Transcription
RSAThe security division ofEMCVisibilidad total en el entorno de seguridadJavier Galvan – Systems Engineer Mexico & NOLA Copyright 2014 EMC Corporation. All rights reserved.1
When we talk about threatswe MUST talk aboutIndicator Of Compromise Copyright 2014 EMC Corporation. All rights reserved.2
Indicator Of CompromiseUnusual Outbound Network TrafficLook for suspicious traffic leaving the network.It's not just about what comes into your network, it's about outbound traffic as well.FeaturesDetect non-standard, obfuscated, ortunneled trafficDetect abnormal activity in endpointsDetect or restrict large file transfers tosuspicious destinations1Indicator of compromise Copyright 2014 EMC Corporation. All rights reserved.3
Indicator Of CompromiseAnomalies In Privileged User Account Activity“Changes in the behavior of privileged users can indicate that the user account inquestion is being used by someone else to establish a beachhead in your network”FeaturesDetect privilege escalationDetect attempted use of disabledcredentialsAuditing user access rights2Indicator of compromise Copyright 2014 EMC Corporation. All rights reserved.4
Indicator Of CompromiseWeb Traffic With Unhuman BehaviorHow often do you open 20 or 30 browser windows to different sites simultaneously?Are you able to click in milliseconds?FeaturesDetecting non-standard user agentsDetecting direct to IP requestsDetecting non-human click stream3Indicator of compromise Copyright 2014 EMC Corporation. All rights reserved.5
Reduce Attacker Free rsistence Leap aintain footholdTIMEATTACKER FREETIMETIMEPhysicalSecurityMonitoring verySource: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf) Copyright 2014 EMC Corporation. All rights esponseRecoverySystemReaction6
Characteristics of Security MaturityModelRISKVISIBILITYStep 1:Threat Defense Copyright 2014 EMC Corporation. All rights reserved.Step 2:Compliance andDefense-in-DepthStep 3:Risk-BasedSecurityStep 4:Business-Oriented7
RSA Security Management Compliance VisionDelivering Visibility, Intelligence and Governance Copyright 2014 EMC Corporation. All rights reserved.8
RSA Identity Management &GovernanceIdentities Visibility Copyright 2014 EMC Corporation. All rights reserved.9
RSA IDENTITY MANAGEMENT &GOVERNANCEA PHASED APPROACHPolicyAccess RequestVisibility &CertificationManagementAccount &EntitlementCollectionSegregationof DutiesAccess ReviewsJoiners, Movers,and LeaversDataVisibilityComplianceControls Copyright 2014 EMC Corporation. All rights reserved.AccessRequest PortalRole & GroupManagementRole Discovery& entGroup Analysis& Cleanup10
RSA Security AnalyticsLogs, Network and Malwarevisibility Copyright 2014 EMC Corporation. All rights reserved.11
RSA Security Analytics:Unified platform for security monitoring, incident investigations andcompliance reportingSIEMCompliance ReportsDevice XMLsLog ParsingRSA SecurityAnalyticsFast & PowerfulAnalyticsLogs & PacketsUnified InterfaceAnalytics WarehouseNetworkSecurityMonitoringHigh Powered AnalyticsBig Data InfrastructureIntegrated IntelligenceSEE DATA YOU DIDN’T SEE BEFORE,UNDERSTAND DATA YOU DIDN’T EVEN CONSIDER BEFORE Copyright 2014 EMC Corporation. All rights reserved.12
Logs Copyright 2014 EMC Corporation. All rights reserved.13
Packets Copyright 2014 EMC Corporation. All rights reserved.14
Copyright 2014 EMC Corporation. All rights reserved.15
RSA Live Copyright 2014 EMC Corporation. All rights reserved.16
Malware AnalysisLikely Zero-DayStatic AnalysisNetWitnessNextGenLikelySandbox AwareMalware Copyright 2014 EMC Corporation. All rights reserved.SandboxAnalysisCommunityHighly LikelyMalware17
RSA Web Threat DetectionOnline Channel Visibility Copyright 2014 EMC Corporation. All rights reserved.18
Web Threat DetectionCriminals Look Different than Customers VelocityPage SequenceOriginContextual Information Copyright 2014 EMC Corporation. All rights reserved.Proprietary and Confidential To Silver TailSystems19
Web Threat DetectionComplete Web Session Intelligence &Application Layer Threat VisibilityBeginning ofWeb SessionFinancialTransactionLoginSite ScrapingParameter InjectionCheckoutand LogoutMan In The BrowserAccount TakeoverVulnerability ProbingDDOS AttacksNew AccountRegistration FraudPromotion Abuse Copyright 2014 EMC Corporation. All rights reserved.Password GuessingAccess From High Risk CountryUnauthorized AccountActivityHigh Risk CheckoutMan In The Middle20
RSA Archer eGRCBusiness Visibility Copyright 2014 EMC Corporation. All rights reserved.21
RSA Archer eGRCGovernance, Risk and Compliance1.2.3.4.5.6.7.8.9.10.11.Enterprise ManagementPolicy ManagementRisk ManagementIncidents ManagementThreats ManagementCompliance ManagementBusiness ContinuityManagementVendors ManagementAudit ManagementVulnerability RiskManagement (VRM)Security OperationsManagement (SecOps) Copyright 2014 EMC Corporation. All rights reserved.22
RSA Archer eGRC Copyright 2014 EMC Corporation. All rights reserved.23
Dashboards & Reports Copyright 2014 EMC Corporation. All rights reserved.24
Big Data Copyright 2014 EMC Corporation. All rights reserved.Transforms Security25
RSA Security Analytics: Unified platform for security monitoring, incident investigations and compliance reporting SIEM Compliance Reports Device XMLs Log Parsing Network Security . Web Threat Detection Complete Web Session Intelligence & Application Layer Threat Visibility New Account Registration Fraud Account Takeover
