Aktueller Überblick über das RSA Portfolio

Similar documents
RSA IT Security Risk Management

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

RSA Web Threat Detection

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

RSA Fraud & Risk Intelligence Solutions

What matters in Cyber Security

Un SOC avanzato per una efficace risposta al cybercrime

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

RSA Web Threat Detection

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

MEETING ISO STANDARDS

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

RSA NetWitness Suite Respond in Minutes, Not Months

EMC & VMWARE STRATEGIC FORUM NEW YORK MARCH Tom Heiser President, RSA. Tom Corn SVP & Chief Strategy Officer, RSA

Business Context: Key for Successful Risk Management

Security. Risk Management. Compliance.

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

FOR FINANCIAL SERVICES ORGANIZATIONS

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

MITIGATE CYBER ATTACK RISK

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

locuz.com SOC Services

Integrated, Intelligence driven Cyber Threat Hunting

Cybersecurity Roadmap: Global Healthcare Security Architecture

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Security Information & Event Management (SIEM)

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.

Operationalizing the Three Principles of Advanced Threat Detection

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

RSA Security Analytics

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Top 10 use cases of HP ArcSight Logger

RSA INCIDENT RESPONSE SERVICES

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Microsoft Security Management

RSA INCIDENT RESPONSE SERVICES

SIEM: Five Requirements that Solve the Bigger Business Issues

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Reinvent Your 2013 Security Management Strategy

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Detect Fraud & Financial Crime

A Risk Management Platform

Qualys Cloud Platform

SIEM Solutions from McAfee

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

10x Increase Your Team s Effectiveness by Automating the Boring Stuff

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Securing Digital Transformation

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

IBM services and technology solutions for supporting GDPR program

Qualys Cloud Platform

Transforming IT: From Silos To Services

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

NEXT GENERATION SECURITY OPERATIONS CENTER

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

GDPR: An Opportunity to Transform Your Security Operations

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

INTELLIGENCE DRIVEN GRC FOR SECURITY

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

SecureVue. SecureVue

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Next Generation Policy & Compliance

CISO as Change Agent: Getting to Yes

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Automated Threat Management - in Real Time. Vectra Networks

Security Operations Centers in Action

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

THE EVOLUTION OF SIEM

Compliance: How to Manage (Lame) Audit Recommendations

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Compare Security Analytics Solutions

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Cloud Customer Architecture for Securing Workloads on Cloud Services

From Managed Security Services to the next evolution of CyberSoc Services

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Transcription:

Aktueller Überblick über das RSA Portfolio Intelligence-Driven Security RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland 1

Agenda 1. Understand the elements 2. Pack the right equipment 3. Respect the environment 4. Acclimatize 5. Persevere 2

SMC Web Threat Detection Governance Certificate Manager SecurID Transaction Monitoring Archer Risikomanagement Directory Aveksa efraud Network Authentication Manager Cloud Security Transaction Signing Web Access Management Security Data Protection Manager FRI ata Loss Prevention 3D Secure Mobility Fraud Action Security Analytics envision Vulnerability Risk Management Cybercrime ACD BSAFE ECAT Federation Enterprise Compromise Assessment Tool Adaptive Authentication IdAM Virtualization AMX GRC Adaptive Auth for ecommerce Cyber Crime Intelligence Business Continuity 3

BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 4

Innovation! People - Technology- Processes Picture Source: Wacker Chemie 5

RSA Solution & Product Focus Areas Advanced Security Advanced Security Operations Operations Detecting and Stopping Advanced Threats Understanding Organizational Risk & Compliance Governance, Risk, && Compliance Identity & Access Identity & Data Management Protection Securing the Interactions Between People and Information Preventing Online Fraud and Cybercrime Fraud Fraud & Risk & Risk Intelligence 6

Advanced Security Operations Security Analytics ECAT [Enterprise Compromise Assessment Tool] 7

EMC Critical Incident Response Center Advanced Security Operations at Work EMC Critical Incident Response Center, Bedford, MA Surveillance of worldwide approx. 500 Subsidiaries, 1400 Security Devices and 250.000 Endpoints 5 Data Centers, 500 Applications, 97% virtualized, 7PB of Storage RSA Products in use: Archer egrc Platform Security Analytics Enterprise Compromise Assessment Tool (ECAT) envision SIEM Data Loss Prevention, Advanced Analytics build on EMC Pivotal SA Business Context Process Automation Visibility Integrated Approach 8

Current Challenges SOC Manager CISO L1 Analyst L2 Analyst Threat Intel Analyst Multiple User Interfaces for Managing Security Alerts Event Focused, Reactive, Ad hoc! Lack Context & Threat Intelligence Lack of Process & Automation Lack of Best Practices Unable to Report on KPIs & KRIs Lack Mapping to Security & Biz Risk 9

Should be a quick investigation for a SOC! Received by 1046 EMC employees 17 employees clicked on the link within Two people clicked through our security warning 10

RSA Critical Incident Response Solution Incident Management Breach Management SOC Program Management IT Risk Management SharePoint RSA Vulnerability Risk Management RSA Security Operations Management Windows Clients/Servers File Servers Databases RSA Archer egrc RSA ECAT NAS/SAN Endpoints RSA Live Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 11

RSA Security Analytics Distributed Data Collection PACKETS LOGS Capture Time Data Enrichment PARSING & METADATA TAGGING PACKET METADATA LOG METADATA LIVE INDEXING & COMPRESSION LIVE Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis LIVE Incident Response Endpoint Visibility & Analysis Additional Business & IT Context RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 12

Indicators Defined To Help Identify Attack Looking for suspicious protocol behavior? Communicating with suspicious IP? Want to know what they are talking? Security Analytics can provide Meta Data and deep Insight 13

Precise Detail and Context with Security Analytics Target IP Address Investigator answers anything about the related activities of the targeted computer to obtain a complete frame of reference. Service Breakdown Action Profile AD User OS & Browser Type 14

Enterprise Compromise Assessment Tool Signature-less malware detection In-depth endpoint visibility Actionable intelligence for rapid breach detection Certificate Validation Multi-engine AV Scan Application Whitelisting Network Traffic Analysis Full System Inventory Live Memory Analysis Direct Physical Disk Inspection Scan Monitor Analyze Respond 15

Governance, Risk & Compliance RSA Archer egrc Security Operations Management Vulnerability Risk Management 16

RSA Archer egrc Solutions See More, Act Faster, Spend Less Board of Directors Dashboards / Reports Business Areas IT Organisation egrc IT GRC IT - GRC Risk Management Internal Controlsystem Vendor Management Security Management IT-Compliance IT-Risk Management Employees Processes Technology 17

Risk & Compliance Management Efficiency Visibility Automation Collaboration Accountability 18

RSA Archer egrc Solutions Use Case Specific Solutions Environmental Health & Safety PCI Code of Federal Regulations Stakeholder Evaluations ISMS Anti-Money Laundering Regulatory Change Mgmt UCF Security Operations Policy Incident Security Operations Powerful Core Solutions Risk Vendor Vulnerability Risk Compliance Audit Business Continuity RSA Archer GRC Foundation 19

RSA Security Operations Management Domain Process Security Operations Management People Incident Management Breach Management Orchestrate & Manage SOC Program Management Technology IT Security Risk Management Consistent / Predictable Business Process 20

Centralizing Incident Response Teams Detect, Investigate and Respond Tier 1 Analyst Threat Analyst Tier 2 Analyst Analysis & Tools Support Analyst SOC Manager Specialized Team Reporting to: CSO/CISO CIO Consisting of: People Process Technology 21

The Vulnerability Management Pit Carlos, CISO, is left wondering: What does this mean for business risk? What about my most valuable assets? What happens if the threats change? Can I get more protection quickly? Are we improving? Do we have the right coverage? The Vulnerability Scanner finds number of issues on IT systems. Pages of results are delivered to Alice, IT Administrator, to fix. 2 Issue 3 Patch 4 Patches are pushed out or configurations are updated to fix the vulnerabilities. Some patches are missed, don t fix the problem, or there isn t enough time to get to them. The vulnerability will 5 sit unaddressed, possibly forever Device 1 Vulnerability Scanner Vulnerability Brian, IT Security Analyst, runs his vulnerability scanner. 22

RSA Vulnerability Risk Management VRM IT Security Analyst CISO Vuln. Scan Results (Qualys, McAfee) Vuln. Data Pubs (NVD CVE) Threat Intelligence (US-CERT) VULNERABILITY ANALYTICS ANALYTICS ENGINE DATA COLLECTOR Devices Tickets Exceptions KPIs ARCHER VULNERABILITY MANAGEMENT REPORTS WORKFLOWS Asset Taxonomies (NVD CPE) Other Asset Data (CSV, CMDB, Etc.) Administrator RISK MANAGEMENT CONNECTION WITH GRC RSA VRM DATA WAREHOUSE INDEXING NORMALIZATION RAW DATA STORAGE 23

Identity und Access Management RSA Aveksa RSA Authentication 24

Identity Management Challenges Audit, Risk & Compliance Increasing Compliance Requirements Rapid Rate of Change Line of Business Business Efficiency and Agility Rapid Rate of Change Information Security Team Applications Cloud & Mobile Increasing Complexity and Scale of Infrastructure Rapid Rate of Change IT Infrastructure Data 25

How to Meet These Challenges? Elements of a Business-Driven IAM Platform SSO On-Premise SSO SaaS SSO Unified, Governance-Driven SSO Visibility and Certification Policy Management Role and Group Management Request Management Governance Entitlement Collection and Analysis Data Ownership Identification Segregation of Duties Compliance Controls Role Discovery and Definition Group Analysis and Cleanup Access Request Portal Access Reviews Joiners, Movers, and Leavers Lifecycle Management Policy-Based Change Management Provisioning Task Notification Service Desk Integration Automated Provisioning 26

RSA Authentication Portfolio Authentication goes Big Data, Mobile and Biometrics 27

Fraud & Risk Intelligence Web Threat Detection 28

Web Threat Landscape In the Wild Begin Session Login Transaction Logout Phishing Site Scraping Vulnerability Probing Layer 7 DDoS Attacks InfoSec Pre-Authentication Threats Web Threat Landscape Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement Fraud Post-Authentication Threats 29

RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Fraud Action & CyberCrime Intelligence In the Wild Adaptive Authentication Web Threat Detection Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape 30

Anomalous Behavior Detection Cyber Criminals Look Different than Online Customers Threat Indicators Velocity Page Sequence Add Bill Payee Enter Pay Amount Origin Contextual Information Sign-in Threat Scores Velocity Behavior Parameter Injection Man in the Middle Man in the Browser Homepage My Account Bill Pay Home Checking Account Select Bill Payee View Checking Submit 31

Benefits Of Our Approach Incremental and achievable New capabilities improve your maturity over time Risk-driven Prioritize activity and resources appropriately Future proof Enables response to changes in landscape not based on adding new products Agile Enables the business to take advantage of new technology and IT-driven opportunities 32

Thank You Norbert Olbrich norbert.olbrich@rsa.com tel: +49 (170) 992 11 66 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback