Embed Size (px)
Citation preview
CEBIT 2016: MODERN CYBER RISKS - WHY TRADITIONAL SECURITY METHODS ARE FALLING SHORT.
RALF KALTENBACHDIRECTOR DACH & EASTERN EUROPE (ASOC)
22
Organizations’ overall assessment of their risk / security capabilities:Cybersecurity Poverty Index
Current security approaches are failing
Significant Cybersecurity Risk Exposure
75%AdvantagedCapabilities
5%Mature Security
Strategies
20%
2
3
55%
3
Breach Readiness
do not have a formal incident response plan in place
do not have an active vulnerability management program in place
lack capability to gather data from across their environment and provide centralized alerting of suspicious activity
40% 30%
4
The threat landscape continues to evolve
TargetsThreat Actors
Nation States
HacktivistsCriminals FinancialInformation
Intellectual Property
Personally Identifiable Information
HACKS
ATTACKS
ATTACK CAMPAIGNS
5
Our attack surface continues to expand
Mobile Employees
BYOD
On Premise
Cloud
ThirdPartiesCustomersPartners
Shadow IT
5
6 VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT
Attacker Capabilities
Defender Capabilities
The defender-detection deficit
Increasing gap between attacker and defender capabilities
7
Two critical success factors to be considered…
React faster2Reduce Dwell Time1
TIME
Attack Identified Response
SystemIntrusion
AttackBegins
Cover-UpComplete
Cover-Up DiscoveryLeap Frog Attacks
1 TARGETEDSPECIFIC OBJECTIVE
STEALTHYLOW AND SLOW2 3 INTERACTIVE
HUMAN INVOLVEMENT
Dwell Time Response Time
88
The security paradigm must change
PREVENTION DETECTION & RESPONSE
9
Shift priorities and capabilities
Today’s Priorities
PreventionResponse
MonitoringMonitoring
Prevention
Response
Future State
9
1010
The capabilities that matter most now
Visibility & Analytics
establish foundation /make respondersfaster & smarter
Identity Assurance
& Governanceaddress the
most consequentialattack vector
Risk Intelligence
prioritizeeffectively
11
At first, there were HACKS Preventative controls filter known attack paths
Evolution of Threat Actors & Detection Implications
Malicious
Traffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Corporate Assets
Whitespace Successful HACKS
12
At first, there were HACKS Preventative controls filter known attack paths
Then, ATTACKSDespite increased investment in controls, including
SIEM
Evolution of Threat Actors & Detection Implications
Malicious
Traffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
More Logs
Corporate Assets
S
I
E
M
Blocked Session
Blocked Session
Blocked Session
Alert
Whitespace Successful ATTACKS
13
Now, successful ATTACK CAMPAIGNS target any and all whitespace.
Complete visibility into every process and network sessions is required to eradicate the attacker
opportunity.
Unified platform for advanced threat detection & investigations,
Evolution of Threat Actors & Detection Implications
Malicious
Traffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Logs
Endpoint VIsibility
Corporate Assets
Blocked Session
Blocked Session
Blocked Session
Alert
Process
Network VIsibility Network Sessions
Secu
rity
Anal
ytic
s
1414
RSA Security Analytics Architecture
OnPrem
Cloud
SecurityOperations
LIVE
Action
SecurityOperations
Analysis
Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA ResearchRSA LIVEINTELLIGENCE
Capture Time Data
Enrichment
Visibility
NetFlow
Packets
Logs
Endpoint
LIVE
LIVE
15
RSA in action
Cloud
Security Analytics
Governance, Risk, & Compliance
Identity
logs, packets, netflow,endpoint, identity,threat, vulernability
DataEnterprise
16
RSA’s product and service portfolio
Logs, packets, netflow,Endpoint, id, vulns, Threat (ext & int)
Data
Security Analytics
Governance, Risk, & Compliance
Identity & Access
SECURITY OPERATIONSSecurity Analytics
ECATSecurity Operations Management
Advanced Cyber Defense / Incident Response Services
GOVERNANCE, RISK & COMPLIANCEArcher GRC
IDENTITYVia Access – Via Lifecycle & Governance
SecurID
Cloud Enterprise
17
Thank You
