Security Leaders Introduce New Vision for Security Operations to Guard Against Advanced Persistent Threats

EMC Corp. Feb 23, 2011


RSA Brief Lays Out a Journey to an Intelligent Security Operations Center with New Capabilities Demonstration

SAN FRANCISCO, Feb. 16, 2011 - RSA CONFERENCE 2011 - Today RSA, The Security Division of EMC (NYSE: EMC) released a Security Brief that outlines a fundamental yet strategic change in how organizations can better prioritize activities and identify threats in the wake of escalating advanced persistent threats (APTs). In the brief, "Mobilizing Intelligent Security Operations for Advanced Persistent Threats," security experts from RSA, EMC and VMware present a new vision and forward-looking model specifically designed to help organizations effectively face these new and sophisticated attacks.

This new vision for the security operations center (SOC) includes six core elements and its effectiveness is illustrated in a demonstration built by RSA that simulates an APT-like attack on a SOC before and after recommended elements have been implemented. The demonstration highlights how new technologies applied both during and after the incident are effective in thwarting the attack and improving the model. This next generation SOC demonstration leverages EMC, VMware and RSA technologies and combines experimental technologies and theoretical approaches with today's commercial products and best practices.

"Advanced persistent threats are inevitable for most large organizations," said David Hunter, chief technology officer, Worldwide Public Sector, VMware. "With the complexity of today's IT environment we expect to see APTs increasingly target corporate intellectual property requiring organizations to evolve their IT and security operations to counter APTs and other fast-evolving threats."

"To manage security at the speed and scale of the cloud and to deal with unpredictable adaptive threats such as APTs, organizations need to build upon the capabilities of today's SOCs evolving their security operations to effectively manage these new threats," said Bret Hartman, chief technology officer, RSA, The Security Division of EMC.

A New Vision for Security Operations: Six Core Elements

The vision includes six core elements and prescriptive guidance for how to incorporate these elements into existing security operations. These elements include:

o Risk planning: The new SOC will take a more information-centric approach
to security risk planning and invest in understanding which
organizational assets are highly valuable and essential to protect.
With priorities based on GRC policies, security teams need to conduct
risk assessments that focus on the "crown jewels" of the enterprise.

o Attack modeling: Understanding attack modeling in a complex environment
requires determining which systems, people and processes have access to
valuable information. Once the threat surface is modeled, organizations
can then determine potential attack vectors and examine defense steps to
isolate compromised access points efficiently and quickly. RSA®
Laboratories has developed theoretical models based on known APT
techniques and employed game theory principles to identify the most
efficient means of severing an attack path and optimize defense costs.

o Virtualized environments: Virtualization will be a core capability of
tomorrow's SOC -delivering a range of security benefits. For example,
organizations can "sandbox" e-mail, attachments and URLs suspected of
harboring malware. Anything suspicious can be launched in an isolated
hypervisor and the virtual machine can be cut off from the rest of the
system.

o Self-learning, predictive analysis: To remain relevant in tomorrow's IT
environment, a SOC will need to truly integrate compliance monitoring
and risk management. The system should continually monitor the
environment to identify typical states which can then be applied to
identify problematic patterns early. Statistic-based predictive modeling
will be able to help correlate various alerts. Developing such a system
will require real-time behavior analysis innovations, although some of
these elements are available today.

o Automated, risk-based decision systems: A key differentiator of a more
intelligent SOC will be its ability to assess risks instantly and vary
responses accordingly. Similar to risk-based authentication, the SOC
will employ predictive analytics to find high-risk events and then
automatically initiate remediation activities. The prospect of dynamic
typography is one of the most exciting areas of this type of systems
automation for the cloud. To implement an APT, an attacker must
understand network mapping and be able to model it. In response to
this, organizations can remap their entire network infrastructure to
disrupt an attacker's reconnaissance efforts. This is akin to
physically rearranging a city at frequent intervals - and the entire
process can be automated so that links between systems stay intact and
dependencies are handled without human intervention.

o Continual improvement through forensic analyses and community learning:
Although forensic analysis can be resource-intensive, it is an
imperative element of a SOC and key to mitigating the impact of
subsequent attacks. Virtualized environments can provide snapshots of
the IT environment at the time of the security event providing useful
information if detection of the attack was delayed. Having a way to
share information about attack patterns will be the future of the SOC.
This concept should be embraced in order to exchange threat information
within respective industries and better predict the path of the APT and
thereby determine countermeasures.

Authors of the RSA Security Brief include many of the industry's foremost security leaders:

o Sam Curry, Chief Technology Officer, Global Marketing, RSA, The Security
Division of EMC

o Bret Hartman, Chief Technology Officer, RSA, The Security Division of
EMC

o David Hunter, Chief Technology Officer, Worldwide Public Sector, VMware,
Inc.

o David Martin, Chief Security Officer, EMC Global Security Organization,
EMC Corporation

o Dennis R. Moreau, Ph.D., Senior Technology Strategist, RSA Laboratories,
RSA, The Security Division of EMC

o Alina Oprea, Ph.D., Senior Technology Strategist, RSA, The Security
Division of EMC

o Uri Rivner, Head of New Technologies, Consumer Identity Protection, RSA,
The Security Division of EMC

o Dana Elizabeth Wolf, Senior Manager, New Business Development, RSA, The
Security Division of EMC

RSA Security Briefs are designed to provide security leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilize across organizations to share specialized knowledge on a critical emerging topic. Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners.

RSA will demonstrate its industry leadership by showing their new SOC capabilities demonstration applying this new vision in booth 1725 at RSA Conference 2011, February 14-18, at the Moscone Center in San Francisco.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

About EMC

EMC Corporation (NYSE: EMC) is the world's leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC's products and services can be found at www.EMC.com.

SOURCE EMC Corporation

CONTACT: Kerry Walker, Outcast Communications, +1-212-905-6048, kerry@outcastpr.com; or Lona Therrien, RSA, The Security Division of EMC, +1-781-515-5449, lona.therrien@rsa.com

Web Site: www.emc.com

White Papers & Case Studies

View All White Papers & Case Studies

View All Resources

All Topics

Manufacturing Innovation

Industry Trends

Engineering & Design

Sales & Marketing

Supply Chain

Career & Workforce

Company News

New Products

Thomas Index

Daily Bite

Find Suppliers, Insights, Tools and More...

Become part of North America's largest and most active network of B2B buyers and industrial/commercial suppliers.

Select From Over 500,000
Industrial Suppliers

Find and evaluate OEMs, Custom Manufacturers, Service Companies and Distributors.

Receive Daily
Industry Updates

Stay up to date on industry news and trends, product announcements and the latest innovations.

Search Over
6 Million Products

Find materials, components, equipment, MRO supplies and more.

Download 2D & 3D
CAD Models

10+ million models from leading OEMs, compatible with all major CAD software systems.
Start Sourcing Suppliers Claim Your Company Profile ico-arrow-default-right
Cookie Policy
Close
Thomas uses cookies to ensure that we give you the best experience on our website. By using this site, you agree to our Privacy Statement and our Terms of Use.
Accept