Security Operations Centers in Action

Similar documents
The Critical Incident Response Maturity Journey

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Readiness, Response & Resilence:

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

RSA NetWitness Suite Respond in Minutes, Not Months

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Operationalizing the Three Principles of Advanced Threat Detection

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Un SOC avanzato per una efficace risposta al cybercrime

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Reinvent Your 2013 Security Management Strategy

Business Context: Key for Successful Risk Management

RSA Security Analytics

Aktueller Überblick über das RSA Portfolio

4/13/2018. Certified Analyst Program Infosheet

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RSA ADVANCED SOC SERVICES

RSA INCIDENT RESPONSE SERVICES

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

CYBERSECURITY RESILIENCE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA INCIDENT RESPONSE SERVICES

The Evolution of : Continuous Advanced Threat Protection

RSA Cybersecurity Poverty Index

Integrated, Intelligence driven Cyber Threat Hunting

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

A Risk Management Platform

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Introducing Cyber Observer

Bridging the gap: SOC and CSIRT

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Rethinking Information Security Risk Management CRM002

Combating Cyber Risk in the Supply Chain

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

The Resilient Incident Response Platform

CloudSOC and Security.cloud for Microsoft Office 365

Make IR Effective with Risk Evaluation and Reporting

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

State of Security Operations

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

Imperva CounterBreach

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Traditional Security Solutions Have Reached Their Limit

Think Like an Attacker

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

How to Write an MSSP RFP. White Paper

Designing and Building a Cybersecurity Program

FOR FINANCIAL SERVICES ORGANIZATIONS

A Data-Centric Approach to Endpoint Security

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

RSA IT Security Risk Management

NEXT GENERATION SECURITY OPERATIONS CENTER

Consolidation Committee Final Report

Getting Security Operations Right with TTP0

Managed Endpoint Defense

Defense in Depth Security in the Enterprise

Incident Response Agility: Leverage the Past and Present into the Future

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Cloud and Cyber Security Expo 2019

What matters in Cyber Security

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber Resilience. Think18. Felicity March IBM Corporation

RSA Cybersecurity Poverty Index : APJ

A Practical Guide to Efficient Security Response

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

esendpoint Next-gen endpoint threat detection and response

locuz.com SOC Services

RSA ECAT DETECT, ANALYZE, RESPOND!

Trend Micro Deep Discovery and Custom Defence

to Enhance Your Cyber Security Needs

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

SOLUTION BRIEF Virtual CISO

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Doxxing, Dissidents, And. Digital Extortion. Fortify Your Digital Risk Defenses. Nick Hayes, Senior Analyst

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

THE ACCENTURE CYBER DEFENSE SOLUTION

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

SIEM (Security Information Event Management)

K12 Cybersecurity Roadmap

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Upgrade your SOC with Security Analytics and Orchestration

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

CERT Development EFFECTIVE RESPONSE

ForeScout Extended Module for Splunk

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

Transcription:

Security Operations Centers in Action Why? Why Now? How? Matthew Gardiner, Sr. Manager, RSA 1

How to Improve IT Security? Apply What Our Ancestors Knew ~1000 Years Ago! 2

The Need for a Balanced Defensive Approach is Clear How well would a preventive only approach work? Prevention Remediation Monitoring 3

Defensive Command Center = SOC/CIRC To Manage Detection & Investigations & Response SOC/CIRC 4

Moving to Present Day SOC/CIRC Is Now Critical to Improving Your Cyber Defenses 5

Why Have A SOC/CIRC Now? Threats Regularly Overcome Preventive Controls 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time 1 Decrease Dwell Time Attack Identified 2 Speed Response Time Response 6

How to Think About Your CIRC Maturity? Cliché Alert 7

How to Think About Your CIRC Maturity? 3 Interdependent Factors People Process Technology 8

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response 9

How to Think About Your CIRC Maturity? Part Timers Process? Limited Visibility Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response 10

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response Full Timers Critical Assets Visibility & Context 11

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response Specialized Team Cont. Improvement CIRC Tech. Platform 12

What Does a Mature CIRC Look Like? Tier 2 Analyst Tier 1 Analyst Analysis & Tools Support Analyst Threat Intelligence Analyst SOC Manager 13

How to Improve Your CIRC Maturity? People Focus on creating a couple CIRC rockstars Specialize from there as you staff-up Use service providers judiciously to fill gaps RSA provides an analyst training & MSSP enablement program Processes Create them, document them, learn from actual incidents, adjust them, repeat Simulate an incident & your response Measure your CIRC! RSA Advanced Cyber Defense can help here! 14

Technology: RSA Provides Broad CIRC Platform SharePoint Incident Mgmt. Breach Mgmt. SOC Program Mgmt. RSA Security Operations Management Threat Intelligence Management IT Security Risk Mgmt. Windows Clients/Servers File Servers RSA Security Analytics Databases NAS/SAN RSA Data Discovery Enabled by RSA DLP ANALYTICS RSA ECAT Endpoints RSA Live Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 15

This session is largely pulled from this WP http://www.emc.com/collateral/white-papers/h12651-wp-critical-incident-response-maturity-journey.pdf 16

Some Suggested Follow-On Actions Attend the following sessions in the Advanced SOC track Get my white paper It is free! Use the assessment framework to benchmark your CIRC Check out the following industry analysts Gartner Anton Chuvakin & Neil Macdonald Forrester Rick Holland Securosis Mike Rothman ESG Jon Olstik Come visit RSA in Boston Can meet directly with the EMC CIRC management! 17

THANK YOU 18

Assessing Incident Response Maturity Ad hoc Incident Response Operational Thrashing People Inadequate staffing - Everyone is a potential incident responder Processes Is there a process? Roles & Responsibilities? Lessons Learned? Technology Limited visibility & understanding -> Endless re-imaging Emerging Security Organization People Have >0 full-time incident responders Processes Prioritize responses based on high value assets Technology Focused on improving visibility & context Key Force in Security Defense People IR team highly specialized with clearly defined roles (see next slide) Processes Operates with clear governance/run books Technology Have integrated portfolio of CIRC specific tools 20

How to Think About Your CIRC Maturity? Part Timers Process? Limited Visibility Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response Full Timers Critical Assets Visibility & Context Specialized Team Proc. Improvement CIRC Tech. Platform 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback