This industry overview describes how Big Data will be a driver for change across the security industry, reshaping security approaches, solutions, and spending. It presents six guidelines to help organizations plan for the Big Data-driven transformation of their security toolsets and operations as part of an intelligence-driven security program.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.
This white paper provides guidance for how to adopt an Intelligence-Driven Security strategy that delivers three essential capabilities: visibility, analysis, and action.
What i learned at issa international summit 2019Ulf Mattsson
This session will discuss what attendees learned at The ISSA International Summit 2019, held on October 1-2 at in Irving/Dallas, TX.
Learn from one of the presenters at this conference and what cybersecurity professionals got to share and learn from the leaders in the industry.
Over the last 30 years ISSA international has grown into the global community of choice for international cybersecurity professionals. With over 100 domestic and international chapters, members have world wide support with daily cyber threats that are becoming increasingly intricate and difficult to prevent, detect, and re-mediate.
Evelyn del Monte's presentation on "Justifying IT Spend on Security" during Computerworld Philippines' Executive Briefing on Information Security in October.
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
We need to detect our increasing issue of data security blind spots. This includes Sensitive Data that was not found in our Data Discovery across databases and files in cloud and big data. We also need to detect failures of our deployed critical security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture and compliance to PCI DSS 3.2. This session will teach how to automatically detect and report on these data security blind spots.
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
Title: Where Data Security and Data Value Meet in the Cloud
Abstract:
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
BrightTALK webinar, January 14, 2014
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
The presentation I use to introduce the post-grad module on information security and governance I teach at Edinburgh Napier University. If you want to find out more, google for 'INF11109' on the napier.ac.uk site.
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Haystax Technology, Inc. provides next-generation intelligence and analytics solutions that deliver up to the minute situational awareness and actionable intelligence for the public and commercial sectors. Haystax uses a combination of software and human analysis to turn large, disparate and unstructured data volumes into comprehensive and actionable information. In essence, these technologies allow users to find “the needle in the haystack” quickly and reliably.
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Make your presentations stick (2): Magnficient MetaphorsHelena T Cullina
Tutorial 2 in the mini-series of Make Your Presentations Stick. Metaphors make your presentations memorable, but to get the most impact, make sure you follow these hot tips!
Evelyn del Monte's presentation on "Justifying IT Spend on Security" during Computerworld Philippines' Executive Briefing on Information Security in October.
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
We need to detect our increasing issue of data security blind spots. This includes Sensitive Data that was not found in our Data Discovery across databases and files in cloud and big data. We also need to detect failures of our deployed critical security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture and compliance to PCI DSS 3.2. This session will teach how to automatically detect and report on these data security blind spots.
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
Title: Where Data Security and Data Value Meet in the Cloud
Abstract:
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
BrightTALK webinar, January 14, 2014
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
The presentation I use to introduce the post-grad module on information security and governance I teach at Edinburgh Napier University. If you want to find out more, google for 'INF11109' on the napier.ac.uk site.
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Haystax Technology, Inc. provides next-generation intelligence and analytics solutions that deliver up to the minute situational awareness and actionable intelligence for the public and commercial sectors. Haystax uses a combination of software and human analysis to turn large, disparate and unstructured data volumes into comprehensive and actionable information. In essence, these technologies allow users to find “the needle in the haystack” quickly and reliably.
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
Protect your confidential information while improving servicesCloudMask inc.
Over the last few decades, the financial sector has outgrown banks, as financial engineering, digital money and regulatory changes have evolved. Assets managed by financial firms (equity and various types of debt) are larger, as corporate debt has surpassed federal, state and local government’s debt. The US banks’ share of assets under management (AUM) accordingly declined from 58% in 1907 to 27% in 2008, while pension, mutual funds and non-depository firms (e.g., private equity and hedge funds) have grown substantially.
Make your presentations stick (2): Magnficient MetaphorsHelena T Cullina
Tutorial 2 in the mini-series of Make Your Presentations Stick. Metaphors make your presentations memorable, but to get the most impact, make sure you follow these hot tips!
This Solution Overview approaches the threat landscape from a holistic viewpoint and identifies strategies and techniques to establish a good defense. It discusses the concept of a "kill chain" and identifies key indictors for attack events with a focus on network analysis.
TechBook: IMS on z/OS Using EMC Symmetrix Storage SystemsEMC
This EMC Engineering TechBook provides a general description of EMC products that can be used for IMS administration on z/OS. Using EMC products to manage IMS environments can reduce database and storage management administration, reduce CPU resource consumption, and reduce the time required to clone, backup, or recover IMS systems.
White Paper: Next-Generation Genome Sequencing Using EMC Isilon Scale-Out NAS...EMC
This EMC Isilon sizing and performance guideline White Paper reviews the Key Performance Indicators (KPIs) that most strongly impact the production processes for the storage of data from Next-Generation Sequencing (NGS) workflows.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Getting Real About Security Management and “Big Data” EMC
It’s an exciting yet daunting time to be a security professional. Security threats are becoming more aggressive and voracious. Governments and industry bodies are getting more prescriptive around compliance. Combined with exponentially more complex IT environments, security management is increasingly challenging. Moreover, new “Big Data” technologies purport bringing advanced analytic techniques like predictive analysis and advanced statistical techniques close to the security professional.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
The Software Defined Security (SDSec) market is witnessing substantial growth due to the increasing adoption of cloud-based services, virtualization technologies, and the rising number of cyber threats. SDSec refers to the application of software-defined networking principles to security solutions, allowing organizations to dynamically adapt their security policies and controls in response to changing threats and network conditions. The software-defined security market is projected to grow from US$ 7.13 billion in 2021 to US$ 40.73 billion by 2028; it is expected to grow at a CAGR of 28.6% from 2022 to 2028. This approach offers enhanced flexibility, scalability, and automation compared to traditional hardware-centric security architectures.
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
Draft document to present findings of exploratory work on the incorporation of machine learning and AI into an existing data security product. The project was abandoned due to conflicting work done by product management.
In this exclusive Security Leadership Series eBook, Citrix chief information security officer Stan Black and chief security strategist Kurt Roemer share best practices for leading meaningful security discussions with the board of directors; engaging end users to protect business information; and meeting security-related compliance requirements.
Cybersecurity vs Data Science A Roadmap.pptxInfosectrain3
The word “cyber” means a world of computers or computer networks, and Cyber security is the practice of safeguarding electronic data systems against malicious or unauthorized activity. Cybercriminals are already too clever and may simply exploit security flaws to enter data systems. As a result, strong information security measures must be implemented to keep data safe from unauthorized access.
Cybersecurity vs Data Science A Roadmap.pptxInfosectrain3
The word “cyber” means a world of computers or computer networks, and Cyber security is the practice of safeguarding electronic data systems against malicious or unauthorized activity. Cybercriminals are already too clever and may simply exploit security flaws to enter data systems. As a result, strong information security measures must be implemented to keep data safe from unauthorized access.
Leading businesses are stretching their boundaries and creating the fabric that connects customers, services and devices through the IoT. Security implications emerge that should be proactively addressed by enterprises looking to operate in the broad digital ecosystem and the “We Economy.”
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
CloudBoost is a cloud-enabling solution from EMC
Facilitates secure, automatic, efficient data transfer to private and public clouds for Long-Term Retention (LTR) of backups. Seamlessly extends existing data protection solutions to elastic, resilient, scale-out cloud storage
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
With EMC XtremIO all-flash array, improve
1) your competitive agility with real-time analytics & development
2) your infrastructure agility with elastic provisioning for performance & capacity
3) your TCO with 50% lower capex and opex and double the storage lifecycle.
• Citrix & EMC XtremIO: Better Together
• XtremIO Design Fundamentals for VDI
• Citrix XenDesktop & XtremIO
-- Image Management & Storage
-- Demonstrations
-- XtremIO XenDesktop Integration
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
Explore findings from the EMC Forum IT Study and learn how cloud computing, social, mobile, and big data megatrends are shaping IT as a business driver globally.
Reference architecture with MIRANTIS OPENSTACK PLATFORM.The changes that are going on in IT with disruptions from technology, business and culture and so IT to solve the issues has to change from moving from traditional models to broker provider model.
Force Cyber Criminals to Shop Elsewhere
Learn the value of having an Identity Management and Governance solution and how retailers today are benefiting by strengthening their defenses and bolstering their Identity Management capabilities.
Container-based technology has experienced a recent revival and is becoming adopted at an explosive rate. For those that are new to the conversation, containers offer a way to virtualize an operating system. This virtualization isolates processes, providing limited visibility and resource utilization to each, such that the processes appear to be running on separate machines. In short, allowing more applications to run on a single machine. Here is a brief timeline of key moments in container history.
This white paper provides an overview of EMC's data protection solutions for the data lake - an active repository to manage varied and complex Big Data workloads
This infographic highlights key stats and messages from the analyst report from J.Gold Associates that addresses the growing economic impact of mobile cybercrime and fraud.
This white paper describes how an intelligence-driven governance, risk management, and compliance (GRC) model can create an efficient, collaborative enterprise GRC strategy across IT, Finance, Operations, and Legal areas.
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
This white paper discusses the results of a CIO UK survey on a“Trust Paradox,” defined as employees and business partners being both the weakest link in an organization’s security as well as trusted agents in achieving the company’s goals.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Industry Overview: Big Data Fuels Intelligence-Driven Security
1. BIG DATA FUELS INTELLIGENCE-DRIVEN SECURITY
Rapid growth in security information creates new capabilities to defend
against the unknown
Authors
Sam Curry, Chief Technology Officer, Identity and Data Protection business unit; Chief Technologist, RSA, The Security Division of EMC
Engin Kirda, Sy and Laurie Sternberg Associate Professor of Information Assurance, Northeastern University
Eddie Schwartz, Vice President and CISO, RSA, The Security Division of EMC
William H. Stewart, Senior Vice President, Booz Allen Hamilton
Amit Yoran, General Manager, Security Management and Compliance business unit; Senior Vice President, RSA, The Security Division of EMC
January 2013
KEY POINTS
WHAT IS BIG DATA? • The dissolution of traditional defensive perimeters coupled with attackers’ abilities to
circumvent traditional security systems requires organizations to adopt an intelligence-
Big data describes data driven security model that is more risk-aware, contextual, and agile.
sets that are too large, too • Intelligence-driven security relies on big data analytics. Big data encompasses both the
breadth of sources and the information depth needed for programs to assess risks
unrefined or too fast-changing
accurately and to defend against illicit activity and advanced cyber threats.
for analysis using relational
• Within the next two years, we predict big data analytics will disrupt the status quo in
or multidimensional database most information security product segments, including SIEM; network monitoring; user
authentication and authorization; identity management; fraud detection; and
techniques. Analyzing big
governance, risk & compliance.
data can require dozens,
• In the next three to five years, we predict data analytics tools will further evolve to
hundreds or even thousands enable a range of advanced predictive capabilities and automated real-time controls.
of servers running massively • Integrating big data analytics into business risk management and security operations
will require organizations to rethink how information security programs are developed
parallel software. What truly
and executed. Six recommendations are presented in the section titled Building a Big
distinguishes big data, aside Data Security Program.
from its volume and variety, • Security teams need analysts who combine data science with a deep understanding of
business risks and cyber-attack techniques. Personnel with these skill sets are scarce,
is the potential to analyze it
and they will remain in high demand. As a result, many organizations are likely turn to
to uncover new insights to outside partners to supplement internal security analytics capabilities.
optimize decision-making.
RSA Security Brief
2. RSA Security Brief, January 2013
Contents
Big Data Holds Big Promise for Security............................................................................3
More Data Means More Security.......................................................................................4
Big Data Transforms Security Approaches.........................................................................6
Security management...............................................................................................7
Identity and access management (IAM)....................................................................7
Fraud prevention......................................................................................................7
Governance, risk and compliance (GRC)....................................................................7
Building a Big Data Security Program...............................................................................8
Looking Ahead: Big Data in Five Years?...........................................................................10
About the Authors..........................................................................................................11
Security Solutions & Programs.......................................................................................12
From Booz Allen Hamilton......................................................................................12
From Northeastern University.................................................................................13
From RSA...............................................................................................................12
RSA Security Briefs provide strategic insight and technical guidance on
today’s high-stakes digital information risks and opportunities. This
Brief is written by subject matter experts with deep technical knowledge
and with broad exposure to how leading-edge organizations manage
information security risks. Providing both big-picture context and practical
technology advice, RSA Security Briefs are vital reading for today’s
forward-thinking security executives.
RSA Security Brief
3. RSA Security Brief, January 2013
BIG DATA HOLDS BIG PROMISE FOR SECURITY
Big data is transforming the global business landscape. Organizations are analyzing huge
volumes of diverse, fast-changing data to gain new insights that help them run their
businesses better and get an advantage over the competition. In the same way that big
data has transformed competitive dynamics in industries from retail to biotech, we
MOVING TO INTELLIGENCE- expect it will also transform the information security sector. Big data’s new role in
security comes at a time when organizations confront unprecedented information risk
DRIVEN SECURITY
arising from two conditions:
Intelligence-driven security is a 1. Dissolving network boundaries – As organizations open and extend their data
modernized approach to security networks – allowing partners, suppliers and customers to access corporate
information in new, dynamic ways in order to push collaboration and innovation –
advocated by the Security for they become more vulnerable to data misuse and theft. Corporate applications and
data are also increasingly accessed through cloud services and mobile devices,
Business Innovation Council, a
shattering what’s left of enterprise network boundaries and introducing new
group of top security executives information risks and threat vectors.
from Global 1000 enterprises 2. More sophisticated adversaries – Cyber attackers have become more adept at waging
highly targeted, complex attacks that evade traditional defenses, static threat
that publish recommendations
detection measures and signature-based tools. Oftentimes, cyber attacks or fraud
to advance the practice of schemes perpetrated by advanced adversaries aren’t detected until well after damage
has been done.
information security worldwide.
The dissolution of traditional defensive perimeters coupled with attackers’ abilities to
In an intelligence-driven
circumvent traditional security systems requires organizations to reinvent their security
security program, organizations approach. In today’s hyper-extended, cloud-based, highly mobile business world,
security approaches solely reliant on perimeter defenses—or that require predetermined
evaluate all the security-related
knowledge of the threat or direct control over all infrastructure elements—are being made
information available to them, obsolete. Instead, a more agile approach based on dynamic risk assessments, the
analysis of vast volumes of data and real-time security operations will be essential to
both internally and externally, providing meaningful security.
to maintain the visibility and The Security for Business Innovation Council advises organizations to move to an
control needed to protect an intelligence-driven security model, which relies on security-related information from
internal and external sources to deliver a comprehensive picture of risk and security
organization’s most valued vulnerabilities. (See sidebar titled Moving to Intelligence-driven Security.) As part of
information assets. For guidance modernizing information security programs, organizations will have to reduce their
reliance on signature-based scanning tools, which only detect limited-scope threats that
on implementing intelligence- have been encountered in the past. Instead, organizations need to cultivate security
driven security programs, please capabilities that will ultimately help them detect the unknown and predict threats in the
future.
read the Council’s report “Getting
To move in this direction, organizations must gain full visibility into the security
Ahead of Advanced Threats: conditions of all IT assets handling valuable information. Today, however, most
organizations effectively capture and analyze only a relatively small slice of security-
Achieving Intelligence-driven
related information. Such information sources include network logs, SIEM system alerts
Information Security” available and application access records. Many sources of security-related information have not
been used in security operations because their data formats are too variable and
on RSA.com.
unpredictable, the data sets are perceived to be too large and/or the data changes too
quickly. Now, with recent advancements in computing power, storage systems, database
management and analytics frameworks, no data set is too big or too fast. Information
such as full packet capture, external threat intelligence feeds, website clickstreams,
Microsoft® Outlook® calendars and social media activity can be used for security–related
analysis.
RSA Security Brief page 3
4. RSA Security Brief, January 2013
Despite the challenges of normalizing vast amounts of information from such diverse and
dynamic sources, big data will play an increasingly important role in security. By
Author Commentary
incorporating big data into security programs, organizations gain richer context for
“Intelligence-driven security assessing risk and learning what’s “normal” for a particular user, group, business
process or computing environment. As organizations develop fuller, more nuanced
reinforces the idea that no man
profiles of both systems and users, security teams can enhance their ability to spot
is an island. When organizations aberrant activity or behaviors, which often indicate deeper problems.
combine outside information Big data analytics is expected to emerge as the cornerstone of an intelligence-driven
with all of their own data that’s security program for preventing, and even predicting, high-stakes security threats. In fact,
the integration of big data into security tools represents a sea change in how information
available to them they start
security programs may be designed and executed.
to see a more informed view
of threats. They correlate and MORE DATA MEANS MORE SECURITY
detect faint signals that they In an intelligence-driven security model, the definition of “security data” expands
couldn’t see before. Tremendous considerably. In this new model, security data encompasses any type of information that
could contribute to a 360-degree view of the organization and its possible business risks.
value can be generated when all For an illustration of how diverse information with security applications can be, Figure 1
information within an enterprise charts data sources that could be mined by identity and access management systems in
the near future.
with security relevance gets
collected, organized, analyzed Because potential sources of security-related data are nearly endless, intelligence-driven
security models require scalable, big data architectures to be in place to store and
and leveraged.” manage all of the information that could prove helpful. Big data infrastructures will vary
—Eddie Schwartz
depending on each organization’s unique business requirements and relevant data
RSA, The Security Division sources. While optimizing big data platforms is important, the information will yield no
of EMC insight if organizations cannot integrate data and apply the right analytical techniques
and context. Different methods of analysis can be applied to make smarter, more
Figure 1: Big data enhances identity verification
SITUATION-AWARE IAM BUILDS RICH USER PROFILES
PASSIVE INPUT ACTIVE INPUT
Geo IP location
Device security health
jdoe
computer username
certificates
Wireless access points
Typing pattern recognition
Click stream patterns password
mycat
Wireless access points mobile device
GPS location one-time
Network location password Hardware token
Software token
On-demand token
Access times physical access
digital certificate
Access location
Organizational role HR systems
out-of-band phone
and privileges
travel system
Travel itineraries security questions “Which of the following people
knowledge-based ???? do you meet with every
Tuesday at 10:00 a.m.?”
questions (multiple-choice list)
Internal application
SIEM
access
fingerprint
Log data
retina
Internal threats biometric iris
authentication facial recognition
external
typing recognition
IP blacklists sources
voice recognition
External threats handwriting recognition
RSA Security Brief page 4
5. RSA Security Brief, January 2013
targeted types of decisions. Once these analytics are finely tuned, they can inform
controls on the network to take action: lock accounts down, quarantine systems, change
network device settings, require a second form of authentication, or tip off a fraud-
monitoring system, for example. This increased automation reduces the workload for
security analysts while accelerating the identification and mitigation of security threats.
When big data drives security, the result is a unified, self-evolving approach and a
holistic awareness that discrete, stitched-together solutions can’t begin to achieve. A big
data-driven security model has the following characteristics:
Author Commentary • Diverse data sources – both internal and external – that multiply in value and create a
synergistic learning effect as new security-related information is added
“Collecting big data is the easy
• Automated tools that collect diverse data types and normalize them so they’re usable
part. Understanding the data is by analytics engines
the hard part. It’s best to start out • Analytics engines capable of processing vast volumes of fast-changing data in real time
working on a sub-problem: for • Advanced monitoring systems that continuously examine high-value systems and
resources and make assessments based on behavior and risk models, not on static
example pinpoint the command
threat signatures
and control center of a botnet,
• Active controls such as requiring additional user authentication, blocking data
and then take that information transmissions or facilitating analysts’ decision-making when high-risk activity is
detected
and correlate it against, say,
• Centralized warehouse where all security-related data is made available for security
connection information in your analysts to query, either as a unified repository or, more likely, as a cross-indexed series
organization, to get better of data stores
situational awareness.” • Standardized views into indicators of compromise that are created in machine-readable
form and can be shared at scale by trusted sources
– Engin Kirda,
Northeastern University • N-tier infrastructures that create scalability across vectors such as geography, storage
and databases and have the ability to process large and complex searches and queries
• High degree of integration with security- and risk-management tools to facilitate
detailed investigations of potential problems by analysts and to trigger automated
defensive measures such as blocking network traffic, quarantining systems or requiring
additional verification of user identity
When big data drives security, the result is greatly enhanced visibility into IT
environments and the ability to distinguish suspicious from normal activities to inspire
trust in our IT systems.
RSA Security Brief page 5
6. RSA Security Brief, January 2013
BIG DATA TRANSFORMS SECURITY APPROACHES
The quality and value of insight that can be derived from big data analytics is expected to
Author Commentary
spur dramatic changes in almost every discipline within information security. The changes
“The game is changing. More and have already begun, with an immediate need for advanced analytics arising in threat
monitoring and incident investigations. These processes draw information from a variety
more data is going onto the Internet of sources, analyzing both fresh and archived data to get a fuller, deeper view of security
conditions (see Figure 2).
in automated forms, and that vector
Leading-edge security operations centers (SOCs)—especially those in defense and
will continue. Therefore a security
financial services organizations—are already discovering value from applying analytics to
analysis tool that worked great two large sets of security data. They’re analyzing massive archives of security data to
understand attackers’ techniques and to uncover subtle indicators that could help
or three years ago doesn’t work so
identify hidden threats faster, track cyber adversaries and perhaps even predict future
well anymore. You now have to look attacks. They’re applying fraud analysis techniques to reduce unauthorized access to user
accounts and corporate resources.
through a whole lot more data, and
While big data analytics tools for security were often custom-built in the past, this year
you have to look for threats that are
leading security organizations will deploy commercial, off-the-shelf big data solutions in
far more subtle. Commercial tools their SOCs. Within two years, we predict big data analytics will have disruptive impact on
many categories in the information security sector, including SIEM; network monitoring;
are changing to take advantage user authentication and authorization; identity management; fraud detection; and
of these big data streams coming governance, risk and compliance systems. Longer term, big data is also expected to
change the nature of conventional security controls such as anti-malware, data loss
online.” prevention and firewalls—essentially the entire security spectrum.
– William H. Stewart,
Booz Allen Hamilton
Figure 2: Security investigations rely on big data
Network/Host
Web Transactions Infrastructure Information Identity
Traffic
Are there traffic Has suspicious Has the server been What kind of data Which users are
anomalies to/from activity been manipulated? does this system logged in?
these servers? observed in sensitive/ store, transmit,
• Protocol Is it vulnerable? Has Have their privileges
high value process?
distribution? its configuration been escalated?
applications and
• Encryption? changed recently? Is this regulated
assets? Where did they log in?
• Suspicious information? High-
Potential sources: Is it compliant with
destinations? value IP? What other assets did
• Authentication data policy?
Potential sources: these users touch?
Potential sources: • Transaction
Potential sources: • DLP
• SIEM monitoring Potential sources:
• IT assets • Data classification
• Network monitoring • Application logs • Authentication data
• GRC systems • GRC systems
• Application • SQL server logs • Microsoft Active
• Configuration
monitoriing • Network session data Directory®
management
• Vulnerability • Server logs
management • Asset management
• SIEM
• Network monitoring
RSA Security Brief page 6
7. RSA Security Brief, January 2013
Security management
SIEM and network monitoring capabilities have begun converging, creating a security
analytics platform capable of massive and diverse real-time data collection and threat
analysis. Security management driven by big-data analysis creates a unified view of
multiple data sources and centralizes threat research capabilities, instead of forcing
security analysts to deal with disparate tools that disrupt and potentially derail their
workflows. The convergence of SIEM and network monitoring capabilities creates a
unified security management system to assimilate all information that could possibly
inform security. It ingests external threat intelligence and also offers the flexibility to
integrate security data from existing technologies. Data processing happens on a much
grander scale: today in the SIEM space, tools are capable of correlating thousands of
Author Commentary events per second; going forward, security management platforms will correlate hundreds
of thousands, even millions, of events per second without the need to expand the
“In the coming year, top-tier hardware footprint.
enterprises with progressive security
Identity and access management (IAM)
capabilities are expected to adopt
Next-generation tools enable risk-based, adaptive identity controls that continuously
intelligence-driven security models evaluate and adjust the level of protection and access based on asset criticality and risk.
based on big data analytics. Over By enabling situation-aware IAM, such tools provide continuous risk assessment of user
activity, especially when accessing sensitive resources, even after initial authentication.
the next two or three years, we think Profiles are based on historical behavior; a deep, complex user profile; a richer view of
that this security model will become identities and a data-driven perspective of what normal behavior looks like.
much more widely adopted.” Provisioning is done on demand, based on enforcement policies that are created on the
fly. Today, access control is based on rigid policies that say this person is allowed to do
—Eddie Schwartz specific things. Next-generation access control systems acknowledge that an organization
RSA, The Security Division can’t foresee all possible scenarios and instead allows operators to describe the kind of
of EMC
behavior that’s desired, with the system working out the related rules.
Fraud prevention
Whether it’s financial fraud, transaction fraud or the fraudulent use of corporate
resources, advanced security technologies analyze massive amounts of behavioral data
and other diverse indicators to distinguish between malicious and legitimate business
activities. We predict that session intelligence and behavioral and click-stream analysis
will combine to stop business logic abuse in which attackers find a flaw in the functioning
of an IT-based system and exploit it for illicit gain.
Governance, risk and compliance (GRC)
As organizations expand the scope of their GRC programs—bridging organizational siloes
and business functions with a unified GRC system—the amount of data that such systems
can handle will need to grow exponentially. We predict that GRC platforms will evolve to
provide real-time access to the entirety of information relevant to understanding business
risks and to prioritizing security activities. They’ll analyze larger volumes of data to
facilitate better, smarter decisions about the level, sources and criticalities of risk facing
an organization. They’ll also inform SOCs about valuable assets that are at high levels of
risk and help prioritize steps that an organization should take to mitigate those risks.
RSA Security Brief page 7
8. RSA Security Brief, January 2013
In addition to transforming existing categories of security tools, we also believe that big
data will inspire the development of new tools that have yet to be conceived. Tools driven
by big data security analytics will inform where and when to apply controls—or how to
change them—to better protect information, identities and infrastructure.
BUILDING A BIG DATA SECURITY PROGRAM
Integrating big data analytics into security operations—the cornerstone of an intelligence-
driven security model—will require organizations to rethink how security programs are
Author Commentary developed and executed. In updating security programs to take advantage of big data,
organizations should consider the following steps:
“Until very recently in security
1. Set a holistic cyber security strategy – Organizations should align their security
we’ve had to do all sorts of
capabilities behind a holistic cyber security strategy and program that’s customized
complicated things to filter, for the organization’s specific risks, threats and requirements. The security strategy
preprocess and ultimately reduce should integrate big data analytics as part of a broader array of technical solutions,
combined with tailored processes and expert staff. In most cases, a detailed
our visibility to get down to a
assessment of an organization’s current security posture, including an industry peer
manageable data set, perform comparison, lays the groundwork for an effective cyber security program.
analytics and make decisions. 2. Establish a shared data architecture for security information – Because big data
But with extremely high-speed, analytics require information to be collected from various sources in many different
formats, a single architecture that allows all information to be captured, indexed,
scalable big data platforms, we
normalized, analyzed and shared is a logical goal.
have a much richer set of visibility
3. Migrate from point products to a unified security architecture – Developing a unified
tools to begin the whole security security analytics framework will require a big-picture, more disciplined approach to
process. Once you have the data security investments than most organizations have shown in the past. Organizations
need to think strategically about which security products they will continue to support
in the platform, you can then go
and use over several years, because each product will introduce its own data structure
through a number of different that must be integrated into a unified analytics framework for security—or deliberately
analytical methods and techniques, omitted as a potential blind spot. In many cases, the TCO benefits of unifying the data
architecture for security analytics may outweigh the benefits of preserving existing
based on what you’re trying to point products. Conversely, if a particular product isn’t compatible with a given
accomplish.” security data architecture, it’s unlikely to deliver long-term value.
– Amit Yoran 4. Look for open and scalable big data security tools – Organizations should ensure that
RSA, The Security Division of EMC ongoing investments in security products favor technologies using agile analytics-
based approaches, not static tools based on threat signatures or network boundaries.
New, big data-ready tools should offer the architectural flexibility to change as the
business, IT or threat landscape evolves.
RSA Security Brief page 8
9. RSA Security Brief, January 2013
5. Strengthen the SOC’s data science skills – While emerging security solutions will be
big data ready, security teams may not be. Data analytics is an area where on-staff
talent is lacking: a recent survey conducted by IDC-Computerworld of analytics
professionals found that 70 percent identified “lack of a sufficient number of staff with
analytics skills” as a key challenge to delivering a successful business intelligence and
analytics solution in their organizations.1 Security leaders should consider adding data
scientists to their teams. Such specialists will not only need to manage the
organization’s big data capabilities efficiently, but they will also need to understand
Author Commentary business risks and cyber-attack techniques in sufficient depth to develop analytical
models that detect, and even predict, illicit activities. Data scientists with specialized
“Defending against sophisticated knowledge in security are scarce, and they will remain in high demand. As a result,
many organizations are likely turn to outside partners to supplement internal security
adversaries requires advanced
analytics capabilities.
analytics to help narrow the field
6. Leverage external threat intelligence – Augment internal security analytics programs
and focus around advanced with external threat intelligence services. Often threat indicators, attack forensics or
threats. This technology is intelligence feeds from outside sources are not machine-readable and require
extensive manual processing by SOC analysts. SOCs should evaluate service providers
necessary to help analysts solve
aggregating threat data from many trustworthy, relevant sources. Data from these
the hardest security problems. sources should be in formats that can be automatically ingested by security analytics
You’re reacting to a mind and a platforms for correlation with internal data.
person, and therefore you need
creative and empowered people
to defend yourself. Analytics tools
inform analysts, provide scale and
identify patterns of behavior too
subtle to be otherwise observed.”
– William H. Stewart
Booz Allen Hamilton
RSA Security Brief IDC Link: Analytics Education – Does One Size Fit All?, Doc #lcUS23882612, December 2012
1
page 9
10. RSA Security Brief, January 2013
LOOKING AHEAD: BIG DATA IN FIVE YEARS?
Author Commentary If many information security products are enhanced with big data analytics within the
next couple of years, what will happen down the road when such products take root and
“Traditional security controls are
are broadly deployed? In the next three to five years, we predict data analytics tools will
like a machine that you put a advance rapidly and enable the following security capabilities:
recipe into and they always make • Security analysts will be able to use tools with intuitive interfaces to spot
relationships among data sets and create correlations that build upon themselves,
exactly the thing that you ask for. painting the most complete security picture possible.
The new security world is like • SOCs will gain the requisite expertise, processes and tools to make the most of the
looking in your fridge and having security data available to them. They consistently collect data from the right internal
and external sources and use analytics to detect many, if not most, attacks and
it tell you, based on what’s prevent unwanted outcomes. Some SOCs will develop advanced data models that are
available, what would taste good accurate enough to predict certain types of cyber attacks.
and then it makes it for you. For • Data analytics systems will empower users with decision-support capabilities at
crucial times—usually before damage can be done. Analytics systems will inform real-
example, think about adaptive time decision making, triggering automated tools such as risk-aware user
access control, cutting off the authentication systems or notifying SOC analysts so they can take action based on
detailed reports of what’s happening in the moment.
bad guys before they have even
• Security management tools will automatically share relevant threat data with trusted
gotten into the network because partners and creatively reuse big data in different security scenarios.
you can tell where they’re going Big data analytics, when used within an intelligence-driven security program, automates
to be. That’s cool stuff.” many risk assessments and threat detection processes and puts the advantage of time
back in an organization’s hands. Big data analytics also help enhance situational
– Sam Curry awareness and shorten reaction times to potential risks and problems. We believe it will
RSA, The Security Division prove instrumental in helping the global security community bring about a more trusted
of EMC
digital world.
RSA Security Brief page 10
11. RSA Security Brief, January 2013
About the Authors
Sam Curry Sam Curry has more than 20 years of experience in security product management and
Chief Technology Officer, Identity development, marketing, engineering, quality assurance, customer support and sales. His
and Data Protection business unit experience also includes cryptography and research, and he is a regular contributor to a
Chief Technologist number or journals and periodicals. Prior to his current role, Mr. Curry was CTO, Market-
RSA, The Security Division of EMC ing and Vice President of Product Management at RSA, charged with leading the strategic
direction for all RSA solutions. Before joining RSA, Mr. Curry was Vice President of Product
Management and Marketing for a broad information security management portfolio at
CA. Previously, Mr. Curry served as Chief Security Architect and led Product Marketing
and Product Management at McAfee. He holds degrees in English and Physics from the
University of Massachusetts and from Mount Allison University and has founded success-
ful security startups.
Engin Kirda Engin Kirda is the Sy and Laurie Sternberg Associate Professor of Information Assurance at
The Sy and Laurie Sternberg Associate Northeastern University and also holds the position of director of the Northeastern Infor-
Professor of Information Assurance mation Assurance Institute. Previously, Dr. Kirda held faculty positions at Institute Eurécom
Northeastern University on the French Riviera and the Technical University of Vienna, where he co-founded the
Secure Systems Lab that is now distributed across five institutions in the U.S. and Europe.
Dr. Kirda is interested in systems, software and network security with specific focus on
web security, binary analysis and malware detection. He is a co-founder and Director of Re-
search at Lastline, a company specializing in advanced threat detection based on cutting-
edge research conducted at Northeastern University.
Eddie Schwartz Eddie Schwartz is Chief Information Security Officer for RSA and has 25 years of experience
Vice President and Chief Information in the information security field. Previously, he was Co-Founder and Chief Security Officer
Security Officer of NetWitness (acquired by EMC), CTO of ManTech, EVP and General Manager of Global In-
RSA, The Security Division of EMC tegrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign), CISO of Na-
tionwide Insurance, a Senior Computer Scientist at CSC, and a Foreign Service Officer with
the U.S. Department of State. Mr. Schwartz has advised a number of early stage security
companies, and served on the Executive Committee for the Banking Information Technol-
ogy Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and
an M.S. in Information Technology Management from the George Mason University School
of Management.
William H. Stewart William Stewart is a Booz Allen Hamilton senior vice president with more than 25 years
Senior Vice President of professional experience designing, developing and deploying cyber solutions. In his
Booz Allen Hamilton current role, he leads the Cyber Technology Center of Excellence (COE), which includes
more than 3,000 staff and provides consulting and systems integration expertise to public
and private sector clients. Mr. Stewart and his team offer strategy and implementation for
today’s most complex security problems. Prior to joining Booz Allen Hamilton, Mr. Stewart
worked for a major electronics firm and also served as a signal officer in the U.S. Army. Mr.
Stewart holds a MS in Electrical Engineering from Drexel University and a BS in Engineering
from Widener University.
Amit Yoran Amit Yoran oversees RSA’s Security Management and Compliance business unit. He is a
Senior Vice President Commissioner of the CSIS Commission on Cyber Security advising the 44th Presidency and
General Manager, Security Management & serves on several industry and national advisory bodies. Mr. Yoran came to RSA through
Compliance business unit EMC’s acquisition of NetWitness in 2011. Prior to NetWitness, Mr. Yoran served as Director
RSA, The Security Division of EMC of the National Cyber Security Division at the Department of Homeland Security. Formerly,
he served as the Vice President of Worldwide Managed Security Services at the Symantec
Corporation. Mr. Yoran was the co-founder of Riptech, a market-leading IT security com-
pany, and served as its CEO until the company was acquired by Symantec in 2002. He
also served as an officer in the U.S. Air Force in the Department of Defense’s Computer
Emergency Response Team. Mr. Yoran received a Master of Science degree from the George
Washington University, a Bachelor of Science from the United States Military Academy at
West Point, and an honorary Doctorate from the University of Advancing Technology.
RSA Security Brief
page 11
12. RSA Security Brief, January 2013
SECURITY SOLUTIONS & PROGRAMS
The offerings described below align with the recommendations presented in this RSA
Security Brief. The following overview of products and programs is not intended to
provide a comprehensive list of applicable solutions. Rather, it’s intended to serve
as a starting point for security technology practitioners and compliance officers
wanting to learn about some of the options available to them.
From Booz Allen Hamilton
Booz Allen Hamilton (Booz Allen) helps clients evolve cyber security programs to
reduce risk to their business operations and critical digital assets posed by
increasingly severe cyber threats. Booz Allen’s approach is informed by a deep
understanding of sophisticated adversary behavior, anchored by the current state of
the art in cyber security technology and practice, and balanced with a strong focus
on clients’ business needs. Booz Allen’s Intelligence Driven Dynamic Defense
Framework helps clients shift from largely static, perimeter-based cyber defenses to
active, operationally focused capabilities that employ big data analytics capable of
anticipating and reacting to evolving threats.
Booz Allen’s Intelligence Driven Dynamic Defense Framework includes the following
offerings:
Threat Intelligence: Booz Allen’s Cyber4Sight™ managed service delivers predictive
cyber threat intelligence 24 hours a day, 7 days a week. Cyber4Sight delivers near-
real-time cyber threat intelligence to protect clients’ entire business operations
across the global Internet. The service correlates anomalies observed within our
clients’ networks with the techniques, motivations, objectives and intentions seen in
human cyber threat actors across the globe.
Incident Response: Booz Allen provides full-suite triage capabilities, with experts in
critical response delivering effective solutions for DDoS, insider threats, advanced
persistent threat compromises and other security breaches. Incident response
services are often enhanced with Automated First Responder (AFR), a non-signature-
based approach to uncovering an adversary’s presence, threat origins, and the
methods for controlling and remediating attackers’ activities while preventing further
intrusions.
Preemptive Response: Booz Allen leverages its long heritage as a management and
technology consulting firm to help clients gain a greater understanding of the
business challenges and opportunities related to cyber security programs. Our
preemptive response services are built around our Cyber M3: Measure, Manage, and
Mature model. Booz Allen offers a range of Cyber M3 diagnostic and strategy
services to help clients advance their security capabilities. At the premier level,
services help clients: 1) create holistic cyber security programs aligned with
business needs, 2) develop a balanced portfolio of complementary capabilities, and
3) prioritize how to satisfy the diverse needs of stakeholders through justifiable
resource expenditures.
RSA Security Brief page 12
13. RSA Security Brief, January 2013
Integrated Remediation: Booz Allen uses a multi-disciplinary approach
encompassing policy, operations, technologies, management and people to
synchronize remediation efforts. This ensures that cyber protection is fully integrated
and effectively achieved. Booz Allen services range from “design” partnerships, in
which Booz Allen experts work hand-in-hand with clients to develop comprehensive
capabilities (e.g., End-to-End Hunt Team Operational Operating Models), to
“implementation” engagements, in which Booz Allen provides world-class services
in execution and delivery of cyber services (e.g., PKI solution integrations, network
segmentations, etc.).
From Northeastern University
Northeastern University offers Master of Science and Ph.D. programs in Information
Assurance (IA). The specialized field of IA protects information systems by ensuring
data privacy and integrity, user authenticity and legitimate use of system resources.
IA professionals understand the relationships between information technology and
people, systems, society, policy and law. Northeastern University’s interdisciplinary
IA programs are offered jointly by the College of Computer and Information Science,
the College of Engineering and the College of Social Sciences and Humanities and
are the only such programs in New England. Program graduates typically work in
government agencies, as well as in commercial and financial organizations. The
National Security Agency/Department of Homeland Security has designated
Northeastern University as a Center of Academic Excellence in Information Assurance
Research and Education.
From RSA
RSA® Adaptive Authentication, with its advanced self-learning risk engine, calculates
a risk score based on the user behavior profile, the device profile and the
eFraudNetwork™ match. This risk score is provided to a policy engine and the user is
either granted access, required to provide an alternate authentication credential or
denied access. RSA Adaptive Authentication is a proven solution protecting
thousands of organizations and users worldwide today.
The RSA Advanced Cyber Defense Practice provides a complete range of innovative
consulting and professional services to organizations needing to mitigate cyber
threats while pursuing their business objectives. Using RSA’s proven Total Threat
Visibility & Mitigation methodology, practice consultants help organizations
strengthen their operational security programs by optimizing how their people,
processes and technology solutions work together. Consulting services include
conducting breach readiness assessments to minimize exposure to attacks;
fortifying approaches to identity/access management; unifying governance, risk and
compliance practices; and redesigning SOCs/CIRCs. The RSA Advanced Cyber
Defense Practice also provides expert counsel and hands-on assistance with all
aspects of advanced threat detection, response and remediation.
RSA Security Brief page 13
14. RSA Security Brief, January 2013
RSA® Archer™ GRC Suite is the market-leading solution for managing enterprise
governance, risk and compliance (GRC). It provides a flexible, collaborative platform
to manage enterprise risks, automate business processes, demonstrate compliance
and gain visibility into exposures and gaps across the organization. The RSA Archer
GRC platform is designed to draw data from a wide variety of systems to serve as a
central repository for risk-, compliance- and security-related information. The RSA
Archer Threat Management solution is an early-warning system for tracking threats.
The RSA Archer Incident Management solution helps organizations escalate
problems, track the progress of investigations and coordinate problem resolution.
The platform’s ability to integrate information on security alerts and threats, to
gather and present metrics about the effectiveness of security controls and
processes and to analyze contextual information about the security and business
environment helps create actionable, real-time intelligence across the enterprise.
RSA® Cloud Trust Authority (CTA) is a collection of cloud-based services to simplify
and enhance identity, information and cloud infrastructure security, as well as
compliance reporting. With RSA Cloud Trust Authority, public cloud service providers
and their customers do not need to establish individual point-to-point integrations to
establish trust; instead, participants can establish many cloud security relationships
simultaneously through a single integration with the CTA service. Enterprises can
manage secure user access and user provisioning to multiple public cloud service
providers via federated single sign-on and directory synchronization with options for
strong authentication.
The RSA Live platform operationalizes threat intelligence by consolidating
information from the global security community and fusing these external data sets
with an organization’s internal data. The platform gathers security information from
the industry’s most trusted and reliable sources, including proprietary RSA
FirstWatch research. RSA’s expert security analysts consolidate and evaluate threat
data from diverse sources to illuminate the information most relevant to your
organization. The data is then distributed and operationalized via correlation rules,
blacklists, parsers, views and feeds. This automated approach allows organizations
to take advantage of the intelligence that others have already found and to discern
what they should look for in applying threat intelligence to current and historical
data.
RSA Security Brief page 14
15. RSA Security Brief, January 2013
RSA® Security Analytics is designed to provide organizations with the situational
awareness needed to deal with their most pressing security issues. By offering
enterprise-wide visibility into network traffic and log event data, the RSA Security
Analytics system can help organizations gain a comprehensive view of their IT
environment, enabling security analysts to prioritize threats quickly, investigate
them, make remediation decisions and take action. The RSA Security Analytics
solution’s distributed data architecture is engineered to collect and analyze massive
volumes of information – hundreds of terabytes and beyond – at very high speed
using multiple modes of analysis. The solution is also capable of integrating external
threat intelligence about the latest tools, techniques and procedures in use by the
attacker community and of helping organizations track and manage responses to
security issues identified through the solution. The RSA Security Analytics platform is
planned for commercial release in early 2013.
RSA® Silver Tail software and SaaS solutions protect organizations from cyber attack,
cybercrime, and fraud by analyzing web sessions and mobile traffic to distinguish
suspicious or malicious activities from legitimate ones. The Silver Tail platform
collects and analyzes massive amounts of real-time data from web and mobile traffic
to power the platform’s behavioral analysis engine. The behavioral analysis engine
creates heuristics and rules to learn the typical conditions and behaviors within any
IT-based system and to detect anomalies that signal IT security threats, fraud, insider
threats, business logic abuse and other malicious activity.
RSA Security Brief page 15