1© Copyright 2014 EMC Corporation. All rights reserved.
RSAThe security division of EMC
Javier Galvan – Systems Engineer Mexico & NOLA
Visibilidad total en el entorno de seguridad
2© Copyright 2014 EMC Corporation. All rights reserved.
When we talk about threatswe MUST talk about
Indicator Of Compromise
3© Copyright 2014 EMC Corporation. All rights reserved.
Indicator Of Compromise
Unusual Outbound Network Traffic
Look for suspicious traffic leaving the network.
It's not just about what comes into your network, it's about outbound traffic as well.
Features
Detect non-standard, obfuscated, or
tunneled traffic
Detect abnormal activity in endpoints
Detect or restrict large file transfers to
suspicious destinations
1 Indicator of compromise
4© Copyright 2014 EMC Corporation. All rights reserved.
Indicator Of Compromise
Anomalies In Privileged User Account Activity
“Changes in the behavior of privileged users can indicate that the user account in
question is being used by someone else to establish a beachhead in your network”
Features
Detect privilege escalation
Detect attempted use of disabled
credentials
Auditing user access rights
2 Indicator of compromise
5© Copyright 2014 EMC Corporation. All rights reserved.
Indicator Of Compromise
Web Traffic With Unhuman Behavior
How often do you open 20 or 30 browser windows to different sites simultaneously?
Are you able to click in milliseconds?
Features
Detecting non-standard user agents
Detecting direct to IP requests
Detecting non-human click stream
3 Indicator of compromise
6© Copyright 2014 EMC Corporation. All rights reserved.
AttackBegins
SystemIntrusion
Attacker Surveillance
Cover-upComplete
Access Probe
Leap Frog Attacks
Complete
TargetAnalysis
TIME
AttackSet-up
Discovery/ Persistence
Maintain foothold
Cover-up
Starts
Attack Forecast
Physical Security
Containment &
Eradication
System Reaction
Damage Identification
Recovery
Defender Discovery
Monitoring & Controls
Impact Analysis
Response
Threat Analysis
Attack
Identified
Incident Reporting
Reduce Attacker Free Time
ATTACKER FREE
TIMETIME
Source: NERC HILF Report, June 2010 (http://www.nerc.com/files/HILF.pdf)
7© Copyright 2014 EMC Corporation. All rights reserved.
Characteristics of Security Maturity Model
Step 1:
Threat Defense
Step 2:
Compliance and
Defense-in-Depth
Step 3:
Risk-Based
Security
Step 4:
Business-Oriented
VISIBILITY
RISK
8© Copyright 2014 EMC Corporation. All rights reserved.
RSA Security Management Compliance Vision
Delivering Visibility, Intelligence and Governance
9© Copyright 2014 EMC Corporation. All rights reserved.
RSA Identity Management & Governance
Identities Visibility
10© Copyright 2014 EMC Corporation. All rights reserved.
Role & Group
Management
Access RequestPolicy
Management Visibility &
Certification
Account &
Entitlement
Collection
Access Reviews
Segregation
of Duties
Role Discovery
& Definition
Role
Maintenance
Group Analysis
& Cleanup
Access
Request Portal
Policy-Based
Change
Management
Joiners, Movers,
and Leavers
Data
Visibility
Compliance
Controls
RSA IDENTITY MANAGEMENT &
GOVERNANCE
A PHASED APPROACH
11© Copyright 2014 EMC Corporation. All rights reserved.
RSA Security AnalyticsLogs, Network and Malware
visibility
12© Copyright 2014 EMC Corporation. All rights reserved.
RSA Security Analytics:
Unified platform for security monitoring, incident investigations and
compliance reporting
SIEMCompliance Reports
Device XMLs
Log Parsing
Network
Security
MonitoringHigh Powered Analytics
Big Data Infrastructure
Integrated Intelligence
RSA Security
AnalyticsFast & Powerful
Analytics
Logs & Packets
Unified Interface
Analytics Warehouse
SEE DATA YOU DIDN’T SEE BEFORE, UNDERSTAND DATA YOU DIDN’T EVEN CONSIDER BEFORE
13© Copyright 2014 EMC Corporation. All rights reserved.
Logs
14© Copyright 2014 EMC Corporation. All rights reserved.
Packets
15© Copyright 2014 EMC Corporation. All rights reserved.
16© Copyright 2014 EMC Corporation. All rights reserved.
RSA Live
17© Copyright 2014 EMC Corporation. All rights reserved.
Static Analysis
Sandbox Analysis
Community
NetWitness
NextGen
Likely Zero-Day
Likely
Sandbox Aware
MalwareHighly Likely
Malware
Malware Analysis
18© Copyright 2014 EMC Corporation. All rights reserved.
RSA Web Threat DetectionOnline Channel Visibility
19© Copyright 2014 EMC Corporation. All rights reserved.
Web Threat Detection
Criminals Look Different than Customers
• Velocity
• Page Sequence
• Origin
• Contextual Information
Proprietary and Confidential To Silver Tail
Systems
20© Copyright 2014 EMC Corporation. All rights reserved.
Beginning of
Web SessionLogin Checkout
and Logout
Financial
Transaction
Web Threat DetectionComplete Web Session Intelligence &
Application Layer Threat Visibility
New Account Registration Fraud
Account Takeover
Password Guessing
Parameter Injection Man In The Browser
Man In The Middle
Unauthorized Account Activity
Access From High Risk CountryPromotion Abuse
High Risk Checkout
Site Scraping
Vulnerability Probing
DDOS Attacks
21© Copyright 2014 EMC Corporation. All rights reserved.
RSA Archer eGRCBusiness Visibility
22© Copyright 2014 EMC Corporation. All rights reserved.
RSA Archer eGRCGovernance, Risk and Compliance
1. Enterprise Management
2. Policy Management
3. Risk Management
4. Incidents Management
5. Threats Management
6. Compliance Management
7. Business Continuity
Management
8. Vendors Management
9. Audit Management
10. Vulnerability Risk
Management (VRM)
11. Security Operations
Management (SecOps)
23© Copyright 2014 EMC Corporation. All rights reserved.
RSA Archer eGRC
24© Copyright 2014 EMC Corporation. All rights reserved.
Dashboards & Reports
25© Copyright 2014 EMC Corporation. All rights reserved.
Big Data Transforms Security