Rolta AdvizeX | RSA

BUSINESS-DRIVEN SECURITYIN THE AGE OF THE ADVANCED PERSISTENT THREAT

The Myth of PerfectionSome companies still believe that the best way to protect their business is to block every attack. It’s a strategy doomed to fail, because of the sheer force of cybercriminal activity being directed at organizations every day. In this age of the advanced persistent threat, the numbers aren’t on your side:

2

unique malware variations every month—including 12 million just for mobile devices.

new phishing websites are created every month.

ransomware attacks executed every day —a number that has grown 60X in the last 12 months and continues to grow.

1. Symantec.com, September 2017 Monthly Threat Report. 2. Nokia Threat Intelligence Report, March 2017.

3. US Government, “How To Protect Your Networks From Ransomware.4. Webroot Quarterly Threat Trends, September 2017.

Even if you could achieve perfection, you couldn’t afford it. You can stop malware at the perimeter with next-generation firewall technology, anti-malware and multifactor authentication—for much of the time anyway—but, eventually, the bad guys will get lucky. The question then becomes: What did they manage to get from us?

A far better strategy is to focus security investments around the needs of your business or organization, using a multilayered, holistic approach that goes beyond simple protection to build in resilience. This security approach layers defenses around your most valuable assets to create an impenetrable vault, rather than just a wall around your entire organization.

3

If you want to know where to focus your security efforts, look to where cybercriminals focus their attacks: on your private, sensitive, mission-critical and/or regulated data. Secure your important data, control access to it and you’ll minimize the impact of a breach on your operations. Fail to do that, and even a single breach can land you on the network news as the latest victim of cybercrime.

We call this a data-centric security model. This approach safeguards your business with multiple layers of security, starting at the core with your most valuable data. Surrounding that core are the layers of Identity, Network, Platform and Governance. Rolta AdvizeX created the data-centric security model from our years of experience building secure data centers, IT processes and security systems for hospitals, banks, government agencies and other customers. It aligns with broadly accepted models such as the NIST Cyber-Security Framework and leverages leading-edge technology from Dell Technologies and other security solution vendors to create a simple, seamless and secure architecture. Business-driven security is another way to think about this approach to safeguarding your data.

4

A Data-Centric Security Model

Data Security: Guarding Your Treasure

5

As individuals, we might put our wallets, jewelry or even our smartphone into a personal safe to keep them secure, but we probably wouldn’t put our shoes in there. What we’re really doing in those instances is a type of risk management, weighing value and risk against our security effort. Organizations should treat their data the same way. Not all of it needs to be handled as though it were mission critical. In a data-centric security strategy, the goal isn’t necessarily to protect and secure all your data to the same degree, but rather to understand which data requires your maximum-security effort.

Many organizations, unfortunately, treat all their data the same when it comes to security controls, which invariably results in overprotecting some data and underprotecting other data. Instead, organizations should classify their data into a few key categories: public, private, mission-critical and maybe one more category for specific types of regulated data. Creating too many categories can have an adverse effect on security by making it too complex for employees to access and use data—and that, in turn, can cause them to adopt unsafe workarounds such as storing business data on unsecured devices or in personal cloud storage.

6

Public

Private

Mission-Critical

Regulated

Organizations Should Classify Their Data into a Few Key Categories

Once you’ve identified the valuable data in your organization, then you can begin the task of designing security controls around how that data is stored, encrypted, used, shared, archived and recovered. As part of that data security strategy, organizations should have a backup plan that provides a clean, current copy of data in the event of data exfiltration or ransomware. A solution such as the Dell EMC Isolated Recovery Solution (IRS) can be invaluable in that role, as it provides an air-gapped copy of your data that can’t be reached by network breaches, making it impervious to ransomware and other forms of attack.

7

Planning Identify applications, recovery times and recovery point objectives.

Isolation Establish isolated environments disconnected from the network with software to create data copies and procedures to perform scheduled air gaps.

Recovery Establish procedures to perform recovery and remediation after an incident using regular restore practices.

Dell EMC Isolated Recovery Solution (IRS)

From a security standpoint, there are two key aspects to identity: who you are (authentication) and what you’re allowed to do (authorization). Multifactor authentication is still the best way to assure a user’s personal identity. Those multiple factors can include something you know (e.g., a password), something you have (e.g., a token) or something you are (e.g., biometric information such as a fingerprint scan).

8

Identity Security: Authentication & Authorization

Authorization is typically defined by a set of roles or permissions. For example, someone working in the finance department may be allowed to view financial data that another employee working in the marketing department would not. Problems arise when organizations don’t maintain good security hygiene by updating these permissions. It’s not unusual for organizations to unintentionally “grandfather” old permissions as employees change roles. This becomes problematic when authentication credentials are finally compromised by an attack, because it allows hackers to gain access to more data.

The best way to enforce trusted identification is with a complete authentication/authorization solution such as the RSA SecurID Suite. The SecurID Suite supports access controls across traditional network endpoints, mobile devices and even cloud-based resources to enable a single, consistent solution, complete with a holistic view of user identity (including multifactor authentication) across all threat vectors.

9

Network and Platform Security

10

Let’s go back to those big cloud providers we mentioned earlier: Amazon, Google, Microsoft. Can you think of something else they have in common? Your applications. If your enterprise is like most, your internal IT consumers are already using the big cloud providers to host some of their applications.

It’s not a question of loyalty, but agility. Traditional enterprise data centers weren’t designed to be ultra-responsive. It can take weeks to procure, provision and deploy the necessary resources in your data center to host new business applications. Compare that with minutes or hours using a hosted cloud service.

With the advent of the cloud and software-defined networking, network security is becoming increasingly complex to manage. To simplify network security management, VMware’s NSX Network Virtualization solution makes it possible for organizations to microsegment their network security using hundreds or thousands of policy-based firewalls that follow applications automatically through the lifecycle of each virtual machine (VM) as they are created and torn down. Microsegmentation leads to finely grained protection that blocks cybercriminals from moving laterally in the network, effectively quarantining malware and preventing large-scale data thefts.

11

Detecting network attacks can also be simplified with the right tools. Manual SIEM processes are ill-equipped to respond in real time to threats such as distributed denial-of-service (DDoS) attacks and ransomware, but tools that leverage automation such as the RSA NetWitness Suite can respond to these attacks in seconds. NetWitness works across the network and platform security layers, combing through logs, packets, netflows, endpoint memory, threat intelligence and other sources

to apply advanced analytics to that data, quickly identifying and responding to threats. This is a markedly different approach than traditional SIEM tools that aggregate mostly log data and perform limited analysis of it. Combined with managed security services such as SecureWorks that provide network monitoring and platform maintenance (e.g., software updates and patches), NetWitness is a powerful ally in securing the business at the network and platform layers.

12

The governance layer of security is where business drivers become security controls, in effect giving your organization’s security policy its marching orders. Governance includes not only the compliance drivers from federal or industry requirements (e.g., HIPAA, PCI DSS) but also the security drivers that come from the business itself. A data breach, for example, can have an impact on customer confidence and brand image that carries a price tag larger than any fine. The message of Business-Driven Security is one that brings business intelligence and security intelligence together to empower security across every layer of this model, supporting the needs of the business with security technology to combat the reality of advanced persistent threats.

13

Governance and Regulatory Requirements

Juggling multiple compliance drivers with the needs of the business can be challenging for organizations, making it hard to address these drivers in a coordinated and proactive manner. An important solution to managing security governance is to manage the process itself with a governance, risk and compliance platform such as the RSA Archer Suite. Another useful approach is to work with an experienced partner that can perform security assessments to uncover and resolve issues before they’re identified in an official audit, and can design holistic security programs to address them.

14

Security isn’t just an IT problem, it’s a business problem. That’s why organizations need to bring a broad group of stakeholders together to talk about the network, policies, technologies, applications, training, partners, customers and other issues that impact security. To get that conversation started—and arrive at an actionable roadmap for the future—Rolta AdvizeX offers its Security Advizer engagement. Security Advizer is a multi-phase consulting engagement that seeks to:

• Assess your organization’s security strengths and weaknesses;

• Identify which security practices are in place, and out of place, across your organization and its processes;

• Pinpoint which security initiatives you need to take, prioritized by risk and cost;

• Create an actionable plan that ensures your security investments have the greatest impact for your organization.

15

Security is a priority for every organization. As the threat landscape evolves and expands, organizations need to make sure they have not only the right products, but also the right people to help them detect, prevent and respond to new threats. With Rolta AdvizeX and the Dell Technologies family of companies—including RSA, SecureWorks and VMware—organizations have the tools and talent they need to protect their data and their brand with a customized, business-driven security model.

The transformation to business-driven security is a big step. Our data-centric security model helps organizations create the right foundation for security: driven by the business, focused on the data and based on hundreds of successful customer engagements. To learn how your business can get started on the path to a more secure future, visit us at advizex.com/contact and schedule a security overview meeting.

Teaming Up for Business-Driven Security

16

www.advizex.com

About Rolta AdvizeXSince 1975, Rolta AdvizeX has been a provider of advanced information technology solutions that enable optimal business performance. Recognized for technical innovation and excellence, Rolta AdvizeX designs, implements and manages integrated solutions from the industry’s best strategic business partners.

Adhering to our ”clients for life” philosophy, Rolta AdvizeX is focused on creating long-term customer relationships supported by our highly skilled teams based around the world.

For more information on Rolta AdvizeX, visit us online at www.advizex.com.