4. Evolution of Attack Vectors
Significant impact
on business
bottom line
Targeted malware APTs
Damage/Sophisticati
Hybrid Worms Coordinated attacks
Web-application
Rootkits attacks
Financial Backdoor
Botnets
DoS/DDoS Trojans
Worms Spyware
Spam
Viruses Phishing
on
Minor Annoyance
Hobbiest / Script Kiddies Threat Actors Nation States
Petty Criminals Organize Crime
Non-State Actors / Cyber Terrorists
4
5. Anatomy of an Attack
Attacker
Surveillanc Attack
e Target Attack Begins Discovery/
Leap Frog
Analysis Set- Persistenc
Access up System Attacks
Cover-up e
Probe Intrusion Complete Cover-up
Starts
Complete
Maintain foothold
TIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
5
6. Anatomy of a Response
TIME
Physical Monitoring & Containme
Security Controls nt &
Impact Respons
Eradication
Incident e
Threat Attack Analysi
Forecast Reportin Recover
Analysi s
g System y
s Defender
Damage Reactio
Discovery Attack n
Identificati
Identified
on
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
6
7. Reducing Attacker Free Time
Attacker
Surveillanc Attack
e Target Attack Begins Discovery/
Leap Frog
Analysis Set- Persistenc
Access up System Attacks
Cover-up e
Probe Intrusion Complete Cover-up
Starts
Complete
Maintain foothold
TIME
ATTACKER FREE
TIME
TIME
Need to collapse free time
Physical Monitoring & Containme
Security Controls nt &
Impact Respons
Eradication
Incident e
Threat Attack Analysi
Analysi Forecast Reportin Recover
s
s g System y
Defender Reactio
Discovery Damage
Attack n
Identificati
Identified
on
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
7
9. Advanced Threats
83%
of organizations believe they have
65%
of organizations don’t believe they have
been the victim of an Advanced sufficient resources to prevent
Threats Advanced Threats
91%
of breaches led to data compromise
79%
of breaches took “weeks”
within “days” or less or more to discover
Source: Ponemon Institute Survey Conducted “Growing Risk of Advanced Threats”
Source: Verizon 2011 Data Breach Investigations Report
10
10. Mean Time to Detect (MTTD)
Source: Ponemon Institute
11
15. As a result
Organizations are…
poorly unable to responding in a
prepared for detect attacks manner that is
advanced in a timely chaotic and
threats manner uncoordinated
16
17. Security must Ensure…
Enterprise
…only the
Admins Users right people
Data Center
Applications
…access
ITaaS Management
CRM ERP BI *** critical
applications &
Information
information
Infrastructure …over an I/F
we trust.
18
18. Disruptive Forces
Enterprise
…only the Mobile
User Access
Admins Users right people Transformation
Data Center
Applications
…access
Advanced
ITaaS Management
CRM ERP BI *** critical Threat Landscape Threats
applications & Transformation
Information
information
Infrastructure …over an I/F Cloud
we trust. Back-end I/F
Transformation
19
19. The New IT Model
Enterprise Clouds
• Scenario Managed Unmanaged
Web
Devices Devices
Admins Users From the Cloud
To DC
Mobile Apps
Data Center
Direct to Apps Direct to Cloud
SaaS
Applications
VPN into DC
ITaaS Management
ITaaS Management
CRM ERP BI ***
PaaS
Information
Private
Cloud
IaaS
Infrastructure
Community
20
20. The Security Stack
ENTERPRISE CONTROL LAYER MANAGEMENT LAYER
IDENTITY ADMIN &
PROVISIONING
IDENTITY
DEFINE POLICY
Admins Users ACCESS CONTROLS
To DC
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
Data Center
DLP CONTROLS
INFORMATI
Applications
ON
ENCRYPTION/TOKENIZATION I/F
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
Information MANAGEMENT
SECURITY
DETECT Potential Threats
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS RESPOND to Attacks
APPLICATION CONTROLS
21
21. THE CONTROL LAYER
ENTERPRISE CONTROL LAYER
CONTROL LAYER MANAGEMENT LAYER
IDENTITY ADMIN &
IDENTITY ADMIN &
PROVISIONING
PROVISIONING
IDENTITY
DEFINE POLICY
Admins Users ACCESS CONTROLS
ACCESS CONTROLS
To DC
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
Data Center
ENCRYPTION/TOKENIZATION I/F
ENCRYPTION/TOKENIZATION I/F
INFORMATI
Applications
ON
DLP CONTROLS
DLP CONTROLS
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
INFORMATION RIGHTS
Information MANAGEMENT
MANAGEMENT
SECURITY
DETECT Potential Threats
ENDPOINT CONTROLS
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS
NETWORK/MESSAGING CONTROLS RESPOND to Attacks
APPLICATION CONTROLS
APPLICATION CONTROLS
22
22. The Management Layer
ENTERPRISE CONTROL LAYER MANAGEMENT LAYER
MANAGEMENT LAYER
IDENTITY ADMIN &
PROVISIONING
IDENTITY
DEFINE POLICY
DEFINE POLICY
Admins Users ACCESS CONTROLS
To DC
MAP POLICY
MAP POLICY
GRC
IDENTITY & ACCESS GOVERNANCE
MEASURE POLICY
MEASURE POLICY
Data Center
ENCRYPTION/TOKENIZATION I/F
INFORMATI
Applications
ON
DLP CONTROLS
ITaaS Management
CRM ERP BI ***
OPERATIONS (SOC)
INFORMATION RIGHTS
Information MANAGEMENT
SECURITY
DETECT Potential Threats
DETECT Potential Threats
ENDPOINT CONTROLS
INFRASTRU
INVESTIGATE Attacks
INVESTIGATE Attacks
CTURE
Infrastructure NETWORK/MESSAGING CONTROLS RESPOND to Attacks
RESPOND to Attacks
APPLICATION CONTROLS
23
23. Critical Questions
what what is how do I
matters? going on? address it?
Governance Comprehensive Visibility Actionable Intelligence
24
26. The Next Gen SOC
Comprehensive Agile
Visibility Analytics
“Analyze everything that’s “Enable me to efficiently
happening in my analyze and investigate
infrastructure” potential threats”
Actionable Optimized Incident
Intelligence Management
“Help me identify targets, “Enable me to manage
threats & incidents” these incidents”
27
28. Value of RSA Solutions
Traditional Approach RSA’s Approach
GOVERNANCE INTELLIGENCE
GOVERNANCE INTELLIGENCE
VISIBILITY
VISIBILITY
• Discrete products in silos • Transparent data flow between
• Multiple vendors for each products
product • Single vendor – tested integrations
• Manual process to transfer data • Very high operational efficiencies
• High TCO and low efficiency • Lower TCO and faster time to value
29
29. RSA Approach
Manage Business Risk,
GOVERNANCE Policies and Workflows
ADVANCED
Collect, Retain and Analyze Internal
VISIBILITY AND and External Intelligence
ANALYTICS
INTELLIGENT
Rapid Response and Containment
CONTROLS
Cloud Network Mobility
30
30. Meeting our Customers’ Challenges
with RSA Thought Leadership
Manage Risk Prove Secure Access Secure
and Threats Compliance for Increased Virtualization
Throughout Consistently & Mobility & & Cloud
Enterprise Affordably Collaboration Computing
31