Aktueller Überblick über das RSA Portfolio Intelligence-Driven Security RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland 1
Agenda 1. Understand the elements 2. Pack the right equipment 3. Respect the environment 4. Acclimatize 5. Persevere 2
SMC Web Threat Detection Governance Certificate Manager SecurID Transaction Monitoring Archer Risikomanagement Directory Aveksa efraud Network Authentication Manager Cloud Security Transaction Signing Web Access Management Security Data Protection Manager FRI ata Loss Prevention 3D Secure Mobility Fraud Action Security Analytics envision Vulnerability Risk Management Cybercrime ACD BSAFE ECAT Federation Enterprise Compromise Assessment Tool Adaptive Authentication IdAM Virtualization AMX GRC Adaptive Auth for ecommerce Cyber Crime Intelligence Business Continuity 3
BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 4
Innovation! People - Technology- Processes Picture Source: Wacker Chemie 5
RSA Solution & Product Focus Areas Advanced Security Advanced Security Operations Operations Detecting and Stopping Advanced Threats Understanding Organizational Risk & Compliance Governance, Risk, && Compliance Identity & Access Identity & Data Management Protection Securing the Interactions Between People and Information Preventing Online Fraud and Cybercrime Fraud Fraud & Risk & Risk Intelligence 6
Advanced Security Operations Security Analytics ECAT [Enterprise Compromise Assessment Tool] 7
EMC Critical Incident Response Center Advanced Security Operations at Work EMC Critical Incident Response Center, Bedford, MA Surveillance of worldwide approx. 500 Subsidiaries, 1400 Security Devices and 250.000 Endpoints 5 Data Centers, 500 Applications, 97% virtualized, 7PB of Storage RSA Products in use: Archer egrc Platform Security Analytics Enterprise Compromise Assessment Tool (ECAT) envision SIEM Data Loss Prevention, Advanced Analytics build on EMC Pivotal SA Business Context Process Automation Visibility Integrated Approach 8
Current Challenges SOC Manager CISO L1 Analyst L2 Analyst Threat Intel Analyst Multiple User Interfaces for Managing Security Alerts Event Focused, Reactive, Ad hoc! Lack Context & Threat Intelligence Lack of Process & Automation Lack of Best Practices Unable to Report on KPIs & KRIs Lack Mapping to Security & Biz Risk 9
Should be a quick investigation for a SOC! Received by 1046 EMC employees 17 employees clicked on the link within Two people clicked through our security warning 10
RSA Critical Incident Response Solution Incident Management Breach Management SOC Program Management IT Risk Management SharePoint RSA Vulnerability Risk Management RSA Security Operations Management Windows Clients/Servers File Servers Databases RSA Archer egrc RSA ECAT NAS/SAN Endpoints RSA Live Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 11
RSA Security Analytics Distributed Data Collection PACKETS LOGS Capture Time Data Enrichment PARSING & METADATA TAGGING PACKET METADATA LOG METADATA LIVE INDEXING & COMPRESSION LIVE Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis LIVE Incident Response Endpoint Visibility & Analysis Additional Business & IT Context RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 12
Indicators Defined To Help Identify Attack Looking for suspicious protocol behavior? Communicating with suspicious IP? Want to know what they are talking? Security Analytics can provide Meta Data and deep Insight 13
Precise Detail and Context with Security Analytics Target IP Address Investigator answers anything about the related activities of the targeted computer to obtain a complete frame of reference. Service Breakdown Action Profile AD User OS & Browser Type 14
Enterprise Compromise Assessment Tool Signature-less malware detection In-depth endpoint visibility Actionable intelligence for rapid breach detection Certificate Validation Multi-engine AV Scan Application Whitelisting Network Traffic Analysis Full System Inventory Live Memory Analysis Direct Physical Disk Inspection Scan Monitor Analyze Respond 15
Governance, Risk & Compliance RSA Archer egrc Security Operations Management Vulnerability Risk Management 16
RSA Archer egrc Solutions See More, Act Faster, Spend Less Board of Directors Dashboards / Reports Business Areas IT Organisation egrc IT GRC IT - GRC Risk Management Internal Controlsystem Vendor Management Security Management IT-Compliance IT-Risk Management Employees Processes Technology 17
Risk & Compliance Management Efficiency Visibility Automation Collaboration Accountability 18
RSA Archer egrc Solutions Use Case Specific Solutions Environmental Health & Safety PCI Code of Federal Regulations Stakeholder Evaluations ISMS Anti-Money Laundering Regulatory Change Mgmt UCF Security Operations Policy Incident Security Operations Powerful Core Solutions Risk Vendor Vulnerability Risk Compliance Audit Business Continuity RSA Archer GRC Foundation 19
RSA Security Operations Management Domain Process Security Operations Management People Incident Management Breach Management Orchestrate & Manage SOC Program Management Technology IT Security Risk Management Consistent / Predictable Business Process 20
Centralizing Incident Response Teams Detect, Investigate and Respond Tier 1 Analyst Threat Analyst Tier 2 Analyst Analysis & Tools Support Analyst SOC Manager Specialized Team Reporting to: CSO/CISO CIO Consisting of: People Process Technology 21
The Vulnerability Management Pit Carlos, CISO, is left wondering: What does this mean for business risk? What about my most valuable assets? What happens if the threats change? Can I get more protection quickly? Are we improving? Do we have the right coverage? The Vulnerability Scanner finds number of issues on IT systems. Pages of results are delivered to Alice, IT Administrator, to fix. 2 Issue 3 Patch 4 Patches are pushed out or configurations are updated to fix the vulnerabilities. Some patches are missed, don t fix the problem, or there isn t enough time to get to them. The vulnerability will 5 sit unaddressed, possibly forever Device 1 Vulnerability Scanner Vulnerability Brian, IT Security Analyst, runs his vulnerability scanner. 22
RSA Vulnerability Risk Management VRM IT Security Analyst CISO Vuln. Scan Results (Qualys, McAfee) Vuln. Data Pubs (NVD CVE) Threat Intelligence (US-CERT) VULNERABILITY ANALYTICS ANALYTICS ENGINE DATA COLLECTOR Devices Tickets Exceptions KPIs ARCHER VULNERABILITY MANAGEMENT REPORTS WORKFLOWS Asset Taxonomies (NVD CPE) Other Asset Data (CSV, CMDB, Etc.) Administrator RISK MANAGEMENT CONNECTION WITH GRC RSA VRM DATA WAREHOUSE INDEXING NORMALIZATION RAW DATA STORAGE 23
Identity und Access Management RSA Aveksa RSA Authentication 24
Identity Management Challenges Audit, Risk & Compliance Increasing Compliance Requirements Rapid Rate of Change Line of Business Business Efficiency and Agility Rapid Rate of Change Information Security Team Applications Cloud & Mobile Increasing Complexity and Scale of Infrastructure Rapid Rate of Change IT Infrastructure Data 25
How to Meet These Challenges? Elements of a Business-Driven IAM Platform SSO On-Premise SSO SaaS SSO Unified, Governance-Driven SSO Visibility and Certification Policy Management Role and Group Management Request Management Governance Entitlement Collection and Analysis Data Ownership Identification Segregation of Duties Compliance Controls Role Discovery and Definition Group Analysis and Cleanup Access Request Portal Access Reviews Joiners, Movers, and Leavers Lifecycle Management Policy-Based Change Management Provisioning Task Notification Service Desk Integration Automated Provisioning 26
RSA Authentication Portfolio Authentication goes Big Data, Mobile and Biometrics 27
Fraud & Risk Intelligence Web Threat Detection 28
Web Threat Landscape In the Wild Begin Session Login Transaction Logout Phishing Site Scraping Vulnerability Probing Layer 7 DDoS Attacks InfoSec Pre-Authentication Threats Web Threat Landscape Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement Fraud Post-Authentication Threats 29
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Fraud Action & CyberCrime Intelligence In the Wild Adaptive Authentication Web Threat Detection Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape 30
Anomalous Behavior Detection Cyber Criminals Look Different than Online Customers Threat Indicators Velocity Page Sequence Add Bill Payee Enter Pay Amount Origin Contextual Information Sign-in Threat Scores Velocity Behavior Parameter Injection Man in the Middle Man in the Browser Homepage My Account Bill Pay Home Checking Account Select Bill Payee View Checking Submit 31
Benefits Of Our Approach Incremental and achievable New capabilities improve your maturity over time Risk-driven Prioritize activity and resources appropriately Future proof Enables response to changes in landscape not based on adding new products Agile Enables the business to take advantage of new technology and IT-driven opportunities 32
Thank You Norbert Olbrich norbert.olbrich@rsa.com tel: +49 (170) 992 11 66 33