Presentation crafting your active security management strategy 3 keys and 4 steps
- 1. Crafting Your Active Security Management Strategy: 3 Keys and 4 Steps EMC CONFIDENTIAL—INTERNAL USE ONLY 1
- 2. Agenda • Security Challenges: A Root-Cause Analysis • 3 Keys to Effective Security Management • RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 2
- 3. EMC eGRC Strategy eGRC Business Solutions Business Security Information Continuity Management Governance Management RSA Archer eGRC Management Platform Consulting/Implementation Best Practices EMC CONFIDENTIAL—INTERNAL USE ONLY 3
- 4. Pop Quiz You have not maximized your security management program if… You are assessing compliance one regulation at a time You can’t prioritize your projects by risk You handle incidents like playing Whack-a-Mole You have mountains of security data and don’t use it Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget) EMC CONFIDENTIAL—INTERNAL USE ONLY 4
- 5. Security Challenges: A Root-Cause Analysis EMC CONFIDENTIAL—INTERNAL USE ONLY 5
- 6. Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent Costly EMC CONFIDENTIAL—INTERNAL USE ONLY 6
- 7. Result: Uncontrolled Risk Risk = Likelihood × Impact • threats • detection • vulnerabilities • response • value of target • value of target PRIORITIZE BY RISK: LIKELIHOOD IMPACT HIGH MEDIUM MEDIUM LOW EMC CONFIDENTIAL—INTERNAL USE ONLY 7
- 8. PlayStation suffers Business Impact massive data breach… Uncontrolled risk leads to… Increased Exposure to Inhibited Business Catastrophic Loss Objectives • Theft of trade secrets • Virtualization • Headline-making breaches • Consumer web services • Fines and penalties • Geographic expansion EMC CONFIDENTIAL—INTERNAL USE ONLY 8
- 9. Security is about… Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent. Hugh Thompson, Chief Security Strategist People Security EMC CONFIDENTIAL—INTERNAL USE ONLY 9
- 10. The 3 Keys to Effective Security Management EMC CONFIDENTIAL—INTERNAL USE ONLY 10
- 11. #1: Begin and End with Business Context Executive Audit Risk Legal, HR, etc Committee Committee Committee Business Authoritative Business Policies Objectives Sources Criticality Governance Security Monitoring Management EMC CONFIDENTIAL—INTERNAL USE ONLY 11
- 12. #2: Follow an Integrated Approach How? Define business objectives Business Define business-level risk targets Governance Define business-critical assets Security Risk Understand external and internal threat landscape Identify vulnerabilities Management Classify high-value assets Prioritize work by risk Operations Add security controls where needed Management Maximize monitoring and visibility Identify security events Incident Prioritize by business impact Management Report to business owners Reassess business risk and critical assets Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 12
- 13. #3: Develop a Maturity Strategy Where do you want to be in 3 years? Current state Desired state Business Governance Security buried Basic guidelines Security is part of every inside IT defined by business business process Security Risk Management Newspaper view Follow industry Manage business- of risk practices specific risks Operations Management Bare minimum tools Compliance- Risk-based controls driven controls and monitoring Incident Management Siloed monitoring Correlation and Advanced analytics prioritization Tactical Maturity Strategic EMC CONFIDENTIAL—INTERNAL USE ONLY 13
- 14. RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 14
- 15. RSA Enables Security Management Archer Policy Management Business Archer Enterprise Management Governance Archer Compliance Management Security Risk Archer Risk and Threat Management DLP Risk Remediation Manager and Policy Workflow Manager Management NetWitness Spectrum Archer Enterprise Management Operations Solution for Cloud Security and Compliance Management EMC Ionix Integrations with asset managers Archer Incident Management Incident enVision SIEM Management DLP (Data Loss Prevention) NetWitness Investigator Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
- 16. Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment EMC CONFIDENTIAL—INTERNAL USE ONLY 16
- 17. Security Risk Management Example: DLP Risk Remediation Manager Day 40 90% of files remediated Day 3 Repeatable and 1200 Owners continuously monitored in 43 Countries Identified Analyst work space and executive metrics in RRM. Day 10 Day 1 RRM sends initial 30K files discovered questionnaire to data by RSA DLP owners “The new process was more than 4 times faster and much less disruptive to business.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 17
- 18. Step 2: Operations Management Control Configuration Operation Monitoring Standards EMC CONFIDENTIAL—INTERNAL USE ONLY 18
- 19. Operations Management Example: RSA Solution for Cloud Security and Compliance Component Discovery and Population Configuration Measurement (40% automated) > 130 VMware Specific Archer Control Procedures Connector Framework alerts enVision >380 log messages EMC CONFIDENTIAL—INTERNAL USE ONLY 19
- 20. Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization EMC CONFIDENTIAL—INTERNAL USE ONLY 20
- 21. Incident Management Example: RSA Solution for Security Incident Management Enterprise and Policy Mgr enVision alerts are put in context with enterprise assets, risk, process, Context Policy teams, etc. Connector Framework Incident Dashboards Near Real-time feed into Archer and Workflow Plug-in Architecture for additional Incidents are assigned in work incident and compliance solutions queues, workflow automates the case management process. Metrics are rolled up into an executive level dashboard SIEM Formatted XML data out of enVision Task Triage – Incident details with “We saved 1,500 associated notes hours a month due to the integration.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 21
- 22. Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management “MassMutual’s approach to security is now based on a more current holistic view of the enterprise.” - Mike Foley, CIO, MassMutual EMC CONFIDENTIAL—INTERNAL USE ONLY 22
- 23. Business Driven Customer Success BEFORE AFTER NEEDS Protect More current, holistic view • 6,000 employees and PCs of the enterprise Managing risk in a • Thousands of servers and financial services network devices Faster response to critical • 700 applications firm with $420B in threats and potential • Personal information of more assets than 12 million customers exploits MassMutual’s approach See big picture and drill Consolidated all critical IT to security is “now down on specifics risks into real time based on a more current holistic view of executive dashboards Identify & Prioritize the enterprise.” critical risks Mike Foley, CIO 97.5% cost reduction in MassMutual the risk analysis process Information Week Article Automate risk assessments EMC CONFIDENTIAL—INTERNAL USE ONLY 23
- 24. Leading Products, Better Together Archer enVision DLP VMware Integration & Solution Sol’n for Security Incident Mgmt DLP Risk Remediation Manager DLP Policy Workflow Manager Content-aware SIEM Sol’n for Cloud Security & Compliance SecurBook for VMware View (VDI) NetWitness: integrations to be announced! Leader Leader Leader eGRC SIEM Data Loss Prevention EMC CONFIDENTIAL—INTERNAL USE ONLY 24
- 25. Take a Strategic Approach with RSA Step 4: Most organizations are here Business-Oriented • Security fully Step 3: embedded in IT Risk-Oriented enterprise processes • data fully integrated • Proactive and with business context Step 2: assessment based • Security tools Compliance-Driven • Collect data needed to integrated with detect advanced business tools • Check-box mentality threats Step 1: • Collect data needed • Security tools Legacy for compliance integration providing • Tactical tools with technical visibility Approach • Security is “necessary compliance reporting evil” Information • No monitoring Technology • Reactive and tactical point products “Security management is going to be baked into many layers of business operations. That’s what I’m seeing in my organization.” - Member, RSA Security Management Working Group EMC CONFIDENTIAL—INTERNAL USE ONLY 25
- 26. In Action: Critical Incident Response Center EMC Critical Incident Response Center, Bedford, MA Integrated Business Context Process Automation Visibility Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 26
- 27. Next Steps and Resources • Round Table Discussion on Privacy • Incident Management Solution Brief • Privacy Survey • eGRC White Paper • Ovum Research EMC CONFIDENTIAL—INTERNAL USE ONLY 27
- 28. THANK YOU EMC CONFIDENTIAL—INTERNAL USE ONLY 28
- 29. These backup slides just provide more product details on the 4 steps EMC CONFIDENTIAL—INTERNAL USE ONLY 29
- 30. Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment Archer • Capture and relate risks to business objectives • Import data from vulnerability assessments, threat feeds (eGRC) • Build and deliver online assessments • Resolve findings to reduce risk to tolerable levels DLP • Map DLP policies to business policies • Identify sensitive data in vulnerable locations • Just-in-time education of end-users reduce future risks NetWitness • Risk-based identification of malicious code EMC CONFIDENTIAL—INTERNAL USE ONLY 30
- 31. Step 2: Operations Management Control Configuration Operation Monitoring Standards Archer • Control Standards: 900+ standards • Configuration: 4500+ control procedures (eGRC) • Monitoring: 8500+ question library enVision • Real-time monitoring from the most event sources • Reporting: 1200+ out of box reports (SIEM) EMC CONFIDENTIAL—INTERNAL USE ONLY 31
- 32. Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization Archer • Business-level incident management including Legal, HR, BUs enVision • Unmatched depth and breadth of event collection (SIEM) • Some of the largest SIEM deployments in the world • Prioritize by vulnerability feeds and watch lists NetWitness • Capture and visualize all network traffic for real time analysis • Unparalleled network forensics DLP • Data-centric view of policy violations everywhere • Automatically quarantine emails, block file transfers EMC CONFIDENTIAL—INTERNAL USE ONLY 32
- 33. Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management RSA Archer eGRC Suite • Central repository for policies, risks, and incidents • All data presented in business context • Integration with key security systems • Comprehensive audits and reports EMC CONFIDENTIAL—INTERNAL USE ONLY 33