RSA, The Security Division of EMC
Zamanta Anguiano
The Age of the Hyperextended Enterprise
2
Hyperextended
Enterprise
Complex
Risk, Security and
Compliance Environment
Supply Chain
IT Consumerization
Customer
Services
Innovation
Collaboration
Expanding
Identities
Exploding
Information
Evolving
Infrastructure
Increasing
Regulations
BUSINESS ISSUES
IMPACT
Virtualization and
Cloud Computing
Point Tool Policy Team
Traditional Approach
Point Tool Policy Team Point Tool Policy Team Network Endpoint ApplicationsSiloed
Inflexible
Inconsistent
Costly
Our Customers Are Asking Themselves
4
Am I secure?
Am I compliant?
Where do I have gaps?
How do I prioritize?
Our Customers Are Asking Themselves
5
Can I do this affordably?
Meeting our Customers’ Challenges
Prove
Compliance
Consistently &
Affordably
Secure
Virtualization
& Cloud
Computing
Secure Access
for Increased
Mobility &
Collaboration
Manage Risk
and Threats
Throughout
Enterprise
6 How?Managing Risk and Threats
7
No clear visibility to
threats and exposures
Inability to adequately
What We’ve Heard
Risk and Threat Management
CHALLENGE
Single dashboard for managing risk
Regular feed of current and relevant threat information
Gap analyses and security assessments Ability to
discover, monitor and protect sensitive data as it travels Automated incident and threat management process integrated with embedded detection tools and controls Easy-to-use tools for dashboarding compliance, reporting, forensics analysis Siloed view of risk
“
”
Can’t respond quickly enough to incidents”
“
Don’t have a good handle on vulnerabilities”
“
Security measures don’t address internal and external threats”
“
Difficult to prioritize threats and incidents”
“
8 MENUREQUIREMENT
SOLUTION
Comprehensive view of external threats, sensitive data
What We’ve Heard
Fraud Management
CHALLENGE
24 x 7 x 365 dedicated anti-fraud cybercrime operationAbility to share cybercrime across thousands of networked organizations Accurate, real-time
fraud/threat detection with minimal impact to user experience
Layered defense strategy to safely offer new products and services Knowledge and prevention of fraud losses MENU 9 Difficult to balance tradeoff between strong security and user
experience
“
”
Can’t keep pace with cybercriminal
innovation and tactics
“
”
Unaware of the money, credentials, assets identities that my business is losing
“
”
Prevented from offering new services/products due to lack of controls“
”
REQUIREMENT
SOLUTION
Cybercrime defense strategy to prevent unauthorized use
Prove Compliance Consistently
and Affordably
10
Difficult to keep track of
changing regulations
Time consuming
manual processes
Unclear view of
compliance posture
What We’ve Heard
Prove Compliance Consistently and Affordably
CHALLENGE
Centralized policy system powered by content from a community of experts Automated compliance process integrated with well-defined controls and reportingStreamlined, repeatable system
Ability to discover, monitor and protect sensitive information
Real-time alerting
Flexible dashboards and reports for compliance
Tailored dashboards to get the right information to the right people when they need it
11 MENU
Can’t keep up with changing regulations
“
”
Wasting time and money with inefficient, manual processes
“
”
“
Not sure if we’re non-compliant”
No way to communicate compliance posture throughout the organization
“
”
REQUIREMENT
SOLUTION
Easier audits, minimized exposure, improved focus
Secure Access for Increased Mobility
and Collaboration
12
Lack of confidence in
secure access
Struggle with
one-size-fits-all security
Security impeding new
business initiatives
What We’ve Heard
Secure Access for Increased Mobility and Collaboration
CHALLENGE
Strong authentication for workforce, partners customers
Flexibility to enforce policies and controls – by user, document, site or transaction
Range of authentication mechanisms for various applications and profiles Single sign-on capabilities for reduced costs and increased user satisfaction
Global threat detection and takedown
Corporate identities, credentials and systems recovery
Confidence that only legitimate users are accessing
your information
Ability to monitor all user activity on the network
13 MENU
Unclear who is remotely accessing our systems and what they are doing inside the network
“
”
Users bypass cumbersome security mechanisms --putting corporate resources at risk
“
”
Not prepared to address attacks against our organization
“
”
Security is impeding new business
initiatives such as VDI and outsourcing
“
”
REQUIREMENT
SOLUTION
Enable collaboration between employees, partners
Securing Virtualization and Cloud
14
Security is
impeding adoption
Proceeding without security
policies and processes
Lack of visibility
and control
What We’ve Heard
Virtual Desktop Security
CHALLENGE
Expertise and best practices for secure Virtualization; EMC, VMware and RSA
Identify and protect sensitive information in use on virtual desktops
Two factor authentication for user and
administrator access
Monitor security events across VDI to integrate into existing security operations and compliance reporting
15 MENU
Slow VDI rollout due to security concerns; Increasing costs and risks
“
”
Lack of control over information on 3rd party desktops and employee
laptops
“
”
“
Need to protect access to VDI”
Visibility into security events and compliance across VDI
“
”
REQUIREMENT
SOLUTION
Realize business benefits of virtualizing desktops
What We’ve Heard
Virtual Business Applications Security
CHALLENGE
Enforce a single data security policy -- physical and virtual
Collect and correlate security and compliance events – physical and virtual
Enforce secure access for privileged users
Integrated solution to secure the virtual
infrastructure, access to it, and information within it Expertise and best
practices for secure virtualization – EMC, VMWare, RSA
MENU
Need to better understand security and compliance risks in virtualized
environment
“
”
Lack the visibility and controls in a virtualized environment that we have in physical IT environment
“
”
Our virtual servers are less secure than the physical servers they replace
“
”
REQUIREMENT
SOLUTION
Realize the benefits of virtualization for mission critical
BUSINESS DRIVERS
How We Do It
System for Managing Security, Risk and Compliance
Define Policy
Map to Controls
Assess Risk and
Report
Add
Context
Monitor | Audit | Report
Correlate
Collect
Manage
Monitor
Detect
Enforce
IDENTITIES
INFRASTRUCTURE
INFORMATION
Manage Governance, Risk + Compliance
RSA Archer eGRC Suite
MAAGTIC
Why our Customers Choose RSA
Integrated Approach to Managing
Security, Risk and Compliance
Connecting governance, evidence and
controls
Industry Leadership &
Market-Leading Products and Services
Authentication, Data Loss Prevention,
eGRC, SIEM, Web Fraud Protection
Out-of-the-Box Expertise
…about regulations, threats and best
practices, built by teams of experts
20