Presentation crafting your active security management strategy 3 keys and 4 steps

Crafting Your ActiveSecurity Management Strategy:3 Keys and 4 Steps

1EMC CONFIDENTIAL—INTERNAL USE ONLY

Agenda

• Security Challenges: A Root-Cause Analysis

• 3 Keys to Effective Security Management

• RSA’s 4-Step Approach


EMC eGRC Strategy

Business Business Business Business Continuity Continuity Continuity Continuity

ManagementManagementManagementManagement

Information Information Information Information GovernanceGovernanceGovernanceGovernance

eGRCeGRCeGRCeGRC Business SolutionsBusiness SolutionsBusiness SolutionsBusiness Solutions

Security Security Security Security ManagementManagementManagementManagement


Consulting/Implementation Consulting/Implementation Consulting/Implementation Consulting/Implementation Best Practices Best Practices Best Practices Best Practices

RSA Archer eGRC Management PlatformRSA Archer eGRC Management PlatformRSA Archer eGRC Management PlatformRSA Archer eGRC Management Platform

ManagementManagementManagementManagementGovernanceGovernanceGovernanceGovernanceManagementManagementManagementManagement

You have not maximized your security management program if…

Pop Quiz

You are assessing compliance one regulation at a time

You can’t prioritize your projects by risk


You handle incidents like playing Whack-a-Mole

You have mountains of security data and don’t use it

Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget)

Security Challenges: A Root-Cause Analysis


Traditional Approach

Point ToolPolicy

Team

Network

Point ToolPolicy

Team

Datacenter


Point ToolPolicy

Team

Endpoint

Point ToolPolicy

Team

Applications

Siloed Inflexible Inconsistent Costly

Result: Uncontrolled Risk

Risk = Likelihood × Impact• threats

• vulnerabilities

• value of target

• detection

• response

• value of target


LIKELIHOODLIKELIHOODLIKELIHOODLIKELIHOOD IMPACTIMPACTIMPACTIMPACT

HIGHHIGHHIGHHIGH � �

MEDIUMMEDIUMMEDIUMMEDIUM � �

MEDIUMMEDIUMMEDIUMMEDIUM � �

LOWLOWLOWLOW � �

PRIORITIZE BY RISK:

Business Impact

Increased Exposure to Inhibited Business

Uncontrolled risk leads to…

PlayStation suffers

massive data breach…


• Theft of trade secrets• Headline-making breaches• Fines and penalties

• Virtualization• Consumer web services• Geographic expansion

Increased Exposure to Catastrophic Loss

Inhibited Business Objectives

Security is about…

Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and


cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent.

Hugh Thompson, Chief Security StrategistPeople SecurityPeople SecurityPeople SecurityPeople Security

The 3 Keys to Effective Security Management


#1: Begin and End withBusiness Context

Executive Committee

Audit Committee

Risk Committee

Legal, HR, etc


Security Management

Business Objectives

MonitoringMonitoringMonitoringMonitoringGovernanceGovernanceGovernanceGovernance

PoliciesAuthoritative

SourcesBusiness Criticality

#2: Follow an Integrated ApproachHow?

Security Risk Management

Operations

Understand external and internal threat landscapeIdentify vulnerabilitiesClassify high-value assets

Business Governance

Prioritize work by risk

Define business objectivesDefine business-level risk targetsDefine business-critical assets


Operations Management

Incident Management

Security Management framework: ISO 27001 Risk Management framework: ISO 31000

Prioritize work by riskAdd security controls where neededMaximize monitoring and visibility

Identify security eventsPrioritize by business impactReport to business owners

Reassess business risk and critical assets

#3: Develop a Maturity StrategyWhere do you want to be in 3 years?

Operations

Security RiskManagement

BusinessGovernance

Current state Desired state

Newspaper view of risk

Follow industry practices

Manage business-specific risks

Security buried inside IT

Basic guidelines defined by business

Security is part of every business process


Maturity

OperationsManagement

Incident Management

Tactical Strategic

Siloed monitoring Correlation and prioritization

Advanced analytics

Bare minimum tools Compliance-driven controls

Risk-based controls and monitoring

RSA’s 4-Step Approach


RSA Enables Security Management

Security Risk Management

Operations

Archer Risk and Threat ManagementDLP Risk Remediation Manager and Policy Workflow ManagerNetWitness Spectrum

Business Governance

Archer Enterprise ManagementSolution for Cloud Security and Compliance

Archer Policy ManagementArcher Enterprise ManagementArcher Compliance Management



Security Management framework: ISO 27001 Risk Management framework: ISO 31000

Solution for Cloud Security and ComplianceEMC IonixIntegrations with asset managers

Archer Incident ManagementenVision SIEMDLP (Data Loss Prevention)NetWitness Investigator

Incident Management

Step 1:Security Risk Management

Identification MitigationContext

EstablishmentAssessment


Establishment

Security Risk Management Example:DLP Risk Remediation Manager

Day 4090% of files remediated

Repeatable and continuously monitored

Analyst work space and executive metrics in RRM.

Day 31200 Owners in 43 Countries Identified


Day 130K files discovered by RSA DLP

Day 10RRM sends initial questionnaire to data owners

“The new process was more

than 4 times faster and much

less disruptive to business.”

- EMC CIRC

Step 2:Operations Management

Configuration MonitoringControl

StandardsOperation


Configuration Measurement(40% automated)

Operations Management Example:RSA Solution for Cloud Security and Compliance

Archer

Component Discovery and Population

> 130 VMware Specific Control Procedures


Archer

Connector Framework

enVisionalerts

Control Procedures

>380 log messages

Step 3:Incident Management


Correlation/ Prioritization

InvestigationCollection/Detection

Remediation

Incident Management Example:RSA Solution for Security Incident Management

Context Policy

Connector FrameworkConnector FrameworkConnector FrameworkConnector FrameworkNear Real-time feed into Archer

Incident Dashboards Incident Dashboards Incident Dashboards Incident Dashboards and Workflowand Workflowand Workflowand Workflow

Enterprise and Policy MgrEnterprise and Policy MgrEnterprise and Policy MgrEnterprise and Policy MgrenVision alerts are put in context with

enterprise assets, risk, process, teams, etc.


SIEMSIEMSIEMSIEMFormatted XML data out of enVision Task Triage – Incident details with

associated notes

Near Real-time feed into ArcherPlug-in Architecture for additional incident and compliance solutions

and Workflowand Workflowand Workflowand WorkflowIncidents are assigned in work

queues, workflow automates the case management process. Metrics are rolled up into an executive level

dashboard

“We saved 1,500

hours a month due to

the integration.”

- EMC CIRC

Step 4:Business-Driven Management

IT Risk Management


Incident Management


“MassMutual’s approach to security

is now based on a more current

holistic view of the enterprise.”

- Mike Foley, CIO, MassMutual

Protect• 6,000 employees and PCs

• Thousands of servers and network devices

• 700 applications

• Personal information of more

BEFOREBEFOREBEFOREBEFORE

NEEDSNEEDSNEEDSNEEDS

Managing risk in a financial services firm with $420B in assets

AFTERAFTERAFTERAFTER

More current, holistic view of the enterprise

Faster response to critical threats and potential

Business Driven Customer Success


• Personal information of more than 12 million customers

assets

MassMutual’s approach to security is “now based on a more current holistic view of the enterprise.”

Mike Foley, CIOMassMutual

Information Week Article

See big picture and drill down on specifics

Identify & Prioritize critical risks

Automate risk assessments

exploits

Consolidated all critical IT risks into real time executive dashboards

97.5% cost reduction in the risk analysis process

Leading Products, Better Together

ArcherArcherArcherArcher enVisionenVisionenVisionenVision DLPDLPDLPDLP VMwareVMwareVMwareVMware Integration & SolutionIntegration & SolutionIntegration & SolutionIntegration & Solution

� � Sol’n for Security Incident Mgmt

� � DLP Risk Remediation Manager

� � DLP Policy Workflow Manager

� � Content-aware SIEM

� � � Sol’n for Cloud Security & Compliance


� � � Sol’n for Cloud Security & Compliance

� � � SecurBook for VMware View (VDI)

NetWitness: integrations to be announced!Data Loss Prevention

LeaderSIEM

LeadereGRC

Leader

Take a Strategic Approach with RSA

Step 2:Compliance-Driven

Step 3:IT Risk-Oriented

Step 4:Business-Oriented

• Check-box mentality

• Proactive and assessment based

• Collect data needed to detect advanced threats

• Security fully embedded in enterprise processes

• data fully integrated with business context

• Security tools integrated with business tools

Most organizations are here


Step 1:Legacy

• Security is “necessary evil”

• No monitoring• Reactive and tactical

point products

• Check-box mentality• Collect data needed

for compliance• Tactical tools with

compliance reporting

threats• Security tools

integration providing technical visibility

“Security management is going to

be baked into many layers of

business operations. That’s what

I’m seeing in my organization.”

- Member, RSA Security Management Working Group

Approach

Information

Technology

In Action: Critical Incident Response Center


EMC EMC Critical Incident Response Center, Bedford, MACritical Incident Response Center, Bedford, MA

Business Context VisibilityIntegratedApproach

Process Automation

Next Steps and Resources

• Round Table Discussion on Privacy

• Incident Management Solution Brief

• Privacy Survey

• eGRC White Paper


• eGRC White Paper

• Ovum Research

THANK YOU


These backup slides just provide more product details on the 4 steps


Step 1:Security Risk Management

• Capture and relate risks to business objectives• Import data from vulnerability assessments, threat feeds

ArcherArcherArcherArcher(eGRC)(eGRC)(eGRC)(eGRC)

Identification MitigationContext

EstablishmentAssessment


• Import data from vulnerability assessments, threat feeds• Build and deliver online assessments• Resolve findings to reduce risk to tolerable levels

(eGRC)(eGRC)(eGRC)(eGRC)

• Map DLP policies to business policies• Identify sensitive data in vulnerable locations• Just-in-time education of end-users reduce future risks

DLPDLPDLPDLP

• Risk-based identification of malicious codeNetWitnessNetWitnessNetWitnessNetWitness

Step 2:Operations Management

• Control Standards: 900+ standards • Configuration: 4500+ control procedures

ArcherArcherArcherArcher(eGRC)(eGRC)(eGRC)(eGRC)

Configuration MonitoringControl

StandardsOperation


• Configuration: 4500+ control procedures • Monitoring: 8500+ question library

(eGRC)(eGRC)(eGRC)(eGRC)

• Real-time monitoring from the most event sources• Reporting: 1200+ out of box reports

enVisionenVisionenVisionenVision(SIEM)(SIEM)(SIEM)(SIEM)

Step 3:Incident Management

• Business-level incident management including Legal, HR, BUsArcherArcherArcherArcher

Correlation/ Prioritization

Investigation

enVisionenVisionenVisionenVision

Collection/Detection

Remediation


• Unmatched depth and breadth of event collection• Some of the largest SIEM deployments in the world• Prioritize by vulnerability feeds and watch lists

enVisionenVisionenVisionenVision(SIEM)(SIEM)(SIEM)(SIEM)

• Capture and visualize all network traffic for real time analysis• Unparalleled network forensics

NetWitnessNetWitnessNetWitnessNetWitness

• Data-centric view of policy violations everywhere• Automatically quarantine emails, block file transfers

DLPDLPDLPDLP

Step 4:Business-Driven Management

IT Risk Management


Incident Management

• Central repository for policies, risks,

RSA Archer RSA Archer RSA Archer RSA Archer eGRCeGRCeGRCeGRC SuiteSuiteSuiteSuite


• Central repository for policies, risks, and incidents

• All data presented in business context

• Integration with key security systems

• Comprehensive audits and reports

Presentation crafting your active security management strategy 3 keys and 4 steps

Technology

Transcript of Presentation crafting your active security management strategy 3 keys and 4 steps