ebook img

RSA Archer Security Operations Management PDF

21 Pages·2015·5.8 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview RSA Archer Security Operations Management

RSA Archer Security Operations Management (SecOps) RSA, The Security Division of EMC © Copyright 2013 EMC Corporation. All rights reserved. 1 Security Incidents are Going Unnoticed Security Attacks are Sophisticated Too Many False Positive Responses Too Many Non-Integrated Tools Too Many Manual Processes Lack of Staff * ESG white Paper – “The Big Data Security Analytics is Here”, January 2013 © Copyright 2013 EMC Corporation. All rights reserved. 2 Security Incidents à Data Breach Average Cost of a Data Breach Impact to an $5,403,644 $4,823,583 Enterprise $4,104,932 $3,763,299 Financial + $3,143,048 $2,282,095 Reputational Damage $2,275,404 $1,321,903 78% 70% 56% Weeks to Company’s Staff Discover Value Shortage is IP * Ponemon Institute – “2013 Cost of Data Breach Study: Global Analysis”, Cost of a Data Breach in US © Copyright 2013 EMC Corporation. All rights reserved. 3 Centralizing Incident Response Teams Detect, Investigate and Respond Specialized Team Ÿ  Reporting to: –  CSO/CISO à CIO Tier 2 Analyst Ÿ  Consisting of: Tier 1 Analyst –  People Analysis & Tools Support Analyst –  Process –  Technology Threat Analyst SOC Manager © Copyright 2013 EMC Corporation. All rights reserved. 4 Current Challenges SOCs are Event Focused and Reactive No Centralization of Alerts Lack of Centralized Incident Management Lack of Context Lack of Best Practices Lack of Process © Copyright 2013 EMC Corporation. All rights reserved. 5 Complexities of a SOC L2 Analyst SIEM Incident Threat Process Analysis L1 Threat Analyst Analyst Centralize SOC SOC Alerts Manager 1 Manager 2 Network Breach Visibility Coordinator Shift HR Handoff Host Visibility Report CISO KPIs Measure Breach Legal IT Efficacy Process Finance IT Handoff eFraud DLP © Copyright 2013 EMC Corporation. All rights reserved. 6 Detect & Respond to Security Incidents RSA Reference Architecture Incident Breach SOC Program IT Risk Management Management Management Management Windows Clients/ Servers RSA Security SharePoint Operations NEW Management File Servers Databases Enterprise RSA Mgmt. ECAT NAS/SAN Endpoints RSA Live Intelligence Threat Intelligence – Rules – Parsers – Alerts – Feeds – Apps – Directory Services – Reports and Custom Actions © Copyright 2013 EMC Corporation. All rights reserved. 7 RSA Security Operations Management n i a m o Process D People Orchestrate Technology & Manage s n o it tn a e r SOC IT Security em Incident Breach pe Program Risk O Management Management g a Management Management y n t ia r uM c e S Consistent / Predictable Business Process © Copyright 2013 EMC Corporation. All rights reserved. 8 SecOps Marketecture Orchestration / Management of the SOC RSA SecOps CONTEXT Incident Breach Response Response ALERTS LAUNCH TO SA Aggregate Alerts to SOC Dashboard & Incidents Program Report Management Capture & Analyze – Packets, Logs & Threat Feeds RSA Archer RSA Archer Enterprise BCM Management (Crisis Events) (Context) © Copyright 2013 EMC Corporation. All rights reserved. 9 Persona Driven Design Customized for the SOC Personas SOC •  SOC Visibility Manager/ •  Access to Dashboards CISO •  Access to Reports •  Measure Effectiveness •  Review Incidents •  Analyst Mgmt. L1/L2 Incident •  Collect Data •  Shift Handover Analyst Coordinator •  Investigate / Escalate •  Incident Trends •  Forensic Analysis Breach •  Review Escalations Response •  Breach Impact Analysis Lead •  Notification Process © Copyright 2013 EMC Corporation. All rights reserved. 10

Description:
Manager 2. CISO. Finance. Legal. Incident. Process. Threat. Analysis. Report. KPIs. Breach. Process. IT. Handoff. Centralize. Alerts. Measure. Efficacy.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.