1 / 41

RSA SecurWorld SIEM: Product Introduction

RSA SecurWorld SIEM: Product Introduction. Sales Associate Security Management. Sales Process. Solutions. Product Introduction. Messaging. Instructions for Completing This Training. This training consists of: A self-paced learning format Intuitive UI Player controls

csilvana
Download Presentation

RSA SecurWorld SIEM: Product Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RSA SecurWorldSIEM: Product Introduction Sales Associate Security Management Sales Process Solutions Product Introduction Messaging

  2. Instructions for Completing This Training This training consists of: • A self-paced learning format • Intuitive UI • Player controls • Course continuation • Downloadable course slides and reference docs Note: these reference documents are RSA Confidential.

  3. Course Learning Objectives After completing this course you will be able to: • Articulate the business challenges associated with security information and event management • Identify the measurable impact of the challenges and solution • Explain how the solution works and how to license it • Recognize key solution differentiators • Pursue specific markets, industries, and stakeholders • Describe some solution proof points as evidence

  4. Course Modules • Challenges • Required Capabilities • Impact and Metrics • How It Works • License Model • Differentiators • Target Markets • Decision Makers • Discovery Questions • Integration • Proof Points

  5. Meeting our Customers’ Challenges Top-of-mind Drivers Manage Risk and Threats Throughout Enterprise Prove Compliance Consistently & Affordably Secure Virtualization & Cloud Computing

  6. What We’ve HeardRisk and Threat Management Before Scenarios Required Capabilities Single dashboard for managing risk “Siloed view of risk” Regular feed of current logs and relevant threat information “Security doesn’t address internal and external threats” “Can’t efficiently prioritize threats by their potential impact on the business” Prioritized security events and high-risk alerts from across the IT environment Automated incident and threat management process “Can’t respond quickly enough to incidents” Easy-to-use tools for dashboarding compliance, reporting, forensics analysis “Difficult to prioritize incidents” Comprehensive view of internal and external threats across the IT environment SOLUTION

  7. What We’ve HeardProve Compliance Before Scenarios Required Capabilities “Can’t keep up with changing regulations” Centralized policy system powered by content from a community of experts “Wasting time and money with inefficient, manual processes” Automated compliance process without of the box reports and reporting – streamlined, repeatable system “Not sure if we’re non- compliant” Ability to discover, monitor and protect regulated information with real-time alerting and flexible dashboards and reports for compliance “No way to communicate compliance posture throughout the organization” Tailored dashboards to get the right information to the right people when they need it • Easier audits, minimized exposure, improved focus on adding value to business SOLUTION

  8. What We’ve HeardVirtualization and Cloud Before Scenarios Required Capabilities Expertise and best practices for secure virtualization – EMC, VMware, RSA “Need to better understand security and compliance risks in virtualized environment” “Lack the visibility and controls in a virtualized environment that we have in physical IT environment” Collect and correlate security and compliance events – physical and virtual “Our virtual servers are less secure than the physical servers they replace” Integrated solution to secure the virtual infrastructure, access to it, and information within it “Visibility into security events and compliance across VDI” • Monitor security events across VDI to integrate into existing security operations and compliance reporting • Realize the benefits of virtualization for mission critical applications without compromises on the security front SOLUTION

  9. Customer Challenges Other Before Scenarios that may compel action • New or renewed government/industry regulations • Failed audits • “Compellingly” high compliance costs and staffing levels • Penalties / fines • Incidents of breach, loss, or fraud • Hired a new security officer/executive

  10. Security Operations Challenges (1 of 2) • Server User Activity Monitoring • External User Monitoring/Vendor Monitoring • Comprehensive Firewall Monitoring • Malware Protection

  11. Security Operations Challenges (2 of 2) • Web Server Attack Detection • Unauthorized or Rogue Devices in Environment • Incident Response Enablement

  12. Required Capabilities for SIEM for Security Operations • Highly scalable & automated data collection • Ease of deployment and ease of customizing reports and rules (quick time-to-value) • Collection from standard and custom event sources, including virtual environments • Correlate data across multiple event sources and send alerts in near real-time • Storage of logs & events for sufficient time to support forensic investigations -- All pieces are needed for proof • Automated threat and incident management processes • Tailored dashboards and reports for Security Analyst, Security Manager, etc.

  13. RSA SecurWorld SIEM: Product Introduction Module 2: Impact and Metrics

  14. The Impact of Compliance Challenges Negative consequences • Audits are time consuming, unpredictable, stressful, and sometimes inconclusive • Takes weeks or months to gather info • Time wasted on inefficient process rather than adding business value • High employee turnover • Penalties, fines, impact to brand reputation • Lost revenue and financial penalties • Resources diverted from value add business initiatives

  15. The Impact of Managing Threats Challenges Negative consequenses • Security team lacks visibility into IT environment • Inefficient to manually process log and event data • Extra security staff needed • Incident Investigations are costly and time consuming • Brand reputation impacted by bad publicity • Competitive advantage impacted due to lost IP • No data available as evidence to dismiss malicious insider Managing Threats Mitigating Risks Bottom Line Impact

  16. The Impact of Virtualization Challenges • Negative consequences • Virtualization Security problems • Visibility and controls in the virtualized IT environment lacking • Existing security polices not followed • Security concerns are an impediment to virtualizing mission critical applications • Challenge • Audit failures and high cost of audits due to unsecured virtual applications • Compliance and security incidents affects brand and shareholder confidence • Opportunity cost of not realizing the full cap-ex and op-ex savings associated with virtualization due to security concerns

  17. Solution ImpactPositive Outcomes • Reduces cost of compliance • Reduced IT complexity helps IT become more responsive • Automated alerting, ad hoc and scheduled reporting • Reduced regulatory fines • Streamlined audits and consolidated reporting • Improves business performance • Reduces cost of preparing, conducting audits • Adds more IT time available to add value to the business • Improves job satisfaction and talent retention • Manages internal and external threats • Threats are addressed more effectively to reduce potential incidents • Security Operations staff are focused on the right priorities • Better alignment of Security Operations and IT Risk Management • Measurable security program and alignment with corporate security policy • Improved prioritization of resources • Security becomes an enabler to the business instead of an inhibitor

  18. RSA SecurWorld SIEM: Product Introduction Module 3: How It Works License Model

  19. The Compliance Lifecycle Improved by enVision Understand regulations/lawsand their affect on the organization Discover assets. Determine necessary controls. Identify gaps. RSA enVision can help: Build a list of assets in the network Provide reports that provide specific information required by auditors Customize reports to help track non-compliance & progress of improvements RSA Professional Services can be engaged to provide consultancy Implement controls(technologies & procedures) to meet specific regulations/laws Monitor, measure, report Correct, improve

  20. Internal and External Threats Managed by enVision Supports the three key aspects of Security Operations • Create a closed-loop incident handling process Turn real-time events, e.g. threats, into actionable data Report on the effectiveness of security management

  21. RSA enVision SIEM Platform SimplifyingCompliance EnhancingSecurity Optimizing IT & Network Operations Compliance reports for regulations and internal policy Real-time security alerting and analysis IT monitoring across the infrastructure Alert / correlation Network baseline Forensics Auditing Reporting Visibility Purpose-built database RSA enVision Log Management platform physical and virtual servers storage security devices applications / databases network devices

  22. ES Series: Single Box Appliances SITE EMCCLARiiON Data Management Analysis Collection 300Gb Internal Storage • ES Series – stand-alone appliances • All three modules are contained and enabled within a single appliance • Can be deployed as a hardware or virtual appliance • Comes complete with internal storage • Larger ES models come with external storage (EMC CLARiiON)

  23. LS Stack: Different Functions on Different Appliances Analysis Server EMCCelerra Data Management Server Remote Collector Local Collector • LS Series • All three modules are deployed on separate appliances • All logs stored in IPDB on external, shared storage (EMC Celerra) • In Remote Collector, event logs are stored in local storage until transferred to shared storage • Remote Collector is available as a physical or virtual appliance

  24. Highly Scalable Architecture A-SRV NAS NAS D-SRV LC LondonEuropeanHeadquarters ChicagoWW SecurityOperations A-SRV D-SRV D-SRV Mumbai Remote Office NAS LC LC New YorkWW ComplianceOperations D-SRV LC RC A-SRV: Analysis Server D-SRV: Data Server LC: Local Collector RC: Remote Collector

  25. RSA enVision LicensingStand-aloneAppliances to Distributed Solutions LS Series ES Series EPS 30000 10000 Now available as a Virtualized Appliance 7500 5000 2500 Remote Collector now available as a Virtualized Appliance 1000 # DEVICES 500 100 200 400 750 1250 1500 2048 30,000

  26. RSA SecurWorld SIEM: Product Introduction Module 4: Differentiators

  27. enVision Simplifies Compliance 1400+ reports included out of the box • Only SIEM fully integrated with VMware • Easily customizable and deployable • Real-time alerts at your fingertips • Most completeevent source coverage Full compliance lifecycle management

  28. enVision Secures Physical and Virtual Networks • Most completecorrelated alerting • Best depth and breadth of event sources • In-depth and intuitive forensic capabilities • Incident management simplified Large, proficient user community network

  29. RSA enVision’s Differentiators • RSA enVision enables enterprises to use a single platform forcompliance, threat management and network optimization: Most complete security knowledge base Any log data - any scale Lowest TCO SIEM solution Industry and user proven solution Highly scalable & automated data collection, threat and incident management Total solution from single platform – EMC/RSA

  30. Weaknesses • “GUI is unintuitive” • With great power and sophistication comes more options to navigate • We continue to refine the interface • Its easier to re-vamp a GUI than an architecture • “Comparatively low Events Per Second (EPS)” • Look out for the phrase up to • RSA offers guaranteed performance • “No NetFlow” is no longer a weakness! • Partnering with Zohocorp

  31. RSA SecurWorld SIEM: Product Introduction Module 5: Target Markets Decision Makers Discovery Questions

  32. Target Markets and Industries • Primary target markets: • Fortune 2000 companies • Financial services • Businesses that process customer credit card payments (retail, hospitality, and more) • Healthcare organizations • Companies that provide services to these organizations • Technology/manufacturing, utilities, and telecom

  33. Identifying Stakeholders There are usually several stakeholders who play a role in the purchase of an enVision solution:

  34. Stakeholder Discovery - Compliance Chief of Compliance or Auditor • What is driving you to seek this type of solution? How do you approach regulatory requirements compliance today? • What are the pending new regulations that you will be required to comply with and how will that impact your operations? • How are you monitoring your devices and apps today? • Walk me through your last audit. • When is your next audit and what will be required of you and your team? • What they are doing today, near term, and long term for compliance?

  35. Stakeholder Discovery - Security Chief Security Officer, Security Operations, CISO • Walk me through the last security incident you encountered. • What is your process for managing incidents? • How do you define your critical IT assets? How do you protect them? • How does your logging information support your ability to correlate activities to identify threats? • What log and event data are you collecting and why? What gaps are there?

  36. RSA SecurWorld SIEM: Product Introduction Module 6: Integration Proof Points

  37. RSA DLP and RSA enVision Correlation RSA DLP Network RSA DLP Enterprise Manager RSA enVision Forensics RSA DLP Datacenter RSA DLP Endpoint Consolidation RSA DLP Suite Prioritize Alerts withSensitive Data Intelligence

  38. RSA enVision and Archer Incident Management RSA Archer Solutions Results are imported into Archer and mapped to solutions such as Policy, Compliance and Enterprise Management Key groups are notified and now manage the incident from identification to resolution Business owners track impacted controls in real-time using dashboards and reports enVision collects events, correlates data, and generates security incidents Data Feed Manager RSA enVision

  39. Customer Success Preuska, a leading Thai real estate developer, achieves quality security information and event management OBJECTIVES: SOLUTION: RESULTS: Analyze and report on terabytes of raw logs each month for security Protect customer data and prove security measures were adequate Transform log data into actionable compliance and security intelligence RSA enVision was implemented to comply with Thai laws Complete collection of all internal and external threat event data Data is immediately and efficiently written and analyzed Set up excellent log management practices that brought value across the organization Avoided high costs related to non-compliant audits and security breaches Protected over 70,000 on-line users nationwide

  40. Customer Success RSA enVision platform empowers The Depository Trust & Clearing Corporation (DTCC) to be proactive with security operations and management OBJECTIVES: SOLUTION: RESULTS: Provide up-to-date security monitoring on privileged users, multiple logins and other security issues Provide a proactive approach to security to meet the internal and external policies enVision provided multi-platform support, pulling logs from disparate legacy and new systems Aggregation and correlation of security data helped DTCC understand behaviors and trends which could trigger security alerts Better insight into login issues, privileged users, authentication behavior, and unusual access behavior Captured 85 million log events per day for a complete picture to make better security decisions

  41. Course Summary The topics for this course included: • Business challenges associated with SIEM • The measurable impact of the challenges and solution • How the solution works and how it is licensed • Key solution differentiators • Specific markets, industries, stakeholders, and discovery questions • Solution proof points

More Related