RSA Business Resiliency Management - Dell EMC · Reduces reliance on hard copies ... – Click to...

1 © Copyright 2014 EMC Corporation. All rights reserved.

RSA Business Resiliency Management

Preparing for the Inevitable

RSA Security Summit München, Deutschland May 19, 2014 Gerald Pernack RSA Archer eGRC Solution Consultant>


Where is Business Continuity Today?

Frequency

Cost

Damage

Complexity

Most companies have business continuity and IT disaster recovery programs, but are they positioned to keep up with

changes constantly affecting the organization?


The Impending Disaster?

How Prepared is the Organization?

Growing number of man-made and natural disasters

Regulations with BCM requirements are multiplying

24/7 service delivery requirements

Domino effect from globalization and highly complex supply chains

More complex and frequent disruptive events lead to a need for better crisis management

– Operational incidents – IT disruptions – Security breaches

We believe organizations today face inevitable and almost constant disruptions but are not prepared to deal with the

variety, speed or impact of events.


We must build resiliency into the way business is done - through business priority, end-to-end

approaches and on collaboration

The New World of Business Resiliency The magnitude and impact of today’s disruptions are driving businesses to realize that business recovery is not enough.


Collaborative and Prepared

We Need to Change our Approach…

Crisis Management

IT Business Continuity

Business Operations

Independent and Reactive

To be prepared now for the inevitable and develop a strategy for resiliency.


Analysis

Visibility + Analysis =

Intelligent Resilience

Priority + Action =

Metrics

Results + Metrics =

Visibility

We provide solutions that turn disruptions into intelligent information that drives priority, results and progress

towards resiliency

Action

Noise

Progress

Results

Priority


Enables organizations to:

establish business context for resiliency

prepare for IT and business disruptions

catalog and resolve operational incidents

manage crisis events and communications

reducing the risk of IT and business disruptions, harmful operational events and significant business crises.

Business Resiliency Management

Crisis Management

Business Continuity

Information Technology

Business Operations

…Not a single answer but rather a solution leveraging people, process, and technology as a force multiplier.


Gain resources & visibility

Maintain cooperation & priority

Reactive Intelligent Proactive

Maturity

Recovery silo’ed recovery planning,

little business context, stale reporting

Continuity combined business and IT

focus, recovery to continuity, root causes

Resiliency fully risk aware, proactive

analysis, operational & differentiating

Reduce duplicative tasks

Manage known & emerging risks

Planning Your Journey


Business Resiliency Management

Test BC/DR and Crisis Management Plans, Automate Plan Maintenance and Train Key Resources

Establish Business Context for Resiliency

Manage Crisis Events, Activate Plans and Notify Key Parties

Perform Risk Assessments and Business Impact Analyses to determine recovery

priorities

Manage Operational Incidents, Catalog, Resolve and Trend

Document BC/DR Recovery Plans, Strategies and Tasks

Improving the Lifecycle…


Establishing Business Context and Priority for Resiliency

Catalog business hierarchy establishing organizational structure for resiliency reporting

Catalog business processes, products and services, IT assets, information, facilities and contacts

Measure, decompose and track business criticality of relationships

Understand and manage relationships between business and IT infrastructure


Risk and Business Impact Analysis

BCM Risk Register helps identify, evaluate and mitigate risks

Business Impact Analysis enables evaluation of criticality of processes and assets and determine RPOs and RTOs

Prioritize business processes based on:

– Financial Impact – Operational Impact – Regulatory Impact – Reputation Impact


Business Continuity & Disaster Recovery

Centrally manage BC and DR plans

Associate plans to business processes, risks, BIAs, and IT assets

Leverage call trees and specific recovery strategies and tasks

Document results of BC/DR plan ownership, workflow and testing


Business Continuity Mobile Application

BCM Mobile Application for iPhone and iPad enables users to view business continuity or disaster recovery plans and associated strategies, tasks, calling trees, and requirements

Reduces reliance on hard copies

Key technical features: – Secure authentication – Off-line availability of encrypted data – Click to call, email, and text functionality from the app – Regular data synchronization – URI convenience


Crisis Management

Report crisis events that occur anywhere you do business

Quickly capture the details of a crisis, including the time of occurrence, event location, type and severity

Communicate crisis information and leverage emergency notifications and call trees

Manage activated BC/DR plans


Incident Management

Identify events that may escalate to incidents

Prioritize incidents based on business impact

Manage the investigation and resolution process end-to-end

Report on incident management, trends, status and impact

Relate incidents with crisis events for better causal analysis


Better prepared for disruptions

• Visibility & business context • Incident prioritization • Monitor KPIs • Identify gaps & improve

Coordinate BC/DR, Crisis & Incident efforts

• Aligned BC/DR Plans • Coordinated Crisis Management • Reduce costs • Automation

Manage Business Resiliency Risk

• Highest risks planned for • manage response from minor

operational issue to Crisis • Built in operational resiliency

The Value of Business Resiliency Management

Business/IT Recovery

Breach/ Incident Coordinator

Business Owner/CIO


RSA IT Security Risk Management

Adding Insight to Security


Where is Security Today?

Companies have built layer upon layer of security, but is it helping?

Complexity

Data

Breaches

Damage


We believe that doing the right thing should be obvious but for today's IT security organizations it is too often hidden.

Lack of Insight [The Noise Factor]

Web Vulnerability

OS Configuration

Patch Management

Device Vulnerability

Anti-Virus/Malware

Logical Access

IPS/IDS

Physical Access

Firewalls

VPNs

SEIM/Packets

8:02 AM – Malware infection on 10.1.2.30 8:30 AM – Voice mail from colleague re: new hacker group 9:00 AM – Meeting with QSA re: last week’s vulnerability scan 11:15 AM – Vulnerability scan on DMZ completed 11:30 AM – Meeting with XYZ department on new application being installed next week 12:00 PM – Company just like us announced major breach 12:02 PM – CVE-2014-123 just released 1:45 PM – Meeting with audit committee re: security risks 2:00 PM – System outage at Phoenix branch 2:15 PM – Weird(?) network traffic reported by network team 2:53 PM – Malware outbreak on multiple machines 3:00 PM – New contractor onboarding 3:20 PM – Present Security awareness training to new employees 4:15 PM – Industry ISAC security conference call 4:32 PM – HR reports social engineering attempt 5:07 PM – Port scan on 192.168.3.45 6:07 PM – Security policy meeting 8:02 PM – Malware infection on 10.10.2.32 8:30 PM – Multiple failed login attempts on 192.168.100.23 11:15 PM – Vulnerability scan found 142 critical vulnerabilities 12:00 AM – Malware infection on 10.2.3.45 12:02 AM – Sun just released a new patch to JRE 5.4.3.2

Inappropriate access attempt on top secret information?

Do we have a compliance issue?

Is this a high risk business function?

What are the executive concerns?

Meaningless virus infection?

Is this a coordinated advanced attack?

Defense in Depth

Which of these are most

important?


It will become increasingly difficult to secure infrastructure

The New World of Security

We must focus on people, the flow of data and on transactions


Improve monitoring and response capabilities.

Prevention

Monitoring Response

We Need to Change our Approach…

Defense in Depth Security

Prevention

Monitoring Response

Prevention

Intelligence-Driven Security

Monitoring Response


Found

IT Security Risk Solutions

IT Security Risk Management

Scan Results

Business Context

Threat InteL Integrations Workflow

Remediation Workflow

Threat Correlation

Gold Build Images

Incidents & Investigations

Breach Management

Crisis Management

SOC Management

Reporting

Prev

enta

tive R

esponsive

Indicators and Metrics

Foundation


Devices

Issue

Vulnerability

Patch

1

2

3

5

Vulnerability Scanner

4 What does this mean for business risk? What about my most valuable assets?

Are we improving? Do we have the right coverage?

What happens if the threats change? Can I get more protection quickly?

CISO, is left wondering:

Trying to avoid the vulnerability pit…

Vulnerability Management Today


Vulnerability Risk Management allows enterprises to proactively manage IT

security risks through the combination of asset business context, actionable threat

intelligence, vulnerability assessment results, and comprehensive workflow.

What is VRM?


RSA VRM DATA WAREHOUSE INDEXING

RAW DATA STORAGE NORMALIZATION

VULNERABILITY ANALYTICS

INVESTIGATIVE UI

ANALYTICS ENGINE

DATA COLLECTOR

IT Security Analyst CISO

Devices Findings

Exceptions KPIs

VRM

Vuln. Scan Results (Qualys, McAfee)

Vuln. Data Pubs (NVD CVE)

Threat Intelligence (US-CERT)

Asset Taxonomies (NVD CPE)

Other Asset Data (CSV, CMDB, Etc.) Administrator

ARCHER VULNERABILITY RISK MANAGEMENT

INTEGRATION WITH GRC

REPORTING AND DASHBOARDS

WORKFLOW

Vulnerability Risk Management


Asset Discovery and Management Know what you have

Issue Prioritization

Issue Lifecycle Tracking Do the right thing

Exception and SLA Management

Dashboards and Reporting Measure effectiveness, not just activity

Measure and Report KPIs

IT Security Analyst

IT Administrator CISO


Found

IT Security Risk Solutions

IT Security Risk Management

Scan Results

Business Context

Threat InteL Integrations Workflow

Remediation Workflow

Threat Correlation

Gold Build Images

Incidents & Investigations

Breach Management

Crisis Management

SOC Management

Reporting

Prev

enta

tive R

esponsive

Indicators and Metrics

Foundation


Lack of Context Lack of Process Lack of Best Practices

Event focused and reactive with no centralization of alerts or incident management…

SOC Challenges Today


Incident Management

Breach Management

SOC Program

Management

IT Security Risk

Management

Dom

ain

Sec

urity

Ope

ratio

ns

Man

agem

ent

People

Process

Technology Orchestrate &

Manage

What is SecOps?

Consistent, predictable business process


RSA SecOps

Aggregate Alerts to Incidents

Incident Response

Breach Response

SOC Program

Management

Dashboard & Report

RSA Archer Enterprise

Management (Context)

RSA Archer BCM

(Crisis Events)

ALERTS

CONTEXT

Capture & Analyze – Packets, Logs & Threat Feeds

LAUNCH TO SA

Security Operations Management


Enable SOC/IR Analysts to Be More Effective

Incident Prioritization Visibility & Biz Context Workflow to guide IR process Threat Intelligence Response Procedures

Optimize SOC Investments

Automation Monitor KPIs Identify gaps & improve Measure Security Controls Manage SOC Team

Manage IT Security & Business Risk

Data Breach Management Enterprise Risk Vendor Risk Compliance Risk … and more

The Value of Security Operations

IT Security Analyst

Incident Coordinator CISO

RSA Business Resiliency Management - Dell EMC · Reduces reliance on hard copies ... – Click to...

Documents

Transcript of RSA Business Resiliency Management - Dell EMC · Reduces reliance on hard copies ... – Click to...