1) The threat landscape has evolved from petty criminals and hackers to sophisticated nation states, organized crime groups, and terrorists targeting personal information, critical infrastructure, and intellectual property.
2) Attack vectors have advanced from viruses and malware to targeted attacks using techniques like advanced persistent threats, zero-day exploits, and coordinated multi-vector attacks.
3) To reduce risk, organizations must collapse the time attackers have from initial access to establishing a long-term foothold through improved monitoring, rapid detection and response, and containment of incidents.
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
This document discusses how public safety organizations can use data analytics to address challenges like terrorism, cross-border crime, and financial fraud. It describes how analyzing large volumes of varied data from multiple sources can provide new insights. The document outlines IBM's solutions for smarter cities that help ensure citizen, business, and government safety and security. Case studies show how predictive analytics have helped reduce crime rates and emergency response times. Finally, the document discusses challenges in criminal investigations and the required capabilities for intelligence analysis.
This document outlines a conceptual risk assessment model that will be piloted by several state Departments of Transportation. The model consists of three components: developing an inventory of transportation assets, gathering climate change information, and assessing risks to assets from climate change. The goal is to help identify which assets are most exposed to climate threats and could have the most serious consequences. The pilot will test the model and provide feedback to refine it for broader use.
T-Rx, LLC was formed by former military officers with extensive experience in intelligence operations to develop software called TerrorRx to help analyze large amounts of data and identify patterns and trends to predict terrorist threats. The software standardizes a question and answer process to assess threat potential and can be used by individual analysts or networked teams. It was designed to support counter-terrorism efforts and can be applied in both military and civilian sectors. The goal of the company is to use their expertise to provide efficient and effective intelligence tools to help protect national security.
The document discusses malware analysis and introduces the process of reverse engineering malicious software. It covers the behavioral analysis and code analysis phases used to understand malware. Behavioral analysis examines how malware interacts with its environment, while code analysis looks at the program's capabilities by examining its code. Virtualization is recommended for setting up a malware analysis lab as it allows running multiple virtual machines simultaneously.
The document describes an empirical study that identifies zero-day attacks from data on 11 million real-world hosts. The study finds 18 vulnerabilities exploited before public disclosure, with 11 being previously unknown zero-day attacks. On average, a zero-day attack lasts 312 days and affects few hosts, though some high-profile attacks like Stuxnet spread more widely. After disclosure, the number of malware variants and attacks increase by up to 5 orders of magnitude as cyber criminals start exploiting the now public vulnerabilities on a larger scale before patching occurs.
Toward a Systemic Will to Live - Patters of Self-Organizing Agile SecurityRick Dove
Massive pattern recognition techology, inexpensive, employed as artificial immune system and cortical sense-making for network endpoint self-organizing security - with massive anomally learning and detection capability.
Snort is an open source intrusion detection and prevention system that uses rules written in its own language to inspect network traffic in real-time, detect anomalous activity, and generate alerts. It works by matching packets against signatures in its rules database to identify attacks and exploits, and can detect protocol anomalies, custom signatures, and payload analysis. Snort rules allow it to detect specific patterns in network traffic including payload signatures, TCP flags, and port numbers to identify malicious activity.
Example security risk assessment tool july 2010WarrenGreen
This document contains a security threat and risk assessment of various external and internal risks. It evaluates the likelihood and potential consequences of threats such as theft, fraud, hacking, sabotage, and data breaches. It rates the risks on a scale from low to extreme. For high risk threats, it recommends actions such as specifying management responsibilities, utilizing additional physical and human resources, and gaining senior management attention. The assessment tool is meant to help manage security risks and refers to several risk management standards.
Smarter Safety: Flere data, færre kriminelle handlinger, Mauritz Gilberg & St...IBM Danmark
This document discusses how public safety organizations can use data analytics to address challenges like terrorism, cross-border crime, and financial fraud. It describes how analyzing large volumes of varied data from multiple sources can provide new insights. The document outlines IBM's solutions for smarter cities that help ensure citizen, business, and government safety and security. Case studies show how predictive analytics have helped reduce crime rates and emergency response times. Finally, the document discusses challenges in criminal investigations and the required capabilities for intelligence analysis.
This document outlines a conceptual risk assessment model that will be piloted by several state Departments of Transportation. The model consists of three components: developing an inventory of transportation assets, gathering climate change information, and assessing risks to assets from climate change. The goal is to help identify which assets are most exposed to climate threats and could have the most serious consequences. The pilot will test the model and provide feedback to refine it for broader use.
T-Rx, LLC was formed by former military officers with extensive experience in intelligence operations to develop software called TerrorRx to help analyze large amounts of data and identify patterns and trends to predict terrorist threats. The software standardizes a question and answer process to assess threat potential and can be used by individual analysts or networked teams. It was designed to support counter-terrorism efforts and can be applied in both military and civilian sectors. The goal of the company is to use their expertise to provide efficient and effective intelligence tools to help protect national security.
The document discusses malware analysis and introduces the process of reverse engineering malicious software. It covers the behavioral analysis and code analysis phases used to understand malware. Behavioral analysis examines how malware interacts with its environment, while code analysis looks at the program's capabilities by examining its code. Virtualization is recommended for setting up a malware analysis lab as it allows running multiple virtual machines simultaneously.
The document describes an empirical study that identifies zero-day attacks from data on 11 million real-world hosts. The study finds 18 vulnerabilities exploited before public disclosure, with 11 being previously unknown zero-day attacks. On average, a zero-day attack lasts 312 days and affects few hosts, though some high-profile attacks like Stuxnet spread more widely. After disclosure, the number of malware variants and attacks increase by up to 5 orders of magnitude as cyber criminals start exploiting the now public vulnerabilities on a larger scale before patching occurs.
Toward a Systemic Will to Live - Patters of Self-Organizing Agile SecurityRick Dove
Massive pattern recognition techology, inexpensive, employed as artificial immune system and cortical sense-making for network endpoint self-organizing security - with massive anomally learning and detection capability.
Snort is an open source intrusion detection and prevention system that uses rules written in its own language to inspect network traffic in real-time, detect anomalous activity, and generate alerts. It works by matching packets against signatures in its rules database to identify attacks and exploits, and can detect protocol anomalies, custom signatures, and payload analysis. Snort rules allow it to detect specific patterns in network traffic including payload signatures, TCP flags, and port numbers to identify malicious activity.
Example security risk assessment tool july 2010WarrenGreen
This document contains a security threat and risk assessment of various external and internal risks. It evaluates the likelihood and potential consequences of threats such as theft, fraud, hacking, sabotage, and data breaches. It rates the risks on a scale from low to extreme. For high risk threats, it recommends actions such as specifying management responsibilities, utilizing additional physical and human resources, and gaining senior management attention. The assessment tool is meant to help manage security risks and refers to several risk management standards.
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
The document summarizes a presentation on incident response given by Albert Hui at the 13th Info-Security Conference in 2012 in Hong Kong. The presentation covered the incident response process, incident response organization structure including roles in a CSIRT, incident response triage to verify and prioritize incidents, and preliminary containment steps to take before incident response experts arrive.
This document provides an overview of developing an information technology (IT) risk management program according to several standards and frameworks. It discusses what the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO) 17799, and other sources recommend for conducting risk assessments, selecting and implementing controls, and continually evaluating the risk management process. The goal of IT risk management is to protect organizational assets and mission by identifying, assessing, and reducing risks to acceptable levels.
The document discusses cyber threat scenarios and principles for cyber defense models. It outlines various past cyber attacks on different countries involving hacking, distributed denial of service attacks, and data/infrastructure manipulation. It also shows diagrams mapping the interconnectivity and complexity of modern critical infrastructure networks. The presentation argues that traditional passive cyber protections are no longer sufficient and proposes a new integrated, proactive defense model involving information sharing between public and private sectors, coordinated incident response, and development of tailored security technologies. It concludes by listing contact information for the cybersecurity firm Altal Security and their representatives.
This document discusses different types of attackers that threaten computer security:
- Opportunists seize opportunities without concern of getting caught. Emotional attackers seek revenge or fun and accept high risks. Cold intellectual attackers are professionals who attack for personal gain while minimizing risks. Terrorists and insiders also pose threats.
- Insider attackers are particularly concerning as employees are one of the biggest threats, whether malicious or accidental. Insiders are often unwittingly manipulated by outsiders through tricks. Their motivations can include expected personal gains, revenge, or improving their position.
- Common insider attacks include leaking information, stealing data or services, tampering with systems, sabotage, and vandalism. Pre
1) Current risk management approaches are problematic because they are either too notional and abstract or too focused on tangible metrics.
2) A new evidence-based approach is proposed that uses incident data frameworks to extract metrics that can be used to build models of threats, impacts, and management capabilities.
3) By analyzing patterns in incident data, more accurate assessments of risk can be made based on an organization's unique loss landscape, threat landscape, controls landscape, and how these change over time. This moves risk management from superstition to a measurable science.
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
Now that the industry is trying to formalize the concept of risk management into neat little compartments like standards (ISO 27005/31000), certifications (CRISC) and products (GRC) guess what? We're doing it wrong. Fundamentally wrong. This talk will discuss why all this current risk management stuff is goofy and what sort of alternatives we have that might help us understand our ability to protect, our tendancy towards failure, and how to match that up with what management will stomach.
Trend micro real time threat management press presentationAndrew Wong
Trend Micro is launching new real-time threat management solutions to address the insufficiency of traditional security against today's advanced threats. The solutions include the Trend Micro Threat Management System for network-wide visibility and control, the Threat Intelligence Manager for actionable threat intelligence, and vulnerability management services for timely patching. These solutions aim to detect, analyze, and remediate advanced threats in real-time through network monitoring, threat intelligence, and continuous vulnerability assessments.
This document discusses various topics related to personal data and digital risks. It covers ambientes digitales (digital environments) like Windows XP and software firewalls. It also discusses data breach laws in California, recent data leaks involving millions of records, and the growth of security technologies. Other topics include physical vs digital transformations, the costs of digital theft, and why digital data security is an increasing concern due to factors like speed, dispersion, persistence and aggregation of data online.
This document discusses visual security event analysis as an approach to addressing challenges in security monitoring. It summarizes the key benefits of a visual approach as being able to provide multiple views on event data for improved situational awareness, real-time monitoring and incident response, and forensic and historical investigation. Specific examples are provided showing how visualizations can help with port scan detection, insider threat analysis, and compliance reporting.
RSA 2012 Presentation: Information ProtectionSymantec
The document discusses information protection challenges in today's changing mobile and cloud environments. It outlines a new defense in depth approach with five key capabilities: reconnaissance, incursion, discovery, capture, and exfiltration. This model focuses on infrastructure-independent and adversary-centered security controls. It also recommends organizations shift to a risk, information, and people-centric approach to drive success in the new threat landscape.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
This document discusses cyber crime trends in 2013 and cyber security solutions. It begins with an introduction of the author and their background. It then defines various types of cyber crimes like online scams, identity theft, fraud, and embezzlement. International cyber crime trends are discussed along with increasing sophistication of attacks. Solutions discussed include integrated threat protection through application control, intrusion prevention, web filtering, vulnerability management, antispam, and antivirus technologies. The document concludes with information about the author's company and resources.
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
The document provides an agenda for a talk on advanced persistent threats (APTs). It introduces APTs and discusses how they have evolved over time from targeting military and intelligence to also targeting private companies. It notes APTs can be opportunistic attacks that utilize social engineering and technical vulnerabilities. The document contrasts APTs with more sophisticated threats known as subversive multi-vector threats that are willing to exploit people, processes, and technologies to achieve their goals. It provides examples of analyzing suspicious foreign network traffic and discusses challenges with identifying and addressing multi-vector threats.
This document provides an overview of malware analysis. It defines malware and lists common types. It describes two main techniques for analyzing malware: static and dynamic analysis. Static analysis involves examining malware code and structure without executing it, while dynamic analysis observes malware behavior by executing it in a controlled environment. The goal of malware analysis is to understand malware functionality, behavior, and impact in order to better defend against threats. Host- and network-based intrusion detection systems use malware signatures to detect unauthorized or malicious activities on individual systems and network traffic.
This document discusses understanding cyber attackers by examining their means and motivations. It outlines that modern attacks are often organized crimes for financial gain carried out by dedicated teams. Common roles in these operations include malware developers, distributors, and hosting providers. The document then provides a hypothetical example of how one could get involved, describing the business model, tools, and methods that could be used. It emphasizes that penetration testing can help defend networks by identifying vulnerabilities from an attacker's perspective. Key recommendations include limiting exposure, monitoring networks, educating users, and realizing that antivirus alone is not sufficient. Emerging threats on mobile devices are also highlighted.
This document discusses moving NEON optimizations to 64-bit ARM architectures. Some key points:
- NEON is an ARM instruction set extension that allows single-instruction multiple data (SIMD) processing. It has more registers and capabilities in AArch64, including double precision floating point.
- Migrating NEON code to AArch64 usually only requires minor changes to assembly code due to compatibility in C/intrinsics code and clearer register mappings. Existing NEON documentation still applies.
- Open source libraries and compilers support NEON optimizations, providing performance boosts such as 3-4x faster video codecs. The Android NDK fully supports 64-bit development.
- Examples show optimized
The document discusses the advantages of 64-bit ARMv8-A architecture for Android. It describes how Android Lollipop provides support for both 32-bit and 64-bit applications. Native and ART applications can see performance gains by taking advantage of the ARMv8-A architecture's modern instruction set and use of more registers. The document encourages developers to explore 64-bit development and provides additional resources.
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
The document summarizes a presentation on incident response given by Albert Hui at the 13th Info-Security Conference in 2012 in Hong Kong. The presentation covered the incident response process, incident response organization structure including roles in a CSIRT, incident response triage to verify and prioritize incidents, and preliminary containment steps to take before incident response experts arrive.
This document provides an overview of developing an information technology (IT) risk management program according to several standards and frameworks. It discusses what the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO) 17799, and other sources recommend for conducting risk assessments, selecting and implementing controls, and continually evaluating the risk management process. The goal of IT risk management is to protect organizational assets and mission by identifying, assessing, and reducing risks to acceptable levels.
The document discusses cyber threat scenarios and principles for cyber defense models. It outlines various past cyber attacks on different countries involving hacking, distributed denial of service attacks, and data/infrastructure manipulation. It also shows diagrams mapping the interconnectivity and complexity of modern critical infrastructure networks. The presentation argues that traditional passive cyber protections are no longer sufficient and proposes a new integrated, proactive defense model involving information sharing between public and private sectors, coordinated incident response, and development of tailored security technologies. It concludes by listing contact information for the cybersecurity firm Altal Security and their representatives.
This document discusses different types of attackers that threaten computer security:
- Opportunists seize opportunities without concern of getting caught. Emotional attackers seek revenge or fun and accept high risks. Cold intellectual attackers are professionals who attack for personal gain while minimizing risks. Terrorists and insiders also pose threats.
- Insider attackers are particularly concerning as employees are one of the biggest threats, whether malicious or accidental. Insiders are often unwittingly manipulated by outsiders through tricks. Their motivations can include expected personal gains, revenge, or improving their position.
- Common insider attacks include leaking information, stealing data or services, tampering with systems, sabotage, and vandalism. Pre
1) Current risk management approaches are problematic because they are either too notional and abstract or too focused on tangible metrics.
2) A new evidence-based approach is proposed that uses incident data frameworks to extract metrics that can be used to build models of threats, impacts, and management capabilities.
3) By analyzing patterns in incident data, more accurate assessments of risk can be made based on an organization's unique loss landscape, threat landscape, controls landscape, and how these change over time. This moves risk management from superstition to a measurable science.
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
Now that the industry is trying to formalize the concept of risk management into neat little compartments like standards (ISO 27005/31000), certifications (CRISC) and products (GRC) guess what? We're doing it wrong. Fundamentally wrong. This talk will discuss why all this current risk management stuff is goofy and what sort of alternatives we have that might help us understand our ability to protect, our tendancy towards failure, and how to match that up with what management will stomach.
Trend micro real time threat management press presentationAndrew Wong
Trend Micro is launching new real-time threat management solutions to address the insufficiency of traditional security against today's advanced threats. The solutions include the Trend Micro Threat Management System for network-wide visibility and control, the Threat Intelligence Manager for actionable threat intelligence, and vulnerability management services for timely patching. These solutions aim to detect, analyze, and remediate advanced threats in real-time through network monitoring, threat intelligence, and continuous vulnerability assessments.
This document discusses various topics related to personal data and digital risks. It covers ambientes digitales (digital environments) like Windows XP and software firewalls. It also discusses data breach laws in California, recent data leaks involving millions of records, and the growth of security technologies. Other topics include physical vs digital transformations, the costs of digital theft, and why digital data security is an increasing concern due to factors like speed, dispersion, persistence and aggregation of data online.
This document discusses visual security event analysis as an approach to addressing challenges in security monitoring. It summarizes the key benefits of a visual approach as being able to provide multiple views on event data for improved situational awareness, real-time monitoring and incident response, and forensic and historical investigation. Specific examples are provided showing how visualizations can help with port scan detection, insider threat analysis, and compliance reporting.
RSA 2012 Presentation: Information ProtectionSymantec
The document discusses information protection challenges in today's changing mobile and cloud environments. It outlines a new defense in depth approach with five key capabilities: reconnaissance, incursion, discovery, capture, and exfiltration. This model focuses on infrastructure-independent and adversary-centered security controls. It also recommends organizations shift to a risk, information, and people-centric approach to drive success in the new threat landscape.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Maximize Computer Security With Limited RessourcesSecunia
Presentation from Stefan Frei on how patches are an effective method to escape the arms race with cybercriminals. The majority of vulnerabilities have patches ready on the day of disclosure, which means that the right patch strategy is evident to maximize risk reduction.
This document discusses cyber crime trends in 2013 and cyber security solutions. It begins with an introduction of the author and their background. It then defines various types of cyber crimes like online scams, identity theft, fraud, and embezzlement. International cyber crime trends are discussed along with increasing sophistication of attacks. Solutions discussed include integrated threat protection through application control, intrusion prevention, web filtering, vulnerability management, antispam, and antivirus technologies. The document concludes with information about the author's company and resources.
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
The document provides an agenda for a talk on advanced persistent threats (APTs). It introduces APTs and discusses how they have evolved over time from targeting military and intelligence to also targeting private companies. It notes APTs can be opportunistic attacks that utilize social engineering and technical vulnerabilities. The document contrasts APTs with more sophisticated threats known as subversive multi-vector threats that are willing to exploit people, processes, and technologies to achieve their goals. It provides examples of analyzing suspicious foreign network traffic and discusses challenges with identifying and addressing multi-vector threats.
This document provides an overview of malware analysis. It defines malware and lists common types. It describes two main techniques for analyzing malware: static and dynamic analysis. Static analysis involves examining malware code and structure without executing it, while dynamic analysis observes malware behavior by executing it in a controlled environment. The goal of malware analysis is to understand malware functionality, behavior, and impact in order to better defend against threats. Host- and network-based intrusion detection systems use malware signatures to detect unauthorized or malicious activities on individual systems and network traffic.
This document discusses understanding cyber attackers by examining their means and motivations. It outlines that modern attacks are often organized crimes for financial gain carried out by dedicated teams. Common roles in these operations include malware developers, distributors, and hosting providers. The document then provides a hypothetical example of how one could get involved, describing the business model, tools, and methods that could be used. It emphasizes that penetration testing can help defend networks by identifying vulnerabilities from an attacker's perspective. Key recommendations include limiting exposure, monitoring networks, educating users, and realizing that antivirus alone is not sufficient. Emerging threats on mobile devices are also highlighted.
This document discusses moving NEON optimizations to 64-bit ARM architectures. Some key points:
- NEON is an ARM instruction set extension that allows single-instruction multiple data (SIMD) processing. It has more registers and capabilities in AArch64, including double precision floating point.
- Migrating NEON code to AArch64 usually only requires minor changes to assembly code due to compatibility in C/intrinsics code and clearer register mappings. Existing NEON documentation still applies.
- Open source libraries and compilers support NEON optimizations, providing performance boosts such as 3-4x faster video codecs. The Android NDK fully supports 64-bit development.
- Examples show optimized
The document discusses the advantages of 64-bit ARMv8-A architecture for Android. It describes how Android Lollipop provides support for both 32-bit and 64-bit applications. Native and ART applications can see performance gains by taking advantage of the ARMv8-A architecture's modern instruction set and use of more registers. The document encourages developers to explore 64-bit development and provides additional resources.
The document discusses ARM's Intelligent Power Allocation (IPA) technology, which aims to maximize performance within thermal limits. It describes three types of power consumption scenarios and the limitations of the current Linux thermal framework. IPA uses a closed-loop control system to dynamically allocate power between components like the CPU and GPU based on temperature, power estimates, and performance requests. Test results show IPA achieving up to 31% higher FPS in games compared to static thermal policies, with more consistent temperature control.
This document discusses how Serengeti can be used to automate the deployment and management of Hadoop clusters on VMware vSphere. Some key points:
- Serengeti is a virtual appliance that can be deployed on vSphere and automates the provisioning of Hadoop clusters within 10 minutes from templates.
- It allows separating storage and compute by deploying Hadoop data nodes on shared storage and compute nodes as VMs for better elasticity and utilization.
- Serengeti supports elastic scaling of Hadoop clusters, multi-tenancy by isolating tenant workloads, and live configuration changes with rolling upgrades and no downtime.
This document discusses recommended architectures and best practices for deploying Hadoop on VMware vSphere. It recommends deploying Hadoop nodes across multiple virtualization hosts with 10Gb networking for high performance. The standard deployment places data nodes on shared storage and task trackers on local disks. It also discusses planning the cluster size, hardware requirements including CPU, memory, storage and networking considerations. Configuration recommendations include using NTP, proper virtual disk settings, enabling NUMA and avoiding overcommitting resources.
1. beyond mission critical virtualizing big data and hadoopChiou-Nan Chen
Virtualizing big data platforms like Hadoop provides organizations with agility, elasticity, and operational simplicity. It allows clusters to be quickly provisioned on demand, workloads to be independently scaled, and mixed workloads to be consolidated on shared infrastructure. This reduces costs while improving resource utilization for emerging big data use cases across many industries.
Pivotal HD is a Hadoop distribution that includes additional components to configure, deploy, monitor and manage Hadoop clusters. It provides tools like the Command Center for visual cluster monitoring and job management, Hadoop Virtualization Extensions to improve resource utilization, and HAWQ for high performance SQL queries and analytics across Hadoop data.
The document discusses EMC's transformation to an IT-as-a-Service model. It summarizes how EMC has virtualized 90% of its server workloads, consolidated data centers, and transformed its IT infrastructure to deliver services through a cloud foundation. This allows EMC to enhance agility, optimize costs, and deliver business value through offerings like infrastructure-as-a-service, platform-as-a-service, and software-as-a-service.
This document discusses how IT is transforming through trends like cloud computing and big data. It summarizes that EMC can help customers navigate these changes by providing solutions like hybrid cloud infrastructure and big data analytics to help businesses transform their applications and IT infrastructure. The document also emphasizes that EMC is committed to innovation through R&D investment and acquisitions to ensure it continues to lead customers on their journey to the cloud and with big data.
The document discusses disaster recovery for mission critical applications. It notes challenges in ensuring application availability with data growth and budget pressures, while meeting regulatory requirements. It discusses using replication, snapshots, and continuous data protection to reduce recovery point objectives (RPO) from hours to minutes or less. EMC provides integrated solutions using technologies like Data Domain, Avamar, RecoverPoint, and VPlex to automate backup, replication, and recovery for applications.
The document discusses desktop virtualization and cloud computing. It compares the PC era to the current cloud era and how workstyles have shifted from PCs to mobile devices that can access cloud services from any location using various devices. It discusses how users can access their desktops, applications, files, and services from any cloud through mobile workstyles. It also mentions some benefits of desktop virtualization like security, collaboration, application migration, integration and managing services from various devices and clouds.
The document discusses virtualizing mission critical applications. It notes that the primary drivers for virtualizing applications are cost savings and service improvement. It provides statistics showing an increasing percentage of workload instances running on VMware for applications like Microsoft Exchange, SharePoint, SQL, Oracle, and SAP. It then discusses EMC IT's journey towards a private cloud, moving from an infrastructure focus to an applications focus to an IT-as-a-service model. The document also discusses challenges around data protection and backup/recovery for virtualized applications and provides solutions using technologies like Avamar, Data Domain, and VFCache. It provides an example case study of EMC IT successfully virtualizing their Oracle 11i CRM system.
The document discusses EMC and Oracle's long-standing partnership in developing solutions to optimize Oracle applications. It outlines three common deployment models for Oracle (aggregation, verticalized, virtualization) and describes the benefits of virtualizing Oracle software, such as 3x higher performance with lower total cost of ownership. It also introduces EMC solutions like Vblock infrastructure platforms, FAST automated storage tiering, and VFCache server flash caching that help address challenges of Oracle I/O performance and optimize storage for virtualized Oracle environments.
This document describes virtualization solutions using Microsoft Hyper-V and System Center with EMC storage components. It provides configuration details for solutions supporting 50 and 100 virtual machines, including servers, hypervisors, networking, storage and backup components. It also discusses features for virtualizing Microsoft applications and the benefits of using System Center for management.
This document discusses the transformation of IT backup and recovery due to trends in data growth and regulations. It presents EMC's backup solutions including Data Domain for disk-based backup with deduplication, Avamar for fast VMware backups, and NetWorker for centralized backup management. These solutions provide faster backups, recovery and scalability compared to traditional tape-based systems. Case studies show customers achieving up to 98% data reduction, replacing tapes completely and saving over $200k annually with EMC's backup products.
The document discusses EMC's strategy called "FLASH 1st" for data storage over the next decade. It argues that traditional hard disk drives will not be able to keep up with rapidly growing data and increasing IO demands. FLASH/solid state technology on the other hand is improving much faster than HDDs and will provide dramatically better performance and cost efficiency. EMC's FLASH 1st strategy leverages automated tiering software to place active "hot" data on high-performance FLASH storage and less active "cold" data on lower-cost capacity HDDs to maximize benefits.
4. Evolution of Attack Vectors
Significant impact
on business
bottom line
Targeted malware APTs
Damage/Sophisticati
Hybrid Worms Coordinated attacks
Web-application
Rootkits attacks
Financial Backdoor
Botnets
DoS/DDoS Trojans
Worms Spyware
Spam
Viruses Phishing
on
Minor Annoyance
Hobbiest / Script Kiddies Threat Actors Nation States
Petty Criminals Organize Crime
Non-State Actors / Cyber Terrorists
4
5. Anatomy of an Attack
Attacker
Surveillanc Attack
e Target Attack Begins Discovery/
Leap Frog
Analysis Set- Persistenc
Access up System Attacks
Cover-up e
Probe Intrusion Complete Cover-up
Starts
Complete
Maintain foothold
TIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
5
6. Anatomy of a Response
TIME
Physical Monitoring & Containme
Security Controls nt &
Impact Respons
Eradication
Incident e
Threat Attack Analysi
Forecast Reportin Recover
Analysi s
g System y
s Defender
Damage Reactio
Discovery Attack n
Identificati
Identified
on
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
6
7. Reducing Attacker Free Time
Attacker
Surveillanc Attack
e Target Attack Begins Discovery/
Leap Frog
Analysis Set- Persistenc
Access up System Attacks
Cover-up e
Probe Intrusion Complete Cover-up
Starts
Complete
Maintain foothold
TIME
ATTACKER FREE
TIME
TIME
Need to collapse free time
Physical Monitoring & Containme
Security Controls nt &
Impact Respons
Eradication
Incident e
Threat Attack Analysi
Analysi Forecast Reportin Recover
s
s g System y
Defender Reactio
Discovery Damage
Attack n
Identificati
Identified
on
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
7
9. Advanced Threats
83%
of organizations believe they have
65%
of organizations don’t believe they have
been the victim of an Advanced sufficient resources to prevent
Threats Advanced Threats
91%
of breaches led to data compromise
79%
of breaches took “weeks”
within “days” or less or more to discover
Source: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”
Source: Verizon 2011 Data Breach Investigations Report
10
10. Mean Time to Detect (MTTD)
Source: Ponemon Institute
11
15. As a result
Organizations are…
poorly unable to responding in a
prepared for detect attacks manner that is
advanced in a timely chaotic and
threats manner uncoordinated
16
17. Security must Ensure…
Enterprise
…only the
Admins Users right people
Data Center
Applications
…access
ITaaS Management
CRM ERP BI *** critical
applications &
Information
information
Infrastructure …over an I/F
we trust.
18
18. Disruptive Forces
Enterprise
…only the Mobile
User Access
Admins Users right people Transformation
Data Center
Applications
…access
Advanced
ITaaS Management
CRM ERP BI *** critical Threat Landscape Threats
applications & Transformation
Information
information
Infrastructure …over an I/F Cloud
we trust. Back-end I/F
Transformation
19
19. The New IT Model
Enterprise Clouds
• Scenario Managed Unmanaged
Web
Devices Devices
Admins Users From the Cloud
To DC
Mobile Apps
Data Center
Direct to Apps Direct to Cloud
SaaS
Applications
VPN into DC
ITaaS Management
ITaaS Management
CRM ERP BI ***
PaaS
Information
Private
Cloud
IaaS
Infrastructure
Community
20
20. The Security Stack
ENTERPRISE CONTROL LAYER MANAGEMENT LAYER
IDENTITY ADMIN &
PROVISIONING
IDENTITY
DEFINE POLICY
Admins Users ACCESS CONTROLS
To DC
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
Data Center
DLP CONTROLS
INFORMATI
Applications
ON
ENCRYPTION/TOKENIZATION I/F
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
Information MANAGEMENT
SECURITY
DETECT Potential Threats
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS RESPOND to Attacks
APPLICATION CONTROLS
21
21. THE CONTROL LAYER
ENTERPRISE CONTROL LAYER
CONTROL LAYER MANAGEMENT LAYER
IDENTITY ADMIN &
IDENTITY ADMIN &
PROVISIONING
PROVISIONING
IDENTITY
DEFINE POLICY
Admins Users ACCESS CONTROLS
ACCESS CONTROLS
To DC
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
Data Center
ENCRYPTION/TOKENIZATION I/F
ENCRYPTION/TOKENIZATION I/F
INFORMATI
Applications
ON
DLP CONTROLS
DLP CONTROLS
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
INFORMATION RIGHTS
Information MANAGEMENT
MANAGEMENT
SECURITY
DETECT Potential Threats
ENDPOINT CONTROLS
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS
NETWORK/MESSAGING CONTROLS RESPOND to Attacks
APPLICATION CONTROLS
APPLICATION CONTROLS
22
22. The Management Layer
ENTERPRISE CONTROL LAYER MANAGEMENT LAYER
MANAGEMENT LAYER
IDENTITY ADMIN &
PROVISIONING
IDENTITY
DEFINE POLICY
DEFINE POLICY
Admins Users ACCESS CONTROLS
To DC
MAP POLICY
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
MEASURE POLICY
Data Center
ENCRYPTION/TOKENIZATION I/F
INFORMATI
Applications
ON
DLP CONTROLS
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
Information MANAGEMENT
SECURITY
DETECT Potential Threats
DETECT Potential Threats
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS RESPOND to Attacks
RESPOND to Attacks
APPLICATION CONTROLS
23
23. Critical Questions
what what is how do I
matters? going on? address it?
Governance Comprehensive Visibility Actionable Intelligence
24
26. The Next Gen SOC
Comprehensive Agile
Visibility Analytics
“Analyze everything that’s “Enable me to efficiently
happening in my analyze and investigate
infrastructure” potential threats”
Actionable Optimized Incident
Intelligence Management
“Help me identify targets, “Enable me to manage
threats & incidents” these incidents”
27
28. Value of RSA Solutions
Traditional Approach RSA’s Approach
GOVERNANCE INTELLIGENCE
GOVERNANCE INTELLIGENCE
VISIBILITY
VISIBILITY
• Discrete products in silos • Transparent data flow between
• Multiple vendors for each products
product • Single vendor – tested integrations
• Manual process to transfer data • Very high operational efficiencies
• High TCO and low efficiency • Lower TCO and faster time to value
29
29. RSA Approach
Manage Business Risk,
GOVERNANCE Policies and Workflows
ADVANCED
Collect, Retain and Analyze Internal
VISIBILITY AND and External Intelligence
ANALYTICS
INTELLIGENT
Rapid Response and Containment
CONTROLS
Cloud Network Mobility
30
30. Meeting our Customers’ Challenges
with RSA Thought Leadership
Manage Risk Prove Secure Access Secure
and Threats Compliance for Increased Virtualization
Throughout Consistently & Mobility & & Cloud
Enterprise Affordably Collaboration Computing
31