• No results found

Joining Forces: Bringing Big Data to your Security Team

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Joining Forces: Bringing Big Data to your Security Team"

Copied!
21
0
0

Loading.... (view fulltext now)

Download now ( 21 Page )

Full text

(1)

Joining Forces: Bringing Big Data

to your Security Team

Alaa Abdulnabi, CISSP

RSA Regional Pre-Sales Manager

Turkey, Middle East & Africa

(2)

Facteurs de mutation du marché

Transformation de

l’infrastructure

Appareils mobiles

Cloud

Moins de contrôle sur les

périphériques d’accès et

sur l’infrastructure

back-end

Transformation du

paysage

des menaces

Menaces

avancées

persistantes

Techniques de

fraude élaborées

Des tactiques

fondamentalement

différentes, plus

redoutables que jamais

Transformation de

l’entreprise

Encore plus hyperétendue

et numérique

Effectifs

étendus

Chaînes

de valeur

interconnectées

Big

Data

(3)

INTRUSION

ATTACK FOCUS ON

PREVENTION

DEFENSE FOCUS ON

(4)

Source: Verizon 2012 Data Breach Investigations Report

weeks

or more

to discover

85%

of

breaches

Breach response

under

2 hours

60%

reduced risk

(5)

Accélérer

le temps de réponse

2

Réduire

la fenêtre

d’attaque

1

TEMPS

Identification de

l’attaque

Réponse

Intrusion

dans

le système

Début de

l’attaque

dissimulation

Fin de la

Des menaces avancées radicalement

différentes

Découverte de la

dissimulation

Attaques par rebonds

1

CIBLÉES

OBJECTIF PRÉCIS

FURTIVES

DISCRÈTES

ET LENTES

2

3

INTERACTIVES

INTERVENTION HUMAINE

Fenêtre

(6)

Profile of Attack: Data Exfiltration

Unusual Network Traffic

Multi-connections tunneled over non-standard port

Authentication Check

Directory logs authorized credentials from unknown IP

Authorization Checks

VPN & Host log multiple credentials on multiple servers

Ex-filtration

Encrypted ZIP transmitted out of corporate network

2

1

******

PASSWORD

3

4

(7)

Réallocation des ressources budgétaires

et humaines

Priorités

actuelles

Prévention

80 %

Surveillance

15 %

Réponse

5 %

Prévention

80 %

Surveillance

15 %

Réponse

5 %

Prévention

33 %

Sécurité

intelligente

Surveillance

(8)

To improve detection, investigation, & response

organizations need

OPTIMIZED

INCIDENT

MANAGEMENT

“Enable me to

manage the

incidents”

COMPREHENSIVE

VISIBILITY

“Analyze

everything that’s

happening in my

infrastructure”

ACTIONABLE

INTELLIGENCE

“Help me identify

targets, threats &

incidents”

AGILE

ANALYTICS

“Enable me to

efficiently analyze

and investigate

potential threats”

(9)

BIG DATA

IS WHERE

(10)

Security Analytics

Source: EMC Study, “Data Science Revealed: A Data-Driven Glimpse into the Burgeoning New Field,” December 5, 2011

Traditional:

Collect and report on

existing data

to

monitor

and

manage

risk

Advanced:

Advanced analytics and

algorithms generate

predictive

insights

and

active controls

(11)

Systems

Data

Apps

Public & Private Threat Intelligence

Governance

Network

Security Analytics Platform

Compliance

Incident

Management

Remediation

Investigate

& Analyze

Visualize

Respond

Alert &

Report

Analytics

Big Data

Store

(12)

RSA FirstWatch

®

RSA ‘s elite, highly trained global threat research

& intelligence team

Providing covert and strategic threat intelligence

on advanced threats & actors

Focused on threats unknown to the security

community

Malicious code & content analysis

Threat research & ecosystem analysis

Profiling threat actors

Research operationalized automatically via RSA

(13)

Prioritize Security Analyst Efforts

Finding the Right Needle in a Stack of Needles

Create Critical Asset Alerts

A few dozen alerts

Terabytes of Data

100% of total

Thousands of Data Points

5% of total

Hundreds of Data Points

0.2% of total

All Network

Traffic & Logs

Downloads

of executables

Type does

not match

extension

(14)

Asset Criticality Intelligence

RSA Security

Analytics

Criticality

Rating

Device Owner

Business Owner

Business Unit

Process

RPO / RTO

Biz Context

RSA ACI

Asset Intelligence

IP Address

Criticality Rating

Business Unit

Facility

Security analysts

now have asset

intelligence and

business context to

better analyze and

prioritize alerts.

Asset List

Device Type

Device IDs

Content

(DLP)

Category

IP/MAC Add

IT Info

(15)

Asset Criticality Intelligence in

Security Analytics

Helps analyst

better understand

risk

To prioritize

investigation &

response

Asset criticality

represented as

metadata

(16)

Offload response

from security

analyst

Enhances

management

visibility

Accelerates

remediation

Manage entire

incident lifecycle

(17)

RSA Security Analytics

Content-level Intelligence

Security

Analyst

RSA Data Discovery for Security Analytics

Discover sensitive data & improve investigations with DLP

RSA Data

Discovery

Data Discovery

Feed

SharePoint

File

Servers

Databases

(18)

RSA Data Discovery for Security Analytics

Investigative Interface

Data Discovery

attributes

available in

SA

Investigation

UI help Security

Analysts identify

high risk assets

and prioritize

investigations

(19)

RSA ECAT Key Functionality & Benefits

Live Memory Analysis

Direct physical disk inspection

Full System Inventory

Network Traffic analysis

Certificate Validation

Multi-engine AV scan

File Whitelisting

X-ray view of what’s happening on

endpoints

Identify behavior related to malware

Highlight likely infections with

Machine Suspect Level (MSL)

Find other infected machines &

gauge scope of breach

Forensic data gathering

Quickly triage results to gain

(20)

Syslog alert of high Machine

Suspect Levels

Advanced Threat Detection & Incident Management

with RSA SMC Portfolio

Alerts Based

on Rules

RSA Security Analytics

Capture & Analyze – NW Packets, Logs &

Threat Feeds

RSA Advanced Incident

Mgmt. for Security (AIMS)

Business & Security Users

Group

Alerts

Workflows

Manage

Visibility

Provide

RSA ECAT

(21)

References

Download now ( PDF - 21 Page - 2.69 MB )

Related documents

Bayesian Modelling of Induced Responses and Neuronal Rhythms

In this section, we summarize some theoretical results and show how (i) parametric empirical Bayes (PEB) can be used to quantify group effects in multi-subject studies—by

On efficient simulation in dynamic models

Keywords: Dynamic models, Monte-Carlo (MC), Variance Reduction Technique (VRT), Antithetic Variate (AV), Control Variate (CV), Efficiency Gain (EG), Response Surface

David Vago Midwest Asset Management Consultants Tom DeLaura Eramosa International

 The Business Risk Score for any given asset is. derived by multiplying the condition score by the criticality score by the risk

Epenthesis Positioning and Syllable Contact in English and French

Though it is well known that in both English and French, schwa epentheses for emphasis arise for some pragmatic reasons, and as such the epenthesis improves on the

A Comparison of Prescriber-Based Opioid Addiction Prevention Strategies: An Integrative Literature Review

For prescriber continuing education, queries were completed in PubMed and Cumulative Index to Nursing and Allied Health Literature (CINAHL) complete. PubMed and CINAHL were used

General screening criteria for shale gas reservoirs and production data analysis of Barnett shale

This could immensely help future studies on Barnett Shale core producing region, as wells could be studied lease wise and their production data is readily available with

Preflex Girder

Figure 9: The cross section of the pre-cast, pre-stressed reinforced concrete and the PREFLEX beam.. In case of the hand-calculating, analytic method, we have to sum the

TR-064 Support AppSetup

string IPSecIdentifier in IPSec identifier string IPSecPreSharedKey in IPSec pre-shared-key string IPSecXauthUsername in Username for xauth string IPSecXauthPassword in Password