Upload
hoangcong
View
216
Download
1
Embed Size (px)
Citation preview
1© Copyright 2011 EMC Corporation. All rights reserved.
Je to bezpečné ?
Security Management
RSA Archer GRC
Ivan Svoboda
Key Account Manager
David Matějů
Presales Engineer
2© Copyright 2011 EMC Corporation. All rights reserved.
Je to bezpečné ? (Je to v souladu ?)
Ředitel
Security Officer (CISO)
IT Manager, Vývojář, Admin
• Maratonec (Dustin Hoffman, Laurence Olivier)
• http://www.youtube.com/watch?v=uVr_AbvSR3k
3© Copyright 2011 EMC Corporation. All rights reserved.
Je to bezpečné ? (Je to v souladu ?)
Ředitel
Security Officer (CISO)
IT Manager, Vývojář, Admin
Jak velké je riziko?
Nezavřou mne?
Projdeme auditem?
Jaká je konfigurace?
Co je vlastně potřeba?
Co je důležitější?
• Maratonec (Dustin Hoffman, Laurence Olivier)
• http://www.youtube.com/watch?v=uVr_AbvSR3k
4© Copyright 2011 EMC Corporation. All rights reserved.
Je to bezpečné ? (Je to v souladu ?)
Ředitel
Security Officer (CISO)
IT Manager, Vývojář, Administrátor
Jak velké je riziko?
Nezavřou mne?
Projdeme auditem?
Jaká je konfigurace?
Co je vlastně potřeba?
Co je důležitější?
• Jaká je naše bezpečnostní politika?
• Jaká rizika jsou pro nás přijatelná?
• Jakou hodnotu mají naše data, aplikace, procesy, … ?
• Jaké hrozby jsou u nás reálné?
• Jak má být systém správně nakonfigurován?
• Jaká je důležitost incidentů, výjimek, … ?
5© Copyright 2011 EMC Corporation. All rights reserved.
Agenda
• RSA Strategy
• GRC and Security Management
• Archer GRC
6© Copyright 2011 EMC Corporation. All rights reserved.
GRC Definition
RiskEffect of uncertainty on business objectives
Neither good nor bad
GovernancePolicies, processes, laws that define a business
Long-term strategies and day-to-day operations
ComplianceAdherence to laws, regulations, corporate policies
Proof of adherence
7© Copyright 2011 EMC Corporation. All rights reserved.
Analyze / Discover(Data, Threats)
Enforce Controls
Log / Report / Audit
GRC: Risk/ Policy Management
RSA DLP, FraudAction,
NetWitness
RSA Encryption, Authentication,
Access control, Transaction Monit
RSA enVision
RSA Archer
How We Do ItSystem for Managing Security, Risk and Compliance
8© Copyright 2011 EMC Corporation. All rights reserved.
Identity SecurityAuthentication
Access /
Provision
Fraud
Prevention
Data SecurityData Loss
Prevention
Encryption &
Tokenization
Network / System SecurityCisco Microsoft VMware
RSA – Komplexní přístup k řešení bezpečnosti
Governance, Risk & ComplianceArcher eGRC Suite
Policy
Management
Risk
Management
Incident
Management
Compliance
Management
Enterprise
Management
Monitoring / Audit / ReportingSIEM (enVision) NAV (NetWitness)
9© Copyright 2011 EMC Corporation. All rights reserved.
Current Security Landscape
Cyber-crime
APT
0Day Malware
Data Leakage
Insiders
Espionage
New Threats
New IT
Technologies
New
Business
Processes
Virtualization
Cloud
Mobiles
iPads
Facebook, …
Self-service
Partner-Networking
Automation
10© Copyright 2011 EMC Corporation. All rights reserved.
New requirements for CISO
Visibility
Intelligence
Fast Analysis
Fast ResponseNew Threats
New IT
Technologies
New
Business
Processes
New IT and Security skills
Standards
Integration
Business skills
Organizational integration
11© Copyright 2011 EMC Corporation. All rights reserved.
Security Management Maturity ModelWhere are we going?
Step 1:Threat Defense
• Security is “necessary evil”
• Reactive and de-centralized monitoring
• Tactical point products
Step 2:Compliance and Defense-in-Depth
• Check-box mentality• Collect data needed
primarily for compliance• Tactical threat defenses
enhanced with layered security controls
Step 3:Risk-Based Security
• Proactive and assessment based
• Collect data needed to assess risk and detect advanced threats
• Security tools integrated with common data and management platform
Step 4:Business-Oriented
• Security fully embedded in enterprise processes
• data fully integrated with business context drives decision-making
• Security tools integrated with business tools
Approach
Scope
Technology
12© Copyright 2011 EMC Corporation. All rights reserved.
Security Management FrameworkWhat do we need to consider?
Security Risk Management
Operations Management
Incident Management
Security Management framework: ISO 27001 Risk Management framework: ISO 31000
What threats and vulnerabilities can jeopardize your business?How can you reduce these risks?
Business Governance
How do you prioritize your IT workload and security investments?
How can you quickly detect and respond to serious incidents?
Reassess business risk and critical assets
What policies and governance structures are required to securely operate your business?
13© Copyright 2011 EMC Corporation. All rights reserved.
RSA Enables Security Management
Security Risk Management
Operations Management
Security Management framework: ISO 27001 Risk Management framework: ISO 31000
Archer Risk and Threat ManagementDLP Risk Remediation Manager and Policy Workflow ManagerNetWitness Spectrum
Business Governance
Archer Policy and Enterprise ManagementSolution for Cloud Security and ComplianceenVision SIEM
Archer Incident ManagementenVision SIEMDLP (Data Loss Prevention)NetWitness Investigator
Archer Policy ManagementArcher Enterprise ManagementArcher Compliance Management
Incident Management
14© Copyright 2011 EMC Corporation. All rights reserved.
RSA Archer Solutions
Overview
15© Copyright 2011 EMC Corporation. All rights reserved.
Compliance ManagementEvaluate the effective design
and operation of your internal
controls, and respond to issues
of non-compliance with
remediation or waivers.
Policy ManagementCentrally manage policies and control standards,
map them to objectives and guidelines, and
promote awareness across your enterprise to
support a culture of corporate governance.
Threat ManagementTrack threats through a
customizable early warning system
to help prevent attacks before they
affect your enterprise.
Enterprise ManagementManage relationships and
dependencies within your
enterprise hierarchy and
infrastructure to support risk and
compliance initiatives.
Risk ManagementIdentify risks to your business,
evaluate them through online
assessments and metrics, and
respond with remediation or
acceptance. Incident ManagementReport incidents, manage their
escalation, track investigations
and analyze resolutions.
Vendor ManagementCentralize vendor data, manage
relationships, assess vendor risk,
and ensure compliance with your
policies and controls.
Business Continuity ManagementManage the creation, review, testing
and activation of business continuity
plans to ensure rapid recovery of your
business processes.
Audit ManagementCentrally manage the planning,
prioritization, staffing,
procedures and reporting of
audits to increase collaboration
and efficiency.
RSA Archer “Core” eGRC Solutions
16© Copyright 2011 EMC Corporation. All rights reserved.
17© Copyright 2011 EMC Corporation. All rights reserved.17
Virtualizace a cloud computing:
RSA řešení bezpečnosti a souladu
18© Copyright 2011 EMC Corporation. All rights reserved.
Je to bezpečné ? A je to v souladu ?
• Běžná odpověď provozovatele IT: ANO!
– Na bezpečnost velmi dbáme …
– Máme implementovánu spoustu firewallů, …
– Dodržujeme zákony ….
– Prošli jsme auditem …
„Vidíte dovnitř“?
• Kde jsou Vaše data, kdo k nim přistoupil, co se stalo …
Můžete „změřit compliance“?
• Jaká je aktuální realita (technická konfigurace) ?
• Co přesně je/není splněno ?
Můžete to dokázat/reportovat?
19© Copyright 2011 EMC Corporation. All rights reserved.
Mapping VMware Security Controls to Regulations and Standards
CxO
VI Admin
Authoritative Source
Regulations (PCI-DSS, etc.)“10.10.04 Administrator and Operator Logs”
Control Standard
Generalized security controls “CS-179 Activity Logs – system start/stop/config
changes etc.”
Control Procedure
Technology-specific control“CP-108324 Persistent logging on ESXi Server”
RSA Archer eGRC
20© Copyright 2011 EMC Corporation. All rights reserved.
Control Procedures – List, Status and Measurement Method
21© Copyright 2011 EMC Corporation. All rights reserved.
Making Archer the Best GRC Solution for Hybrid Clouds
RSA Solution for Cloud Securityand Compliance aligns with CSAConsensus Assessment Questionsby automating 195 questions thatcustomers can issue to assess cloudservice providers.
Cloud Architecture
Governance and Enterprise Risk Management
Legal and Electronic Discovery
Compliance and Audit
Information Lifecycle Management
Portability and Interoperability
Security, Bus. Cont,, and Disaster Recovery
Data Center Operations
Incident Response, Notification, Remediation
Application Security
Encryption and Key Management
Identity and Access Management
Virtualization
Cloud Security Alliance’s 13 domains
of focus for cloud computing
Assessing Service
Provider Compliance
22© Copyright 2011 EMC Corporation. All rights reserved.
Step 1:Governance
“MassMutual’s approach to security is now based on a more current holistic view of the enterprise.”
- Mike Foley, CIO, MassMutual
Identify Objectives
Set Risk Targets
Define Policies
23© Copyright 2011 EMC Corporation. All rights reserved.
Step 1:Governance
• Intuitive, business-friendly and workflow-driven interface
• Central, cross-referenced repository for policies, risks, processes
• All data presented in business context
• Comprehensive audits and reports
RSA Archer eGRC Suite
Identify Objectives
Set Risk Targets
Define Policies
RSA Archer Policy Management
Policy Management Process
25
Policy Management Content
26
Authoritative Sources
PCI DSS v1.2 03.5 Protect Stored
Data-Protection and Encryption Keys
Policies
07.0 Communication Management
07.1 Encryption
07.1.03 Key Management
Control Standards
Managing Encryption Keys
• Key owners may not print out private keys and should
password-protect User IDs that contain each user's
encryption key(s)
• Private keys should be classified as Restricted and
treated accordingly
• Private keys should be transmitted through different
channels to ensure proper separation from the information
which is used to generate the encryption keys
Control Procedures
Windows Vista: Implementation Procedure
Set the "Configure TPM platform validation profile" setting by performing the following steps:1. Open Group Policy Editor focused on the appropriate object
2. Navigate to the following subtree location:
Computer Configuration\Administrative Templates\Windows Component\BitLocker
Drive Encryption
3. Set "Control Panel Setup: Enable advanced startup options" to Disabled
4. Click OK to confirm changes; and5) Close the group policy editor
Authoritative Source Sample
27
Regulatory Requirements Industry Standards /
Common Practices
CNBV Chapter X
FDA CFR 21
HIPAA
HITECH Act
GLBA
FACT Act “Red Flag”
PIPEDA
EU Privacy Acts
France – Federal Data
Protection Act 78-17
Germany – Federal Data
Protection Act
State Privacy Laws
BS25999
Cloud Security Alliance
COBiT
FFIEC
FISMA
IIA Standards
ISO27001/2
ITIL
Microsoft Security
Development Lifecycle
NERC
NIST
PCI
Author Policy Content
Centralize and normalize corporate
policies
Author new policies according to
organizational objectives and
authoritative sources that govern
the organization
Utilize the expanded RSA Archer
GRC Content Library that includes:
• 17 policies
• 85+ authoritative sources
• 900+ control standards
• 5000+ control procedures
• 11,000+ assessment questions
28
30© Copyright 2011 EMC Corporation. All rights reserved.
Step 1:Governance
“MassMutual’s approach to security is now based on a more current holistic view of the enterprise.”
- Mike Foley, CIO, MassMutual
Identify Objectives
Set Risk Targets
Define Policies
31© Copyright 2011 EMC Corporation. All rights reserved.
Step 1:Governance
• Intuitive, business-friendly and workflow-driven interface
• Central, cross-referenced repository for policies, risks, processes
• All data presented in business context
• Comprehensive audits and reports
RSA Archer eGRC Suite
Identify Objectives
Set Risk Targets
Define Policies
32© Copyright 2011 EMC Corporation. All rights reserved.32
RSA Archer Policy management
33© Copyright 2011 EMC Corporation. All rights reserved.
34© Copyright 2011 EMC Corporation. All rights reserved.
35© Copyright 2011 EMC Corporation. All rights reserved.
Protect• 6,000 employees and PCs
• Thousands of servers and network devices
• 700 applications
• Personal information of more than 12 million customers
BEFORE
NEEDS
Managing risk in a financial services firm with $420B in assets
MassMutual’s approach to security is “now based on a more current holistic view of the enterprise.”
Mike Foley, CIOMassMutual
Information Week Article
AFTER
See big picture and drill down on specifics
Identify & Prioritize critical risks
Automate risk assessments
More current, holistic view of the enterprise
Faster response to critical threats and potential exploits
Consolidated all critical IT risks into real time executive dashboards
97.5% cost reduction in the risk analysis process
Business Driven Customer Success
36© Copyright 2011 EMC Corporation. All rights reserved.
Step 2:Security Risk Management
Identify Threats Mitigate RiskAssess
Vulnerabilities
37© Copyright 2011 EMC Corporation. All rights reserved.
Step 2:Security Risk Management
• Relate risks to business objectives• Import vulnerability and threat data• Build and deliver online assessments• Track remediation projects
Archer (eGRC)
• Identify sensitive data in vulnerable locations• Educate end-users• Integrated with Archer to define policy and
remediate
DLP
Identify Threats Mitigate RiskAssess
Vulnerabilities
• Identity malicious code based on risk factors
NetWitness
38© Copyright 2011 EMC Corporation. All rights reserved.
Security Risk Management Example:DLP Risk Remediation Manager
Day 130K files discovered by RSA DLP
Day 10RRM sends initial questionnaire to data owners
Day 4090% of files remediated
Repeatable and continuously monitored
Analyst work space and executive metrics in RRM.
Day 31200 Owners in 43 Countries Identified
“The new process was more than 4 times faster and much less disruptive to business.”
- EMC CIRC
39© Copyright 2011 EMC Corporation. All rights reserved.
Step 3:Operations Management
Define Control Standards
Monitor Controls
Operate Controls
40© Copyright 2011 EMC Corporation. All rights reserved.
Step 3:Operations Management
• Authoritative Sources: 90+• Control Standards: 900+• Control Procedures: 6000+• Assessment questions: 12,000
Archer(eGRC)
• Out-of-box event sources: 200+• Reporting: 1200+ out of box reports
enVision(SIEM)
• Infrastructure-wide content awareness• 160+ policies for predefined sensitive data
DLP
Define Control Standards
Monitor Controls
Operate Controls
HQ
Div
Admin
Asset
Data
Polic
ies Visibility
41© Copyright 2011 EMC Corporation. All rights reserved.
Configuration Measurement(40% automated)
Operations Management Example:RSA Solution for Cloud Security and Compliance
Archer
Component Discovery and Population
Connector FrameworkenVisionalerts
> 130 VMware Specific Control Procedures
>380 log messages
42© Copyright 2011 EMC Corporation. All rights reserved.
Step 4:Incident Management
Correlate and Prioritize
InvestigateCollect
EvidenceRemediate
43© Copyright 2011 EMC Corporation. All rights reserved.
Step 4:Incident Management
• Full-lifecycle, including Legal, HR, BUsArcher
Correlate and Prioritize
Investigate
• Some of the largest SIEM deployments in the world• Incidents exported to Archer for lifecycle management• Content-awareness via DLP integration
enVision(SIEM)
• Capture and visualize all network traffic for real time analysis• Investigate across full network and log events
NetWitness
• Data-centric view of policy violations everywhere• Automatically quarantine emails, block file transfers
DLP
Collect Evidence
Remediate
44© Copyright 2011 EMC Corporation. All rights reserved.
Incident Management Example:RSA Solution for Security Incident Management
Context Policy
SIEMFormatted XML data out of enVision Task Triage – Incident details with
associated notes
Connector FrameworkNear Real-time feed into Archer
Plug-in Architecture for additional incident and compliance solutions
Incident Dashboards and Workflow
Incidents are assigned in work queues, workflow automates the
case management process. Metrics are rolled up into an executive level
dashboard
Enterprise and Policy MgrenVision alerts are put in context with
enterprise assets, risk, process, teams, etc.
“We saved 1,500hours a month due to
the integration.”- EMC CIRC
45© Copyright 2011 EMC Corporation. All rights reserved.
Leading Products, Better TogetherArcher enVision DLP NW VMware Use Case
Report incidents in real-time
Mitigate risk of sensitive files
Let data owners set DLP policy
Correlate logs with file content
Enable secure, compliant cloud
Secure virtual desktops
Investigate advanced threats
Data Loss Prevention
LeaderSIEM
LeaderIT-GRC
Leader
46© Copyright 2011 EMC Corporation. All rights reserved.
EMC Critical Incident Response Center, Bedford, MA
In Action: Critical Incident Response Center
Business Context VisibilityIntegratedApproach
Process Automation
47© Copyright 2011 EMC Corporation. All rights reserved.
Resources
• RSA Security Management Solution Briefs
• Maturity Model Whitepaper (authored by ESG)
• EMC Consulting Strategy Workshop
• Archer/enVision/DLP/NetWitness product briefs
48© Copyright 2011 EMC Corporation. All rights reserved.
THANK YOUTHANK YOU
49© Copyright 2011 EMC Corporation. All rights reserved.
Maturity Strategy WorksheetWhere do you want to be in 3 years?
Maturity
OperationsManagement
Incident Management
Security RiskManagement
BusinessGovernance
Tactical Strategic
Current state Desired state
Siloed monitoring Correlation and prioritization
Advanced analytics
Bare minimum tools Compliance-driven controls
Risk-based controls and monitoring
Newspaper view of risk
Follow industry practices
Manage business-specific risks
Security buried inside IT
Basic guidelines defined by business
Security is part of every business process