1© Copyright 2014 EMC Corporation. All rights reserved.

Securing the Cloud

Gintaras PelenisField TechnologistRSA, the Security Division of EMC

Gintaras.pelenis@emc.com

2© Copyright 2014 EMC Corporation. All rights reserved.

No Shortage of Hard Security Challenges!

Infrastructure Transformation

Mobile Cloud

Less control over access device and back-end

infrastructure

Threat LandscapeTransformation

APTs

SophisticatedFraud

Fundamentallydifferent tactics, more formidable than ever

BusinessTransformation

More hyper-extended, more digital

ExtendedWorkforce

NetworkedValueChains

BigData

3© Copyright 2014 EMC Corporation. All rights reserved.

Mainframe, Mini Computer

Terminals

LAN/Internet Client/Server

PC

Mobile Cloud Big Data Social

Mobile Devices

1ST PLATFORM

2ND PLATFORM

3RD PLATFORM

MILLIONS OF USERS

THOUSANDSOF APPS

HUNDREDS OF MILLIONS OF USERS

TENS OF THOUSANDSOF APPS

BILLIONSOF USERS

MILLIONSOF APPS

Source: IDC, 2012

2010

1990

1970

Emergence of the Third Platform

4© Copyright 2014 EMC Corporation. All rights reserved.

Emergence of New Attackers

Nation state

actors

PII, government, defense industrial base, IP rich organizations

Criminals

Petty criminals Organized crime

Organized, sophisticated supply chains (PII, financial services, retail)

Unsophisticated

Non-state actors

Terrorists Anti-establishment vigilantes

“Hacktivists”Targets of opportunity

PII, Government, critical infrastructure

5© Copyright 2014 EMC Corporation. All rights reserved.

TIME 2007 2013

Evolving Attack Goals and Methods

Worms/Viruses

SimpleDDoS

PhishingPharming

APTs

Multi-Stage

HackerCollaboration

DisruptiveAttacks

2020

DestructiveAttacks

IntrusiveAttacks

AdvancedDDoS

SophisticatedMobileAttacks

The Unknown??

6© Copyright 2014 EMC Corporation. All rights reserved.

As the worldgoes mobile cyber crime will follow

1TREND1 INTH3WILD

http://www.emc.com/collateral/fraud-report/current-state-cybercrime-2013.pdf

7© Copyright 2014 EMC Corporation. All rights reserved.

World wideTrojans are going deeper underground

2TREND2 INTH3WILD

8© Copyright 2014 EMC Corporation. All rights reserved.

Hacktivismand the ever targeted enterprise

3TREND3 INTH3WILD

9© Copyright 2014 EMC Corporation. All rights reserved.

Account takeoverand increasing use of manual assistedcyber attacks

4TREND4 INTH3WILD

10© Copyright 2014 EMC Corporation. All rights reserved.

Fraud-as-a-ServiceCybercriminals increase effectiveness of

attacks - even leverage big data principles

5TREND5 INTH3WILD

11© Copyright 2014 EMC Corporation. All rights reserved.

Traditional Security Is Not Working

Source: Verizon 2013 Data Breach Investigations Report

97% of breaches led to compromise within “days” or less with 72% leading to data exfiltration in the same time

78% of breaches took “weeks” or more to

discover66% took “months or

more”

12© Copyright 2014 EMC Corporation. All rights reserved.

“…prevention and preventative security controls will fail. Prevention fails on a daily basis at many organizations; it will suffice to look at antivirus tools and contrast their 99%-plus deployment rates with widespread ongoing malware infection rates.”

Security Incident Response in the Age of APT, Dr. Anton Chuvakin, Gartner, September 25, 2013

13© Copyright 2014 EMC Corporation. All rights reserved.

Intelligence is the Game Changer

14© Copyright 2014 EMC Corporation. All rights reserved.

A New Security Approach Is Required

IT CONTROLLEDPERIMETER-BOUND

PREVENTIONSIGNATURE-BASED

3RD PLATFORM2ND PLATFORMMobile Cloud Big Data Social

Mobile DevicesLAN/Internet Client/Server

PC

USER-CENTRICBORDERLESS

DETECTIONINTELLIGENCE-DRIVEN

15© Copyright 2014 EMC Corporation. All rights reserved.

Perimeter-based

Static Controls

Siloed Management System

Historical

Reactive Intelligence Driven

Risk-based

Dynamic/Agile Controls

Contextual/Interactive Management System

Shift in Security Models

New

16© Copyright 2014 EMC Corporation. All rights reserved.

SOC Manager

Tier 2 Analyst

Analysis & Tools Support Analyst

Tier 1 Analyst

Threat Intelligence Analyst

Achieving Intelligence-Driven Security Critical Incident Response – process, people and technology

17© Copyright 2014 EMC Corporation. All rights reserved.

Planning Your Journey

Compliance OpportunityRisk

Siloedcompliance focus,

disconnected risk, basic reporting

Managedautomated compliance,

expanded risk focus, improved analysis/metrics

Advantagedfully risk aware, exploit

opportunity

Reducecompliance cost

Gainresource & risk visibility

Manageknown & unknown risks

Identifynew business opportunities

18© Copyright 2014 EMC Corporation. All rights reserved.

Thank you