1. 1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike Huckaby Senior Director, Global PreSales RSA, The Security Division of EMC

2. 2© Copyright 2011 EMC Corporation. All rights reserved. Traditional Security is Not Working Source: Verizon 2012 Data Breach Investigations Report 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover

3. 3© Copyright 2011 EMC Corporation. All rights reserved. Advanced Security Transforming Security address the pervasiveness of dynamic, focused adversaries Traditional Security Signature-based Perimeter oriented Compliance Driven Traditional Security Signature-based Perimeter oriented Compliance Driven Advanced Threat AgileDefinitiveIntelligent AgileDefinitiveIntelligent

4. 4© Copyright 2011 EMC Corporation. All rights reserved. Minimum Requirements of Security Management and Compliance Comprehensive VisibilityActionable IntelligenceGovernance

5. 5© Copyright 2011 EMC Corporation. All rights reserved. Critical Questions that need to be Addressed Comprehensive Visibility Actionable Intelligence Governance What Matters? What is going on? How do I address it?

6. 6© Copyright 2011 EMC Corporation. All rights reserved. Security Management Compliance Vision Delivering Visibility, Intelligence and Governance

7. 7© Copyright 2011 EMC Corporation. All rights reserved. Attack Begins System Intrusion Attacker Surveillance Cover-up Complete Access Probe Leap Frog Attacks Complete Target Analysis TIME Attack Set-up Discovery/ Persistence Maintain foothold Cover-up Starts Anatomy of an attack Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

8. 8© Copyright 2011 EMC Corporation. All rights reserved. TIME Attack Forecast Physical Security Containment & Eradication System Reaction Damage Identification Recovery Defender Discovery Monitoring & Controls Impact Analysis Response Threat Analysis Attack Identified Incident Reporting Anatomy of a response Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

9. 9© Copyright 2011 EMC Corporation. All rights reserved. Attack Begins System Intrusion Attacker Surveillance Cover-up Complete Access Probe Leap Frog Attacks Complete Target Analysis TIME Attack Set-up Discovery/ Persistence Maintain foothold Cover-up Starts Attack Forecast Physical Security Containment & Eradication System Reaction Damage Identification Recovery Defender Discovery Monitoring & Controls Impact Analysis Response Threat Analysis Attack Identified Incident Reporting Reducing Attacker Free Time ATTACKER FREE TIME TIME Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

10. 10© Copyright 2011 EMC Corporation. All rights reserved. Comprehensive Visibility Collection without limitations –Ability to collect all types of security data, at scale and from all types of data sources Unified visibility into the network, logs and threat intelligence –View data about advanced threats from data gathered directly from the network or from affected systems Security Analytics –Infrastructure to support collection without limitations Data Loss Prevention –Visibility into the location and use of the most critical information assets Capture and view everything thats happening in my infrastructure

11. 11© Copyright 2011 EMC Corporation. All rights reserved. Agile Analytics Prioritization of threats based upon business impact –Ability to analyze business context of affected systems to identify critical issues Interactive data-driven investigative analysis –Intuitive tools for investigation presented for rapid analysis. Real-time detection of zero day threats –Analysis of collected data for characteristics of malicious activity Advanced Threat Analysis –Reporting and alerting of activity data –Alerting and visualization of activity data Investigation Platform –Platform for performing rapid investigations –Session reconstruction and replay –Reduces Window of Vulnerability Security Analytics Workbench –Automates malware analysis techniques –Identify the widest spectrum of malware- based attacks Enable me to efficiently analyze and investigate potential threats

12. 12© Copyright 2011 EMC Corporation. All rights reserved. Actionable Intelligence Correlate data with current threat intelligence –Intelligence from a community of security experts, built into our tools through rules, reports and watch lists Operationalize threat intelligence for use across the network –Continual updates of the latest threat intelligence Customizable dashboards with threat, vulnerability and event information Threat Intelligence –Leverages global security community to correlate and illuminate the most pertinent information –Fuses intelligence with your network data in real-time Advanced Threat Management –Business context around organizational assets and criticality –Workflow around assessing threats and tracking follow up actions Help me identify targets, threats & incidents 3 rd party Threat Intell Custom research RulesReports Flex Parsers

13. 13© Copyright 2011 EMC Corporation. All rights reserved. Optimized Incident Management Closed-loop incident management process –Workflow system to define and activate response processes, plus tools to track open issues, trends and lessons learned Business context to better determine impact –Incorporation of business information showing relationship with systems and support of business functions. Automated Incident Management –Business context around organizational assets and criticality –Case management workflow, Executive level dashboard, Key metrics Enable me to prioritize and manage these incidents

14. 14© Copyright 2011 EMC Corporation. All rights reserved. THANK YOU