1© Copyright 2015 EMC Corporation. All rights reserved.

RSA Advanced Security OperationsRichard Nichols, Director EMEA

2© Copyright 2015 EMC Corporation. All rights reserved.

What is the problem we need to solve?

3© Copyright 2015 EMC Corporation. All rights reserved.

VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT

Attacker

Capabilities

Defender

Capabilities

…..and the Gap is Widening

Attackers Are Outpacing Defenders

The defender-detection deficit

4© Copyright 2015 EMC Corporation. All rights reserved.

Why Security Defenses Are Failing – The Strategic View

Tools & processes must adapt to today’s threats

Security teams are missing attacks

Teams need to increase experience & efficiency

Existing strategies & controls are failing

Attackers are becoming more sophisticated

The attack surface is expanding

5© Copyright 2015 EMC Corporation. All rights reserved.

At first, there were HACKS Preventative controls filter known attack paths

Evolution of Threat Actors & Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

Corporate Assets

Whitespace Successful HACKS

6© Copyright 2015 EMC Corporation. All rights reserved.

At first, there were HACKS Preventative controls filter known attack paths

Then, ATTACKSDespite increased investment in controls, including

SIEM

Evolution of Threat Actors & Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

More Logs

Corporate Assets

SIEM

Blocked Session

Blocked Session

Blocked Session

Alert

Whitespace Successful ATTACKS

7© Copyright 2015 EMC Corporation. All rights reserved.

Now, successful ATTACK CAMPAIGNS target any and all whitespace.

Complete visibility into every process and network sessions is required to eradicate the attacker

opportunity.

Unified platform for advanced threat detection & investigations,

Evolution of Threat Actors & Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

Logs

Endpoint Visibility

Corporate Assets

Blocked Session

Blocked Session

Blocked Session

Alert

Process

Network Visibility Network Sessions

Secu

rit

y A

naly

tics

8© Copyright 2015 EMC Corporation. All rights reserved.

How can we address the problem?

9© Copyright 2015 EMC Corporation. All rights reserved.

Shift from Prevention to Detection & Response

“By 2020, 60% of enterprise information security budgets will be allocated to rapid

detection and response approaches — up from less than 10% in 2014.”

--Neil Macdonald and Peter Firstbrook, Gartner,

Feb. 12, 2014, Designing an Adaptive Security Architecture

for Protection From Advanced Attacks

10© Copyright 2015 EMC Corporation. All rights reserved.

Security Monitoring Must Evolve

EFFICIENT OPERATIONS

Incident response, investigations and

systems management

need to be Easy to Use

ENDPOINT TO CLOUD VISIBILITY

Fuse together network, endpoint and system

data & threat intelligence

for Complete Visibility

RAPID INVESTIGATIONS

Leverage Visibility to Investigate Incidents

rapidly and completely

such that PrioritizedActions can be taken to

mitigate Incidents

ADVANCED THREAT DETECTION

Utilize intelligence, context

and Advanced Analytics to highlight

potential incidents from normal activity

11© Copyright 2015 EMC Corporation. All rights reserved.

P

E

L

N

Visibility

Capture Time Data Enrichment

Packets, Logs, Endpoints, NetFlow

Business & Compliance Context

See More

12© Copyright 2015 EMC Corporation. All rights reserved.

Analysis

Endpoint Threat Detection

Correlate Multiple Data

Sources

Out-of-the-box Content

Understand Everything

Big Data & Data Science

13© Copyright 2015 EMC Corporation. All rights reserved.

Action

Prioritized & Unified Analyst Workflow

Investigate down to finest details

Integrate SOC Best Practices

Investigate & Remediate Faster

14© Copyright 2015 EMC Corporation. All rights reserved.

• Monthly Reports and Analytics content to deliver more value to customers.

• Over 195 application rules, 75 correlation rules.

• Several high profile specific threat updates:

• Heartbleed, • IE9 Zero Day• Game Over Zeus• Shell crew• Boleto Fraud Ring• Many More in the Pipeline…

• Future focus on Identity, Cloud and Expanded Threat Indicators

“SA Nailed it! RSA Security Analytics provided us the best view of attempts and issues on our network, better than any other product.”

Enabling Better Detection with Content

15© Copyright 2015 EMC Corporation. All rights reserved.

RSA SecOps

AggregateAlerts toIncidents

IncidentResponse

BreachResponse

SOC Program

Management

Dashboard &Report

RSA Archer Enterprise

Management(Context)

RSA ArcherEnterprise Risk

BCM(Optional)

ALERTS

CONTEXT

LAUNCH FOR

INVESTIGATIONS

3rd Party Systems

RSA Advanced SOC

16© Copyright 2015 EMC Corporation. All rights reserved.

Resource Shift Needed: Budgets & People

Today’sPriorities

Prevention80%

Monitoring15%

Response5%

Prevention33%

Intelligence-DrivenSecurity

Monitoring33%

Response33%

17© Copyright 2015 EMC Corporation. All rights reserved.

Beyond Technology

18© Copyright 2015 EMC Corporation. All rights reserved.

Incident Response

Rapid breach response &

SLA-based retainer

Strategy & Roadmap

Review and recommendations

NextGen Security Operations

Technical consulting to transform

from reactive to proactive

RSA Advanced Cyber Defense Services

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

See Everything. Fear Nothing.