RSA Advanced Security Operationsinfosek.net/gradiva-INFOSEK-2015/Gradivo_Infosek/Be the... ·...
Transcript of RSA Advanced Security Operationsinfosek.net/gradiva-INFOSEK-2015/Gradivo_Infosek/Be the... ·...
1© Copyright 2015 EMC Corporation. All rights reserved.
RSA Advanced Security OperationsRichard Nichols, Director EMEA
2© Copyright 2015 EMC Corporation. All rights reserved.
What is the problem we need to solve?
3© Copyright 2015 EMC Corporation. All rights reserved.
VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT
Attacker
Capabilities
Defender
Capabilities
…..and the Gap is Widening
Attackers Are Outpacing Defenders
The defender-detection deficit
4© Copyright 2015 EMC Corporation. All rights reserved.
Why Security Defenses Are Failing – The Strategic View
Tools & processes must adapt to today’s threats
Security teams are missing attacks
Teams need to increase experience & efficiency
Existing strategies & controls are failing
Attackers are becoming more sophisticated
The attack surface is expanding
5© Copyright 2015 EMC Corporation. All rights reserved.
At first, there were HACKS Preventative controls filter known attack paths
Evolution of Threat Actors & Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Corporate Assets
Whitespace Successful HACKS
6© Copyright 2015 EMC Corporation. All rights reserved.
At first, there were HACKS Preventative controls filter known attack paths
Then, ATTACKSDespite increased investment in controls, including
SIEM
Evolution of Threat Actors & Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
More Logs
Corporate Assets
SIEM
Blocked Session
Blocked Session
Blocked Session
Alert
Whitespace Successful ATTACKS
7© Copyright 2015 EMC Corporation. All rights reserved.
Now, successful ATTACK CAMPAIGNS target any and all whitespace.
Complete visibility into every process and network sessions is required to eradicate the attacker
opportunity.
Unified platform for advanced threat detection & investigations,
Evolution of Threat Actors & Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Logs
Endpoint Visibility
Corporate Assets
Blocked Session
Blocked Session
Blocked Session
Alert
Process
Network Visibility Network Sessions
Secu
rit
y A
naly
tics
8© Copyright 2015 EMC Corporation. All rights reserved.
How can we address the problem?
9© Copyright 2015 EMC Corporation. All rights reserved.
Shift from Prevention to Detection & Response
“By 2020, 60% of enterprise information security budgets will be allocated to rapid
detection and response approaches — up from less than 10% in 2014.”
--Neil Macdonald and Peter Firstbrook, Gartner,
Feb. 12, 2014, Designing an Adaptive Security Architecture
for Protection From Advanced Attacks
10© Copyright 2015 EMC Corporation. All rights reserved.
Security Monitoring Must Evolve
EFFICIENT OPERATIONS
Incident response, investigations and
systems management
need to be Easy to Use
ENDPOINT TO CLOUD VISIBILITY
Fuse together network, endpoint and system
data & threat intelligence
for Complete Visibility
RAPID INVESTIGATIONS
Leverage Visibility to Investigate Incidents
rapidly and completely
such that PrioritizedActions can be taken to
mitigate Incidents
ADVANCED THREAT DETECTION
Utilize intelligence, context
and Advanced Analytics to highlight
potential incidents from normal activity
11© Copyright 2015 EMC Corporation. All rights reserved.
P
E
L
N
Visibility
Capture Time Data Enrichment
Packets, Logs, Endpoints, NetFlow
Business & Compliance Context
See More
12© Copyright 2015 EMC Corporation. All rights reserved.
Analysis
Endpoint Threat Detection
Correlate Multiple Data
Sources
Out-of-the-box Content
Understand Everything
Big Data & Data Science
13© Copyright 2015 EMC Corporation. All rights reserved.
Action
Prioritized & Unified Analyst Workflow
Investigate down to finest details
Integrate SOC Best Practices
Investigate & Remediate Faster
14© Copyright 2015 EMC Corporation. All rights reserved.
• Monthly Reports and Analytics content to deliver more value to customers.
• Over 195 application rules, 75 correlation rules.
• Several high profile specific threat updates:
• Heartbleed, • IE9 Zero Day• Game Over Zeus• Shell crew• Boleto Fraud Ring• Many More in the Pipeline…
• Future focus on Identity, Cloud and Expanded Threat Indicators
“SA Nailed it! RSA Security Analytics provided us the best view of attempts and issues on our network, better than any other product.”
Enabling Better Detection with Content
15© Copyright 2015 EMC Corporation. All rights reserved.
RSA SecOps
AggregateAlerts toIncidents
IncidentResponse
BreachResponse
SOC Program
Management
Dashboard &Report
RSA Archer Enterprise
Management(Context)
RSA ArcherEnterprise Risk
BCM(Optional)
ALERTS
CONTEXT
LAUNCH FOR
INVESTIGATIONS
3rd Party Systems
RSA Advanced SOC
16© Copyright 2015 EMC Corporation. All rights reserved.
Resource Shift Needed: Budgets & People
Today’sPriorities
Prevention80%
Monitoring15%
Response5%
Prevention33%
Intelligence-DrivenSecurity
Monitoring33%
Response33%
17© Copyright 2015 EMC Corporation. All rights reserved.
Beyond Technology
18© Copyright 2015 EMC Corporation. All rights reserved.
Incident Response
Rapid breach response &
SLA-based retainer
Strategy & Roadmap
Review and recommendations
NextGen Security Operations
Technical consulting to transform
from reactive to proactive
RSA Advanced Cyber Defense Services
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.
See Everything. Fear Nothing.