RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Similar documents
Behavioral Analytics A Closer Look

RSA Security Analytics

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Un SOC avanzato per una efficace risposta al cybercrime

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

RSA INCIDENT RESPONSE SERVICES

THE EVOLUTION OF SIEM

RSA ADVANCED SOC SERVICES

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Security. Risk Management. Compliance.

RSA INCIDENT RESPONSE SERVICES

MITIGATE CYBER ATTACK RISK

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

RSA IT Security Risk Management

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Readiness, Response & Resilence:

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

WHITE PAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESS-DRIVEN SECURITY THREAT DETECTION & RESPONSE OPTIMIZED SIEM

FOR FINANCIAL SERVICES ORGANIZATIONS

with Advanced Protection

WHITEPAPER END-TO-END VISIBILITY: THE FOUNDATION OF BUSINESSDRIVEN SECURITY DETECTING AND RESPONDING TO THE THREATS THAT MATTER MOST TO THE BUSINESS

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

You Can t Stop What You Can t See

Simplify, Streamline and Empower Security with ISecOps

Automated Threat Management - in Real Time. Vectra Networks

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The Critical Incident Response Maturity Journey

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

BUILDING AND MAINTAINING SOC

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Security. Made Smarter.

Reducing the Cost of Incident Response

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Integrated, Intelligence driven Cyber Threat Hunting

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

SIEM Solutions from McAfee

Sustainable Security Operations

Operationalizing the Three Principles of Advanced Threat Detection

Managed Endpoint Defense

Traditional Security Solutions Have Reached Their Limit

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

CloudSOC and Security.cloud for Microsoft Office 365

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

CyberArk Privileged Threat Analytics

SIEM: Five Requirements that Solve the Bigger Business Issues

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Unlocking the Power of the Cloud

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Business Context: Key for Successful Risk Management

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Not your Father s SIEM

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

locuz.com SOC Services

esendpoint Next-gen endpoint threat detection and response

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

NEXT GENERATION SECURITY OPERATIONS CENTER

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The Resilient Incident Response Platform

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

How Vectra Cognito enables the implementation of an adaptive security architecture

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

INTELLIGENCE DRIVEN GRC FOR SECURITY

Imperva CounterBreach

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

The Evolution of : Continuous Advanced Threat Protection

align security instill confidence

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Building Resilience in a Digital Enterprise

Power of the Threat Detection Trinity

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

THE ACCENTURE CYBER DEFENSE SOLUTION

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Symantec Security Monitoring Services

Security Operations Centers in Action

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Transcription:

RSA Advanced Security Operations Richard Nichols, Director EMEA 1

What is the problem we need to solve? 2

Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection deficit Defender Capabilities VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT 3

Why Security Defenses Are Failing The Strategic View The attack surface is expanding Attackers are becoming more sophisticated Existing strategies & controls are failing Security teams are missing attacks Teams need to increase experience & efficiency Tools & processes must adapt to today s threats 4

Evolution of Threat Actors & Detection Implications Threat Actors Firewall IDS/IPS At first, there were HACKS Preventative controls filter known attack paths AntiVirus Malicious Traffic Whitespace Successful HACKS Corporate Assets 5

Evolution of Threat Actors & Detection Implications Threat Actors Firewall IDS/IPS AntiVirus Malicious Traffic More Logs Blocked Session Blocked Session Blocked Session Alert S I E M At first, there were HACKS Preventative controls filter known attack paths Then, ATTACKS Despite increased investment in controls, including SIEM Whitespace Successful ATTACKS Corporate Assets 6

Security Analytics Evolution of Threat Actors & Detection Implications Threat Actors Firewall IDS/IPS Blocked Session Blocked Session Now, successful ATTACK CAMPAIGNS target any and all whitespace. AntiVirus Malicious Traffic Logs Blocked Session Alert Complete visibility into every process and network sessions is required to eradicate the attacker opportunity. Endpoint Visibility Process Network Visibility Network Sessions Unified platform for advanced threat detection & investigations, Corporate Assets 7

How can we address the problem? 8

Shift from Prevention to Detection & Response By 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches up from less than 10% in 2014. --Neil Macdonald and Peter Firstbrook, Gartner, Feb. 12, 2014, Designing an Adaptive Security Architecture for Protection From Advanced Attacks 9

Security Monitoring Must Evolve ENDPOINT TO CLOUD VISIBILITY ADVANCED THREAT DETECTION RAPID INVESTIGATIONS EFFICIENT OPERATIONS Fuse together network, endpoint and system data & threat intelligence for Complete Visibility Utilize intelligence, context and Advanced Analytics to highlight potential incidents from normal activity Leverage Visibility to Investigate Incidents rapidly and completely such that Prioritized Actions can be taken to mitigate Incidents Incident response, investigations and systems management need to be Easy to Use 10

See More Visibility P E L N Packets, Logs, Endpoints, NetFlow Capture Time Data Enrichment Business & Compliance Context 11

Understand Everything Analysis Correlate Multiple Data Sources Endpoint Threat Detection Out-of-the-box Content Big Data & Data Science 12

Investigate & Remediate Faster Action Prioritized & Unified Analyst Workflow Investigate down to finest details Integrate SOC Best Practices 13

Enabling Better Detection with Content Monthly Reports and Analytics content to deliver more value to customers. Over 195 application rules, 75 correlation rules. Several high profile specific threat updates: Heartbleed, IE9 Zero Day Game Over Zeus Shell crew Boleto Fraud Ring Many More in the Pipeline Future focus on Identity, Cloud and Expanded Threat Indicators SA Nailed it! RSA Security Analytics provided us the best view of attempts and issues on our network, better than any other product. 14

RSA Advanced SOC RSA SecOps CONTEXT ALERTS Incident Response Breach Response 3 rd Party Systems LAUNCH FOR INVESTIGATIONS Aggregate Alerts to Incidents SOC Program Management Dashboard & Report RSA Archer Enterprise Management (Context) RSA Archer Enterprise Risk BCM (Optional) 15

Resource Shift Needed: Budgets & People Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 16

Beyond Technology 17

RSA Advanced Cyber Defense Services Incident Response Rapid breach response & SLA-based retainer Strategy & Roadmap Review and recommendations NextGen Security Operations Technical consulting to transform from reactive to proactive 18

See Everything. Fear Nothing. EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback