101 ab 1530-1600
Post on 21-Oct-2014
312 views
DESCRIPTION
TRANSCRIPT
![Page 1: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/1.jpg)
1
Advanced Security Solution for Trusted IT
Gary Lau Manager, Technology Consultant Greater China
![Page 2: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/2.jpg)
2
The Changing Landscape
![Page 3: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/3.jpg)
3
Evolution of Attackers
Nation state actors
PII, government, defense industrial base, IP rich organizations
Criminals
Petty criminals
Organized crime
Organized, sophisticated supply chains (PII, financial services, retail)
Unsophisticated
Non-state actors
Terrorists Anti-establishment
vigilantes
“Hacktivists” Targets of opportunity
PII, Government, critical infrastructure
![Page 4: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/4.jpg)
4
Evolution of Attack Vectors
Dam
age/S
oph
isticati
on
Threat Actors Hobbiest / Script Kiddies
Significant impact
on business
bottom line
Minor Annoyance
Petty Criminals Organize Crime
Nation States
Non-State Actors / Cyber Terrorists
Worms
Viruses
Botnets
Rootkits
DoS/DDoS Spyware
Targeted malware
Hybrid Worms Web-application
attacks
Spam Phishing
Financial Backdoor
Trojans
Coordinated attacks
APTs
![Page 5: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/5.jpg)
5
Attack Begins
System Intrusion
Attacker Surveillanc
e
Cover-up Complete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
Attack Set-up
Discovery/ Persistenc
e
Maintain foothold
Cover-up Starts
Anatomy of an Attack
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
![Page 6: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/6.jpg)
6
TIME
Attack Forecast
Physical Security
Containment &
Eradication
System Reactio
n Damage
Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysi
s
Response Threat
Analysis
Attack Identified
Incident Reportin
g
Anatomy of a Response
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
![Page 7: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/7.jpg)
7
Attack Begins
System Intrusion
Attacker Surveillanc
e
Cover-up Complete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
Attack Set-up
Discovery/ Persistenc
e
Maintain foothold
Cover-up Starts
Attack Forecast
Physical Security
Containment &
Eradication
System Reactio
n Damage
Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysi
s
Response Threat
Analysis
Attack Identified
Incident Reportin
g
Reducing Attacker Free Time
ATTACKER FREE TIME
TIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
Need to collapse free time
![Page 8: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/8.jpg)
9
Then: Infrastructure-Centric
Signature-Based, Perimeter-Centric
Generic, Code-Based
Static Attacks
Static Infrastructure
Static Defenses
Physical, IT-Controlled,
Hard Perimeter
Dynamic Attacks
Analytics & Risk-Based
Dynamic Infrastructure
Dynamic Defenses
Targeted Human-Centric
Virtual, User-Centric & Connected
Now: User/Identity-Centric
Public Cloud
SaaS
Mobile Apps
Hybrid Cloud
![Page 9: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/9.jpg)
10
Advanced Threats
of organizations believe they have been the victim of an Advanced
Threats
83% of organizations don’t believe they have
sufficient resources to prevent Advanced Threats
65%
Source: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”
of breaches led to data compromise within “days” or less
91% of breaches took “weeks”
or more to discover
79%
Source: Verizon 2011 Data Breach Investigations Report
![Page 10: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/10.jpg)
11
Mean Time to Detect (MTTD)
Source: Ponemon Institute
![Page 11: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/11.jpg)
12
The Changing Mindset
![Page 12: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/12.jpg)
13
Must learn to live in a
state of compromise
Constant compromise does not mean constant loss
![Page 13: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/13.jpg)
14
The New Security Model
![Page 14: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/14.jpg)
15
Signature-based
Compliance Driven
Perimeter oriented
Traditional Security is
Unreliable
![Page 15: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/15.jpg)
16
poorly prepared for advanced threats
As a result
Organizations are…
unable to detect attacks in a timely manner
responding in a manner that is chaotic and uncoordinated
![Page 16: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/16.jpg)
17
agile risk-based
contextual
Effective Security Systems need to be:
![Page 17: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/17.jpg)
18
Security must Ensure…
…only the right people
…access critical applications & information
…over an I/F we trust.
ITaaS
Man
ag
em
en
t Enterprise
Data Center
Infrastructure
CRM ERP BI ***
Applications
Information
Admins Users
![Page 18: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/18.jpg)
19
Disruptive Forces
…only the right people
…access critical applications & information
…over an I/F we trust.
User Access Transformation
Threat Landscape Transformation
Back-end I/F Transformation
ITaaS
Man
ag
em
en
t Enterprise
CRM ERP BI ***
Data Center
Applications
Infrastructure
Information
Admins Users
Mobile
Advanced
Threats
Cloud
![Page 19: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/19.jpg)
20
ITaaS
Man
ag
em
en
t
Clouds
SaaS
PaaS
IaaS
Community
Mobile Apps
The New IT Model
• Scenario Web
Direct to Cloud
Unmanaged Devices
Managed Devices
ITaaS
Man
ag
em
en
t
Enterprise
CRM ERP BI ***
Data Center
Applications
Infrastructure
Information
To D
C Admins Users
Direct to Apps
VPN into DC
From the Cloud
Private Cloud
![Page 20: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/20.jpg)
21
DEFINE POLICY
MAP POLICY
MEASURE POLICY
GR
C
DETECT Potential Threats
INVESTIGATE Attacks
RESPOND to Attacks SE
CU
RIT
Y
OP
ER
AT
IO
NS
(S
OC
)
IDENTITY ADMIN & PROVISIONING
ACCESS CONTROLS
IDENTITY & ACCESS GOVERNANCE
ID
EN
TIT
Y
ENDPOINT CONTROLS
NETWORK/MESSAGING CONTROLS
APPLICATION CONTROLS IN
FR
AS
TR
UC
TU
RE
DLP CONTROLS
ENCRYPTION/TOKENIZATION I/F
INFORMATION RIGHTS MANAGEMENT
IN
FO
RM
AT
IO
N
The Security Stack CONTROL LAYER MANAGEMENT LAYER
ITaaS
Man
ag
em
en
t ENTERPRISE
CRM ERP BI ***
Data Center
Applications
Infrastructure
Information
To D
C Admins Users
![Page 21: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/21.jpg)
22
THE CONTROL LAYER CONTROL LAYER
IDENTITY ADMIN & PROVISIONING
ACCESS CONTROLS
IDENTITY & ACCESS GOVERNANCE
ID
EN
TIT
Y
ENDPOINT CONTROLS
NETWORK/MESSAGING CONTROLS
APPLICATION CONTROLS IN
FR
AS
TR
UC
TU
RE
ENCRYPTION/TOKENIZATION I/F
DLP CONTROLS
INFORMATION RIGHTS MANAGEMENT
IN
FO
RM
AT
IO
N
MANAGEMENT LAYER
DEFINE POLICY
MAP POLICY
MEASURE POLICY
GR
C
DETECT Potential Threats
INVESTIGATE Attacks
RESPOND to Attacks SE
CU
RIT
Y
OP
ER
AT
IO
NS
(S
OC
)
ITaaS
Man
ag
em
en
t ENTERPRISE
CRM ERP BI ***
Data Center
Applications
Infrastructure
Information
To D
C Admins Users
CONTROL LAYER
IDENTITY ADMIN & PROVISIONING
ACCESS CONTROLS
IDENTITY & ACCESS GOVERNANCE
ID
EN
TIT
Y
ENDPOINT CONTROLS
NETWORK/MESSAGING CONTROLS
APPLICATION CONTROLS IN
FR
AS
TR
UC
TU
RE
ENCRYPTION/TOKENIZATION I/F
DLP CONTROLS
INFORMATION RIGHTS MANAGEMENT
IN
FO
RM
AT
IO
N
![Page 22: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/22.jpg)
23
The Management Layer
CONTROL LAYER
IDENTITY ADMIN & PROVISIONING
ACCESS CONTROLS
IDENTITY & ACCESS GOVERNANCE
ID
EN
TIT
Y
ENDPOINT CONTROLS
NETWORK/MESSAGING CONTROLS
APPLICATION CONTROLS IN
FR
AS
TR
UC
TU
RE
ENCRYPTION/TOKENIZATION I/F
DLP CONTROLS
INFORMATION RIGHTS MANAGEMENT
IN
FO
RM
AT
IO
N
MANAGEMENT LAYER
DEFINE POLICY
MAP POLICY
MEASURE POLICY
GR
C
DETECT Potential Threats
INVESTIGATE Attacks
RESPOND to Attacks SE
CU
RIT
Y
OP
ER
AT
IO
NS
(S
OC
)
ITaaS
Man
ag
em
en
t ENTERPRISE
CRM ERP BI ***
Data Center
Applications
Infrastructure
Information
To D
C Admins Users
MANAGEMENT LAYER
DEFINE POLICY
MAP POLICY
MEASURE POLICY
GR
C
DETECT Potential Threats
INVESTIGATE Attacks
RESPOND to Attacks SE
CU
RITY
O
PE
RA
TIO
NS
(S
OC
)
![Page 23: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/23.jpg)
24
Critical Questions
Comprehensive Visibility Actionable Intelligence Governance
what matters?
what is going on?
how do I address it?
![Page 24: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/24.jpg)
25 © Copyright 2011 EMC Corporation. All rights reserved.
Traditional SIEM Is Not Enough
...SIEM needs to evolve
• How do you:
–quickly determine how an attack happened?
–reduce the “attacker free time” in your infrastructure?
–prevent similar future attacks?
Requires network and log data visibility
Requires the fusion of internal & external intelligence
Makes security a Big Data problem
Resisting all attacks is not realistic, reacting fast to mitigate damage is
![Page 25: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/25.jpg)
26 © Copyright 2011 EMC Corporation. All rights reserved.
Full Packet Capture is a must
• Full packet capture is necessary to – Identify malware entering the environment and prioritize actions related to it (a
very common source of advanced threat)
– Track the lateral movement of an attacker once inside the organization, and
– Prove exactly what happened and what data was exfiltrated, whether it was encrypted or not
If SIEM is to address today's threats then it requires this information
![Page 26: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/26.jpg)
27
The Next Gen SOC
Agile Analytics
“Enable me to efficiently analyze and investigate potential threats”
Optimized Incident Management
“Enable me to manage these incidents”
Actionable Intelligence
“Help me identify targets, threats & incidents”
Comprehensive Visibility
“Analyze everything that’s happening in my infrastructure”
![Page 27: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/27.jpg)
28
next gen security operations
![Page 28: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/28.jpg)
29
Value of RSA Solutions
GOVERNANCE
VISIBILITY
INTELLIGENCE GOVERNANCE INTELLIGENCE
VISIBILITY
Traditional Approach RSA’s Approach
• Discrete products in silos
• Multiple vendors for each product
• Manual process to transfer data
• High TCO and low efficiency
• Transparent data flow between products
• Single vendor – tested integrations
• Very high operational efficiencies
• Lower TCO and faster time to value
![Page 29: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/29.jpg)
30
RSA Approach
GOVERNANCE
INTELLIGENT CONTROLS
ADVANCED VISIBILITY AND ANALYTICS
Cloud Mobility Network
Rapid Response and Containment
Collect, Retain and Analyze Internal and External Intelligence
Manage Business Risk, Policies and Workflows
![Page 30: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/30.jpg)
31
Meeting our Customers’ Challenges with RSA Thought Leadership
Prove Compliance
Consistently & Affordably
Secure Virtualization
& Cloud Computing
Secure Access for Increased
Mobility & Collaboration
Manage Risk and Threats Throughout Enterprise
![Page 31: 101 ab 1530-1600](https://reader033.vdocuments.net/reader033/viewer/2022051411/544580c6afaf9fdf2a8b457e/html5/thumbnails/31.jpg)