Presentation is loading. Please wait.

Presentation is loading. Please wait.

CENTRALIZING INCIDENT RESPONSE RSA NetWitness Brana Nikolajevic Sales Specialist / Territory Manager Threat Detection and Response RSA NetWitness.

Published byReginald Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "CENTRALIZING INCIDENT RESPONSE RSA NetWitness Brana Nikolajevic Sales Specialist / Territory Manager Threat Detection and Response RSA NetWitness."— Presentation transcript:

1 CENTRALIZING INCIDENT RESPONSE RSA NetWitness Brana Nikolajevic Sales Specialist / Territory Manager Threat Detection and Response RSA NetWitness

2 COMPROMISE IS INEVITABLE –Goal should be to detect and respond to attacks to minimize loss and damage. –Limit attacker free time inside your network.

3 WHAT TO DO ABOUT IT Tools that provide visibility / forensic data are essential for detection and response: –Logs, Packets, Endpoint, Threat Inteligence –Ability to spot anomalous / suspicious activity and investigate –Ability to pivot and see the whole picture of the attack –Ability to response timely

4 CENTRALIZING INCIDENT RESPONSE TEAMS SOC: Security Operation Center CIRC: Critical Incident Response Center CERT: Computer Emergency Response Team CIRT: Computer Incident Response Team SIRT: Security Incident Response Team Better Detect, Investigate and Respond to Security Incidents

5 Unnoticed Incidents Will Lead to Data Breaches SECURITY INCIDENTS GO UNNOTICED 75% of breaches compromise systems in days or less Only 25% of breaches are discovered in days or less $5.4M is the cost of a data breach in US 85% of respondents say there is no prioritization Lack of Framework and Alignment

6 INDUSTRY VIEWPOINTS ESG - Security Incidents Unnoticed –Too Many Non-Integrated Tools –Too Many Manual Processes –Lack of Staff Forrester – Effective Habits of Incident Response –Realistic Reporting & Metrics –Scalable –Collaborate Gartner – Detect & Respond to Security Incidents –CISOs need to put in place incident response process with technology

7 WHY FRAMEWORK AND ALIGNMENT? MEASURE EFFECTIVENESS OF THE PROGRAM LEARN AND REFINE REPEATABLE ONGOING BUSINESS PROCESS PRIORITIZE AGAINST BUSINESS CONTEXT COLLABORATE INTERNALLY AND EXTERNALLY IMPROVE RESPONSE READINESS AND BE PREPARED

8 On Prem Cloud Capture, enrich and analyze data from across your network RSA NETWITNESS Investigation Compliance Reporting Endpoint Analysis Session Reconstruction Incident Management Capture Time Data Enrichment LIVE LOGS PACKETS ENDPOINT NETFLOW Action Analysis Visibility LIVE Threat Intel | Biz Context RSA LIVE Advanced Analytics ENRICH Rules | Parsers | DS Models Reports | Feeds Powered by RSA Research, Incident Response & Engineering LIVE

9 VOICE OF THE CUSTOMER “We switched on Security Analytics (NetWitness) and a lot of things suddenly started lighting up, just like a Christmas tree.” Jason Haward-Grau, MOL Group CISO

10 COMPROMISE IS INEVITABLE –Goal should be to detect and respond to attacks to minimize loss and damage –Limit attacker free time inside your network

11 WHAT TO DO ABOUT IT Tools that provide visibility / forensic data are essential for detection and response –Logs, Packets, Endpoint, Threat Inteligence –Ability to spot anomalous / suspicious activity and investigate –Ability to pivot and see the whole picture of the attack

12 CAPTURE TIME DATA ENRICHMENT  Enriches data right at time of capture making it much faster and more valuable for analysis and investigation –Seconds to respond in a time of crisis  Inspect every network session, log event, and flow for threat indicators  Most robust meta data (over 200) –Enables rapid alerting and investigations –Session based details to lead the analyst to the right answer  Fastest Retrieval & Reconstruction –Maintains the link between the sessionized data and the raw data  Virtual, Physical and/or SW Parsing and Metadata Tagging Add’l Context LIVE Capture Time Data Enrichment ENRICH

13

14 RSA NETWITNESS SECOPS RSA NetWitness SecOps provides a framework to prepare, investigate and respond to threats by aligning people, process and technology. Framework & Alignment

15 LEVERAGE BEST PRACTICES RESPONSE PROCESS 25+ CIRC PRACTITIONER VIEW ENGINEERED AS PER THE EXPERTISE OF INDUSTRY AND PRACTITIONERS NAMING & TERMINOLOGY VERIS Framework

16 RSA NETWITNESS SECOPS Domain RSA NW SecOps Framework & Alignment People Process Technology Incident Response Breach Response SOC Prog. Management

17 RSA NW SECOPS KEY VALUE FUNCTIONS Incident Response Aggregate Alerts Provide Business Context Prioritize Incidents Manage Investigations Track Remediation Breach Response Develop Breach Response Plans Identify & Report Data Breaches Assess Breach Impact Manage Notifications & Call Trees SOC Program Management Manage SOC Team Measure Security Control Effectiveness Document Response Policies & Procedures Link with Business GRC Applications

18 Confirmed Incidents Incidents Collect Data for Context Triage Alerts (Automated or Manual) Security Monitoring Tools Close Investigations Forensic Analysis Corporate Compliance Launch Security Tool in-context for investigation… External/Internal Notifications Data/Privacy Breach Close Business Impact Analysis Regulatory Legal Data Exfiltrated? Yes No Containment Remediation Yes No RSA NW SECOPS IR WORKFLOW

19 Make breach preparedness a priority  Typical cost of a data breach in US is $5.4M 1 Put in place a structure for response, reporting and process  Focus breach response teams by defining owners, steps, timelines & call trees PREPARING FOR A DATA BREACH 1.2013 Cost of Data Breach Study: Ponemon Institute Identify Stakeholders Classify Data Breaches Breach Risk Assessment Notifications and Call Trees Notification History

20 OOTB  RSA tested  Mapping file details provided to map incoming SIEM data to Archer fields Non-OOTB (Other Integrations)  PS capable – Integrated in field −Mapping file details will need to be created  Unified Collector Framework (UCF) supports −Format Syslog CEF messages or JSON −Transport UDP, TCP, Secured TCP RabbitMQ SSL INTEGRATIONS WITH RSA NW SECOPS NetWitness RE ESA SAIM CEF, TCP/STCP CEF, TCP JSON, RMQ CEF, TCP CEF, UDP JSON, TCP/STCP

21  Incident Response Rapid breach response & SLA- based retainer  Strategy & Roadmap Review and recommendations  NextGen Security Operations Technical consulting to transform from reactive to proactive RSA ADVANCED CYBER DEFENSE SERVICES

22 ASOC Design & Implementation ASOC Strategy, Design & Program Development Technology & Operations Buildout | Residencies, Support & Training Security Operations Management SecOps Strategy & Management | Use Case Development Incident Response Procedures Incident Response Retainer | Incident Discovery | Incident Response | IR Hunting Services Breach Management Cyber Readiness & Capability Roadmap Current State & Gap Analysis | Maturity Modeling | Breach Readiness Roadmap | Net Defender (Cyber Security Framework) Cyber & Counter Threat Intelligence Program Development | Web & E-mail Threat Operations | Best Practices Develop and mature a portfolio for ongoing competitive advantage RSA ADVANCED CYBER DEFENSE SERVICES

23 TITLE

24 A SIMPLE WAY TO ADD THE NEW TEMPLATE TO YOUR PRESENTATION 1.Open your presentation > select Slide Sorter view > Select all > Copy 2.Open the file RSATemplateAug2016.potx > select Slide Sorter view 3.Place your cursor after the sample slides, then Paste. Your slides will take on the master of the preceding slide. Adjust any slides which did not convert by clicking on Layout and choosing the right layout. 4.Delete any unused master slides. Save your new file.

Download ppt "CENTRALIZING INCIDENT RESPONSE RSA NetWitness Brana Nikolajevic Sales Specialist / Territory Manager Threat Detection and Response RSA NetWitness."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.

1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
GRC: Aligning Policy, Risk and Compliance

GRC: Aligning Policy, Risk and Compliance

Similar presentations

Ads by Google