The Future of the Advance Soc
description
Transcript of The Future of the Advance Soc
1© Copyright 2011 EMC Corporation. All rights reserved.
The Future of the Advance Soc
3rd Annual Privacy, Access and Security Congress, Ottawa, 2012
Mike HuckabySenior Director, Global PreSalesRSA, The Security Division of EMC
2© Copyright 2011 EMC Corporation. All rights reserved.
Traditional Security is Not Working
Source: Verizon 2012 Data Breach Investigations Report
99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time
85% of breaches took “weeks” or more to
discover
3© Copyright 2011 EMC Corporation. All rights reserved.
Advanced Security
Transforming Securityaddress the pervasiveness of dynamic, focused adversaries
Traditional Security
Signature-basedPerimeter oriented
Compliance Driven
Advanced Threat
AgileDefinitiveIntelligent
4© Copyright 2011 EMC Corporation. All rights reserved.
Minimum Requirements of Security Management and Compliance
High Speed AnalyticsBig Data
Comprehensive Visibility Actionable IntelligenceGovernance
5© Copyright 2011 EMC Corporation. All rights reserved.
Critical Questions that need to be Addressed
High Speed AnalyticsBig Data
Comprehensive Visibility Actionable IntelligenceGovernance
What Matters?
What is going on?
How do I address it?
6© Copyright 2011 EMC Corporation. All rights reserved.
Security Management Compliance Vision Delivering Visibility, Intelligence and Governance
7© Copyright 2011 EMC Corporation. All rights reserved.
AttackBegins
SystemIntrusion
Attacker Surveillance
Cover-upComplete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
AttackSet-up
Discovery/ Persistence
Maintain foothold
Cover-up Starts
Anatomy of an attack
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
8© Copyright 2011 EMC Corporation. All rights reserved.
TIME
Attack Forecast
Physical Security
Containment &
Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response
Threat Analysis
Attack Identified
Incident Reporting
Anatomy of a response
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
9© Copyright 2011 EMC Corporation. All rights reserved.
AttackBegins
SystemIntrusion
Attacker Surveillance
Cover-upComplete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
AttackSet-up
Discovery/ Persistence
Maintain foothold
Cover-up Starts
Attack Forecast
Physical Security
Containment &
Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response
Threat Analysis
Attack Identified
Incident Reporting
Reducing Attacker Free Time
ATTACKER FREE
TIMETIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
10© Copyright 2011 EMC Corporation. All rights reserved.
Comprehensive Visibility
• Collection without limitations – Ability to collect all types of security
data, at scale and from all types of data sources
• Unified visibility into the network, logs and threat intelligence
– View data about advanced threats from data gathered directly from the network or from affected systems
• Security Analytics– Infrastructure to support
collection without limitations
• Data Loss Prevention– Visibility into the location and use
of the most critical information assets
“Capture and view everything that’s happening in my infrastructure”
11© Copyright 2011 EMC Corporation. All rights reserved.
Agile Analytics
• Prioritization of threats based upon business impact
– Ability to analyze business context of affected systems to identify critical issues
• Interactive data-driven investigative analysis
– Intuitive tools for investigation presented for rapid analysis.
• Real-time detection of zero day threats
– Analysis of collected data for characteristics of malicious activity
• Advanced Threat Analysis– Reporting and alerting of activity data – Alerting and visualization of activity data
• Investigation Platform– Platform for performing rapid
investigations– Session reconstruction and replay– Reduces “Window of Vulnerability”
• Security Analytics Workbench– Automates malware analysis techniques– Identify the widest spectrum of
malware-based attacks
“Enable me to efficiently analyze and investigate potential threats”
12© Copyright 2011 EMC Corporation. All rights reserved.
Actionable Intelligence
• Correlate data with current threat intelligence
– Intelligence from a community of security experts, built into our tools through rules, reports and watch lists
• Operationalize threat intelligence for use across the network
– Continual updates of the latest threat intelligence
• Customizable dashboards with threat, vulnerability and event information
• Threat Intelligence– Leverages global security
community to correlate and illuminate the most pertinent information
– Fuses intelligence with your network data in real-time
• Advanced Threat Management – Business context around
organizational assets and criticality– Workflow around assessing threats
and tracking follow up actions
“Help me identify targets, threats & incidents”
3rd party Threat Intell
Custom research
Rules
Reports
Flex Parsers
13© Copyright 2011 EMC Corporation. All rights reserved.
Optimized Incident Management
• Closed-loop incident management process
– Workflow system to define and activate response processes, plus tools to track open issues, trends and lessons learned
• Business context to better determine impact
– Incorporation of business information showing relationship with systems and support of business functions.
• Automated Incident Management
– Business context around organizational assets and criticality
– Case management workflow, Executive level dashboard, Key metrics
“ Enable me to prioritize and manage these incidents”
14© Copyright 2011 EMC Corporation. All rights reserved.
THANK YOUTHANK YOU