Track 2, session 5, aligning security with business kartik shahani

Aligning Security to
Business

1 Cloud Meets Big Data
16-17 November 2011. Grand Hyatt - Mumbai

Challenge: Expanding Identities

Remote Employees Partners Customers

Channels Channels Channels

Partner Entry Points Customer Entry Points
VPN

Endpoint Network Apps/DB FS/CMS Storage

Contractors Privileged Users Privileged Users Privileged Users Privileged Users

Enterprise Production File Server Backup Tape
Applications Database
Internal Employees

Business Replica SharePoint Disk Backup
Analytics eRoom, etc. Arrays Disk

© Copyright 2011 EMC Corporation. All rights reserved. 17-18 November 2011. Grand Hyatt - Mumbai
2

Challenge: Expanding Infrastructure

Mobility Cloud


Partner Entry Points Partner Entry Points
VPN


Contractors Privileged Users Privileged Users Privileged Users Privileged Users

Virtualization
Enterprise Apps Backup Tape
Internal Employees File Server
Production
Disk Arrays
SharePoint
Replica
eRoom, etc.
Backup Disk
Business Analytics

3

Challenge: Increasing Threats


IP Sent to Channels App, DB or Encryption
Channels Channels Stolen
Stolen IP Fraud
non trusted user Key Hack Credentials
Partner Entry Points Partner Entry Points
VPN


Contractors
Endpoint Privileged Leak
Network Users Privileged Users
Privileged Privileged Users
Inappropriate Privileged Users
Tapes lost or
Email-IM-HTTP-
theft/loss FTP-etc. User Breach Access stolen

Enterprise Production File Server Backup Tape
Data Leak Public Infrastructure Applications Database
Unintentional (Semi) Trusted Discarded disk
Internal Employees
Via USB/Print Access Hack Distribution User Misuse exploited

Business Replica SharePoint Disk Backup
Analytics eRoom, etc. Arrays Disk

4

The Dark Cloud

Dark Cloud
Phishing Mule
Attacks Network

Trojans Fraud Forum
Attacks Discussion

Cloud
Stolen
Credentials Stolen
Database Cards Shop

Financial Institutes

5

Corporations are a new target for Cybercriminals

• Cybercriminals increasingly targeting corporations
• Value of extracted corporate resources is on the
rise
• Social networks make it easier to launch targeted
attacks
• Corporations required to harden their infrastructure

6

Online Financial Fraud targeted at Financial Institutes

Technical Operational
Infrastructure Infrastructure

Tools Hosting Delivery Mules Drops Monetizing

Phishing Purchase
Online
Trojans
Money
Pharming Identity Communication Cash Out Transfer through
Internet Banking
Harvester Fraud forum / chat room
Fraudster
ATM
Physical withdrawal
Theft / Card Skimming

IVR/Mobile
Other Social
Channel
Engineering
Withdrawal
Techniques
Mechanisms

User Account
7

Question

Do you think Banks should implement a stronger form of authentication
To identify online banking customers (other than user name & Password)
when they log on and transact?

A. Yes

B. NO

C. I have no preference

8

Consumers Want Stronger Security for Online Banking

Impact: Stronger Security Can Drive Portal Usage

9

CSO/CIO Balancing Act

Business Requirement Business Enablement

Regulatory Customer
Controls Services

Information
Innovation
Protection

Customer
Productivity
Protection

Brand Globalization
Protection

10

Managing Information Infrastructure Security

people
Ensure the right
have access to the right information
over a trusted infrastructure

Identities Infrastructure Information
Endpoints
Internet
Corporate networks
Enable Block Applications Public Sensitive
Authorized Harmful Databases and files Marketing Health
customers employees records
Storage Earnings
Partners Criminals IP/ PII
Product Info
Employees Spies Financial

in a system/process that is
easy and efficient to manage
11

The RSA Approach Comprehensive Solutions

GRC Real Time Analytics

Actionable SIEM

Policy Aggregate

Orchestrate - Monitor

Consoles

Map Monitor

Enforce - Protect

Identities Information Servers/Apps

12

Question

In the light of the RSA approach to Risk Management, do you feel?

A. Proactive solution is the way forward

B. Benefits seem marginal compared to the effort and cost

C. I am happy with the current setup

13

Reserve Bank of India - Guidelines on Information
security, Electronic Banking, Technology risk
management and cyber frauds

Requirements Tools
GRC
• Information Technology Governance
• Information Security – Audit Management

• IT Operations – Policy Management
• It Services Outsourcing – User Awareness / communication tool
• IS Audit – Incident Management
• Cyber Frauds Security Operations Centre
• Business Continuity Planning BS25599 compliance
• Customer Education Risk Based Authentication and
• Legal Issues Transaction Monitoring

14

Customer Case Study

BEFORE AFTER
PROGRESSIVE BANK
NEEDS Easy-to-implement ,
Deliver innovative online convenient risk-based
banking services to authentication fraud down
Investing in customer maintain industry-leading by 80%
banking protection position. Combat growing
with an online anti- threat of online fraud 24x7 monitoring and
fraud strategy alerting on online/network
Get Visibility of the network security risks
“…RSA Adaptive and have proactive action
Authentication and RSA taken
FraudAction have accelerated Layered approach
the route to market for our
enhanced online banking Ensure Compliance as per
resulted in >60% reduction
security features…”
regulator and corporate in phishing attacks and
, SVP and CISO, Information governance accelerated route to
Security Group,
market with GRC

15
© Copyright 2011 EMC Corporation. All rights reserved.
MENU
17-18 November 2011. Grand Hyatt - Mumbai
15

Information Security
RSA

Objective 1:
“Deliver innovative online banking services to maintain
industry-leading position. Combat growing threat of
online fraud”

16


Enforce - Protect
Layer 1
Identities
Identities Information
Information Servers/Apps
Servers/Apps

Multi factor2FA / IPV
authentication &RE DLP
DLP

17

Protection with Multiple Layers and of Multiple Channels

 Adaptive
 FraudAction Anti-  Adaptive Authentication  Access Manager Authentication
Phishing  Adaptive Authentication for  Adaptive Authentication  ACS Services
 FraudAction Anti- eCommerce  Transaction Monitoring  Transaction
Trojan  Identity Verification Monitoring
 Identity Verification
 FraudAction  Adaptive
Intelligence Authentication for
 Identity Verification eCommerce
 Identity Verification

18

Protecting Fraud Channels using Multifactor
Authentication
Mobile Channel

Analyze Access Risk
EPI Channel Create risk score for access to sensitive resources

Risk Engine Adaptive Authentication
IVR Transactions, URLs, Logins, Web services
Challenge
eFraud OTP OOB (Phone Call)
Questions
Network
Web Channel

Ecommerce Protected Applications: Retail Net Banking and Cards
Money Transfers Add Payee/ Beneficiary View Statement

Support Financial

Non Financial
Financial Transactions

Internal/NEFT /RTGS • TPT Request Statement
• Internal • TPCC
• External (TPT) Update Profile
Visa Money Transfer • Address
Bill Payment • Mobile /Email

Electronic Payment Stop Cheques
Interface Request Cheque book
Third Party Credit Card
Credit Card
• Auto Pay
• Enhance Credit Limit
• Get Loan / Cash

19

RSA Adaptive Authentication with Transaction
Monitoring

20

Securing Identities and Access using Multifactor
RSA Authentication and Access Solutions
Username/ Analyze Access Risk
Create risk score for access to sensitive resources
Password
RSA Adaptive Authentication

Higher Risk

Multi-Factor User Authentication Low Risk
Strong Authentication for access to sensitive resources

RSA SecurID HW RSA SecurID SW On-Demand
RSA Authentication Manager

Multi-Access Control
Control access to multiple resources Resource(s)
RSA Access Manager (logins, URLs, web services, etc.)

SAML
Assertion Manage Trust Relationships
Establish and control trust between organizations

Trusted External Users RSA Federated Identity Manager

21

DLP Covers Your Entire Infrastructure

DLP Enterprise Manager

DLP DLP
Network DLP Datacenter Endpoint

Connected Disconnected
Email Web File shares SharePoint Databases PCs PCs

DISCOVER       
MONITOR       
EDUCATE       
ENFORCE       
22

RSA Risk Remediation Manager (RRM)

SharePoint
Business
Grid Users
Apply DRM
Databases

Virtual Grid Encrypt

RSA DLP RSA DLP Delete / Shred
NAS/SAN Datacenter RRM
Change Permissions
Temp Agents

File
File Activity GRC Policy Exception
Servers Tools Systems
Agents

Endpoints

Manage Remediation Apply
Discover Sensitive Data
Workflow Controls

23

RSA Data Loss Prevention Suite
DLP
Unified Policy Mgmt & Incident Workflow Enterprise Manager Dashboard & User & System
Enforcement Reporting Administration

DLP Datacenter DLP Network DLP Endpoint

Discover Monitor Discover
File shares, SharePoint sites, Email, webmail, IM/Chat, FTP, Local drives, PST files, Office files,
Databases, SAN/NAS HTTP/S, TCP/IP 300+ file types

Remediate Enforce Enforce
Delete, Move, Quarantine Allow, Notify, Block, Encrypt Allow, Justify, Block on Copy, Save
As, Print, USB, Burn, etc.

eDRM (e.g. RMS) Encryption Access Controls

24

24

RSA

Objective 2:
“Get Visibility of the network and have proactive action
taken”

25


Aggregate

Layer 2
Consoles

Map Monitor

Enforce - Protect
Layer 1 Identities Information Servers/Apps
Multifactor Authentication &RE DLP

26

How SIEM Enhances Security Operations
Risk and Operations Efficiency Monitoring
(Manager)
Incident Big Board Web SOC asset, exposure, incident, vulnerability reports
Security Operations monitor
Dashboard

Incident
Management
Workflow
(Analyst) Management
open, reassign, add logs, notate, escalate, close incident

Automatic correlation, alerting, auto assignment, prioritization, escalation
Notification
Processes
(System)

Log Vulnerabiltiy
Repository Asset DB KnowledgeBase

bulk patch
imports info CVEs
events

firewalls intrusion servers applications configuration scanners
detection
© Copyright 2011 EMC Corporation. All rights reserved. management tools 17-18 November 2011. Grand Hyatt - Mumbai
27

RSA Security Incident Management in Action
Events occur on critical systems indicating a potential
1 security breach.
RSA enVision

enVision collects the events for immediate triage and
2 reporting.

Based on Event Rules, an Alert is triggered and
3 security administrators are notified. The RSA
Connector Framework automatically creates an
RSA Connector Framework Incident in RSA Archer Incident Management
associating the specific Event data to the Incident.

RSA Archer Incident Management Security Administrators use the Incident
4 Management capabilities in RSA Archer along with
information from the RSA Archer Enterprise
Management to assess the situation. An
investigation is initiated and the incident is tracked
and resolved.

The CISO has complete visibility through the entire
RSA Archer Enterprise Management 5 process via dashboards and reporting.

Business Business
Hierarchy Product/Services Processes Information Applications Devices Facilities

28

RSA enVision Enterprise/Security Operations Model
Correlation Reporting

Real-time Correlation/Base-lining Alerter Collaborative Incident Management
Task Triage
Auto-assignment
Auto-prioritization Open Task EE
Event Auto-escalation
Trace Reassign
Task Annotate
EE EE Auto-
Watch
False IDS Alert DB Escalation
lists
Suppression
Event Close Task
Log Collection Trace

Asset Escalate Task
Vulnerabilities
Events

Asset Feedback
Ticketing
Vulnerability
IPDB DB Loop System
Discovered
KB
Changes
Web SOC Monitor
Bulk VA
Logs Config VAM 1. IncidentRisk Big Board
Imports Reports
Actions Reporting 2. SOC Efficiency Monitor

Asset Reports
Exposure Reports
Incident Reports
Web Vulnerability KB Reports
FWs IDSs Apps CMDBs Scanners
Farm
& Config
Managers 29 Cloud Meets Big Data
29

RSA enVision Deployment
…to a distributed, enterprise-wide architecture

Scheduled Ad Hoc Realtime
Realtime Realtime eMail
Reports Reports Alerting
Correlation Alerting Alerts

Analyze Analyze
Collect
Remotely

Manage Manage Manage Manage Windows
Servers
Stockholm

Collect
Collect Collect Collect Collect Collect Collect Collect Collect Collect
Remotely

Storage Oracle Windows Netscreen Windows Trend Micro Storage Oracle
Cisco IPS Cisco IPS
Device Financial Server Firewall Workstation Antivirus Device Financial

Mexico India Europe China
Local Collection with Global Analysis

Fine Grain Role-Based Access Control

30

RSA

Objective 3:
“Ensure Compliance as per regulator and corporate
governance”

31


Real Time Analytics
RSA Archer (eGRC) (Netwitness)
Layer 3
Panorama SIEM
(Envision)
Policy Aggregate

Layer 2
Consoles

Map Monitor

Enforce - Protect
Layer 1
Identities Information Servers/Apps

32

The Security Incident Management Solution
Infrastructure Audit Trail

Collectors
Collects and manages

enVision
RSA enVision event data; Identifies
critical issues from log
data.

Event Database Reporting Event Rules Alerts

Seamlessly integrates
RSA Connector Framework SEIM infrastructure and
GRC platform.
Network Forensic Analysis
• Automated Malware analysis and
prioritization RSA Archer Incident Management
Supports complete
• Network Session Modeling incident lifecycle
• Network Forensic Store management from
identification to
Investigations Incidents Incident Events resolution.

RSA Archer Enterprise Management Brings business context
of asset information to
Incident Management
for prioritization and
reporting events in the
context of IT GRC.
Business Business
Hierarchy Product/Services Processes Information Applications Devices Facilities

33

Introducing the NetWitness Network Security
Analysis Platform

Automated Malware
Analysis and Prioritization

Automated Threat Reporting,
Alerting and Integration

Freeform Analytics for
Investigations and Real-time
Answers

Revolutionary Visualization
of Content for Rapid Review

34

RSA Incident Management
• Industry leading Security Incident and Event
Management (SIEM) technology for the automated
identification and escalation of high priority security
incidents

• Industry leading Incident Management solution that
can handle proactive incidents no matter how they are
detected giving complete flexibility in managing
incident workflow using Panorama reporting into GRC

• A GRC platform that brings unprecedented business
context to Incident Management processes and
incorporates security incidents into wider enterprise
Business risk management and compliance reporting and
Processes
actionable decisions.
Information
Devices

Applications

35

Creating Actionable Intel. from Data Overload

ITGRC: Data Governance , Risk, Incident BCM &
RBI Compliance Compliance Management
Assessment Process Controls Technical Controls •Nessus, Qualys,
VA and Threat Veracode, External
Process Control Testing Vulnerabilities Extreme Management threat feeds etc.

PCI DSS SAQ
Self Assessment Compliance High • Control
Exception Exception
Management
Management • Documented
ISO 27001 Assessment Mis-Configurations High Exceptions
ISO 27001
• User Groups
Assessment Access Extreme User Access • Roles and
BS25999 Assessment Permissions
Management

BS25999 Incidents Priority
Incidents Feed
Assessment
Assets Classification
Envision
Policy Comp.
Assessment
Inputs and Process Automation Layer

Other Incidents Asset Feed Asset Feed DLP Violations Feed

BCM Physical Security Information Asset
DLP
Incidents Incidents Assets Management (CMDB)

36

GRC Processes Automation Framework
Assessments (Risk,
Compliance, Audit, BCM,
and Vendor)
• Audit Management
• Audit Programs
• Risk Assessments
Governance • Compliance Assessments Monitoring
• Vendor Management
• Holistic GRC Reporting • BCM • Frauds
• Dashboard: Risk & Compliance • Monitoring of Compliance,
• Key Perf. Indicators (KPI) Vulnerabilities and Threats
• Key Risks Indicators (KRI) • Monitoring of the KRI, KPIs
• Key Controls • Findings Management
• Performance Mgmt • Remediation Plan Management
• Process Performance • Exception Management
• Governance (e.g. coverage) • Global SOC
• Performance & Quality Reviews • Global CERT

Enterprise Management GRC Portal
• Targets of Evaluation: Business • Corporate Communication
Processes, Business Units, • Content Delivery
Information Assets, • Compliance, Risk , BCM and Security
• Target of Reporting: Business
Hierarchy:
• Asset Classification
• Policy Management
Archer Awareness, Trainings, Surveys
• Website (single entry point)
• Incidents Reporting:
• Compliance,
• Risk Register • Security/Loss event
• Identification of the Risk from various
sources

37

Enabling Effective Security Incident Management

With RSA’s Security Incident Management Solution you can:

• Collect security relevant events
across your infrastructure

• Prioritize incidents based upon
business context

• Manage incidents and
investigations proactively to
combat APT

• Report on your security and
compliance posture

38

Conclusion: End-to-End Layered Protection is
required. “A Lock on the Door” is Not Enough

Enterprise
Governance Risk and Compliance

Internal SOC

On-Demand

39

RSA overall solution implementation
Business
Reporting
enVision

Geo Info
Division
Identity

Data
IPS
Archer
Event Aggregation

AV
EP
Auth

Incidents

Policies
Threats
WAF Data Enhancement
DLP
FW

WLAN URL
Department
Location

Regulation

Asset Value
AD

Panorama
SOC

Investigations
Netwitness

40

Cloud Compliance Architecture

41

Positive Business Outcome

The objectives of the customer were met with a cost effective Integrated
Solution
• Increase customer confidence in online transactions (30% increase YoY)

• Reduce the Fraud and AntiPhishing / Anti Trojan for customers (>60%)

• Provide 24X7 Visibility of the Network and report critical incidents

• Proactive monitoring to save against APT’s

• Automated Compliance Reporting meeting Corporate and regulations

42

Summary

Key Take aways:

A breach/Incident is inevitable the key is to reduce the “Window of
Vulnerability”

Use technology as a Business Enhancer rather than a cost

Your technology provider is a Partner not a Vendor choose Wisely

Risk Management is Strategic not Tactical - Scalable, Adaptive , Layered

RSA –EMC Can be that Partner

43

Question

With the presentation as a backdrop, what course would to take?

A. I would go ahead with an Integrated solution

B. I would go ahead with a Best of Breed Solution

C. I would go ahead with a Best for Need Solution

44

THANK YOU

45

Track 2, session 5, aligning security with business kartik shahani

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Track 2, session 5, aligning security with business kartik shahani

Similaire à Track 2, session 5, aligning security with business kartik shahani (20)

Plus de EMC Forum India

Plus de EMC Forum India (20)

Dernier

Dernier (20)

Track 2, session 5, aligning security with business kartik shahani

Notes de l'éditeur