TITLE 44 POINT META NORMAL LF ALL CAPS - Dell EMC · PDF fileRSA enVision generates alert from...

1 © Copyright 2012 EMC Corporation. All rights reserved.

RSA Sustaining Trust in the Digital World


IN 2011 THE DIGITAL UNIVERSE WILL SURPASS

1.8 ZETTABYTES 1,800,000,000,000,000,000,000


$


are the New Perimeter People


had email addresses compromised by malware

60% OF FORTUNE 500

Source : RSA Security Brief, February 2011 “Malware and the Enterprise”

Threat Landscape


Threat Landscape

88% of Fortune 500 had

BOTNET ACTIVITY associated with their networks

Source : RSA Security Brief, February 2011 “Malware and the Enterprise”


Threat Landscape

were created last year alone

Source : RSA Security Brief, February 2011

ONE-THIRD of malware in existence today Of the 60 million variants


Advanced Threats

of organizations believe they have been the victim of an Advanced

Threats

83% of organizations don’t believe they have

sufficient resources to prevent Advanced Threats

65%

Source: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”

of breaches led to data compromise within “days” or less

91% of breaches took “weeks”

or more to discover

79%

Source: Verizon 2011 Data Breach Investigations Report


Must learn to live in a

state of compromise

Constant compromise does not mean constant loss


Advanced Security

Response Versus Operations Today’s Processes Do Not Address Advanced Threats

Compliance Policy

Controls Test

Report Fix

Intelligent Identify Analyze Respond

• Rules-based • Siloed • Audited

• Risk-based • Contextual • Agile


RSA Approach

GOVERNANCE

INTELLIGENT CONTROLS

ADVANCED VISIBILITY AND ANALYTICS

Cloud Mobility Network

Rapid Response and Containment

Collect, Retain and Analyze Internal and External Intelligence

Manage Business Risk, Policies and Workflows


RSA Approach

GOVERNANCE

INTELLIGENT CONTROLS

ADVANCED VISIBILITY AND ANALYTICS

Cloud Mobility Network

• RSA Archer eGRC Suite

• RSA NetWitness • RSA NetWitness

Spectrum • RSA enVision • RSA DLP Suite

• RSA FraudAction • RSA Cyber Crime Intelligence • RSA eFraud Network • RSA NetWitness Live

• RSA Adaptive Authentication

• RSA Access Manager • RSA SecurID • RSA Transaction

Monitoring

• RSA Federated Identity Manager

• RSA Data Protection • RSA DLP Suite • RSA BSAFE


trust in the digital world


Meeting our Customers’ Challenges

Managing IT Risk

Proving Compliance

Managing Fraud

Managing Advanced Threats


1

Phishing emails John receives a phishing email that was customized for him.


1

Phishing emails John receives a phishing email that was customized for him.

MENU


2

Drive-by download John clicks on the link and gets infected by Trojan from drive-by download.

John’s machine


Attacker gains access to a critical server

Trojan installs backdoor which allows reverse connection to infected machine Hacker dumps password hash and gains access to a critical server via RDP.

3

RDP

● ● ● ● ● ● ● ●

PASSWORD

John’s machine

Critical Server


Data ex-filtration Attacker encrypts sensitive files found on the critical server and transfers out via FTP

4

External Server


Attack Scenario Phishing emails John received a phishing email that was customized for him.

Drive-by Download John clicked on the link and got infected

by Trojan from drive-by download.

Attacker gain access to a critical server

Trojan installed backdoor which allows reverse connection to infected machine.

Hacker dump password hash and gain access to a critical server via RDP.

Data ex-filtration Attacker encrypted sensitive files found on the critical server and transfer out via FTP

2

3

● ● ● ● ● ● ● ● PASSWORD 4

1


DLP detects file transfer activity

DLP Network detects a transfer of encrypted file over FTP protocol


Correlation alert triggered from enVision

RSA enVision generates alert from two correlated events 1. Successful RDP connection to

critical server 2. DLP activity on the same server


Incident escalation to Archer Dashboard

• RSA enVision alerts sent to RSA Archer via RCF

• RSA Archer links this incident with business context and prioritize it as HIGH priority


Seamless integration to NetWitness

• Instant integration from Archer Console to NetWitness with two clicks

• SIEMLink transparently retrieves full session detail from NextGen


Spectrum Automated Malware Analysis

Spectrum instantly provides detailed analysis of the executable file in question


Interactive Analysis with Investigator

Context of all network activities to/from critical server

Confirm John’s machine (192.168.100.142) as source of RDP session


Interactive Analysis with Investigator

• Small executable file • Transfer over HTTP • Suspicious filename & extension • Malware?!?

Drill into all network sessions from John’s machine

Suspicious domain name


0100010100110010010101

What you need to do

Continuous monitoring

Data encryption or tokenization for sensitive data on server

3

4

6

1

Network segregation

2

5 ● ● ● ● ● ● ● ● PASSWORD

0110001000101100010100 1010011001001011111101 011000001111000010100

011000001111000010100

Server access restriction

Strong authentication of users and admin

User education and awareness


Benefits of RSA Advanced Security System

Complete visibility of security environment

Ability to identify real-time attacks

Rapid response to minimize attack window

TITLE 44 POINT META NORMAL LF ALL CAPS - Dell EMC · PDF fileRSA enVision generates alert from...

Documents

Transcript of TITLE 44 POINT META NORMAL LF ALL CAPS - Dell EMC · PDF fileRSA enVision generates alert from...