Rashmi Knowles
•
Transformation of IT
•
New cyber-security challenges
•
Intelligence Driven Security
•
Security Analytics
•
Q&A
SERVI
CE
P
RO
VID
ER
EN
TERPRI
SE
DA
TA CEN
TER
A UNIQUE FEDERATION OF COMPANIES
Delivering The Software-Defined Enterprise. Solutions & Choice.
BIG DATA SOLUTIONS
PLATFORM AS A SERVICE
AGILE APPLICATION DEVELOPMENT
ENTERPRISE MOBILITY
SOFTWARE-DEFINED DATA CENTER
INFORMATION INFRASTRUCTURE
CONVERGED INFRASTRUCTURE
A
DV
A
NCE
D
SE
C
UR
ITY
Partners
vCloud
Hybrid Service
vCloud
Hybrid Service
Mainframe, Mini Computer
Terminals
LAN/Internet Client/Server
PC
Mobile Cloud Big Data Social
Mobile Devices
MILLIONS
OF USERS
THOUSANDS
OF APPS
HUNDREDS OF MILLIONS
OF USERS
TENS OF THOUSANDS
OF APPS
BILLIONS
OF USERS
MILLIONS
OF APPS
2010
1990
DEMANDS OF NEW IT
Process Vast Quantities
Of Customer & Partner
Data In Real Time &
Build Predictive Models
Of The Future
10101010100101010 011001010101110010 1101010100101011111
Customers & Employees
Want Immediate,
Frictionless Access Through
Mobile Devices
DEMANDS OF NEW IT
Build New Customer-Centric
Applications & Rapidly
Iterate Based On Community
Feedback.
Immediate Access To Low
Cost, Elastic Compute,
Storage & Network
Infrastructure
CYBER SECURITY TRANSFORMATION
Security Is Perimeter-Based &
Focused On Intrusion Prevention
MONITOR
RESPOND
PREVENT
64%
Old IT
Big Data Store
NETWORK
PACKETS
LOG FILES
IT ASSETS
INFORMATION
ASSETS
Adaptive, Data-Driven
Security
Inevitability of Compromise
DOESN’T EQUATE TO INEVITABILITY OF LOSS
A New Security
Model and
Customers
Partners
Third-Parties
On-
Prem
Mobile
Employees
BYOD
Cloud
Shadow IT
We can no longer rely on infrastructure as a point of control
We must mitigate risks as the org uses IT to drive forward
SECURITY & RISK CHALLENGES
Identity & Access
Management
Threats
Fraud &
Cybercrime
Compliance
Customers
Partners
Third-Parties
On-
Prem
Mobile
Employees
BYOD
Cloud
Shadow IT
ATTACK TYPES
Trojans
Ice 9
BOT Attacks
Zero Day
DDos
Watering hole
Citadel
Dugat
Keyloggers
Malware
Tatanga
SQL Injection
Odd Ball
Drive-by download
Gozi
Stuxnet
Zeus
Man-in-the-browser
Cross-site scripting
It will become increasingly difficult to secure infrastructure
A NEW SECURITY WORLD
We must focus on people, the flow of data
and on transactions
Visibility, Analysis, Action in Context of Business & IT Risk
INTELLIGENCE DRIVEN SECURITY
BUSINESS & IT RISK CONTEXT
ACTION
VISIBILITY
ANALYSIS
Act to mitigate business
damage or loss
Detect Anomalies that
indicate risks or threats
Collect data about what
matters
Visibility + Analytics =
Priority
Analytics
Solution that turns security issues into intelligence driven actions giving you
priority, results and progress.
INTELLIGENCE DRIVEN SECURITY
Security Issue
Action
Priority + Action =
Results
Speed
Response Time
2
Decrease
Dwell Time
1
TIME
Attack Identified
Response
System
Intrusion
Begins
Attack
Cover-Up
Complete
ADVANCED THREATS ARE DIFFERENT
Cover-Up Discovery
Leap Frog Attacks
3
STEALTHY
LOW AND SLOW
1
TARGETED
SPECIFIC OBJECTIVE
2
INTERACTIVE
HUMAN INVOLVEMENT
SHIFT IN PRIORITIES AND CAPABILITIES
Today’s
Priorities
Prevention
80%
Monitoring
15%
Response
5%
Prevention
80%
Monitoring
15%
Response
5%
Prevention
33%
Intelligence-Driven
Security
Monitoring
33%
Response
33%
•
Focus on early detection of breaches to minimize your window
of vulnerability.
•
Move backward in the ‘Kill chain’
•
The key is actively preserving, aggregating and reviewing data
to detect a potential intrusion but also for post-event forensics
A MODERN INVESTIGATION
… is a big data analytics problem…
Attack
Begins
System
Intrusion
Attacker
Surveillance
Cover-up
Complete
Access
Probe
Leap Frog
Attacks
Complete
Target
Analysis
TIME
Attack
Set-up
Persistence
Discovery/
Maintain foothold
Cover-up
Starts
•
Are we seeing
suspicious
transactions against
sensitive/high value
apps/assets
Sources
WFD
Transaction
Monitoring
Transactions
•
Has the server been
manipulated?
•
Is it vulnerable? Has
its config changed
recently?
•
Is it compliant with
policy?
Sources
GRC System
Config Mgmt
Infrastructure
Are there traffic
anomalies to/from these
servers
Protocol Distribution
Encryption
Suspicious destinations
Sources
Netflow
Network Forensics
Traffic
• Which users were
logged onto them
Have their priv. been
escalated?
Where did they log in
What else did they
touch?
Sources
Active Directory
Netflow
Server Logs
Identity
•
What kind of data
does this system
store, transmit,
process?
•
Is this a regulatory
issue? High value IP?
Information
Sources
DLP
Data Classification
GRC
Big Data Fuels Intelligence Driven Security
Advanced Security Operations
Identity and Access Management
Governance, Risk and Compliance
Solutions engineered to deal with the volume, velocity and variety of data sources you need to process
BIG DATA SOLUTION FOR BIG DATA PROBLEM
INGEST
STORE
ANALYZE
SURFACE
ACT
CAPTURE & ENRICH
MULTIPLE DATA SOURCES
& ANALYTICS TO DETECT COVERT
‘OUT OF THE BOX’ DATA SCIENCE
CHANNELS
REPORT & BUILD DATA DRIVEN
APPS TO ACT ON INSIGHT
Security Operations
