1 / 14

The Future of the Advance Soc

The Future of the Advance Soc. 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012. Mike Huckaby Senior Director, Global PreSales RSA, The Security Division of EMC. Traditional Security is Not Working.

tevy
Download Presentation

The Future of the Advance Soc

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike Huckaby Senior Director, Global PreSales RSA, The Security Division of EMC

  2. Traditional Security is Not Working 99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time 85% of breaches took “weeks” or more to discover Source: Verizon 2012 Data Breach Investigations Report

  3. Transforming Security address the pervasiveness of dynamic, focused adversaries Advanced Threat Agile Definitive Intelligent Traditional Security Signature-based Perimeter oriented Compliance Driven Advanced Security

  4. Minimum Requirements of Security Management and Compliance Governance Comprehensive Visibility Actionable Intelligence High Speed Analytics Big Data

  5. Critical Questions that need to be Addressed Governance Comprehensive Visibility Actionable Intelligence High Speed Analytics Big Data What Matters? What is going on? How do I address it?

  6. Security Management Compliance Vision Delivering Visibility, Intelligence and Governance

  7. Anatomy of an attack Attacker Surveillance Attack Begins Discovery/ Persistence Attack Set-up Target Analysis Leap Frog Attacks Complete Access Probe System Intrusion Cover-up Starts Cover-up Complete Maintain foothold TIME Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

  8. Anatomy of a response TIME Monitoring & Controls Containment & Eradication Physical Security Response Impact Analysis Incident Reporting Attack Forecast Threat Analysis Recovery System Reaction Defender Discovery Damage Identification Attack Identified Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

  9. Reducing Attacker Free Time Attacker Surveillance Attack Begins Discovery/ Persistence Attack Set-up Target Analysis Leap Frog Attacks Complete Access Probe System Intrusion Cover-up Starts Cover-up Complete Maintain foothold TIME ATTACKER FREE TIME TIME Physical Security Monitoring & Controls Containment & Eradication Response Impact Analysis Incident Reporting Threat Analysis Attack Forecast Recovery System Reaction Defender Discovery Damage Identification Attack Identified Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

  10. Comprehensive Visibility Security Analytics Infrastructure to support collection without limitations Data Loss Prevention Visibility into the location and use of the most critical information assets “Capture and view everything that’s happening in my infrastructure” • Collection without limitations • Ability to collect all types of security data, at scale and from all types of data sources • Unified visibility into the network, logs and threat intelligence • View data about advanced threats from data gathered directly from the network or from affected systems

  11. Agile Analytics Advanced Threat Analysis Reporting and alerting of activity data Alerting and visualization of activity data Investigation Platform Platform for performing rapid investigations Session reconstruction and replay Reduces “Window of Vulnerability” Security Analytics Workbench Automates malware analysis techniques Identify the widest spectrum of malware-based attacks “Enable me to efficiently analyze and investigate potential threats” • Prioritization of threats based upon business impact • Ability to analyze business context of affected systems to identify critical issues • Interactive data-driven investigative analysis • Intuitive tools for investigation presented for rapid analysis. • Real-time detection of zero day threats • Analysis of collected data for characteristics of malicious activity

  12. Actionable Intelligence Threat Intelligence Leverages global security community to correlate and illuminate the most pertinent information Fuses intelligence with your network data in real-time Advanced Threat Management Business context around organizational assets and criticality Workflow around assessing threats and tracking follow up actions “Help me identify targets, threats & incidents” • Correlate data with current threat intelligence • Intelligence from a community of security experts, built into our tools through rules, reports and watch lists • Operationalize threat intelligence for use across the network • Continual updates of the latest threat intelligence • Customizable dashboards with threat, vulnerability and event information

  13. Optimized Incident Management Automated Incident Management Business context around organizational assets and criticality Case management workflow, Executive level dashboard, Key metrics “ Enable me to prioritize and manage these incidents” • Closed-loop incident management process • Workflow system to define and activate response processes, plus tools to track open issues, trends and lessons learned • Business context to better determine impact • Incorporation of business information showing relationship with systems and support of business functions.

More Related