RSA Business Resiliency Management - Dell EMC · Reduces reliance on hard copies ... – Click to...
-
Upload
duongkhanh -
Category
Documents
-
view
212 -
download
0
Transcript of RSA Business Resiliency Management - Dell EMC · Reduces reliance on hard copies ... – Click to...
1 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Business Resiliency Management
Preparing for the Inevitable
RSA Security Summit München, Deutschland May 19, 2014 Gerald Pernack RSA Archer eGRC Solution Consultant>
2 © Copyright 2014 EMC Corporation. All rights reserved.
Where is Business Continuity Today?
Frequency
Cost
Damage
Complexity
Most companies have business continuity and IT disaster recovery programs, but are they positioned to keep up with
changes constantly affecting the organization?
3 © Copyright 2014 EMC Corporation. All rights reserved.
The Impending Disaster?
How Prepared is the Organization?
Growing number of man-made and natural disasters
Regulations with BCM requirements are multiplying
24/7 service delivery requirements
Domino effect from globalization and highly complex supply chains
More complex and frequent disruptive events lead to a need for better crisis management
– Operational incidents – IT disruptions – Security breaches
We believe organizations today face inevitable and almost constant disruptions but are not prepared to deal with the
variety, speed or impact of events.
4 © Copyright 2014 EMC Corporation. All rights reserved.
We must build resiliency into the way business is done - through business priority, end-to-end
approaches and on collaboration
The New World of Business Resiliency The magnitude and impact of today’s disruptions are driving businesses to realize that business recovery is not enough.
5 © Copyright 2014 EMC Corporation. All rights reserved.
Collaborative and Prepared
We Need to Change our Approach…
Crisis Management
IT Business Continuity
Business Operations
Independent and Reactive
To be prepared now for the inevitable and develop a strategy for resiliency.
6 © Copyright 2014 EMC Corporation. All rights reserved.
Analysis
Visibility + Analysis =
Intelligent Resilience
Priority + Action =
Metrics
Results + Metrics =
Visibility
We provide solutions that turn disruptions into intelligent information that drives priority, results and progress
towards resiliency
Action
Noise
Progress
Results
Priority
7 © Copyright 2014 EMC Corporation. All rights reserved.
Enables organizations to:
establish business context for resiliency
prepare for IT and business disruptions
catalog and resolve operational incidents
manage crisis events and communications
reducing the risk of IT and business disruptions, harmful operational events and significant business crises.
Business Resiliency Management
Crisis Management
Business Continuity
Information Technology
Business Operations
…Not a single answer but rather a solution leveraging people, process, and technology as a force multiplier.
8 © Copyright 2014 EMC Corporation. All rights reserved.
Gain resources & visibility
Maintain cooperation & priority
Reactive Intelligent Proactive
Maturity
Recovery silo’ed recovery planning,
little business context, stale reporting
Continuity combined business and IT
focus, recovery to continuity, root causes
Resiliency fully risk aware, proactive
analysis, operational & differentiating
Reduce duplicative tasks
Manage known & emerging risks
Planning Your Journey
9 © Copyright 2014 EMC Corporation. All rights reserved.
Business Resiliency Management
Test BC/DR and Crisis Management Plans, Automate Plan Maintenance and Train Key Resources
Establish Business Context for Resiliency
Manage Crisis Events, Activate Plans and Notify Key Parties
Perform Risk Assessments and Business Impact Analyses to determine recovery
priorities
Manage Operational Incidents, Catalog, Resolve and Trend
Document BC/DR Recovery Plans, Strategies and Tasks
Improving the Lifecycle…
10 © Copyright 2014 EMC Corporation. All rights reserved.
Establishing Business Context and Priority for Resiliency
Catalog business hierarchy establishing organizational structure for resiliency reporting
Catalog business processes, products and services, IT assets, information, facilities and contacts
Measure, decompose and track business criticality of relationships
Understand and manage relationships between business and IT infrastructure
11 © Copyright 2014 EMC Corporation. All rights reserved.
Risk and Business Impact Analysis
BCM Risk Register helps identify, evaluate and mitigate risks
Business Impact Analysis enables evaluation of criticality of processes and assets and determine RPOs and RTOs
Prioritize business processes based on:
– Financial Impact – Operational Impact – Regulatory Impact – Reputation Impact
12 © Copyright 2014 EMC Corporation. All rights reserved.
Business Continuity & Disaster Recovery
Centrally manage BC and DR plans
Associate plans to business processes, risks, BIAs, and IT assets
Leverage call trees and specific recovery strategies and tasks
Document results of BC/DR plan ownership, workflow and testing
13 © Copyright 2014 EMC Corporation. All rights reserved.
Business Continuity Mobile Application
BCM Mobile Application for iPhone and iPad enables users to view business continuity or disaster recovery plans and associated strategies, tasks, calling trees, and requirements
Reduces reliance on hard copies
Key technical features: – Secure authentication – Off-line availability of encrypted data – Click to call, email, and text functionality from the app – Regular data synchronization – URI convenience
14 © Copyright 2014 EMC Corporation. All rights reserved.
Crisis Management
Report crisis events that occur anywhere you do business
Quickly capture the details of a crisis, including the time of occurrence, event location, type and severity
Communicate crisis information and leverage emergency notifications and call trees
Manage activated BC/DR plans
15 © Copyright 2014 EMC Corporation. All rights reserved.
Incident Management
Identify events that may escalate to incidents
Prioritize incidents based on business impact
Manage the investigation and resolution process end-to-end
Report on incident management, trends, status and impact
Relate incidents with crisis events for better causal analysis
16 © Copyright 2014 EMC Corporation. All rights reserved.
Better prepared for disruptions
• Visibility & business context • Incident prioritization • Monitor KPIs • Identify gaps & improve
Coordinate BC/DR, Crisis & Incident efforts
• Aligned BC/DR Plans • Coordinated Crisis Management • Reduce costs • Automation
Manage Business Resiliency Risk
• Highest risks planned for • manage response from minor
operational issue to Crisis • Built in operational resiliency
The Value of Business Resiliency Management
Business/IT Recovery
Breach/ Incident Coordinator
Business Owner/CIO
17 © Copyright 2014 EMC Corporation. All rights reserved.
RSA IT Security Risk Management
Adding Insight to Security
18 © Copyright 2014 EMC Corporation. All rights reserved.
Where is Security Today?
Companies have built layer upon layer of security, but is it helping?
Complexity
Data
Breaches
Damage
19 © Copyright 2014 EMC Corporation. All rights reserved.
We believe that doing the right thing should be obvious but for today's IT security organizations it is too often hidden.
Lack of Insight [The Noise Factor]
Web Vulnerability
OS Configuration
Patch Management
Device Vulnerability
Anti-Virus/Malware
Logical Access
IPS/IDS
Physical Access
Firewalls
VPNs
SEIM/Packets
8:02 AM – Malware infection on 10.1.2.30 8:30 AM – Voice mail from colleague re: new hacker group 9:00 AM – Meeting with QSA re: last week’s vulnerability scan 11:15 AM – Vulnerability scan on DMZ completed 11:30 AM – Meeting with XYZ department on new application being installed next week 12:00 PM – Company just like us announced major breach 12:02 PM – CVE-2014-123 just released 1:45 PM – Meeting with audit committee re: security risks 2:00 PM – System outage at Phoenix branch 2:15 PM – Weird(?) network traffic reported by network team 2:53 PM – Malware outbreak on multiple machines 3:00 PM – New contractor onboarding 3:20 PM – Present Security awareness training to new employees 4:15 PM – Industry ISAC security conference call 4:32 PM – HR reports social engineering attempt 5:07 PM – Port scan on 192.168.3.45 6:07 PM – Security policy meeting 8:02 PM – Malware infection on 10.10.2.32 8:30 PM – Multiple failed login attempts on 192.168.100.23 11:15 PM – Vulnerability scan found 142 critical vulnerabilities 12:00 AM – Malware infection on 10.2.3.45 12:02 AM – Sun just released a new patch to JRE 5.4.3.2
Inappropriate access attempt on top secret information?
Do we have a compliance issue?
Is this a high risk business function?
What are the executive concerns?
Meaningless virus infection?
Is this a coordinated advanced attack?
Defense in Depth
Which of these are most
important?
20 © Copyright 2014 EMC Corporation. All rights reserved.
It will become increasingly difficult to secure infrastructure
The New World of Security
We must focus on people, the flow of data and on transactions
21 © Copyright 2014 EMC Corporation. All rights reserved.
Improve monitoring and response capabilities.
Prevention
Monitoring Response
We Need to Change our Approach…
Defense in Depth Security
Prevention
Monitoring Response
Prevention
Intelligence-Driven Security
Monitoring Response
22 © Copyright 2014 EMC Corporation. All rights reserved.
Found
IT Security Risk Solutions
IT Security Risk Management
Scan Results
Business Context
Threat InteL Integrations Workflow
Remediation Workflow
Threat Correlation
Gold Build Images
Incidents & Investigations
Breach Management
Crisis Management
SOC Management
Reporting
Prev
enta
tive R
esponsive
Indicators and Metrics
Foundation
23 © Copyright 2014 EMC Corporation. All rights reserved.
Devices
Issue
Vulnerability
Patch
1
2
3
5
Vulnerability Scanner
4 What does this mean for business risk? What about my most valuable assets?
Are we improving? Do we have the right coverage?
What happens if the threats change? Can I get more protection quickly?
CISO, is left wondering:
Trying to avoid the vulnerability pit…
Vulnerability Management Today
24 © Copyright 2014 EMC Corporation. All rights reserved.
Vulnerability Risk Management allows enterprises to proactively manage IT
security risks through the combination of asset business context, actionable threat
intelligence, vulnerability assessment results, and comprehensive workflow.
What is VRM?
25 © Copyright 2014 EMC Corporation. All rights reserved.
RSA VRM DATA WAREHOUSE INDEXING
RAW DATA STORAGE NORMALIZATION
VULNERABILITY ANALYTICS
INVESTIGATIVE UI
ANALYTICS ENGINE
DATA COLLECTOR
IT Security Analyst CISO
Devices Findings
Exceptions KPIs
VRM
Vuln. Scan Results (Qualys, McAfee)
Vuln. Data Pubs (NVD CVE)
Threat Intelligence (US-CERT)
Asset Taxonomies (NVD CPE)
Other Asset Data (CSV, CMDB, Etc.) Administrator
ARCHER VULNERABILITY RISK MANAGEMENT
INTEGRATION WITH GRC
REPORTING AND DASHBOARDS
WORKFLOW
Vulnerability Risk Management
26 © Copyright 2014 EMC Corporation. All rights reserved.
Asset Discovery and Management Know what you have
Issue Prioritization
Issue Lifecycle Tracking Do the right thing
Exception and SLA Management
Dashboards and Reporting Measure effectiveness, not just activity
Measure and Report KPIs
IT Security Analyst
IT Administrator CISO
27 © Copyright 2014 EMC Corporation. All rights reserved.
Found
IT Security Risk Solutions
IT Security Risk Management
Scan Results
Business Context
Threat InteL Integrations Workflow
Remediation Workflow
Threat Correlation
Gold Build Images
Incidents & Investigations
Breach Management
Crisis Management
SOC Management
Reporting
Prev
enta
tive R
esponsive
Indicators and Metrics
Foundation
28 © Copyright 2014 EMC Corporation. All rights reserved.
Lack of Context Lack of Process Lack of Best Practices
Event focused and reactive with no centralization of alerts or incident management…
SOC Challenges Today
29 © Copyright 2014 EMC Corporation. All rights reserved.
Incident Management
Breach Management
SOC Program
Management
IT Security Risk
Management
Dom
ain
Sec
urity
Ope
ratio
ns
Man
agem
ent
People
Process
Technology Orchestrate &
Manage
What is SecOps?
Consistent, predictable business process
30 © Copyright 2014 EMC Corporation. All rights reserved.
RSA SecOps
Aggregate Alerts to Incidents
Incident Response
Breach Response
SOC Program
Management
Dashboard & Report
RSA Archer Enterprise
Management (Context)
RSA Archer BCM
(Crisis Events)
ALERTS
CONTEXT
Capture & Analyze – Packets, Logs & Threat Feeds
LAUNCH TO SA
Security Operations Management
31 © Copyright 2014 EMC Corporation. All rights reserved.
Enable SOC/IR Analysts to Be More Effective
Incident Prioritization Visibility & Biz Context Workflow to guide IR process Threat Intelligence Response Procedures
Optimize SOC Investments
Automation Monitor KPIs Identify gaps & improve Measure Security Controls Manage SOC Team
Manage IT Security & Business Risk
Data Breach Management Enterprise Risk Vendor Risk Compliance Risk … and more
The Value of Security Operations
IT Security Analyst
Incident Coordinator CISO