Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"


0 (0 Likes / 0 Dislikes)
Hi, I'm Amy Blackshaw and welcome to the Security Analytics Domain and Market Landscape training. I'm gonna take you through an overview of Security Analytics market landscape, the domain, and some competitive differentiators in this training.

So first, let's start and take a look at the defenders challenge. Or why we are in this space? And what our technology and services provide to our customers. The key issue within our landscape is that the attackers are continuing to outpace defenders. And one area of a focus for Security Analytics is laser focus on really responding to these advanced threats by detecting very quickly and responding very quickly. If we look back on Verizon Data Breach Report data, it states that over the last year, about 90 percent of all breaches attackers got in, in days or less. On the flipside, the defenders got in about 20 percent of the time to identify those attacks in days or less. This means that attackers are in our customers' infrastructure without our customers being aware of this. This in dwell time enables attackers to wreak havoc, take data, cause disruption and business damage without the defenders being aware of it. We are purely focused on speeding the detection and the response of these type of attacks to minimize the damage that our customers see in their infrastructure. But why are we here?

Well, let's just take a look at some key defenders challenge. And we at RSA believe that there are really three main defenders challenges. The first is that we are no longer working in a world where we have a nice perimeter in which we can put preventative controls at to keep the bad guys out. The attack surface is expanding. With the advent of cloud, mobile, social, people demanding access to their data when and where they want it. This expansion of the attack surface has created holes in the old way that we used to put preventative controls against. Secondly, attackers are way more sophisticated than they ever have been. They are very well targeted, they are well resourced. They understand the security landscape and in some cases, they are going to use that in their advantage. And finally, the existing strategies and controls that we as security practitioners have put into place over the past two decades are failing. Why? Mostly because of the previous two points, because our world has changed and the threat landscape has changed.

So we believe that security teams need Comprehensive Visibility from the endpoint to the cloud. You can't keep the bad guys out. So you need to have visibility into what is occurring across your infrastructure so that you can detect very rapidly and respond very rapidly. Teams need to increase their efficiency and expertise in this area. This is not just an issue around technology. We all know that there are issues with staffing across security operations team globally. So two things need to happen. Well, yes, we need to continue to invest and grow the next generation of security leaders. We also need to help augment and help our customers staff up in cases where they don't have the right people, so obviously where our channel partners and MSSPs come into play. But it's not just about the people. We also as technology vendors need to bring the products down so that anyone fresh out of college maybe an IT Ops Analyst can sit down at a security tool and understand what they are doing. And finally, the tools and processes that we have deployed must adapt.

Now, let's just take a step back and take a quick look at the evolution of the threat actors. So at first, there was this idea of hacks. These were maybe a script kiddie sitting in the basement doing a smash and grab attack in some web-facing server to take username and passwords, paste them up to Pastebin. They were doing this to show off. Yes, they were annoying. They were causing some disruption. But they weren't causing real business damage. We as security practitioners, answer these threats by putting in a series of preventative controls, like firewalls, IDS, IPS, antivirus. Now, these are all preventative controls that are based upon signature risk recognition. Meaning, it has to understand what it's trying to keep out in order to keep it out. So the good news was these preventative controls did keep out some hackers. However, by definition, organizations need to let data flow through their network. And in the area where there are not any preventative controls, we call this the Whitespace. It's the opportunity for hacks to still occur. Fast forward a little, and then we enter this realm of attacks. This is a script kiddie grownup, right? They start to realize that these preventative controls can identify some of their signatures. So perhaps they need to create a polymorphic virus so that their attack isn't triggered in an antivirus and or by the way, they will go buy the antivirus and run test to see if their signatures are going to trip them. So these attackers become a little bit smarter. Maybe by day, they are writing security tools. But they understand the preventative control base that we were taking as security practitioners.

We on the flipside, started throwing more preventative controls at the problem. And this was really also the advent of SIEM, Security Information and Event Management, which really had a promise of taking all of these logged datas from preventative controls doing advance correlation so that they could find different attacked vectors. Good news? Whitespace shrunk. Bad news? Breaches were on the rise year over year and they were causing a lot more damage. Now today, we were in the area of Attack Campaigns. These are highly targeted, sophisticated criminals who are using trusted paths, legitimate credentials. They are working around our preventative controls. And if they do trigger a log, they will just erase it.

We believe that in this area of Attack Campaigns, organizations need full visibility into the endpoint and the network, so that they can protect their data and infrastructure. And it's not just RSA, this is also well publicized by the Verizon Data Breach report saying that 99 percent of all successful attacks, in the cyber espionage campaign were undiscovered by logs. Flip that on its head, one percent of all those attacks were discovered by logs alone. Logs are no longer enough. And the percent of incidents that took weeks or more to discover is over 80 percent. What we are doing isn't working. This is where we need to adapt. So let's take a quick look at this security operations market in which we play in at Security Analytics. First as I talked a little bit about, there are still many preventative controls in this space. These are your traditional AV, firewalls, anything that is on the outside or at the perimeter and it's focused on keeping the bad guys out. Authentication controls are here. There is also some next generation controls like next generation firewall that also work in the perimeter layer. But again remember, these are preventative based. They are focused on trying to keep the bad guys out. And in most cases, they are 100 percent reliant upon signatures. Going into the organization past the perimeter, we then go into the area of monitoring tools. These are also detect and investigation tools, right? These are where you're seeing a lot of "Next Generation" products in the market. This is squarely where RSA Security Analytics plays where we're focusing on monitoring so that we can detect and investigate all of the today's threats. Then on the flipside, when you respond, you need to be able to take action. There are many services out in the market today that are purely focused on incident response. There is automated blocking capabilities that we have like with our ECAT product. These response tools have to work hand in hand with the detection tools to shrink that dwell time in order to minimize business damage. And finally, there are intelligence providers. These are threat intelligent providers, either selling their own third party intelligence into systems. Perhaps, they are doing some calling across different threat intelligence base and then providing that as a feed into other organizations. Again, RSA plays very strong here as well. With our RSA live system that provides their intelligence out to our customers in both ECAT as well as RSA Security Analytics. One thing to know is that this is a crowded market.

There are a lot of players here. You can imagine your customers thinking about how they have to take in all of this marketing messaging, try to identify where to budget. We really need to clear the noise for our customers so that they can focus on where they want to spend their dollars. And so RSA's Advanced Security Operation Center, again is purely focused on rapid detection and response to today's most advanced threats to minimize that damage. Security Analytics is squarely focused in understanding across disparate data types. What is occurring? So with comprehensive visibility across logs, packets, net flow, endpoint data, we can do advanced analytics to bubble up anomalies and understand where our potential attack is occurring. On the response side, we have both Advanced Cyber Defense Services as well as Incident Response Services to help our customers grow their security practice and respond to incidents.

Finally, we provide an overarching workflow and process management capabilities for Security Operations teams to run the processes that they need to across the people who are using our tools with RSA SecOps. Now, let's just take a quick second to think about some competitive differentiators. Now, we have a lot of information that's downloadable from this training that goes into why RSA Security Analytics is a great choice for your customers. You'll also see downloadable and attachment that then looks at some of the competitors in this base and how they fear across our competitive differentiators.

A key differentiator for us is around the fact that we are a single platform. We bring together logs, packets, endpoint, net flow and do advanced correlation across all data types. Yes, there are some competitors who might have log, and packet offerings. But guess what? They are not in a single platform. And it's definitely not wrapped together with an operations tool that enables workflow and people and process management. We have some real true technical differentiators in the product as well. The way that we are capturing data in real-time and then enriching it with threat intelligence and business context sets us apart. So that we can pull out the most important parts of that data, so that you're not spending hours digging through reports, really helps with that speed of detection and response. We are also doing correlation across data types, as I mentioned. It's one thing to ingest logs and ingest packets. But if you're not looking across the data sets, you're missing part of the story. We provide signatureless malware detection and, oh, by the way, we are modular. So if a customer already has a malware detection platform, we are not going to tell him they have to rip that out, we can integrate the same way that we can augment a third party log solution with our network. We utilize multiple different types of analytics. You need to have real-time analytics you can identify point and time attacks but you also need to understand behavior so that you're looking over a longer period of time, understanding what normal behavior is and identifying anomalies. Again, being able to provide a prioritized workflow into a Security Operation Center is another differentiator. We are not just selling a tool that we are gonna tell customers, "Put this in and it's going to stop the bad guys." It needs people, it needs process. We help with all three, technology, people, and process so that our customers can be successful.

Again, take a look at the download attachments. I think there is a lot of rich information that you can look at and see how to provide intelligence into your customer as they are looking across this very fast-moving space. So thank you for your time and we will talk to you soon.

Video Details

Duration: 14 minutes and 20 seconds
Language: English
License: All rights reserved
Genre: None
Views: 17
Posted by: quinnb on Mar 28, 2016


Caption and Translate

    Sign In/Register for Dotsub to translate this video.