What matters in Cyber Security A CTO perspective Dr. Robert W. Griffin Chief Security Architect #RSAemeaSummit 1
What CEOs say Cyber Risk matters! Cyber rated #3 risk in survey of 588 C- and Board-level executives 2
Where is Cyber Risk coming from? Threats Cloud Customers Partners Third-Parties Complex Identities & Access Mobile Employees BYOD On- Prem Shadow IT Fraud & Cybercrime Transformations in Business and IT Costs of Compliance 3
For example, the Internet of Things A Transformation in Opportunity and Risk User Insight Data Collection Data Storage Data Integration Data Management Data Analysis 4 Organizational Insight Cyber Attack 4
DragonFly Cyber Attacks on IoT The 2014 DragonFly attaacks showed how the attackers could use malware to take control of SCADA systems 2- Install malicious update ICS Software House website 1- Compromise DragonFly Attackers SCADA Systems 3- Havex trojan Connect 4- Send Commands Command/Control Server For more info follow the link 5
Pouring money down the drain High Intelligence Value Signaturebased Defenses Low Low Defense Effectiveness High 6
We need a more effective approach High Intelligence Value Signaturebased Defenses Advanced cyber defense Low Low Defense Effectiveness High 7
Advanced Cyber Defense GOVERNANCE, RISK, & COMPLIANCE ANALYTICS Threat Fraud Compliance Identity Cloud DATA LOGS, PACKETS, NETFLOW, ENDPOINT, ID, VULNS, THREAT (INT & EXT) IDENTITY & ACCESS On Prem 8
Example: T-Systems (Germany) Risk Discipline Requirements: Create a consolidated enterprise-wide view of operational and functional risks for senior management Address all classes of risk Engage business users in risk governance Solution: Used ISO 31000 as framework Defined risk ownership Established enterprise-wide risk community Deployed single software solution across enterprise http://www.emc.com/collateral/customer-profiles/h11661-rsa-archer-cp.pdf 9
Risk Discipline Across the Organization CIO & CISO IT Board LOB Executives Business Operations Managers Business IT Security Risk Business Resiliency Regulatory & Corporate Compliance Audit Operational & Enterprise Risk Third Party & Vendor Risk Maturity Common Foundation Silos Managed Advantaged 10
Example: Deutsche Bank (Germany) Identity and Access Governance Deutsche Bank Global SoD Program European Identity Award (May 2013) Requirements: Continuously monitor Segregation of Duties across the enterprise Integrate with existing access management Increase regulatory awareness Solution: Implemented SoD rules to detect conflicts Supported complex elements in rules Designated SoD managers Supported cloud environments Visibility, Cer:fica:on & Policy Automa:on XMDB Roles & Request Management https://www.aveksa.com/news_item/aveksa-customer-wins-prestigious-iam-award-from-leading-it-research-analyst-firm/ 11
Identity and Access Governance Trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity Intelligence Governance Platform Compliance Identity Lifecycle Provisioning Applications/Data/Resources 12
Example: Communication Valley Reply (Italy) Security Analytics Requirements: Efficient, cost-effective management and reporting of security Reduce cost of services delivery Improved MSSP service as competitive advantage Solution: Automatically track and report on client risk and compliance Enhanced incident triage Improved event analysis http://www.emc.com/collateral/customer-profiles/h11982-reply-cp.pdf 13
Security Analytics LIVE Distributed Data Collection PACKETS LOGS Capture Time Data Enrichment PARSING & METADATA TAGGING PACKET METADATA LOG METADATA LIVE Reporting & Alerting Investigation & Forensics Intelligence Feeds Compliance Malware Analysis LIVE Incident Response Endpoint Visibility & Analysis Additional Business & IT Context Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports & Custom Actions 14
Advanced Cyber Defense 15
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.