Presentation is loading. Please wait.

Presentation is loading. Please wait.

1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.

Published byPeter Harris Modified over 8 years ago

Similar presentations

Presentation on theme: "1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect."— Presentation transcript:

1 1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin blog.emc2.de/executive-world/ project-sparks.eu/blog/ @RobtWesGriffin www.linkedin.com/pub/robert-griffin/0/4a1/608

2 2© Copyright 2014 EMC Corporation. All rights reserved. Disruption and Transformation Infrastructure Transformation Mobile Cloud Less control over access device and back-end infrastructure Threat Landscape Transformation APTs Sophisticated Fraud Fundamentally different tactics, more formidable than ever Business and Legal Transformation More hyper-extended, more digital Extended Workforce Networked Value Chains Big Data http://www.emc.com/collateral/industry-overview/h11391-rpt-information-security-shake-up.pdf?pid=sbiclandingpage- sbicspecialreport-122112

3 3© Copyright 2014 EMC Corporation. All rights reserved. TIME Evolving Attack Goals and Methods Worms/ Viruses Simple DDoS Phishing Pharming APTs Multi-Stage Hacker Collaboration Disruptive Attacks Destructive Attacks Intrusive Attacks Advanced DDoS Sophisticated Mobile Attacks IoT Attacks

4 4© Copyright 2014 EMC Corporation. All rights reserved. Traditional Security Is Not Working Source: Verizon 2013 Data Breach Investigations Report 97% of breaches led to compromise within “days” or less with 72% leading to data exfiltration in the same time 78% of breaches took “weeks” or more to discover 66% took “months or more”

5 5© Copyright 2014 EMC Corporation. All rights reserved. Intelligence is the Game Changer

6 6© Copyright 2014 EMC Corporation. All rights reserved. P E L N Visibility Capture Time Data Enrichment Packets, Logs, Endpoints, NetFlow Business & Compliance Context Data Collection and Rationalization

7 7© Copyright 2014 EMC Corporation. All rights reserved. Analysis Endpoint Threat Detection Correlate Multiple Data Sources Out-of-the-box Content Generating Information Big Data & Data Science

8 8© Copyright 2014 EMC Corporation. All rights reserved. Action Prioritized & Unified Analyst Workflow Investigate down to finest details Integrate SOC Best Practices Investigation and Remediation

9 9© Copyright 2014 EMC Corporation. All rights reserved. Communication Valley Reply (Italy) Leveraging Intelligence-Driven Security Requirements: Efficient, cost-effective management and reporting of security Reduce cost of services delivery Improved MSSP service as competitive advantage Solution: Automatically tracked and reported on client risk and compliance Enhanced incident triage Improved event analysis http://www.emc.com/collateral/customer-profiles/h11982-reply-cp.pdf

10 10© Copyright 2014 EMC Corporation. All rights reserved. Domain A RISK SCORE Traffic content types Suspicious domains often host many services on the same server. Number of IP addresses Malicious domains use many IP addresses to evade static IP watchlists. Number of domain name owners associated with an IP address A high number of domain owners associated with a system is suspicious GETS vs PUT/POSTs Domains where the ratio of POSTs to GETs is high are more likely malicious. Number of users hitting a domain relative to complexity A complex domain that few people access is more likely to be malicious. Low Risk Domain ALow Risk Domain AHigh Risk Example: Detect suspicious domain connections Identifying suspicious domains is difficult – and identifying hosts that have ever communicated with one is even harder.

11 11© Copyright 2014 EMC Corporation. All rights reserved. Domain A RISK SCORE Use of cookies Malicious sessions seldom use cookies. Bytes uploaded vs. downloaded Malicious sessions often upload far more than just a URL request. Use of referrer strings Most web sessions come from clicking on another link, resulting in a “referrer string”. Malicious sessions seldom do. Other RSA uses several other identifiers to determine the risk score. URL lengths Malicious attacks often embed themselves deep in web servers, resulting in unusually long URL lengths. Low Risk Domain AMedium Risk Domain AHigh Risk Example: Discover beaconing hosts Traffic from hosts ‘beaconing’ to command and control hosts can look like normal traffic. Data science helps identify outliers.

12 12© Copyright 2014 EMC Corporation. All rights reserved. Capture, enrich and analyze data from across your network. Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA Research LIVE INTELLIGENCE Investigation Advanced Analytics Compliance Endpoint Analysis Session Reconstruction Incident Management ACTIONANALYSIS LIVE VISIBILITY Capture Time Meta-Data Enrichment LIVE Security analytics architecture LOGS PACKETS ENDPOINT NETFLOW ENRICH

13 13© Copyright 2014 EMC Corporation. All rights reserved. Dallas Mexico City EMEA HQ Singapore DC Network Collection Log Collection Log Collection Network Collection Pivotal Network Collection 2 nd Pivotal Cluster 1 st Pivotal Cluster Capture Time Streaming Context Assets Identities Vulns Log Collection Log Collection Capture Time Log Collection Log Collection Capture Time Network Collection Log Collection Log Collection Capture Time Local Archive Central Archive Scalable, enterprise-wide deployment Efficient data collection and enrichment Streaming analytics close to the source Centralized, deep-analytics across the enterprise Sample enterprise deployment Captures data from across data centers and feeds enriched data to the analytics platform

14 14© Copyright 2014 EMC Corporation. All rights reserved. Balancing Security and Privacy Information Sprawl Mobility of End Users More Threats More Regulations Business Challenge Security Privacy Meet Regulations Mitigate Emerging Threats Self-Service Secure Account Access and Use Protect Information Ease of Use

15 15© Copyright 2014 EMC Corporation. All rights reserved. 15 The Internet of Things Transformation in Opportunity and Risk Security Management User Interface Data Collection Data Storage Data Integration Data Management

16 16© Copyright 2014 EMC Corporation. All rights reserved. Planning Your Journey Siloed compliance focus, disconnected risk, basic reporting Managed automated compliance, expanded risk focus, improved analysis/metrics Advantaged fully risk aware, exploit opportunity Reduce compliance cost Gain resource & risk visibility Manage known & unknown risks Identify new business opportunities

17 17© Copyright 2014 EMC Corporation. All rights reserved. Thank You robert.griffin@rsa.com blogs.rsa.com/author/griffin blog.emc2.de/executive-world/ project-sparks.eu/blog/ @RobtWesGriffin www.linkedin.com/pub/robert-griffin/0/4a1/608

Download ppt "1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.

© 2012 IBM Corporation IBM Israel Software Lab (ILSL( Daniel Yellin, Director March 2013.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.

Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.

Similar presentations

Ads by Google