Post on 01-May-2018
1 © Copyright 2014 EMC Corporation. All rights reserved.
Aktueller Überblick über das RSA Portfolio
Intelligence-Driven Security
RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland
2 © Copyright 2014 EMC Corporation. All rights reserved.
Agenda
1. Understand the elements
2. Pack the right equipment
3. Respect the environment
4. Acclimatize
5. Persevere
3 © Copyright 2014 EMC Corporation. All rights reserved.
Archer Risikomanagement SecurID
Web Access Management Transaction Signing
Federation
Certificate Manager
Governance
Security Authentication Manager
Adaptive Auth for eCommerce
Mob i l i t y
FRI
Vulnerability Risk Management Virtualization
Fraud Action enVision
GRC
Adaptive Authentication
AMX BSAFE
Cyber Crime Intelligence
3D Secure
eFraud Network
Transaction Monitoring
Data Loss Prevention
Data Protection Manager SMC
ACD Cybercrime
Cloud Security
ECAT Enterprise Compromise Assessment Tool
Secu r i ty Ana ly t i c s
Web Threat Detection
Business Continuity
IdAM
Aveksa Directory
4 © Copyright 2014 EMC Corporation. All rights reserved.
Mainframe, Mini Computer Terminals
LAN/Internet Client/Server PC
Mobile Cloud Big Data Social Mobile Devices
MILLIONS OF USERS
THOUSANDS OF APPS
HUNDREDS OF MILLIONS OF USERS
TENS OF THOUSANDS OF APPS
BILLIONS OF USERS
MILLIONS OF APPS
Source: IDC, 2012
2010
1990
1970
5 © Copyright 2014 EMC Corporation. All rights reserved.
Innovation!– People - Technology- Processes Picture Source: Wacker Chemie
6 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Solution & Product Focus Areas Advanced Security Operations
Governance, Risk, & Compliance
Fraud & Risk Intelligence
Identity & Data Protection
Advanced Security Operations
Governance, Risk, & Compliance
Fraud & Risk Intelligence
Identity & Access Management
Detecting and Stopping Advanced
Threats
Securing the Interactions Between
People and Information
Preventing Online Fraud and Cybercrime
Understanding Organizational
Risk & Compliance
7 © Copyright 2014 EMC Corporation. All rights reserved.
Advanced Security Operations • Security Analytics • ECAT [Enterprise Compromise Assessment Tool]
8 © Copyright 2014 EMC Corporation. All rights reserved.
Advanced Security Operations at Work EMC Critical Incident Response Center
EMC Critical Incident Response Center, Bedford, MA
• Surveillance of worldwide approx. 500 Subsidiaries, 1400 Security Devices and 250.000 Endpoints
• 5 Data Centers, 500 Applications, 97% virtualized, 7PB of Storage
• RSA Products in use: • Archer eGRC Platform • Security Analytics • Enterprise Compromise
Assessment Tool (ECAT) • enVision SIEM • Data Loss Prevention, …
• Advanced Analytics build on EMC Pivotal SA
Business Context Visibility Integrated Approach Process Automation
9 © Copyright 2014 EMC Corporation. All rights reserved.
Current Challenges
• Event Focused, Reactive, Ad hoc!
• Lack Context & Threat Intelligence
• Lack of Process & Automation
• Lack of Best Practices
• Unable to Report on KPIs & KRIs
• Lack Mapping to Security & Biz Risk
L1 Analyst L2 Analyst Threat Intel Analyst
SOC Manager CISO
Multiple User Interfaces for Managing Security Alerts
10 © Copyright 2014 EMC Corporation. All rights reserved.
Should be a quick investigation for a SOC!
Received by 1046 EMC employees
17 employees clicked on the link within
Two people clicked through our security warning
11 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Critical Incident Response Solution
RSA Live Intelligence Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions
SharePoint
File Servers
Databases
NAS/SAN
Endpoints
RSA Archer eGRC
RSA ECAT
RSA Security Operations
Management
Windows Clients/Servers
Incident Management
Breach Management
SOC Program Management
IT Risk Management
RSA Vulnerability
Risk Management
12 © Copyright 2014 EMC Corporation. All rights reserved.
Incident Response
Endpoint Visibility
& Analysis
Additional Business & IT Context
Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions RSA LIVE INTELLIGENCE
Capture Time Data
Enrichment
INDEXING & COMPRESSION
PACKET METADATA
Distributed Data
Collection
PACKETS
LIVE
LIVE
LIVE PARSING &
METADATA TAGGING
LOGS
LOG METADATA
Reporting & Alerting
Investigation & Forensics
Compliance
Malware Analysis
Intelligence Feeds
RSA Security Analytics
13 © Copyright 2014 EMC Corporation. All rights reserved.
Indicators Defined To Help Identify Attack Looking for
suspicious protocol behavior?
Communicating with suspicious IP ?
Want to know what they are talking?
Security Analytics can provide Meta Data and deep Insight
14 © Copyright 2014 EMC Corporation. All rights reserved.
Precise Detail and Context with Security Analytics
Service Breakdown
Action Profile
OS & Browser Type
AD User
Target IP Address
Investigator answers anything about the related activities of the targeted computer to obtain a complete frame of reference.
15 © Copyright 2014 EMC Corporation. All rights reserved.
Direct Physical Disk Inspection Live Memory Analysis Full System Inventory
Network Traffic Analysis Application Whitelisting Multi-engine AV Scan Certificate Validation
• Signature-less malware detection • In-depth endpoint visibility • Actionable intelligence for rapid breach detection
Enterprise Compromise Assessment Tool
Scan
Monitor
Analyze
Respond
16 © Copyright 2014 EMC Corporation. All rights reserved.
Governance, Risk & Compliance • RSA Archer eGRC • Security Operations Management • Vulnerability Risk Management
17 © Copyright 2014 EMC Corporation. All rights reserved.
See More, Act Faster, Spend Less RSA Archer eGRC Solutions
Board of Directors
Business Areas
IT Organisation
Dashboards / Reports
Risk Management Internal Controlsystem Vendor Management
Security Management IT-Compliance IT-Risk Management
Employees – Processes – Technology
IT - GRC
eGRC
IT GRC
18 © Copyright 2014 EMC Corporation. All rights reserved.
Risk & Compliance Management
Visibility Collaboration Automation Accountability Efficiency
19 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Archer eGRC Solutions
Business Continuity Audit
Compliance
Vulnerability Risk
Risk Vendor
Policy
Security Operations Incident
Powerful Core Solutions
RSA Archer GRC Foundation
Regulatory Change Mgmt UCF Security Operations Stakeholder Evaluations ISMS Anti-Money Laundering Environmental Health & Safety PCI Code of Federal Regulations
Use Case Specific Solutions
20 © Copyright 2014 EMC Corporation. All rights reserved.
Incident Management
Breach Management
SOC Program
Management
IT Security Risk
Management
RSA Security Operations Management D
omai
n Sec
urity
Ope
ratio
ns
Man
agem
ent
People
Process
Technology Orchestrate &
Manage
Consistent / Predictable Business Process
21 © Copyright 2014 EMC Corporation. All rights reserved.
Centralizing Incident Response Teams
Specialized Team
• Reporting to:
– CSO/CISO CIO
• Consisting of:
– People
– Process
– Technology
Detect, Investigate and Respond
SOC Manager
Tier 2 Analyst
Analysis & Tools Support Analyst
Tier 1 Analyst
Threat Analyst
22 © Copyright 2014 EMC Corporation. All rights reserved.
Device
Issue
Vulnerability
Patch
1
2
3
5
Vulnerability Scanner
4
Brian, IT Security Analyst, runs his vulnerability scanner.
The Vulnerability Scanner finds number of issues on IT systems.
Pages of results are delivered to Alice, IT Administrator, to fix. Patches are pushed out or
configurations are updated to fix the vulnerabilities.
Some patches are missed, don’t fix the problem, or there isn’t enough time to get to them. The vulnerability will sit unaddressed, possibly forever…
The Vulnerability Management Pit
What does this mean for business risk? What about my most valuable assets?
Are we improving? Do we have the right coverage?
What happens if the threats change? Can I get more protection quickly?
Carlos, CISO, is left wondering:
23 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Vulnerability Risk Management
RSA VRM DATA WAREHOUSE INDEXING
RAW DATA STORAGE NORMALIZATION
VULNERABILITY ANALYTICS
ANALYTICS ENGINE
DATA COLLECTOR
ARCHER VULNERABILITY MANAGEMENT
WORKFLOWS
REPORTS
RISK MANAGEMENT
CONNECTION WITH GRC
IT Security Analyst
CISO
Devices Tickets
Exceptions KPIs
VRM
Vuln. Scan Results (Qualys, McAfee)
Vuln. Data Pubs (NVD CVE)
Threat Intelligence (US-CERT)
Asset Taxonomies (NVD CPE)
Other Asset Data (CSV, CMDB, Etc.)
Administrator
24 © Copyright 2014 EMC Corporation. All rights reserved.
Identity und Access Management • RSA Aveksa • RSA Authentication
25 © Copyright 2014 EMC Corporation. All rights reserved.
Identity Management Challenges Business Efficiency and Agility
Rapid Rate of Change Increasing Compliance Requirements Rapid
Rate of Change
Cloud & Mobile
Information Security Team
Applications Data Increasing Complexity and Scale of Infrastructure
Rapid Rate of Change IT Infrastructure
Audit, Risk & Compliance Line of Business
26 © Copyright 2014 EMC Corporation. All rights reserved.
Elements of a Business-Driven IAM Platform How to Meet These Challenges?
Governance
Visibility and Certification
Entitlement Collection and Analysis
Data Ownership Identification
Access Reviews
Policy Management
Segregation of Duties
Compliance Controls
Joiners, Movers, and Leavers
Role and Group Management Role Discovery and
Definition
Group Analysis and Cleanup
Lifecycle Management
Request Management
Access Request Portal
Policy-Based Change Management
SSO On-Premise SSO SaaS SSO Unified, Governance-Driven SSO
Provisioning Task Notification Service Desk Integration
Automated Provisioning
27 © Copyright 2014 EMC Corporation. All rights reserved.
Authentication goes Big Data, Mobile and Biometrics
RSA Authentication Portfolio
28 © Copyright 2014 EMC Corporation. All rights reserved.
Fraud & Risk Intelligence • Web Threat Detection
29 © Copyright 2014 EMC Corporation. All rights reserved.
Web Threat Landscape
• Password Cracking/Guessing • Parameter Injection • New Account Registration Fraud • Advanced Malware (e.g. Trojans) • Promotion Abuse
• Man in the Middle/Browser • Account Takeover • New Account Registration Fraud • Unauthorized Account Activity • Fraudulent Money Movement
• Phishing • Site Scraping • Vulnerability Probing • Layer 7 DDoS Attacks
Fraud
Post-Authentication Threats
InfoSec
Pre-Authentication Threats
Begin Session
Login
Transaction
Logout
In the Wild
Web Threat Landscape
30 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle
Begin Session
Login
Transaction
Logout
In the Wild
Fraud Action & CyberCrime Intelligence
Web Threat Detection
Transaction Monitoring
Adaptive Authentication
Web Threat Landscape
31 © Copyright 2014 EMC Corporation. All rights reserved.
Anomalous Behavior Detection Cyber Criminals Look Different than Online Customers
Sign-in
Homepage My Account
Bill Pay Home
Add Bill Payee Enter Pay Amount
Select Bill Payee
Submit
Checking Account View Checking
Threat Indicators • Velocity • Page Sequence • Origin • Contextual Information
Threat Scores • Velocity • Behavior • Parameter Injection • Man in the Middle • Man in the Browser
32 © Copyright 2014 EMC Corporation. All rights reserved.
Benefits Of Our Approach Incremental and achievable
– New capabilities improve your maturity over time
Risk-driven – Prioritize activity and resources
appropriately
Future proof – Enables response to changes in landscape
not based on adding new products
Agile – Enables the business to take advantage of
new technology and IT-driven opportunities
33 © Copyright 2014 EMC Corporation. All rights reserved.
Thank You Norbert Olbrich norbert.olbrich@rsa.com tel: +49 (170) 992 11 66