RSA IT Security Risk Management

Similar documents
Aktueller Überblick über das RSA Portfolio

Reinvent Your 2013 Security Management Strategy

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Business Context: Key for Successful Risk Management

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

RSA NetWitness Suite Respond in Minutes, Not Months

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

INTELLIGENCE DRIVEN GRC FOR SECURITY

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

Un SOC avanzato per una efficace risposta al cybercrime

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

locuz.com SOC Services

Integrated, Intelligence driven Cyber Threat Hunting

Operationalizing the Three Principles of Advanced Threat Detection

Nebraska CERT Conference

RSA Security Analytics

Unlocking the Power of the Cloud

The Resilient Incident Response Platform

From Managed Security Services to the next evolution of CyberSoc Services

Think Like an Attacker

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

FOR FINANCIAL SERVICES ORGANIZATIONS

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Top 10 use cases of HP ArcSight Logger

IBM Proventia Management SiteProtector Sample Reports

Sustainable Security Operations

RSA ADVANCED SOC SERVICES

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Automating the Top 20 CIS Critical Security Controls

GDPR: An Opportunity to Transform Your Security Operations

Building Resilience in a Digital Enterprise

SIEMLESS THREAT DETECTION FOR AWS

Think Like an Attacker

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Managed Security Services - Endpoint Managed Security on Cloud

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Security Metrics Framework

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Cyber Resilience. Think18. Felicity March IBM Corporation

ForeScout Extended Module for Splunk

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Readiness, Response & Resilence:

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Total Protection for Compliance: Unified IT Policy Auditing

What makes a good KRI? Using FAIR to discover meaningful metrics

Simplify, Streamline and Empower Security with ISecOps

NEXT GENERATION SECURITY OPERATIONS CENTER

BUILDING AND MAINTAINING SOC

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Digital Defense Frontline VM 6.0

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

MITIGATE CYBER ATTACK RISK

The McGill University Health Centre (MUHC)

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

A Practical Guide to Efficient Security Response

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

SecureVue. SecureVue

SIEM Solutions from McAfee

THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION

RSA INCIDENT RESPONSE SERVICES

Incident Response Agility: Leverage the Past and Present into the Future

4/13/2018. Certified Analyst Program Infosheet

Transforming Security from Defense in Depth to Comprehensive Security Assurance

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Security. Risk Management. Compliance.

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

BETTER Mobile Threat Defense (BMTD)

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Threat Centric Vulnerability Management

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

align security instill confidence

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Enterprise GRC Implementation

Security Architecture

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Make IR Effective with Risk Evaluation and Reporting

A Risk Management Platform

SECURITY OPERATION CENTER - Models, Strategies and development - By Ali Mohammadi Desember 12,13, 2017

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

CyberArk Privileged Threat Analytics

Security. Made Smarter.

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

How to construct a sustainable vulnerability management program

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Transcription:

RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1

Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity Data Breaches Damage 2

Lack of Insight [The Noise Factor] We believe that doing the right thing should be obvious but for today's IT security organizations it is too often hidden. Web Vulnerability OS Configuration Patch Device Vulnerability Anti-Virus/Malware SEIM/Packets Logical Access IPS/IDS VPNs Firewalls Physical Access Defense in Depth 8:02 AM Malware infection on 10.1.2.30 8:30 AM Voice mail from colleague re: new hacker group 9:00 AM Meeting with QSA re: last week s vulnerability scan 11:15 AM Vulnerability scan on DMZ completed 11:30 AM Meeting with XYZ department on new application being installed next week 12:00 PM Company just like us announced major breach 12:02 PM CVE-2014-123 just released 1:45 PM Meeting with audit committee re: security risks 2:00 PM System outage at Phoenix branch 2:15 PM Weird(?) network traffic reported by network team 2:53 PM Malware outbreak on multiple machines 3:00 PM New contractor onboarding 3:20 PM Present Security awareness training to new employees 4:15 PM Industry ISAC security conference call 4:32 PM HR reports social engineering attempt 5:07 PM Port scan on 192.168.3.45 6:07 PM Security policy meeting 8:02 PM Malware infection on 10.10.2.32 8:30 PM Multiple failed login attempts on 192.168.100.23 11:15 PM Vulnerability scan found 142 critical vulnerabilities 12:00 AM Malware infection on 10.2.3.45 12:02 AM Sun just released a new patch to JRE 5.4.3.2 Do we have a compliance issue? Is this a high risk business function? Which of these are most important? What are the executive concerns? Is this a coordinated advanced attack? Inappropriate access attempt on top secret information? Meaningless virus infection? 3

The New World of Security It will become increasingly difficult to secure infrastructure We must focus on people, the flow of data and on transactions 4

We Need to Change our Approach Improve monitoring and response capabilities. Monitoring Response Monitoring Response Prevention Prevention Defense in Depth Security Intelligence-Driven Security Copyright 2012 EMC Corporation. All rights reserved. 5

Signal Clarity and Amplification We provide solutions that disrupt the noise, bring clarity to the signal to amplify your decisions. Visibility Noise Visibility + Analysis = Priority Analysis Priority + Action = Results Action Metrics Results + Metrics = Progress 6

IT Security Risk not a single answer but rather a solution leveraging people, process, and technology as a force multiplier. Enables organizations to: establish business context for security Security Policies establish security policies and standards detect and respond to attacks identify and remediate security deficiencies Security Compliance Threat & Vulnerability reducing the risk of today s security threats; poor, misaligned security practices; and operational security compliance failures. Security Strategy Security Operations 7

Preventative IT Security Risk Solutions Vulnerability Preventative Risk Scan Results IT Security Risk Indicators and Metrics Remediation Workflow Threat Correlation RSA Archer egrc Gold Build Images Measure Outcomes Responsive Incidents & Investigations Breach Crisis SOC Responsive Assets IT Context Regulatory Biz Context Data Foundation Catalogs Foundational Identity CVE/CVSS CPE Threat Intel CWE CCE UCF Login/Logout Repositories Integrations Focused UIs Persona Based UI Interactive Charts Searching and Filtering Workflow Ticketing Reports Exceptions Notifications 9

Vulnerability Today Trying to avoid the vulnerability pit The Vulnerability Scanner finds number of issues on IT systems. Pages of results are delivered to Alice, IT Administrator, to fix. 2 Issue 3 Patch 4 Patches are pushed out or configurations are Carlos, updated CISO, to fix is left wondering: the vulnerabilities. 5 What does this mean for business risk? What about my Some most patches valuable are assets? missed, don t What fix the happens problem, if the or threats there change? isn t enough Can I get time more to get protection to them. quickly? The vulnerability Are we improving? will sit Do we have unaddressed, the right coverage? possibly forever Devices Vulnerability 1 Vulnerability Scanner Brian, IT Security Analyst, runs his vulnerability scanner. 10

What is VRM? Vulnerability Risk allows enterprises to proactively manage IT security risks through the combination of asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflow. 11

Vulnerability Risk VRM IT Security Analyst CISO Vuln. Scan Results (Qualys, McAfee) VULNERABILITY ANALYTICS ARCHER VULNERABILITY RISK MANAGEMENT Vuln. Data Pubs (NVD CVE) Threat Intelligence (US-CERT) INVESTIGATIVE UI ANALYTICS ENGINE Devices Findings Exceptions KPIs INTEGRATION WITH GRC REPORTING AND DASHBOARDS Asset Taxonomies (NVD CPE) Other Asset Data (CSV, CMDB, Etc.) DATA COLLECTOR Administrator WORKFLOW RSA VRM DATA WAREHOUSE INDEXING NORMALIZATION RAW DATA STORAGE 12

The Value of VRM IT Security Analyst IT Administrator CISO Asset Discovery and Issue Prioritization Know what you have Issue Lifecycle Tracking Exception and SLA Dashboards and Reporting Measure and Report KPIs Do the right thing Measure effectiveness, not just activity 13

Preventative IT Security Risk Solutions IT Security Risk Security Scan Results Remediation Workflow Threat Correlation Gold Build Images Indicators and Metrics Operations Incidents & Investigations Breach RSA Archer egrc Crisis SOC Measure Outcomes Responsive Foundation Assets IT Context Regulatory Biz Context Data Catalogs CVE/CVSS CWE CPE CCE Threat Intel UCF Identity Login/Logout Repositories Integrations Focused UIs Persona Based UI Interactive Charts Searching and Filtering Workflow Ticketing Reports Exceptions Notifications 14

SOC Challenges Today Event focused and reactive with no centralization of alerts or incident management Lack of Context Lack of Best Practices Lack of Process 15

Security Operations Domain What is SecOps? Consistent, predictable business process Process People Orchestrate & Manage Technology Incident Breach SOC Program IT Security Risk 16

Security Operations RSA SecOps CONTEXT ALERTS Incident Response Breach Response LAUNCH TO SA Aggregate Alerts to Incidents SOC Program Dashboard & Report Capture & Analyze Packets, Logs & Threat Feeds RSA Archer Enterprise (Context) RSA Archer BCM (Crisis Events) 17

The Value of SecOps CISO IT Security Analyst Incident Coordinator Enable SOC/IR Analysts to Be More Effective Optimize SOC Investments Manage IT Security & Business Risk Incident Prioritization Visibility & Biz Context Workflow to guide IR process Threat Intelligence Response Procedures Automation Monitor KPIs Identify gaps & improve Measure Security Controls Manage SOC Team Data Breach Enterprise Risk Vendor Risk Compliance Risk and more 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback