getting ahead of advanced threats - infocom security · title title 44 point verdana all caps...
TRANSCRIPT
1 © Copyright 2012 EMC Corporation. All rights reserved.
Getting Ahead of Advanced Threats
Advanced Security Solutions for Trusted IT
Chezki Gil – Territory Manager Israel & Greece
2 © Copyright 2012 EMC Corporation. All rights reserved.
Threats are Evolving Rapidly
Nation state
actors
PII, government, defense industrial base, IP rich organizations
Criminals
Petty criminal
s
Organized crime
Organized, sophisticated supply chains (PII, financial services, retail)
Unsophisticated
Non-state actors
Terrorists
Anti-establishment vigilantes
“Hacktivists” Targets of opportunity
PII, Government, critical infrastructure
3 © Copyright 2012 EMC Corporation. All rights reserved.
Business & IT are evolving rapidly too…
4 © Copyright 2012 EMC Corporation. All rights reserved.
Traditional Security is Not Working
Source: Verizon 2012 Data Breach Investigations Report
99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time
85% of breaches took “weeks” or more to
discover
5 © Copyright 2012 EMC Corporation. All rights reserved.
Signature-based
Compliance Driven
Perimeter oriented
Traditional Security is
Unreliable
6 © Copyright 2012 EMC Corporation. All rights reserved.
Agile Risk-Based Contextual
Effective Security Systems need to be:
7 © Copyright 2012 EMC Corporation. All rights reserved.
Resource Shift: Budgets and People
Today’s Priorities
Prevention 80%
Monitoring 15%
Response 5%
Prevention 80%
Monitoring 15%
Response 5%
Prevention 33%
Intelligence-Driven Security
Monitoring 33%
Response 33%
8 © Copyright 2012 EMC Corporation. All rights reserved.
Attack Begins
System Intrusion
Attacker Surveillance
Cover-up Complete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
Attack Set-up
Discovery/ Persistence
Maintain foothold
Cover-up Starts
Attack Forecast
Physical Security
Containment & Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response
Threat Analysis
Attack Identified
Incident Reportin
g
Need to collapse free time
Reducing Attacker Free Time
ATTACKER FREE TIME
TIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
9 © Copyright 2012 EMC Corporation. All rights reserved.
How do Advanced Threats impact the business?
10 © Copyright 2012 EMC Corporation. All rights reserved.
The Aftermath of an Advanced Attack
• Hard costs hurt
– Emergency cleanup costs
– Regulatory penalties
– Customer restitution
– Business process re-engineering
• Soft costs really hurt
– Missed opportunity due to cleanup
focus
– Loss of customer confidence
– Decline in employee morale &
goodwill
11 © Copyright 2012 EMC Corporation. All rights reserved.
What is the approach for the future?
12 © Copyright 2012 EMC Corporation. All rights reserved.
Comprehensive
Visibility
“See everything
happening in my
environment and
normalize it”
High Powered
Analytics
“Give me the speed and
smarts to discover and
investigate potential
threats in near real time”
Big Data
Infrastructure
“Need a fast and scalable
infrastructure to conduct
short term and long term
analysis”
Integrated
Intelligence
“Help me understand what
to look for and what others
have discovered”
Today’s Security Requirements
13 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Security Analytics: Changing The Security Management Status Quo Unified platform for security monitoring, incident investigations and compliance reporting
SIEM Compliance Reports
Device XMLs
Log Parsing
Network
Security
Monitoring High Powered Analytics
Big Data Infrastructure
Integrated Intelligence
RSA Security
Analytics Fast & Powerful
Analytics
Logs & Packets
Unified Interface
Analytics Warehouse
SEE DATA YOU DIDN’T SEE BEFORE, UNDERSTAND DATA YOU DIDN’T EVEN CONSIDER BEFORE
14 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Live Integrated Intelligence How Do I Know What To Look For?
Gathers advanced threat intelligence and content from
the global security
community & RSA FirstWatch ®
Aggregates & consolidates the most pertinent information and
fuses it with your organization's
data
Automatically
distributes correlation rules,
blacklists, parsers, views,
feeds
Operationalize Intelligence: Take advantage of what others have already found and apply against your current and historical data
15 © Copyright 2012 EMC Corporation. All rights reserved.
THE ANALYTICS
Reporting and Alerting Investigation
Malware Analytics
Administration
Complex Event Processing Free Text Search Correlation Metadata Tagging
RSA LIVE INTELLIGENCE SYSTEM Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions
Incident Management
Asset Criticality
Compliance
REAL-TIME
LONG-TERM
EUROPE
NORTH AMERICA
ASIA
Enrichment Data
Logs
Packets
DIS
TRIB
UTED
CO
LLECTIO
N
WAREHOUSE
Security Analytics Architecture