1 / 16

Getting Ahead of Advanced Threats

Getting Ahead of Advanced Threats. Advanced Security Solutions for Trusted IT. Chezki Gil – Territory Manager Israel & Greece. Threats are Evolving Rapidly. Organized, sophisticated supply chains (PII, financial services, retail). Criminals. Unsophisticated. Anti-establishment vigilantes.

casey
Télécharger la présentation

Getting Ahead of Advanced Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory Manager Israel & Greece

  2. Threats are Evolving Rapidly Organized, sophisticated supply chains (PII, financial services, retail) Criminals Unsophisticated Anti-establishment vigilantes Terrorists Nation state actors PII, government, defense industrial base, IP rich organizations Organized crime Petty criminals Non-state actors “Hacktivists”Targets of opportunity PII, Government, critical infrastructure

  3. Business & IT are evolving rapidly too…

  4. Traditional Security is Not Working 99% of breaches led to compromise within “days” or less with 85% leading to data exfiltration in the same time 85% of breaches took “weeks” or more to discover Source: Verizon 2012 Data Breach Investigations Report

  5. Traditional Security isUnreliable Signature-based Perimeteroriented Compliance Driven

  6. EffectiveSecurity Systems need to be: Agile Contextual Risk-Based

  7. Resource Shift: Budgets and People Monitoring 15% Monitoring 15% Response 5% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 80% Prevention 33% Today’sPriorities Intelligence-DrivenSecurity

  8. Reducing Attacker Free Time Attacker Surveillance Attack Begins Discovery/ Persistence Attack Set-up Target Analysis Leap Frog Attacks Complete Access Probe System Intrusion Cover-up Starts Cover-up Complete Maintain foothold TIME ATTACKER FREE TIME Need to collapse free time TIME Physical Security Monitoring & Controls Containment & Eradication Response Impact Analysis Incident Reporting Threat Analysis Attack Forecast Recovery System Reaction Defender Discovery Damage Identification Attack Identified Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)

  9. How do Advanced Threats impact the business?

  10. The Aftermath of an Advanced Attack • Hard costs hurt • Emergency cleanup costs • Regulatory penalties • Customer restitution • Business process re-engineering • Soft costs really hurt • Missed opportunity due to cleanup focus • Loss of customer confidence • Decline in employee morale & goodwill

  11. What is the approach for the future?

  12. Today’s Security Requirements • Big Data Infrastructure • “Need a fast and scalable infrastructure to conduct short term and long term analysis” • Comprehensive • Visibility • “See everything happening in my environment and normalize it” • High Powered Analytics • “Give me the speed and smarts to discover and investigate potential threats in near real time” • Integrated Intelligence • “Help me understand what to look for and what others have discovered”

  13. RSA Security Analytics: Changing The Security Management Status Quo Unified platform for security monitoring, incident investigations and compliance reporting Network Security Monitoring High Powered Analytics Big Data Infrastructure Integrated Intelligence RSA Security Analytics Fast & Powerful Analytics Logs & Packets Unified Interface Analytics Warehouse SIEM Compliance Reports Device XMLs Log Parsing see data you didn’t see before, understand data you didn’t even consider before

  14. RSA Live Integrated IntelligenceHow Do I Know What To Look For? Gathers advanced threat intelligence and content from the global security community & RSA FirstWatch ® Automatically distributes correlation rules, blacklists, parsers, views, feeds Aggregates & consolidates the most pertinent information and fuses it with your organization's data   Operationalize Intelligence: Take advantage of what others have already found and apply against your current and historical data

  15. Security Analytics Architecture Enrichment Data Logs Packets EUROPE Incident Management THE ANALYTICS Reporting and Alerting Complex Event Processing NORTH AMERICA Investigation Free Text Search Asset Criticality DISTRIBUTED COLLECTION Malware Analytics Correlation Metadata Tagging Administration ASIA REAL-TIME Compliance WAREHOUSE LONG-TERM RSA LIVE INTELLIGENCE SYSTEM Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions

More Related