RSA The security division of EMC Visibilidad total en el entorno de seguridad Javier Galvan Systems Engineer Mexico & NOLA 1
When we talk about threats we MUST talk about Indicator Of Compromise 2
Indicator Of Compromise Unusual Outbound Network Traffic Look for suspicious traffic leaving the network. It's not just about what comes into your network, it's about outbound traffic as well. Features Detect non-standard, obfuscated, or tunneled traffic Detect abnormal activity in endpoints Detect or restrict large file transfers to suspicious destinations 1Indicator of compromise 3
Indicator Of Compromise Anomalies In Privileged User Account Activity Changes in the behavior of privileged users can indicate that the user account in question is being used by someone else to establish a beachhead in your network Features Detect privilege escalation Detect attempted use of disabled credentials Auditing user access rights 2Indicator of compromise 4
Indicator Of Compromise Web Traffic With Unhuman Behavior How often do you open 20 or 30 browser windows to different sites simultaneously? Are you able to click in milliseconds? Features Detecting non-standard user agents Detecting direct to IP requests Detecting non-human click stream 3Indicator of compromise 5
Reduce Attacker Free Time Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Discovery/ Persistence Cover-up Starts Leap Frog Attacks Complete Cover-up Complete Maintain foothold TIME ATTACKER FREE TIME TIME Physical Security Threat Analysis Defender Discovery Attack Forecast Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) Monitoring & Controls Attack Identified Containment & Eradication Incident Reporting Impact Analysis Damage Identification System Reaction Response Recovery 6
Characteristics of Security Maturity Model RISK VISIBILITY Step 1: Threat Defense Step 2: Compliance and Defense-in-Depth Step 3: Risk-Based Security Step 4: Business-Oriented 7
RSA Security Management Compliance Vision Delivering Visibility, Intelligence and Governance 8
RSA Identity Management & Governance Identities Visibility 9
RSA IDENTITY MANAGEMENT & GOVERNANCE A PHASED APPROACH Visibility & Certification Policy Management Access Request Role & Group Management Account & Entitlement Collection Segregation of Duties Access Request Portal Role Discovery & Definition Access Reviews Joiners, Movers, and Leavers Role Maintenance Data Visibility Compliance Controls Policy-Based Change Management Group Analysis & Cleanup 10
RSA Security Analytics Logs, Network and Malware visibility 11
RSA Security Analytics: Unified platform for security monitoring, incident investigations and compliance reporting SIEM Compliance Reports Device XMLs Log Parsing RSA Security Analytics Fast & Powerful Analytics Logs & Packets Unified Interface Analytics Warehouse Network Security Monitoring High Powered Analytics Big Data Infrastructure Integrated Intelligence SEE DATA YOU DIDN T SEE BEFORE, UNDERSTAND DATA YOU DIDN T EVEN CONSIDER BEFORE 12
Logs 13
Packets 14
15
RSA Live 16
Malware Analysis Likely Zero-Day Static Analysis NetWitness NextGen Sandbox Analysis Likely Sandbox Aware Malware Community Highly Likely Malware 17
RSA Web Threat Detection Online Channel Visibility 18
Web Threat Detection Criminals Look Different than Customers Velocity Page Sequence Origin Contextual Information Proprietary and Confidential To Silver Tail Systems 19
Web Threat Detection Complete Web Session Intelligence & Application Layer Threat Visibility Beginning of Web Session Login Financial Transaction Checkout and Logout Vulnerability Probing DDOS Attacks Site Scraping New Account Registration Fraud Promotion Abuse Parameter Injection Password Guessing Man In The Browser Access From High Risk Country Account Takeover Unauthorized Account Activity Man In The Middle High Risk Checkout 20
RSA Archer egrc Business Visibility 21
RSA Archer egrc Governance, Risk and Compliance 1. Enterprise Management 2. Policy Management 3. Risk Management 4. Incidents Management 5. Threats Management 6. Compliance Management 7. Business Continuity Management 8. Vendors Management 9. Audit Management 10. Vulnerability Risk Management (VRM) 11. Security Operations Management (SecOps) 22
RSA Archer egrc 23
Dashboards & Reports 24
Big Data Transforms Security 25