What matters in Cyber Security

Transcription

1 What matters in Cyber Security A CTO perspective Dr. Robert W. Griffin Chief Security Architect #RSAemeaSummit 1

2 What CEOs say Cyber Risk matters! Cyber rated #3 risk in survey of 588 C- and Board-level executives 2

3 Where is Cyber Risk coming from? Threats Cloud Customers Partners Third-Parties Complex Identities & Access Mobile Employees BYOD On- Prem Shadow IT Fraud & Cybercrime Transformations in Business and IT Costs of Compliance 3

4 For example, the Internet of Things A Transformation in Opportunity and Risk User Insight Data Collection Data Storage Data Integration Data Management Data Analysis 4 Organizational Insight Cyber Attack 4

5 DragonFly Cyber Attacks on IoT The 2014 DragonFly attaacks showed how the attackers could use malware to take control of SCADA systems 2- Install malicious update ICS Software House website 1- Compromise DragonFly Attackers SCADA Systems 3- Havex trojan Connect 4- Send Commands Command/Control Server For more info follow the link 5

6 Pouring money down the drain High Intelligence Value Signaturebased Defenses Low Low Defense Effectiveness High 6

7 We need a more effective approach High Intelligence Value Signaturebased Defenses Advanced cyber defense Low Low Defense Effectiveness High 7

8 Advanced Cyber Defense GOVERNANCE, RISK, & COMPLIANCE ANALYTICS Threat Fraud Compliance Identity Cloud DATA LOGS, PACKETS, NETFLOW, ENDPOINT, ID, VULNS, THREAT (INT & EXT) IDENTITY & ACCESS On Prem 8

9 Example: T-Systems (Germany) Risk Discipline Requirements: Create a consolidated enterprise-wide view of operational and functional risks for senior management Address all classes of risk Engage business users in risk governance Solution: Used ISO as framework Defined risk ownership Established enterprise-wide risk community Deployed single software solution across enterprise 9

10 Risk Discipline Across the Organization CIO & CISO IT Board LOB Executives Business Operations Managers Business IT Security Risk Business Resiliency Regulatory & Corporate Compliance Audit Operational & Enterprise Risk Third Party & Vendor Risk Maturity Common Foundation Silos Managed Advantaged 10

11 Example: Deutsche Bank (Germany) Identity and Access Governance Deutsche Bank Global SoD Program European Identity Award (May 2013) Requirements: Continuously monitor Segregation of Duties across the enterprise Integrate with existing access management Increase regulatory awareness Solution: Implemented SoD rules to detect conflicts Supported complex elements in rules Designated SoD managers Supported cloud environments Visibility, Cer:fica:on & Policy Automa:on XMDB Roles & Request Management 11

12 Identity and Access Governance Trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity Intelligence Governance Platform Compliance Identity Lifecycle Provisioning Applications/Data/Resources 12

13 Example: Communication Valley Reply (Italy) Security Analytics Requirements: Efficient, cost-effective management and reporting of security Reduce cost of services delivery Improved MSSP service as competitive advantage Solution: Automatically track and report on client risk and compliance Enhanced incident triage Improved event analysis 13

14 Security Analytics LIVE Distributed Data Collection PACKETS LOGS Capture Time Data Enrichment PARSING & METADATA TAGGING PACKET METADATA LOG METADATA LIVE Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis LIVE Incident Response Endpoint Visibility & Analysis Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 14

15 Advanced Cyber Defense 15

16 EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.