Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Similar documents
Un SOC avanzato per una efficace risposta al cybercrime

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

RSA Security Analytics

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

Novetta Cyber Analytics

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Integrated, Intelligence driven Cyber Threat Hunting

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

RSA INCIDENT RESPONSE SERVICES

Automated Threat Management - in Real Time. Vectra Networks

RSA ECAT DETECT, ANALYZE, RESPOND!

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

THE EVOLUTION OF SIEM

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Security. Risk Management. Compliance.

BUILDING AND MAINTAINING SOC

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

What matters in Cyber Security

Incident Response Agility: Leverage the Past and Present into the Future

Aktueller Überblick über das RSA Portfolio

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Compare Security Analytics Solutions

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Popular SIEM vs aisiem

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

The Cognito automated threat detection and response platform

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

10x Increase Your Team s Effectiveness by Automating the Boring Stuff

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

SentinelOne Technical Brief

CloudSOC and Security.cloud for Microsoft Office 365

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Built-in functionality of CYBERQUEST

SentinelOne Technical Brief

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Behavioral Analytics A Closer Look

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The Critical Incident Response Maturity Journey

Advanced Endpoint Protection

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Business Context: Key for Successful Risk Management

RSA ADVANCED SOC SERVICES

RSA IT Security Risk Management

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Not your Father s SIEM

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

SIEM Product Comparison

<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Kaspersky Threat Feed Service. <Partner Product>

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Top 10 use cases of HP ArcSight Logger

SYMANTEC DATA CENTER SECURITY

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

THE ACCENTURE CYBER DEFENSE SOLUTION

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Rethinking Security: The Need For A Security Delivery Platform

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Agile Security Solutions

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

How Vectra Cognito enables the implementation of an adaptive security architecture

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security Information & Event Management (SIEM)

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

SIEMLESS THREAT DETECTION FOR AWS

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

The New Era of Cognitive Security

Security Operations 2018: What is Working? What is Not.

The Evolution of : Continuous Advanced Threat Protection

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

GDPR: An Opportunity to Transform Your Security Operations

Symantec Security Monitoring Services

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Office 365 Buyers Guide: Best Practices for Securing Office 365

Transcription:

Key Technologies for Security Operations 2

Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon 2013 Data Breach Investigations Report 78% of breaches took weeks or more to discover 66% took months or more 3

Today s Security Requirements Big Data Infrastructure Need a fast and scalable infrastructure to conduct real time and long term analysis High Powered Analytics Give me the speed and smarts to detect, investigate and prioritize potential threats Comprehensive Visibility See everything happening in myenvironment and understand it Integrated Intelligence Help me understand what to look for and what others have discovered 4

RSA Advanced Security Operations Center RSA Security Operations for Archer 3 rd Party Tools Asset Context Security Operations Managemen Incident Vulnerability t Managemen Risk t Management RSA Security Analytics RSA ECAT Windows Clients/Servers RSA Live Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 5

RSA Security Analytics Unified platform for incident detection, investigations, compliance reporting and advanced security analysis SIEM Log Parsing Compliance Reports Incident Alerts RSA Security Analytics Big Data Infrastructure Comprehensive Visibility High Powered Analysis Intelligence Driven Context Network Security Monitoring Full Packet Capture Capture Time Data Enrichment Deep Dive Investigations 6

Security Analytics Architecture LIVE Distributed Data Collection PACKETS LOGS Capture Time Data Enrichme PARSING nt & METADATA TAGGING PACKET METADATA LOG METADATA LIVE Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis LIVE Incident Response Endpoint Visibility & Analysis Additional Business & IT Context RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 7

SA can coexist with a SIEM Distributed Data Collection PACKETS Capture PARSING & Time Data Enrichme nt PACKET METADATA LIVE METADATA TAGGING LIVE Alerting Investigation & Forensics Malware Analysis Intel Feeds LIVE 3 rd Party SIEM Collection Alerts LOGS Alert Triage Compliance & Reporting Investigations 8

Integrated Intelligence Know What To Look For RSA LIVE INTELLIGENCE SYSTEM Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 1 Gathers advanced threat intelligence and content 2 Aggregates & consolidates data 3 Automatically distributes correlation rules, blacklists, parsers, views, feeds OPERATIONALIZE INTELLIGENCE: Take advantage of what others have already found and apply against your current and historical data 9

Reimagining Security Analysis: Removing Hay vs. Digging For Needles All Network Traffic & Logs Downloads of executables Type does not match extension! Terabytes of data 100% of total Thousands of data points 5% of total Hundreds of data points 0.2% of total Create alerts to/from critical assets A few dozen alerts 10

Example Alert Packing technology destined to host FOLLOWED BY Encrypted traffic to IP registered in blacklisted country Could be an attacker compromising host and stealing data! 11

Logs AND packets Non-RFC compliant traffic destined to host FOLLOWED BY Network interface put in promiscuous mode Could be an attacker compromising a host and installing a sniffer! 12

Incident Detection: Data Ex-filtration Authorized User Logged in to AD ALERT!!... Suspect Network Traffic 1 2 PASSWORD 4 Different user from same IP/Host logged into development test server, then the corporate file server PASSWORD 3 Data ex-filtration 13

RSA ECAT Key Functionality & Benefits File Whitelisting Multi-engine AV scan Certificate Validation Network Traffic analysis Full System Inventory Direct physical disk inspection Live Memory Analysis X-ray view of what s happening on endpoints Identify behavior related to malware Highlight likely infections with Machine Suspect Level (MSL) Quickly triage results to gain actionable intelligence Find other infected machines & gauge scope of breach Forensic data gathering 14

RSA Advanced Cyber Defense Training Security Analyst III Malware Analyst Threat Analyst Tier 3 RSA Malware Analysis RSA Cyber Defense Workshop Security Analyst I Incident Analyst Event Analyst Security Analyst II Incident Handler Forensic Analyst Tier 1 Tier 2 RSA Incident Handling and Response RSA Intelligence Driven Event Analysis RSA Threat Intelligence Prerequisites: Knowledge of operating systems, fundamentals of networking, security concepts RSA Malware Analysis and RSA Threat Intelligence available now. Complete curriculum will be available in Q4 2013. 15

Benefits Identify suspicious events with superior incident detection and threat analysis Investigate potential compromises with more speed, context and analytical firepower Invest in a platform that will grow with you as you move towards a big data security analysis program Demonstrate compliance without detracting from security 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback