Visie RSA 2009-2010
-
Upload
billy82 -
Category
Technology
-
view
828 -
download
0
description
Transcript of Visie RSA 2009-2010
Visie RSA 2009-2010
Corné van RooijCountry Lead BeNeLux
Visie RSA 2009-2010
Corné van RooijCountry Lead BeNeLux
2
Visie RSA 2009-2010Positionering RSA
Visie Informatie Beveiliging
Vertaling in product ontw.
Data Leakage & Microsoft
RSA, De Security Divisie van EMC
EMC is het leidende informatie infrastructuur bedrijf wat organisaties helpt om informatie maximaal te benutten binnen hun bedrijf.
Protect
Infrastructure
Add Intelligence
Virtualizeand
Automate
Store
RSA beschermd de confidentialiteit en integriteit van deze informatie, waar deze zich ook bevind.
SECURITY.... Waar hebben we het over dan?IT security versus Informatie beveiliging
Technologie georiënteerd
Reactief
Perimeter-focused
IT security Informatie beveiliging
• Firewalls
• Intrusion detection
• Viruses, worms
• System & app hardening
• Encryptie
• Penetratie testen
• Patching
• Authenticatie
• Intellectual property
• Business / financiële integriteit
• Compliancy
• Misbruik / fraude binnenuit
• Industriële spionage
• Privacy
• Governance
Business georiënteerd
Proactief
Data-, persoon-, en activiteit-focused
• Access & Identity Management• Access & Identity Management
RSA Past & Present
Van pure IAM speler• Authenticatie, PKI, Web Access Management, Identity Management,
SSO, Smart Cards, Card management enz.
Naar Informatie Beveiligings speler• SIEM tooling voor compliancy, SOC enz.
• Fraude preventie (consumer)
• Data Leakage protectie
• Data classificatie tooling
• Encryptie tooling
• Centraal Key management
• Security Consultancy, product agnostic
• Authenticatie, Access Control en andere IAM tooling
… en de lijn daarbij is: Information Centric Security
6
Visie RSA 2009-2010Positionering RSA
Visie Informatie Beveiliging
Vertaling in product ontw.
Data Leakage & Microsoft
Security issues en bedreigingen bevinden zich overal binnen een bedrijf
Worden onze
policies eigenlijk wel
gevolgd?
Ja.. Denk het wel… Toch?
Jericho
De-perimeterisatie
Mobiliteit en collaboratie groeit• Huidige business (samen)werkmodellen veranderen infrastructuur
eisen• Data wordt breder verspreidt, meer gedeeld, zowel geografisch als
organisatorisch.
• Veel meer vraag naar grotere mobiliteit & collaboratie mogelijkheden
• Security is daarbij een grote inhibitor / vertrager• Management maakt zich druk over security in de mobiele infra
• Business owners vrezen dat de data die ze delen met partners minder beveiligd / veilig is.
• Aansprakelijkheid• Bedrijven worden door regelgeving steeds vaker met hun neus op
hun aansprakelijkheid & verantwoordelijkheid gedrukt.
Dus Informatie Beveiliging is moeilijk…omdat gevoelige informatie altijd in beweging & transformatie is
File Server
EndpointEndpoint ApplicationsApplications StorageStorageFilesFilesNetworkNetwork
Production Data
Data warehouse
DR
Staging
WW Campuses
WW Customers
WW Partners
Remote Employees
WAN
WAN
WWW
VPN
Disk storage
Back up disk
Back up tape
Outsourced Development
Enterprise email
Business Analytics
Customer Portal
Dus Informatie Beveiliging is moeilijk…want met elke beweging & transformatie worden risico’s geïntroduceerd
NetworkNetwork
Media TheftMedia TheftDevice TheftDevice Theft
TakeoverTakeover
FraudFraud
InterceptIntercept
File Server
EndpointEndpoint ApplicationsApplications StorageStorageFilesFiles
Production Data
Data warehouse
DR
Staging
WW Campuses
WW Customers
WAN
WAN
WWW
VPN
Disk storage
Back up disk
Back up tape
Outsourced Development
Enterprise email
Business Analytics
Customer portal
Media LossMedia Loss
UnauthorizedAccess
UnauthorizedAccess
DOSDOS
CorruptionCorruption
UnavailabilityUnavailability
EavesdroppingEavesdropping
Data TheftData Theft
Remote Employees
WW Partners
Data LossData Loss
Device LossDevice Loss
Unintentional Distribution
Unintentional Distribution
UnauthorizedAccess
UnauthorizedAccess
UnauthorizedActivity
UnauthorizedActivity
UnauthorizedActivity
UnauthorizedActivity
+
Information Centric Security
Perimeter-Centric SecurityGoal: Bouw en bescherm perimeters
Information-Centric SecurityGoal: Manage en bescherm informatie
Bouw en bescherm de bedrijfsgrens
Manage en bescherm informatie en transacties
Bescherm het meest kritische bedrijfs asset: Informatie
Forrester: Data Centric Security framework:
Policy definition Enforcement Monitoring & Response
Measurement
DATA
Aud
it &
ris
k m
anag
emen
t fr
amew
ork
For
ensi
csInformationLeak
protection
Enterprise encryption &
key mgnt.
Enterprise rights
management
Iden
tity
& a
cces
s m
gnt.
SIM
Dataloss preventionDataloss prevention
RisicomanagementRisicomanagementPolicy CompliancePolicy Compliance
Leiderschap in Information Centric Security
Data Loss Prevention MQ June 2008
“RSA is vastly more than user authentication; it is a key portion of how companies, particularly in the financial industry, protect critical records and comply with critical regulations.”
-- “EMC Addresses the 2009 ‘OMG’ Budget”, ITBusiness Edge, Rob Enderle, Enderle Group, Dec. 9, 2008
Web Fraud Detection MQ Dec. 2008 SIEM MQ May 2008
RSA’s groeiende rol in het beschermen van Identiteiten
200 Million+
online identities protected with
RSA identification and protection
technology
1 Billion+
applications shipped with RSA BSAFE®
encryption most widely deployed software in
the world*
25+
year legacyin information
security and risk management
34,000+
organizations protected by
RSA technology
120,000+
online phishing attacks shut down
by the RSAAnti-Fraud
Command Center
*Embedded in Microsoft, HP, Sun and IBM operating systems, Internet Explorer and Netscape browsers, Ericsson, Nokia, Motorola phones, major US government agencies and the list goes on
25+Year legacy in information security
200 Million+Identities protected
1 Billion+Applications shipped with BSAFE® Encryption
34,000+Organizations protected
120,000+Phishing attacks shut down
Beveiliging van Internet Identiteiten zoals nodig voor Telebankieren.
18
Visie RSA 2009-2010Positionering RSA
Visie Informatie Beveiliging
Vertaling in product ontw.
Data Leakage & Microsoft
Risk-based uitgangspunt
RISK
INFORMATIONProtect Important Information
• Sensitive/Legal/Financial
• PII
• IP
Ignore Unimportant Information
• Product Literature
• Marketing Collateral
• Corporate Information
Enable
• Employees
• Customer
• Partners
Disable
• Inexperienced Users
• Disgruntled Employees
• Criminals
• Spies
IDENTITIES
INFRASTRUCTURE
POLICY
COLLECT – ANALYZE – REPORT – RESPOND
End PointsEnd Points
NetworksNetworks
Apps/DBApps/DB
FS/CMS FS/CMS
Storage Storage
Het “RSA System”
RISK
POLICY
INFORMATION
POLICY
SIEM
INFRASTRUCTUUR
COLLECT – ANALYZE – REPORT – RESPOND
IDENTITIES
POLICY
AuthenticationAccess Controls
DLPEncrypt / Key Mgmt
Policy Management ConsolePOLICY
Are my controls working?
Am I compliant?
End PointsEnd Points
RSA Confidential
NetworksNetworks
Apps/DBApps/DB
FS/CMS FS/CMS
SIEMAnti-Threat
Storage Storage
INFRASTRUCTURE
External Threat Protection
Anti-Fraud
Van Risico’s hebben -> In Control zijn
RSA enVision 3-in-1 SIEM Platform
servers storageapplications / databases
security devices
network devices
SimplifyingCompliance
Compliance reports for regulations and
internal policy
AuditingReporting
EnhancingSecurity
Real-time security alerting and analysis
Forensics Alert / correlation
Optimizing IT & Network Operations
IT monitoring across the infrastructure
VisibilityNetwork baseline
Purpose-built database
(IPDB)RSA enVision Log Management platform
Vereenvoudig het Compliant zijnRobuste Alerting & Reporting
1400+ rapporten “out of the box”
Eenvoudig aan te passen
Conform standaarden & regels zoals SOX, Basel II, Industrie Regels (PCI), Best Practices (ISO 27002, ITIL)
Verhoog het veilig zijn
Zet real time events in een data formaat waarmee je wat kan.
Zet real time events in een data formaat waarmee je wat kan.
Ondersteunt een closed-loop incident handling proces
Ondersteunt een closed-loop incident handling proces
SIEM technology provides real-time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis.
Mark Nicolette, Gartner
SIEM technology provides real-time event management and historical analysis of security data from a wide set of heterogeneous sources. This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis.
Mark Nicolette, Gartner
Rapporteert de effectiviteit van het security management
Rapporteert de effectiviteit van het security management
Incidenten
Gecorreleerde alerts
Real Time Incident DetectieLokaliseer echte Incidents uit een bulk aan log-data
Duizenden security-relevant events
Miljoenen ruwe events
!!
!
CASES
26
Voorbeeld correlatie regel
Correlation Rule Name: W32.Blaster Worm
This correlated rule looks for a sequence and pattern of network activity that indicates the presence of the “Blaster worm or variants” within the network.
Optimaliseer IT & Network OperationsBreng afwijkingen in kaart, eenvoudiger troubleshooten
EMC Celerra
EMC Celerra
System Shutdown
System Shutdown
System Failure
System Failure
Voordelen van een centrale SIEM
Zet ruwe log data om in bruikbare informatie.
Verhoogd het zicht op security, compliancy en operationele problemen.
Bespaar tijd die anders besteed wordt aan compliance rapportages (excel)
Stroomlijn het Security Incident afhandel proces.
Verlaag operationele kosten die samenhangen met diverse logs, ILM, geassocieerde regels/wetgeving enz.
30
Visie RSA 2009-2010Positionering RSA
Visie Informatie Beveiliging
Vertaling in product ontw.
Data Leakage & Microsoft
245M persoonlijke records openbaar geworden sinds 2005.
Compliancy wordt daardoor steeds strikter en moeilijker te realiseren en handhaven.
DLP’s business uitdaging
Companies face growing risks of data leaks & increase in
compliance requirements
• Balans nodig tussen beveiliging en toegang.
• Toenemende vraag & behoefte aan het delen van informatie voorbij de bedrijfsgrenzen.
Data must be protected,
but also be accessible
Source: Privacy Rights Clearinghouse
EnforceAllow, Notify, Block, Encrypt
EnforceAllow, Justify, Block on Copy, Save
As, Print, USB, Burn, etc.
RemediateDelete, Move, Quarantine
Discover Local drives, PST files, Office files,
300+ file types
MonitorEmail, webmail, IM/Chat, FTP,
HTTP/S, TCP/IP
Discover File shares, SharePoint sites,
Databases, SAN/NAS
RSA Data Loss Prevention Suite
DLP Enterprise Manager
DLP Datacenter DLP Network DLP Endpoint
Unified Policy Mgmt & Enforcement
Incident Workflow
Dashboard & Reporting
User & System Administration
eDRM (e.g. RMS)eDRM (e.g. RMS) EncryptionEncryption Access ControlsAccess Controls
Microsoft’s RMS (Rights Management)
Access Control List Perimeter
…but not usage
Authorized
Users
Firewall Perimeter
Unauthorized
Users
Authorized
Users
Unauthorized
Users
YES
Information Leakage
Location-based solutions protect initial access…
MS Rights Management Services Overview
Persistent Protection+Encryption Policy: • Access Permissions
• Use Right Permissions
RMS provides identity-based protection for sensitive data
Controls access to information across the information lifecycle
Allows only authorized access based on trusted identity – works online and offline, inside and outside the firewall
Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted
Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery
Gecombineerde RSA DLP en Microsoft RMS oplossing
RMS-only solutions are not content aware, requiring users to know and follow company policies regarding treatment of sensitive information
Legacy documents residing throughout the enterprise are often not protected
DLP-only solutions do not apply persistent protection controls to sensitive information
RMS protection is automatically applied based on RSA’s content classification
Reduces risk of data owners not applying policies properly
Protects most important data by applying controls based on data sensitivity
Automatically discover and apply RMS to sensitive legacy docs (file shares, SharePoint, Documentum, other content management systems)
Discover existing sensitive data at rest using DLP Datacenter and DLP Endpoint Discover
Apply RMS controls to persistently protect legacy documents
Securely share Intellectual Property (IP) and Regulatory data
BEFORE: RMS and DLP StandaloneBEFORE: RMS and DLP Standalone AFTER: Integrated DLP with RMS Solution
AFTER: Integrated DLP with RMS Solution
Use Case: Bescherm Intellectual Property op Files
1. RMS admin creates RMS templates for data protection
2. RSA DLP admin designs policies to find sensitive data and protect it using RMS
3. RSA DLP discovers and classifies sensitive files
4. RSA DLP applies RMS controls based on policy
• Automate the application of AD RMS protection based on sensitive information identified by RSA DLP
• Apply RMS to sensitive legacy documents
Microsoft AD RMS R&D Department
Marketing Department
Others
View, Edit, Print
View No Access
Intellectual Property RMS
RSA DLP
Find Patent Documents
Apply Intellectual Property RMS
Patents DLP Policy
5. Users request files - RMS provides policy based access
R&D department
Marketing department
Others
Laptops/desktops
SharePoint File Share
Uitgebreide whitepaper hierover op de website van MotivUitgebreide whitepaper hierover op de website van Motiv
Vragen & Opmerkingen ?
&