Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1 © Copyright 2011 EMC Corporation. All rights reserved.
BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY
Shaun McLagan General Manager, RSA –
Australia and New Zealand
2 © Copyright 2011 EMC Corporation. All rights reserved.
Things have changed #2 Buzz word 2012 “Big Data” only behind
something called “Fiscal Cliff - TIME Magazine
3 © Copyright 2011 EMC Corporation. All rights reserved.
Market Disruptors
Infrastructure Transformation
Mobile Cloud
Less control over access device and back-end infrastructure
Threat Landscape Transformation
APTs
Sophisticated Fraud
Fundamentally different tactics, more formidable than ever
Business Transformation
More hyper-extended, more digital
Extended Workforce
Networked Value
Chains Big
Data
4 © Copyright 2011 EMC Corporation. All rights reserved.
Traditional Security is Not Working
Source: Verizon 2012 Data Breach Investigations Report
99% of breaches led to compromise within “days” or less with 85%
leading to data exfiltration in the same time
85% of breaches took “weeks” or more to discover
5 © Copyright 2011 EMC Corporation. All rights reserved.
Is everywhere Volume, Variety, Velocity
Big Data
6 © Copyright 2011 EMC Corporation. All rights reserved.
1,000,000,000 Queries a Day
900ms Average Response Time
250,000,000 New Photo’s/Day
900,000,000 Active Users
290,000,000 Updates/Day
135,000,000 Resumes Archived
How Big is Big Data? – Social and Personal
47,000 Apps Downloads per Minute
125,000,000 Users (iCloud)
7 © Copyright 2011 EMC Corporation. All rights reserved.
European Organization for Nuclear Research Generates
40TB of Scientific Data per Second
Business and Transactional
137 Million Customers, 895 Million Products
Real-time Recommendations
More than 1 Million Transactions per Hour
Generates 1 TB of New Trading Data per Day
Credit Card Fraud Detection System Protects
2.1 Billion Active Accounts World-wide
14 © Copyright 2011 EMC Corporation. All rights reserved.
Attack Begins
System Intrusion
Attacker Surveillance
Cover-up Complete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
Attack Set-up
Discovery/ Persistence
Maintain foothold
Cover-up
Starts
Anatomy of an attack
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
15 © Copyright 2011 EMC Corporation. All rights reserved.
TIME
Attack Forecast
Physical Security
Containment & Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response
Threat Analysis
Attack
Identified
Incident Reporting
Anatomy of a response
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
16 © Copyright 2011 EMC Corporation. All rights reserved.
Attack Begins
System Intrusion
Attacker Surveillance
Cover-up Complete
Access Probe
Leap Frog Attacks
Complete
Target Analysis
TIME
Attack Set-up
Discovery/ Persistence
Maintain foothold
Cover-up
Starts
Attack Forecast
Physical Security
Containment & Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response Threat
Analysis
Attack
Identified
Incident Reporting
Reducing Attacker Free Time
ATTACKER FREE
TIME TIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
17 © Copyright 2011 EMC Corporation. All rights reserved.
Must learn to live in a
state of compromise
Constant compromise does not mean constant loss
18 © Copyright 2011 EMC Corporation. All rights reserved.
Addressing the Challenges
Big Data and Analytics
19 © Copyright 2011 EMC Corporation. All rights reserved.
Companies require…
Comprehensive Visibility
“Analyze everything that’s happening in my infrastructure”
Agile Analytics
“Enable me to efficiently analyze and investigate
potential threats”
Actionable Intelligence
“Help me identify targets, threats & incidents”
Optimised Incident Management
“Enable me to manage these incidents”
20 © Copyright 2011 EMC Corporation. All rights reserved.
Changing The Security Management Status Unified platform for security monitoring, incident investigations and compliance reporting
SIEM Compliance Reports
Device XMLs Log Parsing
Network Security Monitoring
High Powered Analytics Big Data Infrastructure Integrated Intelligence
RSA Security Analytics
Fast & Powerful Analytics Logs & Packets
Unified Interface Analytics Warehouse
SEE DATA YOU DIDN’T SEE BEFORE, UNDERSTAND DATA YOU DIDN’T EVEN CONSIDER BEFORE
21 © Copyright 2011 EMC Corporation. All rights reserved.
Trend Analysis and Pattern Detection
Streaming Data
Web packets
Email traffic
Intra-org traffic
Server Logs
Security Logs
Small Grain, Continuous
Parsers& Alerts
Data Models
Fast Active Data
Big Historical Data
Trend Detected
Trend Validated & Details
Big Data Analytics Enables Risk Mitigation and Behavioral Prediction
Security Analytics Live
22 © Copyright 2011 EMC Corporation. All rights reserved.
Summary • Things have changed…and continue to rapidly
• Traditional security is not working
• Existing tools are becoming less effective
• Combating advanced threats requires a new approach to security operations
• Security Analytics is RSAs new tool to support this approach
23 © Copyright 2011 EMC Corporation. All rights reserved.
Next Steps - Recommendations
Create a transformational security strategy
Migrate from point products to a unified security architecture using open and scalable Big Data Tools
Strengthen your operation’s data science skills
Leverage external threat intelligence
Finally, create a shared data architecture for security information