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions
RSA Security Analytics
SharePoint
File Servers
Databases
NAS/SAN
Endpoints
RSA Data Discovery
Enabled by
RSA DLP
RSA
ECAT
RSA Security Operations Management
Windows Clients/Servers
Asset Context
Incident
Management
Vulnerability Risk Management
Security Operations Management
Capture Time Data Enrichment
Distributed Data Collection
LIVE
LIVE
- 18. © Copyright 2013 EMC Corporation. All rights reserved. 18
UNLOCKING THE FUTURE ENTERPRISE 2013
RSA Security Analytics Malware Analysis
•
Integrated workflow streams enables you to see the before, during and after an event
•
Allows customization of the analytical scoring logic
- 19. © Copyright 2013 EMC Corporation. All rights reserved. 19
UNLOCKING THE FUTURE ENTERPRISE 2013
SHOW ME THE BIG DATA
- 20. © Copyright 2013 EMC Corporation. All rights reserved. 20
UNLOCKING THE FUTURE ENTERPRISE 2013
Big Data Security Challenges
1.
Big Data Infrastructure
2.
Common Meta-Framework
3.
Analytic Applications
Packet collection & processing
Log collection & processing
Hadoop
Ip.source
src_ip
Source_IP
Ip-source
COMMON META FRAME WORK
HIVE
PIG
R
MAHOUT
HAWQ
Analytic Application
Machine Learning
Predictive Analytics
Neural Networks
Database
ETL
ETL
FAIL
- 21. © Copyright 2013 EMC Corporation. All rights reserved. 21
UNLOCKING THE FUTURE ENTERPRISE 2013
BIG DATA Use Cases
•
Blacklist IP Generator
–
Identify new traffic that behaviorally consistent in traffic patterns to a known command-and-control IP
•
Social Network Analyzer
–
Discover closely clustered communication events that is known to be associated with infected unmanaged devices and dynamic command-and-control structure
•
Machine Generated Domain Detector
–
Measure readability of domain names to detect malware that uses domain generation algorithm
- 22. © Copyright 2013 EMC Corporation. All rights reserved. 22
UNLOCKING THE FUTURE ENTERPRISE 2013
Comprehensive Visibility “See everything happening in my environment and normalize it”
High Powered Analytics “Give me the speed and smarts to detect, investigate and prioritize potential threats”
Big Data Infrastructure “Need a fast and scalable infrastructure to conduct real time and long term analysis”
Today’s Security Requirements
Integrated Intelligence “Help me understand what to look for and what others have discovered”
- 23. © Copyright 2013 EMC Corporation. All rights reserved. 23
UNLOCKING THE FUTURE ENTERPRISE 2013
Nicholas.Chia@RSA.com