1 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC

http://blog.emc2.de/trust-security @RobtWesGriffin

2 © Copyright 2014 EMC Corporation. All rights reserved.

Security Breaches

3 © Copyright 2014 EMC Corporation. All rights reserved.

Security Breaches today

Source 2013 Information Breaches Survey PwC

4 © Copyright 2014 EMC Corporation. All rights reserved.

Organisation and Cost of Breaches

Source 2013 Information Breaches Survey PwC

5 © Copyright 2014 EMC Corporation. All rights reserved.

Security Incidents are Going Unnoticed

Lack of Staff

Too Many False Positive Responses

Too Many Manual Processes

Too Many Non-Integrated Tools

Security Attacks are Sophisticated

* ESG white Paper – “The Big Data Security Analytics is Here”, January 2014

6 © Copyright 2014 EMC Corporation. All rights reserved.

Taking Charge of Security

Organisations taking responsibility

Conducting assessments of business risk

Most breaches result from stumbling on basics: – Neglecting basic security hygiene – Relying only on threat prevention and detection – Mistaking compliance for security – Inadequate user training

7 © Copyright 2014 EMC Corporation. All rights reserved.

What is the right level of Security?

Organisations risk and requirements

Value of Information assets

Risk and Threat the organisation can expect to face

Prevailing security practices for the organisation’s peers

8 © Copyright 2014 EMC Corporation. All rights reserved.

People

Infrequent/irrelevant user training

Inadequate security staff

Teams roles and responsibilities not defined

9 © Copyright 2014 EMC Corporation. All rights reserved.

Process

Poor patch management

Ad hoc incident response, no well defined processes

Respond to fire drills – no time to improve from learning

10 © Copyright 2014 EMC Corporation. All rights reserved.

Technology

No central monitoring or alerting

Poor incident response and workflow

Insufficient tools for forensics

No threat intelligence collection or analysis

11 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices

12 © Copyright 2014 EMC Corporation. All rights reserved.

Trust Imperatives Resilience

Transparency Relevance

13 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 1

Conduct on-going, all-inclusive Risk Assessments

– Facilities and suppliers – How you sell your goods and services – Channel Partners – Global coverage – Annually baked into new services

RISK

14 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 2

Locate and track High Value Digital Assets – What are they? – Where are they? – Who has access to them? – Who in the business owns the risk? – How can the risk be managed?

15 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 3

Model Threats and Vulnerabilities – Start with threat modelling – Collaborative and multi-disciplinary – Think like an attacker! – Forensic evaluations of previous

threats

16 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 4

Master Change Management – Not an administrative tick box – Must be part of project management – Qualify and quantify risk to stakeholders – Identify and document dependencies

17 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 5

Integrated Security – Bring together Process + Technology + People

Process

Technology

People

Incident Response

18 © Copyright 2014 EMC Corporation. All rights reserved.

Single UI

Incident Management & Reporting

Visibility

Security Architecture

Team

Device Administration

Data Warehouse &

Ticketing System

IT Team

Readiness, Response & Resilience (R3)

Workflow & Automation,

Rules, Alerts & Reports

Threat Triage

Analytic Intelligence Content Intelligence

Expertise

Level 1 Triage

Level 2 Triage

Level 3 Triage

Threat Intelligence

Controls

A/V IDS/IPS

Firewall/VPN Proxy

Packets Host File

DLP

SIEM Log Alerts

DLP Alerts

Signature less Alerts

Context

Business Context

Risk Context

Threat Context

Line of Business Owner Policy

Assessments Criticality

Vulnerability

Subscriptions Community

Open Source

19 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 6

Build Security Staff – Define roles and responsibilities – Establish capabilities in four key areas :

▪ Cyber risk intelligence and cyber analytics ▪ Security Data Management ▪ Risk Consultancy ▪ Controls design and assurance

– Response planning

20 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 7

Invest in Threat Intelligence

ANALYSIS METRICS ACTIONS

21 © Copyright 2014 EMC Corporation. All rights reserved.

Best Practices for Breach Readiness - 8

Quantify Impact of Security investments – Model ‘what if’ scenarios – Full costs : business, reputation and risk – Deploying Backup systems – Prioritizing budget

22 © Copyright 2014 EMC Corporation. All rights reserved.

“To ... not prepare is the greatest of crimes; to be prepared beforehand for any contingency is the greatest of virtues”

Sun Tzu – The Art of War

23 © Copyright 2014 EMC Corporation. All rights reserved.

Resources Breach readiness

– http://www.emc.com/collateral/data-sheet/11814-acd-ds-breachreadiness.pdf

– http://www.otalliance.org/resources/incident/2014OTADataBreachGuide.pdf

Breach reports – http://www.idtheftcenter.org/images/breach/ITRC_Breach_Report_2014.p

df – http://www.pwc.co.uk/audit-assurance/publications/2013-information-

security-breaches-survey.jhtml

Intelligence-driven security – http://www.esg-global.com/blogs/esg-report-on-big-data-security-

analytics/