Aktueller Überblick über das RSA Portfolio · • enVision SIEM • Data Loss Prevention, … •...

1 © Copyright 2014 EMC Corporation. All rights reserved.

Aktueller Überblick über das RSA Portfolio

Intelligence-Driven Security

RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland


Agenda

1. Understand the elements

2. Pack the right equipment

3. Respect the environment

4. Acclimatize

5. Persevere


Archer Risikomanagement SecurID

Web Access Management Transaction Signing

Federation

Certificate Manager

Governance

Security Authentication Manager

Adaptive Auth for eCommerce

Mob i l i t y

FRI

Vulnerability Risk Management Virtualization

Fraud Action enVision

GRC

Adaptive Authentication

AMX BSAFE

Cyber Crime Intelligence

3D Secure

eFraud Network

Transaction Monitoring

Data Loss Prevention

Data Protection Manager SMC

ACD Cybercrime

Cloud Security

ECAT Enterprise Compromise Assessment Tool

Secu r i ty Ana ly t i c s

Web Threat Detection

Business Continuity

IdAM

Aveksa Directory


Mainframe, Mini Computer Terminals

LAN/Internet Client/Server PC

Mobile Cloud Big Data Social Mobile Devices

MILLIONS OF USERS

THOUSANDS OF APPS

HUNDREDS OF MILLIONS OF USERS

TENS OF THOUSANDS OF APPS

BILLIONS OF USERS

MILLIONS OF APPS

Source: IDC, 2012

2010

1990

1970


Innovation!– People - Technology- Processes Picture Source: Wacker Chemie


RSA Solution & Product Focus Areas Advanced Security Operations

Governance, Risk, & Compliance

Fraud & Risk Intelligence

Identity & Data Protection

Advanced Security Operations

Governance, Risk, & Compliance

Fraud & Risk Intelligence

Identity & Access Management

Detecting and Stopping Advanced

Threats

Securing the Interactions Between

People and Information

Preventing Online Fraud and Cybercrime

Understanding Organizational

Risk & Compliance


Advanced Security Operations • Security Analytics • ECAT [Enterprise Compromise Assessment Tool]


Advanced Security Operations at Work EMC Critical Incident Response Center

EMC Critical Incident Response Center, Bedford, MA

• Surveillance of worldwide approx. 500 Subsidiaries, 1400 Security Devices and 250.000 Endpoints

• 5 Data Centers, 500 Applications, 97% virtualized, 7PB of Storage

• RSA Products in use: • Archer eGRC Platform • Security Analytics • Enterprise Compromise

Assessment Tool (ECAT) • enVision SIEM • Data Loss Prevention, …

• Advanced Analytics build on EMC Pivotal SA

Business Context Visibility Integrated Approach Process Automation


Current Challenges

• Event Focused, Reactive, Ad hoc!

• Lack Context & Threat Intelligence

• Lack of Process & Automation

• Lack of Best Practices

• Unable to Report on KPIs & KRIs

• Lack Mapping to Security & Biz Risk

L1 Analyst L2 Analyst Threat Intel Analyst

SOC Manager CISO

Multiple User Interfaces for Managing Security Alerts


Should be a quick investigation for a SOC!

Received by 1046 EMC employees

17 employees clicked on the link within

Two people clicked through our security warning


RSA Critical Incident Response Solution

RSA Live Intelligence Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions

SharePoint

File Servers

Databases

NAS/SAN

Endpoints

RSA Archer eGRC

RSA ECAT

RSA Security Operations

Management

Windows Clients/Servers

Incident Management

Breach Management

SOC Program Management

IT Risk Management

RSA Vulnerability

Risk Management


Incident Response

Endpoint Visibility

& Analysis

Additional Business & IT Context

Threat Intelligence | Rules | Parsers | Alerts | Feeds | Apps | Directory Services | Reports & Custom Actions RSA LIVE INTELLIGENCE

Capture Time Data

Enrichment

INDEXING & COMPRESSION

PACKET METADATA

Distributed Data

Collection

PACKETS

LIVE

LIVE

LIVE PARSING &

METADATA TAGGING

LOGS

LOG METADATA

Reporting & Alerting

Investigation & Forensics

Compliance

Malware Analysis

Intelligence Feeds

RSA Security Analytics


Indicators Defined To Help Identify Attack Looking for

suspicious protocol behavior?

Communicating with suspicious IP ?

Want to know what they are talking?

Security Analytics can provide Meta Data and deep Insight


Precise Detail and Context with Security Analytics

Service Breakdown

Action Profile

OS & Browser Type

AD User

Target IP Address

Investigator answers anything about the related activities of the targeted computer to obtain a complete frame of reference.


Direct Physical Disk Inspection Live Memory Analysis Full System Inventory

Network Traffic Analysis Application Whitelisting Multi-engine AV Scan Certificate Validation

• Signature-less malware detection • In-depth endpoint visibility • Actionable intelligence for rapid breach detection

Enterprise Compromise Assessment Tool

Scan

Monitor

Analyze

Respond


Governance, Risk & Compliance • RSA Archer eGRC • Security Operations Management • Vulnerability Risk Management


See More, Act Faster, Spend Less RSA Archer eGRC Solutions

Board of Directors

Business Areas

IT Organisation

Dashboards / Reports

Risk Management Internal Controlsystem Vendor Management

Security Management IT-Compliance IT-Risk Management

Employees – Processes – Technology

IT - GRC

eGRC

IT GRC


Risk & Compliance Management

Visibility Collaboration Automation Accountability Efficiency


RSA Archer eGRC Solutions

Business Continuity Audit

Compliance

Vulnerability Risk

Risk Vendor

Policy

Security Operations Incident

Powerful Core Solutions

RSA Archer GRC Foundation

Regulatory Change Mgmt UCF Security Operations Stakeholder Evaluations ISMS Anti-Money Laundering Environmental Health & Safety PCI Code of Federal Regulations

Use Case Specific Solutions


Incident Management

Breach Management

SOC Program

Management

IT Security Risk

Management

RSA Security Operations Management D

omai

n Sec

urity

Ope

ratio

ns

Man

agem

ent

People

Process

Technology Orchestrate &

Manage

Consistent / Predictable Business Process


Centralizing Incident Response Teams

Specialized Team

• Reporting to:

– CSO/CISO CIO

• Consisting of:

– People

– Process

– Technology

Detect, Investigate and Respond

SOC Manager

Tier 2 Analyst

Analysis & Tools Support Analyst

Tier 1 Analyst

Threat Analyst


Device

Issue

Vulnerability

Patch

1

2

3

5

Vulnerability Scanner

4

Brian, IT Security Analyst, runs his vulnerability scanner.

The Vulnerability Scanner finds number of issues on IT systems.

Pages of results are delivered to Alice, IT Administrator, to fix. Patches are pushed out or

configurations are updated to fix the vulnerabilities.

Some patches are missed, don’t fix the problem, or there isn’t enough time to get to them. The vulnerability will sit unaddressed, possibly forever…

The Vulnerability Management Pit

What does this mean for business risk? What about my most valuable assets?

Are we improving? Do we have the right coverage?

What happens if the threats change? Can I get more protection quickly?

Carlos, CISO, is left wondering:


RSA Vulnerability Risk Management

RSA VRM DATA WAREHOUSE INDEXING

RAW DATA STORAGE NORMALIZATION

VULNERABILITY ANALYTICS

ANALYTICS ENGINE

DATA COLLECTOR

ARCHER VULNERABILITY MANAGEMENT

WORKFLOWS

REPORTS

RISK MANAGEMENT

CONNECTION WITH GRC

IT Security Analyst

CISO

Devices Tickets

Exceptions KPIs

VRM

Vuln. Scan Results (Qualys, McAfee)

Vuln. Data Pubs (NVD CVE)

Threat Intelligence (US-CERT)

Asset Taxonomies (NVD CPE)

Other Asset Data (CSV, CMDB, Etc.)

Administrator


Identity und Access Management • RSA Aveksa • RSA Authentication


Identity Management Challenges Business Efficiency and Agility

Rapid Rate of Change Increasing Compliance Requirements Rapid

Rate of Change

Cloud & Mobile

Information Security Team

Applications Data Increasing Complexity and Scale of Infrastructure

Rapid Rate of Change IT Infrastructure

Audit, Risk & Compliance Line of Business


Elements of a Business-Driven IAM Platform How to Meet These Challenges?

Governance

Visibility and Certification

Entitlement Collection and Analysis

Data Ownership Identification

Access Reviews

Policy Management

Segregation of Duties

Compliance Controls

Joiners, Movers, and Leavers

Role and Group Management Role Discovery and

Definition

Group Analysis and Cleanup

Lifecycle Management

Request Management

Access Request Portal

Policy-Based Change Management

SSO On-Premise SSO SaaS SSO Unified, Governance-Driven SSO

Provisioning Task Notification Service Desk Integration

Automated Provisioning


Authentication goes Big Data, Mobile and Biometrics

RSA Authentication Portfolio


Fraud & Risk Intelligence • Web Threat Detection


Web Threat Landscape

• Password Cracking/Guessing • Parameter Injection • New Account Registration Fraud • Advanced Malware (e.g. Trojans) • Promotion Abuse

• Man in the Middle/Browser • Account Takeover • New Account Registration Fraud • Unauthorized Account Activity • Fraudulent Money Movement

• Phishing • Site Scraping • Vulnerability Probing • Layer 7 DDoS Attacks

Fraud

Post-Authentication Threats

InfoSec

Pre-Authentication Threats

Begin Session

Login

Transaction

Logout

In the Wild



RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle

Begin Session

Login

Transaction

Logout

In the Wild

Fraud Action & CyberCrime Intelligence

Web Threat Detection

Transaction Monitoring

Adaptive Authentication



Anomalous Behavior Detection Cyber Criminals Look Different than Online Customers

Sign-in

Homepage My Account

Bill Pay Home

Add Bill Payee Enter Pay Amount

Select Bill Payee

Submit

Checking Account View Checking

Threat Indicators • Velocity • Page Sequence • Origin • Contextual Information

Threat Scores • Velocity • Behavior • Parameter Injection • Man in the Middle • Man in the Browser


Benefits Of Our Approach Incremental and achievable

– New capabilities improve your maturity over time

Risk-driven – Prioritize activity and resources

appropriately

Future proof – Enables response to changes in landscape

not based on adding new products

Agile – Enables the business to take advantage of

new technology and IT-driven opportunities


Thank You Norbert Olbrich [email protected] tel: +49 (170) 992 11 66

mailto:[email protected]

Aktueller Überblick über das RSA Portfolio · • enVision SIEM • Data Loss Prevention, … •...

Documents

Transcript of Aktueller Überblick über das RSA Portfolio · • enVision SIEM • Data Loss Prevention, … •...