Security Operations Centers in action Richard Nichols
Transcription
Security Operations Centers in action Richard Nichols
RSA Advance Security Operations Center Solution Richard Nichols Security Analytics & Global Accounts Director #RSAemeaSummit © Copyright 2014 EMC Corporation. All rights reserved. 1 The RSA Perspective The attack surface is expanding Attackers are becoming more sophisticated Existing strategies & controls are failing Security teams are missing attacks Teams need to increase experience & efficiency Tools & processes must adapt to today’s threats © Copyright 2015 EMC Corporation. All rights reserved. 2 Cyber-Espionage Detection 99% Percent of successful attacks that went undiscovered by logs Percent of incidents that took weeks or more to discover 83% - VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT © Copyright 2015 EMC Corporation. All rights reserved. 3 Cyber-Espionage Detection 85% Percent of cases where victims learned about their breach from an external party Percent of incidents that took weeks or more to discover 83% - VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT © Copyright 2015 EMC Corporation. All rights reserved. 4 Attackers Are Getting Stronger Attacker Capabilities Time To Discovery - VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT © Copyright 2015 EMC Corporation. All rights reserved. 5 SECURITY & RISK CHALLENGES Detecting & Stopping Threats Customers Partners Third-Parties Cloud OnPrem Managing Identities & Access Shadow IT Mobile Employees BYOD Preventing Fraud & Cybercrime © Copyright 2015 EMC Corporation. All rights reserved. Ensuring Compliance 6 Be the hunter, not the hunted © Copyright 2015 EMC Corporation. All rights reserved. 7 TRANSFORM Visibility Analysis Intelligence-Driven Security Action © Copyright 2015 EMC Corporation. All rights reserved. 8 See More Visibility P L E N Packets, Logs, Endpoints, NetFlow © Copyright 2015 EMC Corporation. All rights reserved. Capture Time Data Enrichment Business & Compliance Context 9 Understand Everything Analysis Correlate Multiple Data Sources © Copyright 2015 EMC Corporation. All rights reserved. Endpoint Threat Detection Out-of-the-box Content Big Data & Data Science 10 Investigate & Remediate Faster Action Prioritized & Unified Analyst Workflow © Copyright 2015 EMC Corporation. All rights reserved. Investigate down to finest details Integrate SOC Best Practices 11 Building an ASOC is a Journey Optimizing Quantitatively Managed Defined Managed Initial © Copyright 2015 EMC Corporation. All rights reserved. Incident Response is a Key Force of an organization’s security defenses & risk management (10% of Organizations)* Incident Response as an Emerging security function (25% of Organizations)* Ad Hoc Incident Response (65% of Organizations)* * ”The Critical Incident Response Maturity Journey” RSA White Paper – Dec 2013 12 Capabilities Along Maturity Level Initial Managed Ad Hoc Emerging Incident Mgt Quantitatively Managed / Optimizing Key Force Analyst Effectiveness Clearing Known Alerts • Alert aggregation • Basic Workflow Defined SOC Program Effectiveness Risk Based View Of SOC Program SecOps Capabilities Leveraged • Business Context • Multiple analyst workflow • Prioritize based on context • IR Procedures - OOTB © Copyright 2015 EMC Corporation. All rights reserved. • Customized IR procedures • Tiered analyst workflow • SOC Program Mgmt. • Team Management • Shift management • Breach preparedness • Continuous improvement • Security Control efficacy • Risk based view of IR • Link to overall GRC KPIs 13 Domain RSA Security Operations Management Process RSA SecOps People Incident Response © Copyright 2014 EMC Corporation. All rights reserved. Framework & Alignment Breach Response Technology SOC Program Management 14 Benefits Detect and analyze before attacks impact the business Investigate, prioritize, and remediate incidents Unleash the potential of your existing security team Evolve existing tools with better visibility & workflow © Copyright 2015 EMC Corporation. All rights reserved. 15 EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.