SlideShare a Scribd company logo

RSA Security Brief : Taking Charge of Security in a Hyperconnected World

E
EMC

The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches. About RSA Security Brief : RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners. Read More via

TechnologyBusiness
1 of 16
Download to read offline
TAKING CHARGE OF SECURITY IN A HYPERCONNECTED WORLD How Organizations Can Improve Breach Readiness and Cyber Security Maturity October 2013 Authors KEY POINTS James Lugabihl, Global CIRC Senior Manager, EMC Corp. • Organizations are taking responsibility for proactively improving security, not just for themselves but for customers and business/supply chain partners. Dylan Owen, Cybersecurity Manager for Cybersecurity and Special Missions, Raytheon Company Timothy A. Rand, Senior Manager, Advanced Cyber Defense Practice, RSA, The Security Division of EMC Peter M. Tran, Senior Director, Advanced Cyber Defense Practice, RSA, The Security Division of EMC • Rising numbers of organizations are conducting assessments of their business risks and security practices before breaches occur. • Most breaches result from organizations stumbling on basic security practices. The following deficiencies play a contributing role in most security breaches: –Neglecting basic security hygiene –Relying exclusively on traditional threat prevention and detection tools –Mistaking compliance for security –Inadequate end user training • An organization’s optimal security posture will change as its business, risk, and threat environment changes. Good security is less about achieving a static goal state as it is about building capabilities for continuous evaluation and improvement. • Of the many recommendations that emerge from security assessments, 20 percent will likely yield 80 percent of the benefits. The following areas for improvement typically generate high impact: –Locate and track high-value digital assets –Model threats and address top vulnerabilities –Master change management processes –Deploy security staff selectively and strategically –Integrate security processes and technologies to scale resources –Invest in threat intelligence capabilities RSA Security Brief –Conduct all-inclusive risk and security assessments –Quantify the impact of security investments
RSA Security Brief, October 2013 RSA Security Briefs provide security leaders and risk management executives with essential guidance on today’s most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today’s forward-thinking security and risk management practitioners. Contents “Good” security is a relative condition......................................................................... 3 Security programs still stumble on the basics............................................................... 4 Neglecting basic security hygiene.......................................................................... 4 Relying exclusively on traditional threat prevention and detection tools.................. 5 Mistaking compliance for good security................................................................. 5 Inadequate user training....................................................................................... 6 Beyond the basics................................................................................................ 6 Security stewardship means continuous improvement................................................. 7 Conduct all-inclusive risk and security assessments............................................... 7 Locate and track high-value digital assets.............................................................. 7 Model threats and address top vulnerabilities....................................................... 8 Master change management processes................................................................. 8 Deploy security staff selectively and strategically................................................... 9 Integrate security processes and technologies to scale resources........................... 9 Invest in threat intelligence capabilities............................................................... 10 Quantify the impact of security investments........................................................ 10 Conclusion................................................................................................................. 11 About the Authors..................................................................................................... 12 Security Solutions for Improving Breach Readiness......................................................14 From Raytheon Company......................................................................................14 From RSA, The Security Division of EMC.................................................................14
RSA Security Brief, October 2013 The boundaries have blurred between internal and external networks. Employees increasingly use their own devices, home networks, and public Wi-Fi to access corporate resources. Partners, customers, and vendors have greater access to what were exclusively internal resources, and the integration of private networks with public clouds has culminated in hybrid clouds with dynamic and complex boundaries. In a world where digital boundaries are ever-changing and hard to define, building stronger perimeter defenses, while still necessary, are inadequate to ensure sufficient security. In today’s highly interconnected business environment, information security can no longer be an isolated endeavor: it must be the responsibility of an entire business ecosystem or value-chain. “Attackers look for the easiest means of compromise. That’s why attacks are moving from more security-mature organizations down to less mature, typically smaller, partners. Attackers can exploit the trust relationships between companies to infiltrate well-protected targets through supply chain partners with less security experience.” Dylan Owen, Raytheon Company This idea has gained widespread recognition at the international level. For example, the World Economic Forum (WEF) is exploring how responsibility for cyber security can be shared among companies, industries, and governments. In its 2012 report, “Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience,” the WEF concluded: Increasing dependence on connectivity for the normal functioning of society makes the protection of connectivity a critical issue for all; it is a shared resource, like clean air or water. No one organization can resolve the issue by itself; a collaborative, multi-stakeholder approach must be taken. Even competitors in a given industry must become partners in the effort to ensure a stable and trusted environment. The idea that creating a stable, trusted cyber environment should be a collaborative endeavor also appears to be gaining traction among private enterprise and governments. Two trends in the global security community point to this: 1. Participation in threat intelligence-sharing groups has widened over the past few years beyond the traditional circles of defense and financial services. Nowadays, it’s common to see industrial manufacturers, retail chains, utilities, and technology companies exchanging cyber threat intelligence. 2. Rising numbers of organizations are conducting assessments of their business risks and security practices to improve their overall security posture proactively. These security assessments have historically been done in the wake of serious incidents or breaches, but they are now increasingly done as a precautionary measure before trouble has been detected. “GOOD” SECURITY IS A RELATIVE CONDITION Organizations are conducting proactive assessments not only to improve their own security postures but to protect their business relationships. Advanced cyber attacks have been known to attack their primary targets by exploiting business partners with weaker defenses. Rather than combat the well-protected computer networks of a target company, cyber attackers try instead to infiltrate the organization through its connections to trusted partners with less-developed security practices. In recent incidents, cyber attackers have sought to cover their tracks by routing data stolen from a company through the computer networks of a business partner. page 3
RSA Security Brief, October 2013 Because information security within a supply chain is only as strong as its weakest link, organizations today must improve security measures not just for themselves but for their partners and customers. Every organization should achieve “appropriate” levels of security for their business requirements and risks—which also means evaluating how their security practices could affect customers and partners, should something go wrong. Of course, appropriate security measures will vary greatly from organization to organization. For example, security practices considered appropriate for an industrial manufacturer might have very different characteristics than security practices for a regional consulting firm or a global technology company. “We see security assessments trending toward improvement and a more proactive approach. There’s a general sense that, because my buyer or my business partner just got hacked, maybe I should think about this now. The tough part is getting your stakeholders to realize they’re on borrowed time, because they’re still thinking, ‘Well, nothing has happened to us, so why should we do this?’” Peter Tran, RSA Identifying appropriate levels of security can prove challenging, because it’s an exercise based on risk and relativity. Appropriate security should be determined by four factors: 1. The organization’s risks and requirements, which change over time and are unique for each organization 2. The value of information assets being protected, with high-value assets monitored more closely and subject to more controls 3. The security risks and threats the organization can reasonably expect to face, considering that attack techniques are constantly changing and rising in sophistication 4. Prevailing security practices for the organization’s peers, with the organization aiming to be at or above the group “average” so as to not make itself an easy target The first three conditions listed above are associated with internal assessments. The fourth condition is a relative measure that relies in part on external knowledge of “reasonable” security practices within an industry peer group. Industry associations, information sharing and analysis centers (ISACs), or outside consultants can often help provide this comparative context. Another way organizations can diagnose security performance on a relative basis is through self-assessment tools. Many consulting firms and security service providers offer proprietary “security maturity” models. Each has merits and deficiencies, but they all aim to provide a progressive framework for measuring security performance. An example of a security maturity framework is shown in Figure 1. SECURITY PROGRAMS STILL STUMBLE ON THE BASICS In analyzing security programs across different industries, it seems many organizations today still fall down on basic execution. The following deficiencies commonly contribute to security breaches. Neglecting basic security hygiene In forensic evaluations following attacks, missed software updates frequently surface as exploited vulnerabilities. Sometimes, these are zero-day vulnerabilities, but in most cases antivirus and software updates had simply not been done. Perhaps a system was scheduled for patching at a later date after the organization could compatibility-test the patch. More likely, the system was overlooked for patching entirely because it had been added to the network without being properly cataloged: IT didn’t know the system existed so they did not know to patch it. Basic security maintenance is an all-toocommon deficiency. page 4
RSA Security Brief, October 2013 Figure 1: Security Maturity Framework Level 1. Product-driven security Level 2. Compliance-driven security Level 3. IT Risk-driven security Level 4. Business Risk-driven security policy • Enforced employee compliance • Management reinforces cooperation • Reasons for non-compliance explored • None • Changes in policies and regulations • Changes in IT threats • Continuous business risk assessments • No reporting • Ad-hoc incident reports • Scheduled reporting • Real-time reporting • None • Auditor checklist • IT infrastructure checklist • Business risk checklist • Technology: low • Business: low • Technology: medium • Business: low • Technology: high • Business: medium • Technology: high • Business: high • None • Contingent on policy changes and incidents • Regular communication • Pro-active, two-way communication between security and businesses {Employee training process • Sporadic and inconsistent • Product training (not mandatory) • Regulations training (mandatory for some) • IT infrastructure threats (mandatory for all) • Role-specific training (mandatory for all) |Selection criteria • Trends, vendors • Legal/regulatory requirements • Specific to IT infrastructure • Based on business implications }Technology focus • Managing patchwork of security tools • Compliance monitoring and reporting • Threat detection and response • Business risk monitoring and predictive analytics uEnforcement vUpdate trigger wReporting schedule xUpdate trigger product people yLeadership capabilities zManagement communication Relying exclusively on traditional threat prevention and detection tools “There’s no magic bullet for improving security or your breach readiness. There’s no secret to it, other than you have to master the basics before you take on anything else. You have to execute—get your hands dirty, move rocks.” James Lugabihl, EMC In general, organizations relying on firewalls, antivirus scanners, and intrusion detection systems (IDS) for security will never discover the truly serious problems. Yet, most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own. Part of the reason for this is most security teams have not done the hard work of integrating their logs, security processes, and tools, making it challenging to correlate events or determine causality. Mistaking compliance for good security Many companies are on an accelerating treadmill with their compliance programs. They’re so busy keeping up with mounting compliance requirements, whether from increased government regulations or internal oversight requirements, that proving compliance becomes a goal in and of itself. Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security. For example, organizations may audit their privileged IT administrator accounts only once a quarter because that’s the interval specified by internal policies. However, cyber adversaries waging targeted page 5
RSA Security Brief, October 2013 “Developing a highperforming security program—what we call an ‘intelligence-driven’ organization—is a journey. Focus on the basics first, paying attention to the people, process, and technology. Then, you can make improvements incrementally by adding capabilities such as forensic analysis, malware reverse engineering, and threat intelligence.” Timothy A. Rand, RSA attacks often phish for privileged accounts to do the most damage in the shortest amount of time. In most cases, the quarterly intervals for inspecting privileged accounts may be woefully inadequate for managing risk. The Payment Card Industry Data Security Standard (PCI DSS) serves as an example in which good compliance does not always translate into breach avoidance. Companies compliant with PCI DSS have been hacked. For this reason, the latest version of PCI DSS provides direction for implementing security into business-as-usual (BAU) activities and underscores the need to maintain ongoing compliance. Inadequate end user training Employees and other end users of corporate IT assets should be regarded as the organization’s first line of defense—even more so than firewalls and IDS. Threats will inevitably get through perimeter defenses, but employees can alert security teams to suspicious emails, unusual activity, or performance changes in systems. Many organizations don’t invest enough time and resources in user training. While annual security training is the interval frequently mandated in corporate policies, it’s not frequent enough to protect end users from phishing, malicious links, and other security hazards. Also, most organizations fail to provide differentiated training for employees more likely to be targeted by cyber attackers: finance executives, IT administrators, R&D scientists, and others. Beyond the basics While the basic deficiencies described above contribute to the majority of security breaches, other shortcomings also surface over and over again. The chart in Figure 2 itemizes ten of the most common problems identified in security assessments. Figure 2: Top 10 security deficiencies found in security assessments • Infrequent user training on security hazards such as spear-phishing People • Inadequate security staff, both in terms of numbers and training • Security team’s roles and responsibilities not clearly defined • Poor patch management processes Process • Reliant on ad hoc incident response and other security procedures in the absence of well-defined processes • “Enterprise amnesia” resulting from responding nonstop to fire drills without taking time to improve based on post-incident lessons learned • No centralized or real-time monitoring and alerting—analysts must log into different consoles to collect alerts Technology • Poor incident response-tracking and workflow systems • Insufficient tools to conduct forensic analysis • No threat intelligence collection or analysis capabilities page 6
RSA Security Brief, October 2013 SECURITY STEWARDSHIP MEANS CONTINUOUS IMPROVEMENT An organization’s optimal state of security will vary as its business, risk, and threat environment changes. What this means is that good security is not about achieving a static optimal state; it’s about building capabilities, or agility, for continuous assessment and improvement. The focus on improving security seems to have intensified. Two years ago, organizations commissioning outside security assessments were primarily interested in remediating vulnerabilities following a breach. Now, more organizations are requesting proactive help to improve breach readiness and incident response. Even medium-size companies, under pressure from larger business partners, are striving to proactively advance their security practices ahead of a serious incident. Because “good” security is not a one-size-fits-all condition, the needed improvements will vary greatly from organization to organization. Any organization that has conducted a rigorous security assessment can attest that the list of recommendations resulting from such assessments is almost endless. The key to executing a successful security improvement plan is to identify and implement the 20 percent of changes that will yield 80 percent of the benefits. The recommendations and best practices described below often fall into the top 20 percent of changes that generate the greatest improvement in organizational readiness for responding to and recovering from cyber threats. Conduct all-inclusive risk and security assessments Risk assessments should include not just digital assets but an all-inclusive risk evaluation of facilities, suppliers, and even how you sell your goods and services. For example, if your organization sells in distant geographic regions through channel partners, these partners should be factored into risk evaluations for two reasons. First, these partners are essentially your organization’s face to the world within their respective regions. Second, they’re likely to be attractive, vulnerable targets for spearphishing, as they potentially represent a convenient vector for attacking your company. Digital risk assessments should be done at least once per year. If you stand up a new service or enter a new market, a corresponding risk assessment should be included as part of the project management process, baking security into the implementation. Locate and track high-value digital assets While keeping track of valuable digital assets sounds straightforward, many companies say this is one of the toughest challenges they face. Tracking high-value information assets can be tricky because of shadow IT in which processes run on systems that aren’t managed by the enterprise IT team. This could run the gamut from a business unit storing sensitive information in a SaaS application to an accountant in your finance department running a spreadsheet of critical financial data on his unsecure home computer. Tracking high-value information is a critical capability in incident response and remediation. When threats or problems are first detected, you have to know how to isolate or effectively protect critical assets as fast as possible. Organizations must document where high-value assets are, who has access to them, who within the business owns the risk, and how the risk can be managed. IT and security teams can provide the right frameworks and tools for auto-discovery, including creating a single repository to track and manage key assets. page 7
RSA Security Brief, October 2013 Model threats and address top vulnerabilities Part of any security assessment should be threat modeling, which can be boiled down to a simple formula: Threat x Vulnerability x Potential Cost of Loss = Risk Stakeholders in business units and IT often don’t understand the need for threat modeling, and many security practitioners don’t have sufficient experience to do it well. A common pitfall is organizations tend to underestimate internal threats. The mostoverlooked internal risks are not disgruntled employees acting out of malice; they’re often well-intentioned employees making critical mistakes—oversights in documenting changes to an IT system’s software application is a typical example. Threat modeling should be a collaborative, multi-disciplinary process, not an isolated exercise within the security team. Participants should work together on scoping out threats to the organization and how each may affect business units or assets. Ideally, threat modeling should be a creative process: organizations must plan with the same imagination and cunning as prospective adversaries. Threat models should also build on forensic evaluations of previous threats observed in your environment with the goal of identifying ways to neutralize cyber adversaries. For example, threat models should identify the organization’s most frequent historical threat vectors. Then, if you discover that the number one point of compromise for your organization is phishing attacks, you’ll know to implement processes, technology, and training programs to reduce the effectiveness of spear phishing. “Good change management can have a huge preventive impact. Some people think that change management just slows them down, but consider what’s the cost to your business if you don’t do this and something gets compromised? It’s rarely worth the risk.” Dylan Owen, Raytheon Company Master change management processes Security change management procedures help track and respond to changes in IT assets and business processes that have material impact on security risks. It’s a hard discipline to manage consistently, especially since many stakeholders in IT, the business, and even in security mistake it for an administrative checkbox that simply slows them down. So, they may forego documenting systems and processes because they’re under pressure to complete a project quickly and believe they can circle back and report on additions and modifications later. But then key people on the implementation team leave, first-hand knowledge is lost, and dependencies are never recorded. Such omissions present unnecessary risks that can have serious consequences later. Change management processes should be factored into project management schedules. You should qualify the risks and rewards of change management requirements so stakeholders understand the potential cost to the business if something gets missed and contributes to a compromise. Train people to understand the impact of their actions. Simultaneously, stakeholders should evaluate how to fulfill change management requirements in the most efficient and expedient way possible. Part of change management is the discipline of identifying and documenting interdependencies between systems so IT and security teams are aware of how changes made to one system affect the state of another. Reconfiguring one part of your IT environment could create vulnerabilities somewhere else. For example, if an organization’s back-end database provider releases a patch that’s incompatible with the ERP implementation to which the organization’s database is tied, then the database can’t be patched until a fix can be arranged. Instead, the IT team must document why the patch was not installed and work with the security group to make sure vulnerabilities in the database system can be mitigated until updates can take effect. page 8
RSA Security Brief, October 2013 Deploy security staff selectively and strategically In many security operations centers (SOCs)—a designation that this paper also uses to refer to critical incident response centers or teams (CIRCs/CIRTs) —the roles and responsibilities for in-house personnel are not clearly defined. Analysts are accountable for many things simultaneously without clear direction on priorities. The adage “if you try to do everything, you wind up doing nothing well” applies here. Many SOCs would benefit from revisiting their staffing models, evaluating the capabilities of individual team members to put the right people in the right roles. That way, people with advanced or specialized skills are deployed in a way that best serves the needs of the security organization. A recent report from the Security for Business Innovation Council titled “Transforming Information Security: Designing a State-of-the-art Extended Team” recommends that organizations focus on building security capabilities in four key areas that will be new to most SOCs: cyber risk intelligence and data analytics, security data management, risk consultancy, and controls design and assurance. These emerging skills are seen by the Council’s members as essential to providing the security capabilities needed to defend organizations against escalating cyber threats. Integrate security processes and technologies to scale resources Almost every security operations team today faces staffing shortages. The capabilities of in-house security personnel are usually stretched, and new headcount is hard to authorize. Most security professionals spend too much time on mundane tasks such patch management or manually pulling data from different systems or sorting through volumes of event logs, alerts, and threat intelligence with no categorization of relevance or importance. The productivity of security personnel can be dramatically raised through technology and process integration initiatives. As detailed in a February 2013 RSA Technical Brief “Building an Intelligence-driven Security Operations Center,” integrating security operations processes and technologies is arguably the single most beneficial thing that SOCs can do to boost staff productivity. Process and technology integration provides valuable context for analyzing triggered events. For example, proper context can determine whether events are related to highvalue assets such as mission-critical systems and applications, business processes handling sensitive data, or privileged users such as CIOs, CFOs, and IT administrators. This type of context can help establish event severity and criticality, directing analysts’ attention to where it’s needed most. Another huge potential time-saver involves integrating various security tools so they feed into a central incident management console. Many security teams have yet to invest in centralized, real-time monitoring, and alerting. Instead, they compel security analysts to log into different systems (firewalls, IDS, and more) to collect alerts. Security tools should be integrated to push alerts into a central repository that provides a single-console view of aggregated events and alerts. Such consoles should track and coordinate workflows. This way, multiple analysts and users can work in parallel on different aspects of the same incident. A unified console presents all the contextual information for threats in one place; analysts don’t have to chase down data scattered among disparate systems and locations to get the background needed for accurate decision-making. In addition to saving analysts’ time, tool integration can also manage workflows to facilitate adherence to procedural best practices. page 9
RSA Security Brief, October 2013 Data aggregation could happen within a traditional log/event-oriented SIEM system, for example. For organizations with mature SIEM capabilities, the next phase of improvement is to enhance their central data monitoring with greater visibility (network and endpoint) as well as analytic capabilities that can automate the early phases of threat detection and shorten analysts’ investigation times. Invest in threat intelligence capabilities “In threat intelligence, data is king and context is queen. You can’t be secure without mastering both.” James Lugabihl, EMC Threat intelligence, long the domain of large enterprises and government agencies, is now being used by mid-sized and smaller companies to become more proactive and to protect their business relationships. Threat intelligence can sound daunting, but it does not necessarily need to involve ISACs and government agencies. For example, if you learn that the registrant of a bad domain linked to threat activity on your network has also registered 50 other domains, you could block them all. This is an example of leveraging intelligence to proactively improve your defenses. The simplest way to mine threat intelligence is to leverage the information already on your systems and networks. Many organizations don’t fully mine logs from their perimeter devices and public-facing web servers for threat intelligence. For instance, organizations could review access logs from their web servers and look for connections coming from particular countries or IP addresses that could indicate reconnaissance activity. Or they could set up alerts when biographies of employees with privileged access to high-value systems attract unusual amounts of traffic, which could then be correlated with other indicators of threat activity to uncover signs of impending spearphishing attacks. Quantify the impact of security investments Finding budget is a common constraint that security teams cite for not making the investments needed to improve incident response and readiness. ROI is very difficult to prove because it requires that organizations measure return on solutions to security problems that may never materialize. Yet, to build support from business units for funding security initiatives, it helps to compare the cost of proactive remediation with the potential cost of compromise. The cost of security controls needs to be balanced against the business harm likely to result from security failures. That’s where “what if” scenarios can prove helpful. In modeling “what if” scenarios, try to capture the full costs. For example, in addition to projecting the business and reputational costs of a breach within critical systems, also consider the costs for deploying backup systems while infected systems are taken down and cleaned. Quantifying the potential impact of new security investments can help security teams win support for new investments. It can also help organizations identify and prioritize investments that are most likely to result in substantial security improvements. page 10
RSA Security Brief, October 2013 CONCLUSION As information security becomes an ecosystem-wide endeavor, organizations will have to demonstrate they’re doing their part to improve security for all. Organizations will have to become more disciplined about basic “security hygiene,” which remains a consistent stumbling block. Organizations will also have to embark on thorough assessments to improve their organizational readiness in responding to and recovering from cyber threats. Security assessments can be handled in-house by experienced staff, but many organizations choose to enlist outside help. External consultants can provide objective evaluations of the organization’s current security practices, as well as contribute insights on best practices from multiple industries. Regardless of who conducts security assessments or what recommendations emerge for improvement, organizations should prioritize a limited number of investments that can deliver the greatest security benefits. Targeting the highest-impact investments can be done by quantifying the risks that would be mitigated by new controls or by seeking outside counsel on what has proven beneficial to other organizations. page 11
RSA Security Brief, October 2013 ABOUT THE AUTHORS James Lugabihl Global CIRC Senior Manager EMC Corporation James Lugabihl took over EMC’s Critical Incident Response Center in June of 2010. He is responsible for monitoring EMC’s global network and responding to threats that directly impact the organization. Since February 2005, James has been a part of EMC’s Global Security Organization developing the framework for risk and security administration services and worked as an internal consultant for the CSO. Mr. Lugabihl began his information security career more than 15 years ago with the U.S. Navy’s Fleet Information Warfare Center handling network monitoring and incident response. Dylan Owen CISSP, ISSEP, ISSMP, GPEN, GCFA, ITIL Cybersecurity Manager for Cybersecurity and Special Missions Raytheon Company Dylan Owen is responsible for developing and providing computer network defense solutions to Raytheon’s government and commercial customers. He helps Raytheon customers review and improve their security readiness, focusing on organizational alignment as well as reviewing security architectures and SOPs. Mr. Owen has helped design and implement SOCs/CERTs and threat intelligence programs for government organizations and large companies. He has also helped clients stand up CERTs, including developing core processes, hiring staff, and implementing technology solutions. In previous positions at Raytheon, Mr. Owen developed expertise in certifying and accrediting IT systems, conducting computer security awareness training, managing vulnerability assessments, and investigating many different types of computer-related breaches. Timothy A. Rand Senior Manager Advanced Cyber Defense Practice RSA, The Security Division of EMC Tim Rand is responsible for professional services engagements for incident response/ discovery (IR/D), breach readiness, remediation, SOC/CIRC design, and proactive computer network defense. Prior to RSA, he was a lead security engineer for the Mitre Corporation. Earlier, he led enterprise-wide computer emergency response, attack sensing and warning, and proactive cyber operations for the Raytheon Company’s Cyber Threat Operations team. Mr. Rand has more than 16 years of experience in developing technical staff and programs, cyber investigations, Advanced Persistent Threat (APT) defense, focused threat analysis, operations, and projects. He has held various technical leadership roles, including director for an environmental analysis laboratory and senior scientist for various enterprises such as the Lockheed Martin Company. (Continued on the next page) page 12
RSA Security Brief, October 2013 Peter M. Tran Senior Director Advanced Cyber Defense Practice RSA, The Security Division of EMC Peter Tran leads RSA’s Advanced Cyber Defense Practice, which offers world-class professional services for global incident response and discovery (IR/D), breach readiness, remediation, SOC/CIRC redesign, and proactive computer network defenses. Mr. Tran has more than 18 years of government, commercial, and research experience in the fields of computer forensics, information assurance, and security. He is a recognized expert within the Department of Defense and U.S. federal law enforcement communities on computer forensics, malicious code, computer crime investigations, foreign counterintelligence, technology transfer, network security, and cyber espionage. He has authored several defense periodicals for his work involving distributed computer forensics and data analysis. Prior to RSA, Mr. Tran led Raytheon’s commercial cyber professional services, as well as its enterprise Cyber Threat Operation Programs for SOC/CERT, IR/D, intelligence, APT threat analysis, technical operations, exploitation analysis, adversarial attack methodologies, and research and tools development. He held senior technical leadership roles with Northrop Grumman and Booz Allen Hamilton. Mr. Tran also worked as a Federal Law Enforcement Special Agent, forensic analyst, systems/security engineer, software product designer, and consultant in both technology prototyping and production. page 13
RSA Security Brief, October 2013 SECURITY SOLUTIONS FOR IMPROVING BREACH READINESS The products and services described below are designed to align with the best practices described in this RSA Security Brief. This security solutions overview is not intended to provide a comprehensive list of applicable products and services. Rather, it’s intended to serve as a starting point for security practitioners wanting to learn about some of the options available to them. From Raytheon Company Insider Threat and Counter Intelligence – Raytheon is the largest provider of insider threat solutions to the U.S. Government. Raytheon’s SureView™ product enables safe and effective use of mission-critical technologies by capturing human behavior technical observables, which include policy violations, compliance incidents, or malicious acts that could be warning signs of a security breach. Trusted Thin Client® (TTC) – Trusted Thin Client is Raytheon’s commercial-off-theshelf (COTS) solution that provides end users access to all allowable networks from a single device. TTC ensures homeland and corporate security while enabling the fast-paced exchange of data to foster seamless global collaboration across disparate classified or sensitive networks. Trusted Gateway System™ (TGS) – A commercial-off-the-shelf (COTS) transfer solution, Trusted Gateway System provides exceptional built-in manual review and automatic validations, such as virus scanning, file type verification, dirty word search, and deep content inspection, enabling safe and simultaneous data movement between networks at different sensitivity levels. From RSA, The Security Division of EMC RSA Advanced Cyber Defense Practice has been developed to help clients safeguard their organizational mission by focusing on the protection of high-value assets, which are often the object of targeted attacks, and by developing the readiness, response, and resilience of their security operations. The practice’s consultants are highly skilled security practitioners, each with 10-plus years’ average experience in incident response planning and in building, operating, and managing SOCs. RSA’s security consultants don’t just provide reports and recommendations; they also provide hands-on assistance with developing and improving incident-handling processes and procedures, automating securityrelated workflows to drive operational efficiencies, and generating actionable intelligence by gathering multiple sources of information and cultivating data analytics capabilities. Finally, the practice’s consultants provide technology-neutral guidance on selecting and implementing security solutions that adapt to variable levels of risk. Collectively, the practice’s consultants and services help clients shift from a reactive security stance to a proactive, advanced cyber-defense posture. RSA Archer® GRC Suite is a market-leading solution for managing enterprise governance, risk, and compliance (GRC). It is designed to provide a flexible, collaborative platform to manage enterprise risks, automate business processes, demonstrate compliance, and gain visibility into exposures and gaps across the organization. The RSA Archer GRC platform is engineered to draw data from a wide variety of systems to serve as a central repository for risk-, compliance-, and security-related information. The RSA Archer Security Operations Management module is designed to provide a software system that manages incident workflows, page 14
RSA Security Brief, October 2013 reporting and notification requirements, staffing and work allocations, as well as other capabilities needed to efficiently manage a security operations center. This system also provides the required business and technical context (such as asset information) for incidents during investigations. RSA® Education Services provide training courses on information security geared to IT staff, software developers, security professionals, and an organization’s general employees. Courses combine theory, technology, and scenario-based exercises to engage participants in active learning. RSA Advanced Cyber Defense Training offerings are a series of instructional courses focused on improving the skills of security analysts in areas such as incident handling, the use of threat intelligence, malware analysis, and the detection and investigation of advanced threats. These courses are taught by expert personnel from the RSA Advanced Cyber Defense Practice. RSA® Enterprise Compromise Assessment Tool (ECAT) is an enterprise threat detection and response solution designed to monitor and protect IT environments from undesirable software and the most elusive malware—including deeply hidden rootkits, advanced persistent threats (APTs), and unidentified viruses. RSA ECAT is engineered to automate the detection of anomalies within computer applications and memory without relying on virus signatures. Instead of analyzing malware samples to create signatures, RSA ECAT establishes a baseline of anomalies from “known good” applications, filtering out background noise to uncover malicious activity in compromised machines. The RSA ECAT console presents a centralized view of activities occurring within a computer’s memory, which can be used to quickly identify malware, regardless of whether a signature exists or if the malware has been seen before. Once a single malicious anomaly is identified, RSA ECAT can scan across thousands of machines to identify other endpoints that have been compromised or are similarly at risk. The RSA Live platform is engineered to help organizations capitalize on the collective intelligence and analytical skills of the global security community in detecting and countering advanced threats and other cyber attacks. The RSA Live platform is designed to gather advanced threat intelligence from a broad range of respected, reliable security service providers, including RSA researchers. RSA’s expert researchers and analysts process security information from these myriad sources and deliver the most relevant data to the RSA Live community directly through RSA Security Analytics. RSA® Security Analytics is designed to provide security organizations with the situational awareness needed to deal with their most pressing security issues. By analyzing network traffic and log event data, the RSA Security Analytics system helps organizations gain a comprehensive view of their IT environment, enabling security analysts to detect threats quickly, investigate and prioritize them, make remediation decisions, take action, and automatically generate reports. The RSA Security Analytics solution’s distributed data architecture is engineered to collect, analyze, and archive massive volumes of data – often hundreds of terabytes and beyond – at very high speed using multiple modes of analysis. The RSA Security Analytics platform also is designed to ingest threat intelligence about the latest tools, techniques, and procedures in use by the attacker community to alert organizations to potential threats that are active in their enterprise. page 15
RSA Security Brief, October 2013 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, data loss prevention and fraud protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com. www.rsa.com EMC2, EMC, the EMC logo, RSA, Archer, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Raytheon, SureView, Trusted Thin Client, and Trusted Gateway System are registered trademarks or trademarks of Raytheon Company. All other products or services mentioned are trademarks of their respective companies. ©Copyright 2013 EMC Corporation. All rights reserved. Published in the USA. H12485 TCSHW-BRF-1013v2

Recommended

Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 

Recommended

Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceS-RM Risk and Intelligence Consulting
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Outsourcing
OutsourcingOutsourcing
Outsourcingkarlhennessy
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyMelloney Jewell
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
It’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersIt’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersLaurel Gerdine
 
Block fascism and italy
Block fascism and italyBlock fascism and italy
Block fascism and italyTravis Klein
 
Sistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UESistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UECristina Belloni
 

More Related Content

What's hot

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyMelloney Jewell
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security ConferenceDavid Sweigert
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 

What's hot (19)

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clients
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
 
Websense
WebsenseWebsense
Websense
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference2017 FS-ISAC Security Conference
2017 FS-ISAC Security Conference
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 

Viewers also liked

It’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersIt’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersLaurel Gerdine
 
Block fascism and italy
Block fascism and italyBlock fascism and italy
Block fascism and italyTravis Klein
 
Sistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UESistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UECristina Belloni
 
Tech Book: WAN Optimization Controller Technologies
Tech Book: WAN Optimization Controller Technologies Tech Book: WAN Optimization Controller Technologies
Tech Book: WAN Optimization Controller Technologies EMC
 
Presentazione Servizi Federmanager Bologna 11 marzo 2013
Presentazione Servizi Federmanager Bologna 11 marzo 2013Presentazione Servizi Federmanager Bologna 11 marzo 2013
Presentazione Servizi Federmanager Bologna 11 marzo 2013Marco Frullanti
 
Pivotal agile development_the_software-defined_enterprise
Pivotal agile development_the_software-defined_enterprisePivotal agile development_the_software-defined_enterprise
Pivotal agile development_the_software-defined_enterpriseEMC
 
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments EMC
 
It`s Satya Paul for mandira once again!
It`s Satya Paul for mandira once again!It`s Satya Paul for mandira once again!
It`s Satya Paul for mandira once again!Satya Paul
 
May Webinar: Big Picture Healthcare Research
May Webinar: Big Picture Healthcare Research May Webinar: Big Picture Healthcare Research
May Webinar: Big Picture Healthcare Research Research Now
 
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...J_Murray_PDI
 
IT-as-a-Service Solutions for Healthcare Providers
IT-as-a-Service Solutions for Healthcare ProvidersIT-as-a-Service Solutions for Healthcare Providers
IT-as-a-Service Solutions for Healthcare ProvidersEMC
 
Web Session Intelligence for Dummies
Web Session Intelligence for DummiesWeb Session Intelligence for Dummies
Web Session Intelligence for DummiesEMC
 
Swipp Plus Overview for Marketers
Swipp Plus Overview for MarketersSwipp Plus Overview for Marketers
Swipp Plus Overview for MarketersSwipp
 
The Impact of Music & Artists
The Impact of Music & ArtistsThe Impact of Music & Artists
The Impact of Music & ArtistsResearch Now
 

Viewers also liked (20)

It’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your VolunteersIt’s a Jungle Out There - Improving Communications with Your Volunteers
It’s a Jungle Out There - Improving Communications with Your Volunteers
 
Block fascism and italy
Block fascism and italyBlock fascism and italy
Block fascism and italy
 
Sistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UESistema Europa: Istituzioni e politiche dell'UE
Sistema Europa: Istituzioni e politiche dell'UE
 
Tech Book: WAN Optimization Controller Technologies
Tech Book: WAN Optimization Controller Technologies Tech Book: WAN Optimization Controller Technologies
Tech Book: WAN Optimization Controller Technologies
 
Presentazione Servizi Federmanager Bologna 11 marzo 2013
Presentazione Servizi Federmanager Bologna 11 marzo 2013Presentazione Servizi Federmanager Bologna 11 marzo 2013
Presentazione Servizi Federmanager Bologna 11 marzo 2013
 
Pivotal agile development_the_software-defined_enterprise
Pivotal agile development_the_software-defined_enterprisePivotal agile development_the_software-defined_enterprise
Pivotal agile development_the_software-defined_enterprise
 
Renaissance art
Renaissance artRenaissance art
Renaissance art
 
Congrats Siba
Congrats Siba Congrats Siba
Congrats Siba
 
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments
Techbook : Using EMC Symmetrix Storage in VMware vSphere Environments
 
It`s Satya Paul for mandira once again!
It`s Satya Paul for mandira once again!It`s Satya Paul for mandira once again!
It`s Satya Paul for mandira once again!
 
May Webinar: Big Picture Healthcare Research
May Webinar: Big Picture Healthcare Research May Webinar: Big Picture Healthcare Research
May Webinar: Big Picture Healthcare Research
 
Minimum wage
Minimum wageMinimum wage
Minimum wage
 
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...
Presentation at leadership gathering June 3rd 2015- mid-year update and a lo...
 
2015 day 2
2015 day 22015 day 2
2015 day 2
 
IT-as-a-Service Solutions for Healthcare Providers
IT-as-a-Service Solutions for Healthcare ProvidersIT-as-a-Service Solutions for Healthcare Providers
IT-as-a-Service Solutions for Healthcare Providers
 
Web Session Intelligence for Dummies
Web Session Intelligence for DummiesWeb Session Intelligence for Dummies
Web Session Intelligence for Dummies
 
Swipp Plus Overview for Marketers
Swipp Plus Overview for MarketersSwipp Plus Overview for Marketers
Swipp Plus Overview for Marketers
 
Tues solar system
Tues solar systemTues solar system
Tues solar system
 
The Impact of Music & Artists
The Impact of Music & ArtistsThe Impact of Music & Artists
The Impact of Music & Artists
 
Law of supply
Law of supplyLaw of supply
Law of supply
 

Similar to RSA Security Brief : Taking Charge of Security in a Hyperconnected World

eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Insuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industryInsuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industryAccenture Insurance
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSouth Tyrol Free Software Conference
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a ProductVMware Tanzu
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 

Similar to RSA Security Brief : Taking Charge of Security in a Hyperconnected World (20)

eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Insuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industryInsuring your future: Cybersecurity and the insurance industry
Insuring your future: Cybersecurity and the insurance industry
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Treating Security Like a Product
Treating Security Like a ProductTreating Security Like a Product
Treating Security Like a Product
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 

RSA Security Brief : Taking Charge of Security in a Hyperconnected World

  • 1. TAKING CHARGE OF SECURITY IN A HYPERCONNECTED WORLD How Organizations Can Improve Breach Readiness and Cyber Security Maturity October 2013 Authors KEY POINTS James Lugabihl, Global CIRC Senior Manager, EMC Corp. • Organizations are taking responsibility for proactively improving security, not just for themselves but for customers and business/supply chain partners. Dylan Owen, Cybersecurity Manager for Cybersecurity and Special Missions, Raytheon Company Timothy A. Rand, Senior Manager, Advanced Cyber Defense Practice, RSA, The Security Division of EMC Peter M. Tran, Senior Director, Advanced Cyber Defense Practice, RSA, The Security Division of EMC • Rising numbers of organizations are conducting assessments of their business risks and security practices before breaches occur. • Most breaches result from organizations stumbling on basic security practices. The following deficiencies play a contributing role in most security breaches: –Neglecting basic security hygiene –Relying exclusively on traditional threat prevention and detection tools –Mistaking compliance for security –Inadequate end user training • An organization’s optimal security posture will change as its business, risk, and threat environment changes. Good security is less about achieving a static goal state as it is about building capabilities for continuous evaluation and improvement. • Of the many recommendations that emerge from security assessments, 20 percent will likely yield 80 percent of the benefits. The following areas for improvement typically generate high impact: –Locate and track high-value digital assets –Model threats and address top vulnerabilities –Master change management processes –Deploy security staff selectively and strategically –Integrate security processes and technologies to scale resources –Invest in threat intelligence capabilities RSA Security Brief –Conduct all-inclusive risk and security assessments –Quantify the impact of security investments
  • 2. RSA Security Brief, October 2013 RSA Security Briefs provide security leaders and risk management executives with essential guidance on today’s most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today’s forward-thinking security and risk management practitioners. Contents “Good” security is a relative condition......................................................................... 3 Security programs still stumble on the basics............................................................... 4 Neglecting basic security hygiene.......................................................................... 4 Relying exclusively on traditional threat prevention and detection tools.................. 5 Mistaking compliance for good security................................................................. 5 Inadequate user training....................................................................................... 6 Beyond the basics................................................................................................ 6 Security stewardship means continuous improvement................................................. 7 Conduct all-inclusive risk and security assessments............................................... 7 Locate and track high-value digital assets.............................................................. 7 Model threats and address top vulnerabilities....................................................... 8 Master change management processes................................................................. 8 Deploy security staff selectively and strategically................................................... 9 Integrate security processes and technologies to scale resources........................... 9 Invest in threat intelligence capabilities............................................................... 10 Quantify the impact of security investments........................................................ 10 Conclusion................................................................................................................. 11 About the Authors..................................................................................................... 12 Security Solutions for Improving Breach Readiness......................................................14 From Raytheon Company......................................................................................14 From RSA, The Security Division of EMC.................................................................14
  • 3. RSA Security Brief, October 2013 The boundaries have blurred between internal and external networks. Employees increasingly use their own devices, home networks, and public Wi-Fi to access corporate resources. Partners, customers, and vendors have greater access to what were exclusively internal resources, and the integration of private networks with public clouds has culminated in hybrid clouds with dynamic and complex boundaries. In a world where digital boundaries are ever-changing and hard to define, building stronger perimeter defenses, while still necessary, are inadequate to ensure sufficient security. In today’s highly interconnected business environment, information security can no longer be an isolated endeavor: it must be the responsibility of an entire business ecosystem or value-chain. “Attackers look for the easiest means of compromise. That’s why attacks are moving from more security-mature organizations down to less mature, typically smaller, partners. Attackers can exploit the trust relationships between companies to infiltrate well-protected targets through supply chain partners with less security experience.” Dylan Owen, Raytheon Company This idea has gained widespread recognition at the international level. For example, the World Economic Forum (WEF) is exploring how responsibility for cyber security can be shared among companies, industries, and governments. In its 2012 report, “Risk and Responsibility in a Hyperconnected World: Pathways to Global Cyber Resilience,” the WEF concluded: Increasing dependence on connectivity for the normal functioning of society makes the protection of connectivity a critical issue for all; it is a shared resource, like clean air or water. No one organization can resolve the issue by itself; a collaborative, multi-stakeholder approach must be taken. Even competitors in a given industry must become partners in the effort to ensure a stable and trusted environment. The idea that creating a stable, trusted cyber environment should be a collaborative endeavor also appears to be gaining traction among private enterprise and governments. Two trends in the global security community point to this: 1. Participation in threat intelligence-sharing groups has widened over the past few years beyond the traditional circles of defense and financial services. Nowadays, it’s common to see industrial manufacturers, retail chains, utilities, and technology companies exchanging cyber threat intelligence. 2. Rising numbers of organizations are conducting assessments of their business risks and security practices to improve their overall security posture proactively. These security assessments have historically been done in the wake of serious incidents or breaches, but they are now increasingly done as a precautionary measure before trouble has been detected. “GOOD” SECURITY IS A RELATIVE CONDITION Organizations are conducting proactive assessments not only to improve their own security postures but to protect their business relationships. Advanced cyber attacks have been known to attack their primary targets by exploiting business partners with weaker defenses. Rather than combat the well-protected computer networks of a target company, cyber attackers try instead to infiltrate the organization through its connections to trusted partners with less-developed security practices. In recent incidents, cyber attackers have sought to cover their tracks by routing data stolen from a company through the computer networks of a business partner. page 3
  • 4. RSA Security Brief, October 2013 Because information security within a supply chain is only as strong as its weakest link, organizations today must improve security measures not just for themselves but for their partners and customers. Every organization should achieve “appropriate” levels of security for their business requirements and risks—which also means evaluating how their security practices could affect customers and partners, should something go wrong. Of course, appropriate security measures will vary greatly from organization to organization. For example, security practices considered appropriate for an industrial manufacturer might have very different characteristics than security practices for a regional consulting firm or a global technology company. “We see security assessments trending toward improvement and a more proactive approach. There’s a general sense that, because my buyer or my business partner just got hacked, maybe I should think about this now. The tough part is getting your stakeholders to realize they’re on borrowed time, because they’re still thinking, ‘Well, nothing has happened to us, so why should we do this?’” Peter Tran, RSA Identifying appropriate levels of security can prove challenging, because it’s an exercise based on risk and relativity. Appropriate security should be determined by four factors: 1. The organization’s risks and requirements, which change over time and are unique for each organization 2. The value of information assets being protected, with high-value assets monitored more closely and subject to more controls 3. The security risks and threats the organization can reasonably expect to face, considering that attack techniques are constantly changing and rising in sophistication 4. Prevailing security practices for the organization’s peers, with the organization aiming to be at or above the group “average” so as to not make itself an easy target The first three conditions listed above are associated with internal assessments. The fourth condition is a relative measure that relies in part on external knowledge of “reasonable” security practices within an industry peer group. Industry associations, information sharing and analysis centers (ISACs), or outside consultants can often help provide this comparative context. Another way organizations can diagnose security performance on a relative basis is through self-assessment tools. Many consulting firms and security service providers offer proprietary “security maturity” models. Each has merits and deficiencies, but they all aim to provide a progressive framework for measuring security performance. An example of a security maturity framework is shown in Figure 1. SECURITY PROGRAMS STILL STUMBLE ON THE BASICS In analyzing security programs across different industries, it seems many organizations today still fall down on basic execution. The following deficiencies commonly contribute to security breaches. Neglecting basic security hygiene In forensic evaluations following attacks, missed software updates frequently surface as exploited vulnerabilities. Sometimes, these are zero-day vulnerabilities, but in most cases antivirus and software updates had simply not been done. Perhaps a system was scheduled for patching at a later date after the organization could compatibility-test the patch. More likely, the system was overlooked for patching entirely because it had been added to the network without being properly cataloged: IT didn’t know the system existed so they did not know to patch it. Basic security maintenance is an all-toocommon deficiency. page 4
  • 5. RSA Security Brief, October 2013 Figure 1: Security Maturity Framework Level 1. Product-driven security Level 2. Compliance-driven security Level 3. IT Risk-driven security Level 4. Business Risk-driven security policy • Enforced employee compliance • Management reinforces cooperation • Reasons for non-compliance explored • None • Changes in policies and regulations • Changes in IT threats • Continuous business risk assessments • No reporting • Ad-hoc incident reports • Scheduled reporting • Real-time reporting • None • Auditor checklist • IT infrastructure checklist • Business risk checklist • Technology: low • Business: low • Technology: medium • Business: low • Technology: high • Business: medium • Technology: high • Business: high • None • Contingent on policy changes and incidents • Regular communication • Pro-active, two-way communication between security and businesses {Employee training process • Sporadic and inconsistent • Product training (not mandatory) • Regulations training (mandatory for some) • IT infrastructure threats (mandatory for all) • Role-specific training (mandatory for all) |Selection criteria • Trends, vendors • Legal/regulatory requirements • Specific to IT infrastructure • Based on business implications }Technology focus • Managing patchwork of security tools • Compliance monitoring and reporting • Threat detection and response • Business risk monitoring and predictive analytics uEnforcement vUpdate trigger wReporting schedule xUpdate trigger product people yLeadership capabilities zManagement communication Relying exclusively on traditional threat prevention and detection tools “There’s no magic bullet for improving security or your breach readiness. There’s no secret to it, other than you have to master the basics before you take on anything else. You have to execute—get your hands dirty, move rocks.” James Lugabihl, EMC In general, organizations relying on firewalls, antivirus scanners, and intrusion detection systems (IDS) for security will never discover the truly serious problems. Yet, most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own. Part of the reason for this is most security teams have not done the hard work of integrating their logs, security processes, and tools, making it challenging to correlate events or determine causality. Mistaking compliance for good security Many companies are on an accelerating treadmill with their compliance programs. They’re so busy keeping up with mounting compliance requirements, whether from increased government regulations or internal oversight requirements, that proving compliance becomes a goal in and of itself. Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security. For example, organizations may audit their privileged IT administrator accounts only once a quarter because that’s the interval specified by internal policies. However, cyber adversaries waging targeted page 5
  • 6. RSA Security Brief, October 2013 “Developing a highperforming security program—what we call an ‘intelligence-driven’ organization—is a journey. Focus on the basics first, paying attention to the people, process, and technology. Then, you can make improvements incrementally by adding capabilities such as forensic analysis, malware reverse engineering, and threat intelligence.” Timothy A. Rand, RSA attacks often phish for privileged accounts to do the most damage in the shortest amount of time. In most cases, the quarterly intervals for inspecting privileged accounts may be woefully inadequate for managing risk. The Payment Card Industry Data Security Standard (PCI DSS) serves as an example in which good compliance does not always translate into breach avoidance. Companies compliant with PCI DSS have been hacked. For this reason, the latest version of PCI DSS provides direction for implementing security into business-as-usual (BAU) activities and underscores the need to maintain ongoing compliance. Inadequate end user training Employees and other end users of corporate IT assets should be regarded as the organization’s first line of defense—even more so than firewalls and IDS. Threats will inevitably get through perimeter defenses, but employees can alert security teams to suspicious emails, unusual activity, or performance changes in systems. Many organizations don’t invest enough time and resources in user training. While annual security training is the interval frequently mandated in corporate policies, it’s not frequent enough to protect end users from phishing, malicious links, and other security hazards. Also, most organizations fail to provide differentiated training for employees more likely to be targeted by cyber attackers: finance executives, IT administrators, R&D scientists, and others. Beyond the basics While the basic deficiencies described above contribute to the majority of security breaches, other shortcomings also surface over and over again. The chart in Figure 2 itemizes ten of the most common problems identified in security assessments. Figure 2: Top 10 security deficiencies found in security assessments • Infrequent user training on security hazards such as spear-phishing People • Inadequate security staff, both in terms of numbers and training • Security team’s roles and responsibilities not clearly defined • Poor patch management processes Process • Reliant on ad hoc incident response and other security procedures in the absence of well-defined processes • “Enterprise amnesia” resulting from responding nonstop to fire drills without taking time to improve based on post-incident lessons learned • No centralized or real-time monitoring and alerting—analysts must log into different consoles to collect alerts Technology • Poor incident response-tracking and workflow systems • Insufficient tools to conduct forensic analysis • No threat intelligence collection or analysis capabilities page 6
  • 7. RSA Security Brief, October 2013 SECURITY STEWARDSHIP MEANS CONTINUOUS IMPROVEMENT An organization’s optimal state of security will vary as its business, risk, and threat environment changes. What this means is that good security is not about achieving a static optimal state; it’s about building capabilities, or agility, for continuous assessment and improvement. The focus on improving security seems to have intensified. Two years ago, organizations commissioning outside security assessments were primarily interested in remediating vulnerabilities following a breach. Now, more organizations are requesting proactive help to improve breach readiness and incident response. Even medium-size companies, under pressure from larger business partners, are striving to proactively advance their security practices ahead of a serious incident. Because “good” security is not a one-size-fits-all condition, the needed improvements will vary greatly from organization to organization. Any organization that has conducted a rigorous security assessment can attest that the list of recommendations resulting from such assessments is almost endless. The key to executing a successful security improvement plan is to identify and implement the 20 percent of changes that will yield 80 percent of the benefits. The recommendations and best practices described below often fall into the top 20 percent of changes that generate the greatest improvement in organizational readiness for responding to and recovering from cyber threats. Conduct all-inclusive risk and security assessments Risk assessments should include not just digital assets but an all-inclusive risk evaluation of facilities, suppliers, and even how you sell your goods and services. For example, if your organization sells in distant geographic regions through channel partners, these partners should be factored into risk evaluations for two reasons. First, these partners are essentially your organization’s face to the world within their respective regions. Second, they’re likely to be attractive, vulnerable targets for spearphishing, as they potentially represent a convenient vector for attacking your company. Digital risk assessments should be done at least once per year. If you stand up a new service or enter a new market, a corresponding risk assessment should be included as part of the project management process, baking security into the implementation. Locate and track high-value digital assets While keeping track of valuable digital assets sounds straightforward, many companies say this is one of the toughest challenges they face. Tracking high-value information assets can be tricky because of shadow IT in which processes run on systems that aren’t managed by the enterprise IT team. This could run the gamut from a business unit storing sensitive information in a SaaS application to an accountant in your finance department running a spreadsheet of critical financial data on his unsecure home computer. Tracking high-value information is a critical capability in incident response and remediation. When threats or problems are first detected, you have to know how to isolate or effectively protect critical assets as fast as possible. Organizations must document where high-value assets are, who has access to them, who within the business owns the risk, and how the risk can be managed. IT and security teams can provide the right frameworks and tools for auto-discovery, including creating a single repository to track and manage key assets. page 7
  • 8. RSA Security Brief, October 2013 Model threats and address top vulnerabilities Part of any security assessment should be threat modeling, which can be boiled down to a simple formula: Threat x Vulnerability x Potential Cost of Loss = Risk Stakeholders in business units and IT often don’t understand the need for threat modeling, and many security practitioners don’t have sufficient experience to do it well. A common pitfall is organizations tend to underestimate internal threats. The mostoverlooked internal risks are not disgruntled employees acting out of malice; they’re often well-intentioned employees making critical mistakes—oversights in documenting changes to an IT system’s software application is a typical example. Threat modeling should be a collaborative, multi-disciplinary process, not an isolated exercise within the security team. Participants should work together on scoping out threats to the organization and how each may affect business units or assets. Ideally, threat modeling should be a creative process: organizations must plan with the same imagination and cunning as prospective adversaries. Threat models should also build on forensic evaluations of previous threats observed in your environment with the goal of identifying ways to neutralize cyber adversaries. For example, threat models should identify the organization’s most frequent historical threat vectors. Then, if you discover that the number one point of compromise for your organization is phishing attacks, you’ll know to implement processes, technology, and training programs to reduce the effectiveness of spear phishing. “Good change management can have a huge preventive impact. Some people think that change management just slows them down, but consider what’s the cost to your business if you don’t do this and something gets compromised? It’s rarely worth the risk.” Dylan Owen, Raytheon Company Master change management processes Security change management procedures help track and respond to changes in IT assets and business processes that have material impact on security risks. It’s a hard discipline to manage consistently, especially since many stakeholders in IT, the business, and even in security mistake it for an administrative checkbox that simply slows them down. So, they may forego documenting systems and processes because they’re under pressure to complete a project quickly and believe they can circle back and report on additions and modifications later. But then key people on the implementation team leave, first-hand knowledge is lost, and dependencies are never recorded. Such omissions present unnecessary risks that can have serious consequences later. Change management processes should be factored into project management schedules. You should qualify the risks and rewards of change management requirements so stakeholders understand the potential cost to the business if something gets missed and contributes to a compromise. Train people to understand the impact of their actions. Simultaneously, stakeholders should evaluate how to fulfill change management requirements in the most efficient and expedient way possible. Part of change management is the discipline of identifying and documenting interdependencies between systems so IT and security teams are aware of how changes made to one system affect the state of another. Reconfiguring one part of your IT environment could create vulnerabilities somewhere else. For example, if an organization’s back-end database provider releases a patch that’s incompatible with the ERP implementation to which the organization’s database is tied, then the database can’t be patched until a fix can be arranged. Instead, the IT team must document why the patch was not installed and work with the security group to make sure vulnerabilities in the database system can be mitigated until updates can take effect. page 8
  • 9. RSA Security Brief, October 2013 Deploy security staff selectively and strategically In many security operations centers (SOCs)—a designation that this paper also uses to refer to critical incident response centers or teams (CIRCs/CIRTs) —the roles and responsibilities for in-house personnel are not clearly defined. Analysts are accountable for many things simultaneously without clear direction on priorities. The adage “if you try to do everything, you wind up doing nothing well” applies here. Many SOCs would benefit from revisiting their staffing models, evaluating the capabilities of individual team members to put the right people in the right roles. That way, people with advanced or specialized skills are deployed in a way that best serves the needs of the security organization. A recent report from the Security for Business Innovation Council titled “Transforming Information Security: Designing a State-of-the-art Extended Team” recommends that organizations focus on building security capabilities in four key areas that will be new to most SOCs: cyber risk intelligence and data analytics, security data management, risk consultancy, and controls design and assurance. These emerging skills are seen by the Council’s members as essential to providing the security capabilities needed to defend organizations against escalating cyber threats. Integrate security processes and technologies to scale resources Almost every security operations team today faces staffing shortages. The capabilities of in-house security personnel are usually stretched, and new headcount is hard to authorize. Most security professionals spend too much time on mundane tasks such patch management or manually pulling data from different systems or sorting through volumes of event logs, alerts, and threat intelligence with no categorization of relevance or importance. The productivity of security personnel can be dramatically raised through technology and process integration initiatives. As detailed in a February 2013 RSA Technical Brief “Building an Intelligence-driven Security Operations Center,” integrating security operations processes and technologies is arguably the single most beneficial thing that SOCs can do to boost staff productivity. Process and technology integration provides valuable context for analyzing triggered events. For example, proper context can determine whether events are related to highvalue assets such as mission-critical systems and applications, business processes handling sensitive data, or privileged users such as CIOs, CFOs, and IT administrators. This type of context can help establish event severity and criticality, directing analysts’ attention to where it’s needed most. Another huge potential time-saver involves integrating various security tools so they feed into a central incident management console. Many security teams have yet to invest in centralized, real-time monitoring, and alerting. Instead, they compel security analysts to log into different systems (firewalls, IDS, and more) to collect alerts. Security tools should be integrated to push alerts into a central repository that provides a single-console view of aggregated events and alerts. Such consoles should track and coordinate workflows. This way, multiple analysts and users can work in parallel on different aspects of the same incident. A unified console presents all the contextual information for threats in one place; analysts don’t have to chase down data scattered among disparate systems and locations to get the background needed for accurate decision-making. In addition to saving analysts’ time, tool integration can also manage workflows to facilitate adherence to procedural best practices. page 9
  • 10. RSA Security Brief, October 2013 Data aggregation could happen within a traditional log/event-oriented SIEM system, for example. For organizations with mature SIEM capabilities, the next phase of improvement is to enhance their central data monitoring with greater visibility (network and endpoint) as well as analytic capabilities that can automate the early phases of threat detection and shorten analysts’ investigation times. Invest in threat intelligence capabilities “In threat intelligence, data is king and context is queen. You can’t be secure without mastering both.” James Lugabihl, EMC Threat intelligence, long the domain of large enterprises and government agencies, is now being used by mid-sized and smaller companies to become more proactive and to protect their business relationships. Threat intelligence can sound daunting, but it does not necessarily need to involve ISACs and government agencies. For example, if you learn that the registrant of a bad domain linked to threat activity on your network has also registered 50 other domains, you could block them all. This is an example of leveraging intelligence to proactively improve your defenses. The simplest way to mine threat intelligence is to leverage the information already on your systems and networks. Many organizations don’t fully mine logs from their perimeter devices and public-facing web servers for threat intelligence. For instance, organizations could review access logs from their web servers and look for connections coming from particular countries or IP addresses that could indicate reconnaissance activity. Or they could set up alerts when biographies of employees with privileged access to high-value systems attract unusual amounts of traffic, which could then be correlated with other indicators of threat activity to uncover signs of impending spearphishing attacks. Quantify the impact of security investments Finding budget is a common constraint that security teams cite for not making the investments needed to improve incident response and readiness. ROI is very difficult to prove because it requires that organizations measure return on solutions to security problems that may never materialize. Yet, to build support from business units for funding security initiatives, it helps to compare the cost of proactive remediation with the potential cost of compromise. The cost of security controls needs to be balanced against the business harm likely to result from security failures. That’s where “what if” scenarios can prove helpful. In modeling “what if” scenarios, try to capture the full costs. For example, in addition to projecting the business and reputational costs of a breach within critical systems, also consider the costs for deploying backup systems while infected systems are taken down and cleaned. Quantifying the potential impact of new security investments can help security teams win support for new investments. It can also help organizations identify and prioritize investments that are most likely to result in substantial security improvements. page 10
  • 11. RSA Security Brief, October 2013 CONCLUSION As information security becomes an ecosystem-wide endeavor, organizations will have to demonstrate they’re doing their part to improve security for all. Organizations will have to become more disciplined about basic “security hygiene,” which remains a consistent stumbling block. Organizations will also have to embark on thorough assessments to improve their organizational readiness in responding to and recovering from cyber threats. Security assessments can be handled in-house by experienced staff, but many organizations choose to enlist outside help. External consultants can provide objective evaluations of the organization’s current security practices, as well as contribute insights on best practices from multiple industries. Regardless of who conducts security assessments or what recommendations emerge for improvement, organizations should prioritize a limited number of investments that can deliver the greatest security benefits. Targeting the highest-impact investments can be done by quantifying the risks that would be mitigated by new controls or by seeking outside counsel on what has proven beneficial to other organizations. page 11
  • 12. RSA Security Brief, October 2013 ABOUT THE AUTHORS James Lugabihl Global CIRC Senior Manager EMC Corporation James Lugabihl took over EMC’s Critical Incident Response Center in June of 2010. He is responsible for monitoring EMC’s global network and responding to threats that directly impact the organization. Since February 2005, James has been a part of EMC’s Global Security Organization developing the framework for risk and security administration services and worked as an internal consultant for the CSO. Mr. Lugabihl began his information security career more than 15 years ago with the U.S. Navy’s Fleet Information Warfare Center handling network monitoring and incident response. Dylan Owen CISSP, ISSEP, ISSMP, GPEN, GCFA, ITIL Cybersecurity Manager for Cybersecurity and Special Missions Raytheon Company Dylan Owen is responsible for developing and providing computer network defense solutions to Raytheon’s government and commercial customers. He helps Raytheon customers review and improve their security readiness, focusing on organizational alignment as well as reviewing security architectures and SOPs. Mr. Owen has helped design and implement SOCs/CERTs and threat intelligence programs for government organizations and large companies. He has also helped clients stand up CERTs, including developing core processes, hiring staff, and implementing technology solutions. In previous positions at Raytheon, Mr. Owen developed expertise in certifying and accrediting IT systems, conducting computer security awareness training, managing vulnerability assessments, and investigating many different types of computer-related breaches. Timothy A. Rand Senior Manager Advanced Cyber Defense Practice RSA, The Security Division of EMC Tim Rand is responsible for professional services engagements for incident response/ discovery (IR/D), breach readiness, remediation, SOC/CIRC design, and proactive computer network defense. Prior to RSA, he was a lead security engineer for the Mitre Corporation. Earlier, he led enterprise-wide computer emergency response, attack sensing and warning, and proactive cyber operations for the Raytheon Company’s Cyber Threat Operations team. Mr. Rand has more than 16 years of experience in developing technical staff and programs, cyber investigations, Advanced Persistent Threat (APT) defense, focused threat analysis, operations, and projects. He has held various technical leadership roles, including director for an environmental analysis laboratory and senior scientist for various enterprises such as the Lockheed Martin Company. (Continued on the next page) page 12
  • 13. RSA Security Brief, October 2013 Peter M. Tran Senior Director Advanced Cyber Defense Practice RSA, The Security Division of EMC Peter Tran leads RSA’s Advanced Cyber Defense Practice, which offers world-class professional services for global incident response and discovery (IR/D), breach readiness, remediation, SOC/CIRC redesign, and proactive computer network defenses. Mr. Tran has more than 18 years of government, commercial, and research experience in the fields of computer forensics, information assurance, and security. He is a recognized expert within the Department of Defense and U.S. federal law enforcement communities on computer forensics, malicious code, computer crime investigations, foreign counterintelligence, technology transfer, network security, and cyber espionage. He has authored several defense periodicals for his work involving distributed computer forensics and data analysis. Prior to RSA, Mr. Tran led Raytheon’s commercial cyber professional services, as well as its enterprise Cyber Threat Operation Programs for SOC/CERT, IR/D, intelligence, APT threat analysis, technical operations, exploitation analysis, adversarial attack methodologies, and research and tools development. He held senior technical leadership roles with Northrop Grumman and Booz Allen Hamilton. Mr. Tran also worked as a Federal Law Enforcement Special Agent, forensic analyst, systems/security engineer, software product designer, and consultant in both technology prototyping and production. page 13
  • 14. RSA Security Brief, October 2013 SECURITY SOLUTIONS FOR IMPROVING BREACH READINESS The products and services described below are designed to align with the best practices described in this RSA Security Brief. This security solutions overview is not intended to provide a comprehensive list of applicable products and services. Rather, it’s intended to serve as a starting point for security practitioners wanting to learn about some of the options available to them. From Raytheon Company Insider Threat and Counter Intelligence – Raytheon is the largest provider of insider threat solutions to the U.S. Government. Raytheon’s SureView™ product enables safe and effective use of mission-critical technologies by capturing human behavior technical observables, which include policy violations, compliance incidents, or malicious acts that could be warning signs of a security breach. Trusted Thin Client® (TTC) – Trusted Thin Client is Raytheon’s commercial-off-theshelf (COTS) solution that provides end users access to all allowable networks from a single device. TTC ensures homeland and corporate security while enabling the fast-paced exchange of data to foster seamless global collaboration across disparate classified or sensitive networks. Trusted Gateway System™ (TGS) – A commercial-off-the-shelf (COTS) transfer solution, Trusted Gateway System provides exceptional built-in manual review and automatic validations, such as virus scanning, file type verification, dirty word search, and deep content inspection, enabling safe and simultaneous data movement between networks at different sensitivity levels. From RSA, The Security Division of EMC RSA Advanced Cyber Defense Practice has been developed to help clients safeguard their organizational mission by focusing on the protection of high-value assets, which are often the object of targeted attacks, and by developing the readiness, response, and resilience of their security operations. The practice’s consultants are highly skilled security practitioners, each with 10-plus years’ average experience in incident response planning and in building, operating, and managing SOCs. RSA’s security consultants don’t just provide reports and recommendations; they also provide hands-on assistance with developing and improving incident-handling processes and procedures, automating securityrelated workflows to drive operational efficiencies, and generating actionable intelligence by gathering multiple sources of information and cultivating data analytics capabilities. Finally, the practice’s consultants provide technology-neutral guidance on selecting and implementing security solutions that adapt to variable levels of risk. Collectively, the practice’s consultants and services help clients shift from a reactive security stance to a proactive, advanced cyber-defense posture. RSA Archer® GRC Suite is a market-leading solution for managing enterprise governance, risk, and compliance (GRC). It is designed to provide a flexible, collaborative platform to manage enterprise risks, automate business processes, demonstrate compliance, and gain visibility into exposures and gaps across the organization. The RSA Archer GRC platform is engineered to draw data from a wide variety of systems to serve as a central repository for risk-, compliance-, and security-related information. The RSA Archer Security Operations Management module is designed to provide a software system that manages incident workflows, page 14
  • 15. RSA Security Brief, October 2013 reporting and notification requirements, staffing and work allocations, as well as other capabilities needed to efficiently manage a security operations center. This system also provides the required business and technical context (such as asset information) for incidents during investigations. RSA® Education Services provide training courses on information security geared to IT staff, software developers, security professionals, and an organization’s general employees. Courses combine theory, technology, and scenario-based exercises to engage participants in active learning. RSA Advanced Cyber Defense Training offerings are a series of instructional courses focused on improving the skills of security analysts in areas such as incident handling, the use of threat intelligence, malware analysis, and the detection and investigation of advanced threats. These courses are taught by expert personnel from the RSA Advanced Cyber Defense Practice. RSA® Enterprise Compromise Assessment Tool (ECAT) is an enterprise threat detection and response solution designed to monitor and protect IT environments from undesirable software and the most elusive malware—including deeply hidden rootkits, advanced persistent threats (APTs), and unidentified viruses. RSA ECAT is engineered to automate the detection of anomalies within computer applications and memory without relying on virus signatures. Instead of analyzing malware samples to create signatures, RSA ECAT establishes a baseline of anomalies from “known good” applications, filtering out background noise to uncover malicious activity in compromised machines. The RSA ECAT console presents a centralized view of activities occurring within a computer’s memory, which can be used to quickly identify malware, regardless of whether a signature exists or if the malware has been seen before. Once a single malicious anomaly is identified, RSA ECAT can scan across thousands of machines to identify other endpoints that have been compromised or are similarly at risk. The RSA Live platform is engineered to help organizations capitalize on the collective intelligence and analytical skills of the global security community in detecting and countering advanced threats and other cyber attacks. The RSA Live platform is designed to gather advanced threat intelligence from a broad range of respected, reliable security service providers, including RSA researchers. RSA’s expert researchers and analysts process security information from these myriad sources and deliver the most relevant data to the RSA Live community directly through RSA Security Analytics. RSA® Security Analytics is designed to provide security organizations with the situational awareness needed to deal with their most pressing security issues. By analyzing network traffic and log event data, the RSA Security Analytics system helps organizations gain a comprehensive view of their IT environment, enabling security analysts to detect threats quickly, investigate and prioritize them, make remediation decisions, take action, and automatically generate reports. The RSA Security Analytics solution’s distributed data architecture is engineered to collect, analyze, and archive massive volumes of data – often hundreds of terabytes and beyond – at very high speed using multiple modes of analysis. The RSA Security Analytics platform also is designed to ingest threat intelligence about the latest tools, techniques, and procedures in use by the attacker community to alert organizations to potential threats that are active in their enterprise. page 15
  • 16. RSA Security Brief, October 2013 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, data loss prevention and fraud protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com. www.rsa.com EMC2, EMC, the EMC logo, RSA, Archer, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Raytheon, SureView, Trusted Thin Client, and Trusted Gateway System are registered trademarks or trademarks of Raytheon Company. All other products or services mentioned are trademarks of their respective companies. ©Copyright 2013 EMC Corporation. All rights reserved. Published in the USA. H12485 TCSHW-BRF-1013v2