TITLE 44 POINT META NORMAL LF ALL CAPS - Dell EMC · PDF fileRSA enVision generates alert from...
Transcript of TITLE 44 POINT META NORMAL LF ALL CAPS - Dell EMC · PDF fileRSA enVision generates alert from...
1 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Sustaining Trust in the Digital World
2 © Copyright 2012 EMC Corporation. All rights reserved.
IN 2011 THE DIGITAL UNIVERSE WILL SURPASS
1.8 ZETTABYTES 1,800,000,000,000,000,000,000
3 © Copyright 2012 EMC Corporation. All rights reserved.
$
4 © Copyright 2012 EMC Corporation. All rights reserved.
5 © Copyright 2012 EMC Corporation. All rights reserved.
6 © Copyright 2012 EMC Corporation. All rights reserved.
are the New Perimeter People
7 © Copyright 2012 EMC Corporation. All rights reserved.
had email addresses compromised by malware
60% OF FORTUNE 500
Source : RSA Security Brief, February 2011 “Malware and the Enterprise”
Threat Landscape
8 © Copyright 2012 EMC Corporation. All rights reserved.
Threat Landscape
88% of Fortune 500 had
BOTNET ACTIVITY associated with their networks
Source : RSA Security Brief, February 2011 “Malware and the Enterprise”
9 © Copyright 2012 EMC Corporation. All rights reserved.
Threat Landscape
were created last year alone
Source : RSA Security Brief, February 2011
ONE-THIRD of malware in existence today Of the 60 million variants
10 © Copyright 2012 EMC Corporation. All rights reserved.
Advanced Threats
of organizations believe they have been the victim of an Advanced
Threats
83% of organizations don’t believe they have
sufficient resources to prevent Advanced Threats
65%
Source: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”
of breaches led to data compromise within “days” or less
91% of breaches took “weeks”
or more to discover
79%
Source: Verizon 2011 Data Breach Investigations Report
11 © Copyright 2012 EMC Corporation. All rights reserved.
Must learn to live in a
state of compromise
Constant compromise does not mean constant loss
12 © Copyright 2012 EMC Corporation. All rights reserved.
Advanced Security
Response Versus Operations Today’s Processes Do Not Address Advanced Threats
Compliance Policy
Controls Test
Report Fix
Intelligent Identify Analyze Respond
• Rules-based • Siloed • Audited
• Risk-based • Contextual • Agile
13 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Approach
GOVERNANCE
INTELLIGENT CONTROLS
ADVANCED VISIBILITY AND ANALYTICS
Cloud Mobility Network
Rapid Response and Containment
Collect, Retain and Analyze Internal and External Intelligence
Manage Business Risk, Policies and Workflows
14 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Approach
GOVERNANCE
INTELLIGENT CONTROLS
ADVANCED VISIBILITY AND ANALYTICS
Cloud Mobility Network
• RSA Archer eGRC Suite
• RSA NetWitness • RSA NetWitness
Spectrum • RSA enVision • RSA DLP Suite
• RSA FraudAction • RSA Cyber Crime Intelligence • RSA eFraud Network • RSA NetWitness Live
• RSA Adaptive Authentication
• RSA Access Manager • RSA SecurID • RSA Transaction
Monitoring
• RSA Federated Identity Manager
• RSA Data Protection • RSA DLP Suite • RSA BSAFE
15 © Copyright 2012 EMC Corporation. All rights reserved.
trust in the digital world
16 © Copyright 2012 EMC Corporation. All rights reserved.
Meeting our Customers’ Challenges
Managing IT Risk
Proving Compliance
Managing Fraud
Managing Advanced Threats
17 © Copyright 2012 EMC Corporation. All rights reserved.
1
Phishing emails John receives a phishing email that was customized for him.
18 © Copyright 2012 EMC Corporation. All rights reserved.
1
Phishing emails John receives a phishing email that was customized for him.
MENU
19 © Copyright 2012 EMC Corporation. All rights reserved.
2
Drive-by download John clicks on the link and gets infected by Trojan from drive-by download.
John’s machine
20 © Copyright 2012 EMC Corporation. All rights reserved.
Attacker gains access to a critical server
Trojan installs backdoor which allows reverse connection to infected machine Hacker dumps password hash and gains access to a critical server via RDP.
3
RDP
● ● ● ● ● ● ● ●
PASSWORD
John’s machine
Critical Server
21 © Copyright 2012 EMC Corporation. All rights reserved.
Data ex-filtration Attacker encrypts sensitive files found on the critical server and transfers out via FTP
4
External Server
22 © Copyright 2012 EMC Corporation. All rights reserved.
Attack Scenario Phishing emails John received a phishing email that was customized for him.
Drive-by Download John clicked on the link and got infected
by Trojan from drive-by download.
Attacker gain access to a critical server
Trojan installed backdoor which allows reverse connection to infected machine.
Hacker dump password hash and gain access to a critical server via RDP.
Data ex-filtration Attacker encrypted sensitive files found on the critical server and transfer out via FTP
2
3
● ● ● ● ● ● ● ● PASSWORD 4
1
23 © Copyright 2012 EMC Corporation. All rights reserved.
DLP detects file transfer activity
DLP Network detects a transfer of encrypted file over FTP protocol
24 © Copyright 2012 EMC Corporation. All rights reserved.
Correlation alert triggered from enVision
RSA enVision generates alert from two correlated events 1. Successful RDP connection to
critical server 2. DLP activity on the same server
25 © Copyright 2012 EMC Corporation. All rights reserved.
Incident escalation to Archer Dashboard
• RSA enVision alerts sent to RSA Archer via RCF
• RSA Archer links this incident with business context and prioritize it as HIGH priority
26 © Copyright 2012 EMC Corporation. All rights reserved.
Seamless integration to NetWitness
• Instant integration from Archer Console to NetWitness with two clicks
• SIEMLink transparently retrieves full session detail from NextGen
27 © Copyright 2012 EMC Corporation. All rights reserved.
Spectrum Automated Malware Analysis
Spectrum instantly provides detailed analysis of the executable file in question
28 © Copyright 2012 EMC Corporation. All rights reserved.
Interactive Analysis with Investigator
Context of all network activities to/from critical server
Confirm John’s machine (192.168.100.142) as source of RDP session
29 © Copyright 2012 EMC Corporation. All rights reserved.
Interactive Analysis with Investigator
• Small executable file • Transfer over HTTP • Suspicious filename & extension • Malware?!?
Drill into all network sessions from John’s machine
Suspicious domain name
30 © Copyright 2012 EMC Corporation. All rights reserved.
0100010100110010010101
What you need to do
Continuous monitoring
Data encryption or tokenization for sensitive data on server
3
4
6
1
Network segregation
2
5 ● ● ● ● ● ● ● ● PASSWORD
0110001000101100010100 1010011001001011111101 011000001111000010100
011000001111000010100
Server access restriction
Strong authentication of users and admin
User education and awareness
31 © Copyright 2012 EMC Corporation. All rights reserved.
Benefits of RSA Advanced Security System
Complete visibility of security environment
Ability to identify real-time attacks
Rapid response to minimize attack window
32 © Copyright 2012 EMC Corporation. All rights reserved.