The document discusses an active security management strategy with 4 key steps:
1) Security risk management to identify, assess, and mitigate risks.
2) Operations management to configure, operate, and monitor security controls.
3) Incident management to collect, correlate, investigate, and remediate security incidents.
4) Business-driven management to fully embed security in business processes and integrate security tools with business systems.
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Presentation crafting your active security management strategy 3 keys and 4 steps
1. Crafting Your Active
Security Management Strategy:
3 Keys and 4 Steps
EMC CONFIDENTIAL—INTERNAL USE ONLY 1
2. Agenda
• Security Challenges: A Root-Cause Analysis
• 3 Keys to Effective Security Management
• RSA’s 4-Step Approach
EMC CONFIDENTIAL—INTERNAL USE ONLY 2
3. EMC eGRC Strategy
eGRC Business Solutions
Business
Security Information
Continuity
Management Governance
Management
RSA Archer eGRC Management Platform
Consulting/Implementation Best Practices
EMC CONFIDENTIAL—INTERNAL USE ONLY 3
4. Pop Quiz
You have not maximized your security management program if…
You are assessing compliance one regulation at a time
You can’t prioritize your projects by risk
You handle incidents like playing Whack-a-Mole
You have mountains of security data and don’t use it
Management has no idea how well you are doing
(and Finance can’t see why you deserve a bigger budget)
EMC CONFIDENTIAL—INTERNAL USE ONLY 4
6. Traditional Approach
Team Team
Policy Point Tool Policy Point Tool
Network Datacenter
Team Team
Policy Point Tool Policy Point Tool
Endpoint Applications
Siloed Inflexible Inconsistent Costly
EMC CONFIDENTIAL—INTERNAL USE ONLY 6
7. Result: Uncontrolled Risk
Risk = Likelihood × Impact
• threats • detection
• vulnerabilities • response
• value of target • value of target
PRIORITIZE BY RISK:
LIKELIHOOD IMPACT
HIGH
MEDIUM
MEDIUM
LOW
EMC CONFIDENTIAL—INTERNAL USE ONLY 7
8. PlayStation suffers
Business Impact massive data breach…
Uncontrolled risk leads to…
Increased Exposure to Inhibited Business
Catastrophic Loss Objectives
• Theft of trade secrets • Virtualization
• Headline-making breaches • Consumer web services
• Fines and penalties • Geographic expansion
EMC CONFIDENTIAL—INTERNAL USE ONLY 8
9. Security is about…
Security isn’t about security. It is about managing risk at some
cost. In the absence of metrics, we tend to over compensate and
focus on risks that are either familiar or recent.
Hugh Thompson, Chief Security Strategist
People Security
EMC CONFIDENTIAL—INTERNAL USE ONLY 9
10. The 3 Keys to Effective
Security Management
EMC CONFIDENTIAL—INTERNAL USE ONLY 10
11. #1: Begin and End with
Business Context
Executive Audit Risk
Legal, HR, etc
Committee Committee Committee
Business Authoritative Business
Policies
Objectives Sources Criticality
Governance Security Monitoring
Management
EMC CONFIDENTIAL—INTERNAL USE ONLY 11
12. #2: Follow an Integrated Approach
How?
Define business objectives
Business
Define business-level risk targets
Governance Define business-critical assets
Security Risk Understand external and internal threat landscape
Identify vulnerabilities
Management Classify high-value assets
Prioritize work by risk
Operations
Add security controls where needed
Management Maximize monitoring and visibility
Identify security events
Incident Prioritize by business impact
Management Report to business owners
Reassess business risk and critical assets
Security Management framework: ISO 27001 Risk Management framework: ISO 31000
EMC CONFIDENTIAL—INTERNAL USE ONLY 12
13. #3: Develop a Maturity Strategy
Where do you want to be in 3 years?
Current state Desired state
Business
Governance
Security buried Basic guidelines Security is part of every
inside IT defined by business business process
Security Risk
Management
Newspaper view Follow industry Manage business-
of risk practices specific risks
Operations
Management
Bare minimum tools Compliance- Risk-based controls
driven controls and monitoring
Incident
Management
Siloed monitoring Correlation and Advanced analytics
prioritization
Tactical Maturity Strategic
EMC CONFIDENTIAL—INTERNAL USE ONLY 13
15. RSA Enables Security Management
Archer Policy Management
Business
Archer Enterprise Management
Governance Archer Compliance Management
Security Risk Archer Risk and Threat Management
DLP Risk Remediation Manager and Policy Workflow Manager
Management NetWitness Spectrum
Archer Enterprise Management
Operations Solution for Cloud Security and Compliance
Management EMC Ionix
Integrations with asset managers
Archer Incident Management
Incident enVision SIEM
Management DLP (Data Loss Prevention)
NetWitness Investigator
Security Management framework: ISO 27001 Risk Management framework: ISO 31000
EMC CONFIDENTIAL—INTERNAL USE ONLY 15
16. Step 1:
Security Risk Management
Context
Identification Assessment Mitigation
Establishment
EMC CONFIDENTIAL—INTERNAL USE ONLY 16
17. Security Risk Management Example:
DLP Risk Remediation Manager
Day 40
90% of files remediated
Day 3 Repeatable and
1200 Owners continuously monitored
in 43 Countries
Identified Analyst work space and
executive metrics in RRM.
Day 10
Day 1 RRM sends initial
30K files discovered questionnaire to data
by RSA DLP owners
“The new process was more
than 4 times faster and much
less disruptive to business.”
- EMC CIRC
EMC CONFIDENTIAL—INTERNAL USE ONLY 17
18. Step 2:
Operations Management
Control
Configuration Operation Monitoring
Standards
EMC CONFIDENTIAL—INTERNAL USE ONLY 18
19. Operations Management Example:
RSA Solution for Cloud Security and Compliance
Component Discovery and Population
Configuration Measurement
(40% automated)
> 130 VMware Specific
Archer Control Procedures
Connector Framework
alerts enVision
>380 log messages
EMC CONFIDENTIAL—INTERNAL USE ONLY 19
20. Step 3:
Incident Management
Collection/ Correlation/
Investigation Remediation
Detection Prioritization
EMC CONFIDENTIAL—INTERNAL USE ONLY 20
21. Incident Management Example:
RSA Solution for Security Incident Management
Enterprise and Policy Mgr
enVision alerts are put in context with
enterprise assets, risk, process, Context Policy
teams, etc.
Connector Framework Incident Dashboards
Near Real-time feed into Archer and Workflow
Plug-in Architecture for additional Incidents are assigned in work
incident and compliance solutions queues, workflow automates the
case management process. Metrics
are rolled up into an executive level
dashboard
SIEM
Formatted XML data out of enVision
Task Triage – Incident details with “We saved 1,500
associated notes
hours a month due to
the integration.”
- EMC CIRC
EMC CONFIDENTIAL—INTERNAL USE ONLY 21
22. Step 4:
Business-Driven Management
IT Risk Operations Incident
Management Management Management
“MassMutual’s approach to security
is now based on a more current
holistic view of the enterprise.”
- Mike Foley, CIO, MassMutual
EMC CONFIDENTIAL—INTERNAL USE ONLY 22
23. Business Driven Customer Success
BEFORE AFTER
NEEDS
Protect More current, holistic view
• 6,000 employees and PCs of the enterprise
Managing risk in a • Thousands of servers and
financial services network devices
Faster response to critical
• 700 applications
firm with $420B in threats and potential
• Personal information of more
assets than 12 million customers exploits
MassMutual’s approach See big picture and drill Consolidated all critical IT
to security is “now down on specifics risks into real time
based on a more
current holistic view of executive dashboards
Identify & Prioritize
the enterprise.”
critical risks
Mike Foley, CIO
97.5% cost reduction in
MassMutual the risk analysis process
Information Week Article Automate risk
assessments
EMC CONFIDENTIAL—INTERNAL USE ONLY 23
24. Leading Products, Better Together
Archer enVision DLP VMware Integration & Solution
Sol’n for Security Incident Mgmt
DLP Risk Remediation Manager
DLP Policy Workflow Manager
Content-aware SIEM
Sol’n for Cloud Security & Compliance
SecurBook for VMware View (VDI)
NetWitness: integrations to be announced!
Leader Leader Leader
eGRC SIEM Data Loss
Prevention
EMC CONFIDENTIAL—INTERNAL USE ONLY 24
25. Take a Strategic Approach with RSA
Step 4:
Most organizations are here Business-Oriented
• Security fully
Step 3: embedded in
IT Risk-Oriented enterprise processes
• data fully integrated
• Proactive and with business context
Step 2: assessment based • Security tools
Compliance-Driven • Collect data needed to integrated with
detect advanced business tools
• Check-box mentality threats
Step 1: • Collect data needed • Security tools
Legacy for compliance integration providing
• Tactical tools with technical visibility
Approach • Security is “necessary compliance reporting
evil”
Information • No monitoring
Technology • Reactive and tactical
point products “Security management is going to
be baked into many layers of
business operations. That’s what
I’m seeing in my organization.”
- Member, RSA Security Management Working Group
EMC CONFIDENTIAL—INTERNAL USE ONLY 25
26. In Action: Critical Incident Response Center
EMC Critical Incident Response Center, Bedford, MA
Integrated
Business Context Process Automation Visibility
Approach
EMC CONFIDENTIAL—INTERNAL USE ONLY 26
27. Next Steps and Resources
• Round Table Discussion on Privacy
• Incident Management Solution Brief
• Privacy Survey
• eGRC White Paper
• Ovum Research
EMC CONFIDENTIAL—INTERNAL USE ONLY 27
29. These backup slides just
provide more product
details on the 4 steps
EMC CONFIDENTIAL—INTERNAL USE ONLY 29
30. Step 1:
Security Risk Management
Context
Identification Assessment Mitigation
Establishment
Archer • Capture and relate risks to business objectives
• Import data from vulnerability assessments, threat feeds
(eGRC) • Build and deliver online assessments
• Resolve findings to reduce risk to tolerable levels
DLP • Map DLP policies to business policies
• Identify sensitive data in vulnerable locations
• Just-in-time education of end-users reduce future risks
NetWitness • Risk-based identification of malicious code
EMC CONFIDENTIAL—INTERNAL USE ONLY 30
31. Step 2:
Operations Management
Control
Configuration Operation Monitoring
Standards
Archer • Control Standards: 900+ standards
• Configuration: 4500+ control procedures
(eGRC) • Monitoring: 8500+ question library
enVision • Real-time monitoring from the most event sources
• Reporting: 1200+ out of box reports
(SIEM)
EMC CONFIDENTIAL—INTERNAL USE ONLY 31
32. Step 3:
Incident Management
Collection/ Correlation/
Investigation Remediation
Detection Prioritization
Archer • Business-level incident management including Legal, HR, BUs
enVision • Unmatched depth and breadth of event collection
(SIEM) • Some of the largest SIEM deployments in the world
• Prioritize by vulnerability feeds and watch lists
NetWitness • Capture and visualize all network traffic for real time analysis
• Unparalleled network forensics
DLP • Data-centric view of policy violations everywhere
• Automatically quarantine emails, block file transfers
EMC CONFIDENTIAL—INTERNAL USE ONLY 32
33. Step 4:
Business-Driven Management
IT Risk Operations Incident
Management Management Management
RSA Archer eGRC Suite
• Central repository for policies, risks,
and incidents
• All data presented in business context
• Integration with key security systems
• Comprehensive audits and reports
EMC CONFIDENTIAL—INTERNAL USE ONLY 33