1 Copyright 2012 EMC Corporation. All rights reserved. Getting
Ahead of Advanced Threats Advanced Security Solutions for Trusted
IT Chezki Gil Territory Manager Israel & Greece
Slide 2
2 Copyright 2012 EMC Corporation. All rights reserved. Threats
are Evolving Rapidly Nation state actors PII, government, defense
industrial base, IP rich organizations Criminals Petty criminal s
Organized crime Organized, sophisticated supply chains (PII,
financial services, retail) Unsophisticated Non-state actors
Terrorist s Anti-establishment vigilantes Hacktivists Targets of
opportunity PII, Government, critical infrastructure
Slide 3
3 Copyright 2012 EMC Corporation. All rights reserved. Business
& IT are evolving rapidly too
Slide 4
4 Copyright 2012 EMC Corporation. All rights reserved.
Traditional Security is Not Working Source: Verizon 2012 Data
Breach Investigations Report 99% of breaches led to compromise
within days or less with 85% leading to data exfiltration in the
same time 85% of breaches took weeks or more to discover
Slide 5
5 Copyright 2012 EMC Corporation. All rights reserved.
Signature -based Compliance Driven Perimeter oriented Traditional
Security is Unreliable
Slide 6
6 Copyright 2012 EMC Corporation. All rights reserved.
AgileRisk-BasedContextual Effective Security Systems need to
be:
Slide 7
7 Copyright 2012 EMC Corporation. All rights reserved. Resource
Shift: Budgets and People Todays Priorities Prevention 80%
Monitoring 15% Response 5% Prevention 80% Monitoring 15% Response
5% Prevention 33% Intelligence-Driven Security Monitoring 33%
Response 33%
Slide 8
8 Copyright 2012 EMC Corporation. All rights reserved. Attack
Begins System Intrusion Attacker Surveillance Cover-up Complete
Access Probe Leap Frog Attacks Complete Target Analysis TIME Attack
Set- up Discovery/ Persistence Maintain foothold Cover-up Starts
Attack Forecast Physical Security Containment & Eradication
System Reaction Damage Identification Recovery Defender Discovery
Monitoring & Controls Impact Analysis Response Threat Analysis
Attack Identified Incident Reportin g Need to collapse free time
Reducing Attacker Free Time ATTACKER FREE TIME TIME Source: NERC
HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
Slide 9
9 Copyright 2012 EMC Corporation. All rights reserved. How do
Advanced Threats impact the business?
Slide 10
10 Copyright 2012 EMC Corporation. All rights reserved. The
Aftermath of an Advanced Attack Hard costs hurt Emergency cleanup
costs Regulatory penalties Customer restitution Business process
re-engineering Soft costs really hurt Missed opportunity due to
cleanup focus Loss of customer confidence Decline in employee
morale & goodwill
Slide 11
11 Copyright 2012 EMC Corporation. All rights reserved. What is
the approach for the future?
Slide 12
12 Copyright 2012 EMC Corporation. All rights reserved.
Comprehensive Visibility See everything happening in my environment
and normalize it High Powered Analytics Give me the speed and
smarts to discover and investigate potential threats in near real
time Big Data Infrastructure Need a fast and scalable
infrastructure to conduct short term and long term analysis
Integrated Intelligence Help me understand what to look for and
what others have discovered Todays Security Requirements
Slide 13
13 Copyright 2012 EMC Corporation. All rights reserved. RSA
Security Analytics: Changing The Security Management Status Quo
Unified platform for security monitoring, incident investigations
and compliance reporting SIEM Compliance Reports Device XMLs Log
Parsing SIEM Compliance Reports Device XMLs Log Parsing Network
Security Monitoring High Powered Analytics Big Data Infrastructure
Integrated Intelligence Network Security Monitoring High Powered
Analytics Big Data Infrastructure Integrated Intelligence RSA
Security Analytics Fast & Powerful Analytics Logs & Packets
Unified Interface Analytics Warehouse RSA Security Analytics Fast
& Powerful Analytics Logs & Packets Unified Interface
Analytics Warehouse SEE DATA YOU DIDNT SEE BEFORE, UNDERSTAND DATA
YOU DIDNT EVEN CONSIDER BEFORE
Slide 14
14 Copyright 2012 EMC Corporation. All rights reserved. RSA
Live Integrated Intelligence How Do I Know What To Look For?
Gathers advanced threat intelligence and content from the global
security community & RSA FirstWatch Aggregates &
consolidates the most pertinent information and fuses it with your
organization's data Automatically distributes correlation rules,
blacklists, parsers, views, feeds Operationalize Intelligence: Take
advantage of what others have already found and apply against your
current and historical data
Slide 15
15 Copyright 2012 EMC Corporation. All rights reserved. THE
ANALYTICS Reporting and Alerting Investigation Malware Analytics
Administration Complex Event Processing Free Text Search
Correlation Metadata Tagging RSA LIVE INTELLIGENCE SYSTEM Threat
Intelligence Rules Parsers Alerts Feeds Apps Directory Services
Reports and Custom Actions Incident Management Asset Criticality
Compliance REAL-TIME LONG-TERM EUROPE NORTH AMERICA ASIA Enrichment
DataLogsPackets DISTRIBUTED COLLECTION WAREHOUSE Security Analytics
Architecture