RSA Archer Security Operations Management (SecOps) RSA, The Security Division of EMC © Copyright 2013 EMC Corporation. All rights reserved. 1 Security Incidents are Going Unnoticed Security Attacks are Sophisticated Too Many False Positive Responses Too Many Non-Integrated Tools Too Many Manual Processes Lack of Staff * ESG white Paper – “The Big Data Security Analytics is Here”, January 2013 © Copyright 2013 EMC Corporation. All rights reserved. 2 Security Incidents à Data Breach Average Cost of a Data Breach Impact to an $5,403,644 $4,823,583 Enterprise $4,104,932 $3,763,299 Financial + $3,143,048 $2,282,095 Reputational Damage $2,275,404 $1,321,903 78% 70% 56% Weeks to Company’s Staff Discover Value Shortage is IP * Ponemon Institute – “2013 Cost of Data Breach Study: Global Analysis”, Cost of a Data Breach in US © Copyright 2013 EMC Corporation. All rights reserved. 3 Centralizing Incident Response Teams Detect, Investigate and Respond Specialized Team Reporting to: – CSO/CISO à CIO Tier 2 Analyst Consisting of: Tier 1 Analyst – People Analysis & Tools Support Analyst – Process – Technology Threat Analyst SOC Manager © Copyright 2013 EMC Corporation. All rights reserved. 4 Current Challenges SOCs are Event Focused and Reactive No Centralization of Alerts Lack of Centralized Incident Management Lack of Context Lack of Best Practices Lack of Process © Copyright 2013 EMC Corporation. All rights reserved. 5 Complexities of a SOC L2 Analyst SIEM Incident Threat Process Analysis L1 Threat Analyst Analyst Centralize SOC SOC Alerts Manager 1 Manager 2 Network Breach Visibility Coordinator Shift HR Handoff Host Visibility Report CISO KPIs Measure Breach Legal IT Efficacy Process Finance IT Handoff eFraud DLP © Copyright 2013 EMC Corporation. All rights reserved. 6 Detect & Respond to Security Incidents RSA Reference Architecture Incident Breach SOC Program IT Risk Management Management Management Management Windows Clients/ Servers RSA Security SharePoint Operations NEW Management File Servers Databases Enterprise RSA Mgmt. ECAT NAS/SAN Endpoints RSA Live Intelligence Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions © Copyright 2013 EMC Corporation. All rights reserved. 7 RSA Security Operations Management n i a m o Process D People Orchestrate Technology & Manage s n o it tn a e r SOC IT Security em Incident Breach pe Program Risk O Management Management g a Management Management y n t ia r uM c e S Consistent / Predictable Business Process © Copyright 2013 EMC Corporation. All rights reserved. 8 SecOps Marketecture Orchestration / Management of the SOC RSA SecOps CONTEXT Incident Breach Response Response ALERTS LAUNCH TO SA Aggregate Alerts to SOC Dashboard & Incidents Program Report Management Capture & Analyze – Packets, Logs & Threat Feeds RSA Archer RSA Archer Enterprise BCM Management (Crisis Events) (Context) © Copyright 2013 EMC Corporation. All rights reserved. 9 Persona Driven Design Customized for the SOC Personas SOC • SOC Visibility Manager/ • Access to Dashboards CISO • Access to Reports • Measure Effectiveness • Review Incidents • Analyst Mgmt. L1/L2 Incident • Collect Data • Shift Handover Analyst Coordinator • Investigate / Escalate • Incident Trends • Forensic Analysis Breach • Review Escalations Response • Breach Impact Analysis Lead • Notification Process © Copyright 2013 EMC Corporation. All rights reserved. 10
Description: