2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE
3© Copyright 2013 EMC Corporation. All rights reserved. The CIO Challenge Costs, Revenue and……………………………………………….. Risk
4© Copyright 2013 EMC Corporation. All rights reserved. Assess and Manage Threats Align with Business Build Trusted Infrastructure The CIO Challenge Risk
5© Copyright 2013 EMC Corporation. All rights reserved. Threats Used to Be Simple INTRUSION TRADITIONAL ATTACKS FOCUS ON PREVENTION TRADITIONAL DEFENSES FOCUS ON
6© Copyright 2013 EMC Corporation. All rights reserved. B Response A Identification 1 STEALTHY LOW AND SLOW 2 TARGETED SPECIFIC OBJECTIVE 3 INTERACTIVE HUMAN INVOLVEMENT Advanced Security for a New World
7© Copyright 2013 EMC Corporation. All rights reserved. Example Attack: Data Exfiltration Unusual Network Traffic Authentication Check Authorization ChecksEx-filtration ****** PASSWORD Spear Phishing
8© Copyright 2013 EMC Corporation. All rights reserved. Source: Verizon 2012 Data Breach Investigations Report, NYT Can You Respond Within Two Hours? breaches take weeks or more to discover risk reduced when breach response under 2 hours 85 % 60%
9© Copyright 2013 EMC Corporation. All rights reserved. Threats Today Require a New Approach Proprietary and Confidential To Silver Tail Systems
10© Copyright 2013 EMC Corporation. All rights reserved. Advanced Security is Intelligence Driven Analytic Systems with Adaptive Capacity for Big Data Appreciation of Risk Data Analytics Agile Controls
11© Copyright 2013 EMC Corporation. All rights reserved. Today’s Priorities Prevention 80% Monitoring 15% Response 5% Prevention 80% Monitoring 15% Response 5% Prevention 33% Intelligence-Driven Defenses Monitoring 33% Response 33% Budget for Monitoring and Response
12© Copyright 2013 EMC Corporation. All rights reserved. Security Market Shift Sources: IDC. Projected CAGR for CONTROL PLANE Identity Mgmt & Governance Authentication & Access Mgmt IDENTITY Endpoint Controls Network / Messaging Controls INFRASTRAS TRUCTURE Web App Security / Fraud Prev Encryption/DLP/IRM INFO / APP MANAGEMENT PLANE GRC SOLUTIONS: IT/eGRC Data Discovery & Classification, Policy & Compliance DEFINE POLICY MAP POLICY MEASURE POLICY GRC SIEM, Network and Endpoint Forensics & Incident Invest., Advanced Analytics DETECT Potential Threats INVESTIGATE Attacks RESPOND To Attacks SECURITY OPERATIONS ITaaS Management Enterprise CRM ERP BI *** Data Center Applications Infrastructure Information To DC Admins Users Anti-malware -11.3% Firewalls 0% Advanced Authentication 12.7% SIEM 10.7% Forensics & Incident Investigation 16.9%
13© Copyright 2013 EMC Corporation. All rights reserved. RSA and The Security Industry CONTROL PLANE Identity Mgmt & Governance Authentication & Access Mgmt IDENTITY Endpoint Controls Network / Messaging Controls INFRASTRAS TRUCTURE Web App Security / Fraud Prev Encryption/DLP/IRM INFO / APP MANAGEMENT PLANE GRC SOLUTIONS: IT/eGRC Data Discovery & Classification, Policy & Compliance DEFINE POLICY MAP POLICY MEASURE POLICY GRC SIEM, Network and Endpoint Forensics & Incident Invest., Advanced Analytics DETECT Potential Threats INVESTIGATE Attacks RESPOND To Attacks SECURITY OPERATIONS ITaaS Management Enterprise CRM ERP BI *** Data Center Applications Infrastructure Information To DC Admins Users ARCHER eGRC SUITE SECURITY ANALYTICS AUTH MGR / SECURID ADAPTIVE AUTH DLP, DATA PROTECTION MGR SILVER TAIL, FRAUDACTION
14© Copyright 2013 EMC Corporation. All rights reserved. Public & Private Threat Intel Governance A Security Analytics Platform Compliance Incident Management Remediation AnalyticsBig Data
15© Copyright 2013 EMC Corporation. All rights reserved. Discussion Topic Are Security Analytics within your team’s current capabilities? What is your approach?
16© Copyright 2013 EMC Corporation. All rights reserved. The CIO Dashboard: Focus on Risk Availability RiskOperational RiskSecurity RiskCompliance Risk OVERALL IT RISK RSA Archer
17© Copyright 2013 EMC Corporation. All rights reserved. CIO CISO CRO Incident Response Audit InfoSec Engineering/Ops Security Analytics Organization
18© Copyright 2013 EMC Corporation. All rights reserved. Leading Edge Incident Response Capture and Reverse Events Analysis and Correlation (Data Science) Virtual/Live Forensics Rapid Response Collaboration
19© Copyright 2013 EMC Corporation. All rights reserved. Leading Edge InfoSec Teams Threat and Vulnerability Prioritization Endpoint and Network Visibility Controls Close to Data Business Alignment Visualization
20© Copyright 2013 EMC Corporation. All rights reserved. Leading Edge Auditors Support Policy With Technology Real-Time Compliance Stats Support IT Transformation Comprehensive View
21© Copyright 2013 EMC Corporation. All rights reserved. Critical Incident Response Center Case Study: RSA Best Practice L2 Incident Handlers Work with L1 on complex incidents Reverse Malware Engineering Host & Network Forensic Cause & Origin Determination Cyber Threat Intelligence Open/All Source Actor Attribution Review unstructured threat intel Attack Sensing & Warning Social Media High Value Target (HVT) tracking L1 Incident Handlers Eyes-on-Glass End User Intake Event Triage Incident Containment & Remediation 24x7 Coverage Content Analytics Integration Content Development Reporting Alert & Rule Creation CIRC Director/Manager Incident Coordinators (per site/shift)
22© Copyright 2013 EMC Corporation. All rights reserved. Discussion Topic How does your Security and GRC organization compare to this model? What do you expect from your CSO/CISO?
23© Copyright 2013 EMC Corporation. All rights reserved. RSA Conference 2013 Takeaways Intelligence-driven security –January 2013 announcement of RSA Security Analytics release Big Data-Driven Risk Analytics –Merger of strong authentication with risk analytics –RSA announces Authentication Manager 8 RSA and Juniper Expand Partnership Around Advanced Threats –Intelligence-Sharing Addresses Advanced Threats Intelligence-driven Next Generation Security Operations Services –Helps customers build cyber-defenses and SOCs
24© Copyright 2013 EMC Corporation. All rights reserved. RSA and EMC Resources RSA Blog RSA Security Briefs EMC CIO ConnectEMC Product Security RSA Features
25© Copyright 2013 EMC Corporation. All rights reserved. Industry Resources 2013 Global Security Report Data Breach Investigations Report (DBIR) investigations-report-2012-ebk_en_xg.pdf Security Intel Analysis/Internet Threat Research Security Threat Report threat-report.aspx Security Bulletin ecurity_Bulletin_2012_Malware_Evolution Threat Report secure.com/static/doc/labs_global/Research/Threat_Report_H2_2012.pdf
26© Copyright 2013 EMC Corporation. All rights reserved. Intelligence-Driven Security SOC | GRC | Identity | Anti-Fraud
27© Copyright 2013 EMC Corporation. All rights reserved. Thank You