Security. Risk Management. Compliance.

Similar documents
NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA NetWitness Suite Respond in Minutes, Not Months

RSA INCIDENT RESPONSE SERVICES

Next Generation Authentication

RSA INCIDENT RESPONSE SERVICES

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA Security Analytics

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE EVOLUTION OF SIEM

Building Resilience in a Digital Enterprise

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

The Transformation in Security How RSA is responding to the Changing Threat Landscape

SIEM Solutions from McAfee

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

RSA IT Security Risk Management

Un SOC avanzato per una efficace risposta al cybercrime

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Transforming IT: From Silos To Services

ANATOMY OF AN ATTACK!

CloudSOC and Security.cloud for Microsoft Office 365

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Managed Endpoint Defense

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

EMC & VMWARE STRATEGIC FORUM NEW YORK MARCH Tom Heiser President, RSA. Tom Corn SVP & Chief Strategy Officer, RSA

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Trend Micro and IBM Security QRadar SIEM

10 FOCUS AREAS FOR BREACH PREVENTION

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

MITIGATE CYBER ATTACK RISK

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

align security instill confidence

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

CipherCloud CASB+ Connector for ServiceNow

FOR FINANCIAL SERVICES ORGANIZATIONS

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

with Advanced Protection

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

CyberArk Privileged Threat Analytics

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Evolution Of Cyber Threats & Defense Approaches

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Seceon s Open Threat Management software

A YEAR OF PURPLE. By Ryan Shepherd

Lessons Learned: A Real Life Data Breach. Jigar Kadakia Partners HealthCare

Security+ SY0-501 Study Guide Table of Contents

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

DEFEATING THE CYBERSECURITY THREAT TO OIL & GAS

McAfee Public Cloud Server Security Suite

Copyright 2011 Trend Micro Inc.

Teradata and Protegrity High-Value Protection for High-Value Data

Comprehensive datacenter protection

Operationalizing the Three Principles of Advanced Threat Detection

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Behavioral Analytics A Closer Look

IBM Security Network Protection Solutions

Not your Father s SIEM

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

AKAMAI CLOUD SECURITY SOLUTIONS

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Business Context: Key for Successful Risk Management

THE ACCENTURE CYBER DEFENSE SOLUTION

SIEM: Five Requirements that Solve the Bigger Business Issues

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

RSA ECAT DETECT, ANALYZE, RESPOND!

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

May the (IBM) X-Force Be With You

Cyber-Threats and Countermeasures in Financial Sector

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

Cybersecurity Roadmap: Global Healthcare Security Architecture

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Cisco s Appliance-based Content Security: IronPort and Web Security

Aktueller Überblick über das RSA Portfolio

Gladiator Incident Alert

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Transcription:

Richard Nichols Netwitness Operations Director, RSA Security. Risk Management. Compliance. 1

Old World: Static Security Static Attacks Generic, Code-Based Static Infrastructure Physical, IT Controlled Static (Bolt-On) Defenses Signature-Based, At Perimeter 2

New World: Advanced Security Hybrid Cloud Public Clouds Advanced Attacks Targeted, Human-Based Dynamic Infrastructure Virtual, User-Centric Dynamic (Built-In) Defenses Analytics & Risk-Based 3

IN THE WORLD OF CLOUD AND BIG DATA TRUST AND SECURITY ARE ESSENTIAL 4

Building Trust In The Cloud Hybrid Cloud Infrastructure Private Public Tenets Of Cloud Security Governance Visibility Controls TRUST 5

RSA Approach GOVERNANCE Manage Business Risk, Policies and Workflows ADVANCED VISIBILITY AND ANALYTICS Collect, Retain and Analyze Internal and External Intelligence INTELLIGENT CONTROLS Rapid Response and Containment Cloud Network Mobility 6

RSA Approach GOVERNANCE RSA Archer egrc Suite ADVANCED VISIBILITY AND ANALYTICS INTELLIGENT CONTROLS RSA NetWitness RSA NetWitness Spectrum RSA envision RSA DLP Suite RSA Adaptive Authentication RSA Access Manager RSA SecurID RSA Transaction Monitoring RSA FraudAction RSA CCI RSA efraud Network RSA NetWitness Live RSA Federated Identity Manager RSA Data Protection RSA DLP Suite RSA BSAFE Cloud Network Mobility 7

Anatomy of an Attack 8

Attack Scenario Phishing emails John received a phishing email that was customized for him. Drive-by Download John clicked on the link and got infected by Trojan from drive-by download. 1 2 Attacker gain access to a critical server Trojan installed backdoor which allows reverse connection to infected machine. Hacker dump password hash and gain access to a critical server via RDP. 3 4 PASSWORD Data ex-filtration Attacker encrypted sensitive files found on the critical server and transfer out via FTP 9

DLP detected file transfer activity MENU DLP Network detects a transfer of encrypted file over FTP protocol 10

Correlation alert triggered from envision MENU EnVision generates alert from two correlated events 1. Successful RDP connection to critical server 2. DLP activity on the same server 11

Incident escalation to Archer Dashboard MENU EnVision alerts sent to RSA Archer via RCF RSA Archer links this incident with business context and prioritize it as HIGH priority 12

Seamless integration to NetWitness MENU Instant integration from Archer Console to NetWitness with two clicks SIEMLink transparently retrieves full session detail from NextGen 13

Spectrum Automated Malware Analysis MENU Spectrum instantly provides detailed analysis of the executable file in question 14

Interactive Analysis with Investigator MENU Context of all network activities to/from critical server Confirm John s machine (192.168.100.142) as source of RDP session 15

Interactive Analysis with Investigator MENU Drill into all network sessions from John s machine Small executable file Transfer over HTTP Suspicious filename & extension Malware?!? Suspicious domain name 16

DLP Network detect a transfer of encrypted file over FTP protocol Lessons Learned Continuous Monitoring Network Segregation Server access restriction 1 2 3 011000001111000010100 0100010100110010010101 0110001000101100010100 1010011001001011111101 011000001111000010100 6 Strong Authentication of users and admin PASSWORD 5 Firewall blocking of FTP transmitting to external unauthorized servers 4 Data encryption or tokenization for sensitive data on server 17

RSA NetWitness what is it and why do I need it? 18

Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized crime Organized, sophisticated supply chains (PII, financial services, retail) Nation state actors PII, government, defense industrial base, IP rich organizations Non-state actors Terrorists PII, Government, critical infrastructure Anti-establishment vigilantes Hacktivists Targets of opportunity 19

Advanced Threats 83% of organizations believe they have been the victim of an Advanced Threats 65% of organizations don t believe they have sufficient resources to prevent Advanced Threats 99% of breaches led to data compromise within days or less 85% of breaches took weeks or more to discover Source: Ponemon Institute Survey Conducted Growing Risk of Advanced Threats Source: Verizon 2012 Data Breach Investigations Report 20

New Security Concept: OFFENSE IN DEPTH Attacker Surveillance Target Analysis Access Probe Attack Set-up System Intrusion Attack Begins Cover-up Starts Discovery / Persistence Leap Frog Attacks Complete Cover-up Complete Maintain foothold Time ATTACKER FREE TIME Need to collapse attacker free time Physical Security Threat Analysis Attack Forecast Defender discovery Monitoring & Controls Attack Identified Incident Reporting Containment & eradication Damage Identification Impact Analysis System Reaction Response Recovery Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/hilf.pdf) 21

RSA NetWitness Is A revolutionary approach to enterprise network monitoring A platform for pervasive visibility into content and behavior Providing precise and actionable intelligence Know Everything. Answer Anything. 22

Know Everything Answer Anything» Why are packed or obfuscated executables being used on our systems?» What critical threats are my Anti-Virus and IPS missing?» I am worried about targeted malware and APTs -- how can I fingerprint and analyze these activities in my environment?» We need to better understand and manage the risks associated with insider threats I want visibility into end-user activity and to be alerted on certain types of behavior?» On our high value assets, how can we have certainty that our security controls are functioning exactly as implemented?» How can I detect new variants of Zeus or other 0day malware on my network?» We need to examine critical incidents as if we had an HD video camera recording it all Invest in Certainty. Invest in Agility. 23

Enabling A Revolution in Network Monitoring NetWitness Product Tour 24

Understanding the NetWitness Network Monitoring Platform Normalized Data, Application Layer Context Network traffic Logs Fusion of Threat Intelligence 25

NetWitness Components APPLICATIONS Informer Visualization, reporting, alerting and live charting server Investigator Enterprise Interactive analysis with NetWitness appliances Live - Real-time integration of the collective intelligence of the world with your data. Spectrum Automated malware prioritization and analysis SIEMLink - Provides immediate access to NetWitness analytics from within your IDS or SIEM console SDK/API - Free for rapid development of any conceivable network analysis application Appliances Decoder - Real-time, distributed, highly configurable network recording appliance (full packet) Concentrator and Broker - Aggregate and analyze data across multiple capture locations; Request-brokering across entire infrastructure Eagle - Portable hybrid appliance combining elements of Decoder, Concentrator and Investigator in a fielddeployable solution 26

Automated Analysis, Reporting and Alerting Informer Flexible dashboard, chart and summary displays for unified view of threat vectors Automated answers to any question: Network Security Security / HR Legal / R&D / Compliance I/T Operations HTML, CSV and PDF report formats included Supports CEF, SNMP, syslog, SMTP data push for full integration in SIEM 27

Getting Answers to the Toughest New Questions Investigator Interactive data-driven session analysis of layer 2-7 content Award-winning, patented, port agnostic session analysis Infinite freeform analysis paths and content /context investigation points Data presented as the user experienced (Web, Voice, Files, Emails, Chats, etc.) Supports massive data-sets Instantly navigate terabytes of data - analysis that once took days, now takes minutes Freeware Version used by over 50,000 security experts worldwide 28

Signature-Free, Automated Malware Analysis, Prioritization, and Workflow Spectrum Mimics the techniques of leading malware analysts Leverages NetWitness Live by fusing information from leading threat intelligence and reputation services Utilizes NetWitness pervasive network monitoring capability for full network visibility Provides transparency and efficiency to malware analytic processes by delivering complete answers 29

Threat Intelligence Delivery System Live Automate insight into advanced threats Leverages global security community to correlate and illuminate the most pertinent information Fuses intelligence with your network data in real-time Solutions to problem-sets: Advanced threats Malware BOTNets Policy/Audit Enterprise Monitoring Fraud User Attribution Risk prioritization Prioritized and detailed reporting 30

Thank you! 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback