Advanced Security Analytics

Screenshot 2016-04-30 23.45.50I recently attended the Business for Breakfast seminar, held in Geneva , co-hosting by Kudeslki Security and RSA   around the theme Advanced Security Analytics. In this blog post I’m going to summarize the two talks that I particularly enjoyed, as the atmosphere lent itself : Business for breakfast!

First of all , I want to describe the context to better understand  interest of both companies to host this conference:  March 2, 2016 – RSA, The Security Division of EMC and Kudelski Security, the cybersecurity division of the Kudelski Group announced that Kudelski Security is now a leading provider of RSA products and services. Through the agreement, RSA provides Kudelski Security    fully managed security and critical incident response services, leveraging RSA’s advanced, intelligence-driven Security Operations Center (SOC) capabilities to accelerate the detection, investigation, remediation, and management of security incidents and vulnerabilities, with the ability to build services around proven advanced security operations solutions including RSA Security Analytics, the RSA® Critical Incident Response Solution, RSA® Security Operations Management solution, RSA ECAT software, and RSA® Advanced Cyber Defense Practice.

To return to the seminar , the first presentation was by Robert Griffin , Chief Security Architect at RSA.He explains how to move forward using advanced security operations like intelligence driven security and how organizations can use it , include big data analysis to embrace opportunity , improve security and reduce the risk.  Mr Griffin argued that RSA is about delivering a trust World by applying RSA’s Intelligence driven Strategy.The following slides helps to understand How and Why RSA came to this Strategy.

  • Evolving IT Infrastructure : we can’t keep applying traditionnal security defense with the third platform IT infrastructure .Screenshot 2016-04-30 22.47.35
  • The changing Threat Landscape :   The new threats more and more strong challenge traditional security defense or technologies.                             Screenshot 2016-04-30 22.44.49
  • Intrusion Kill the chain : This model is a novel way to deal with intrusions by moving from the traditional reactive way to a more proactive system based on intelligence gathered trough indicators that are observed trough out the phases. Normally the incident response process starts after the exploit phase putting defenders in a disadvantage position. With this method defenders should be able to move their actions and analysis up to the kill chain and interfere with the attackers actions

killchain

  • Solution: Intelligence Driven Security , the challenge here is to manage the risk by monitor this cycle,  Visibility , Analytics and Action. Continuous monitoring , correlate risk signals and indicators.Screenshot 2016-04-30 23.00.36
  • Benefit of this Solution : With real-time intelligence , organization can dynamically manage cyber threats.Screenshot 2016-04-30 23.03.16

The second part of seminar was presented by Olivier Spielmann , Head of Cyber Fusion Center of  Kudelski Security. He demonstrated how Kudelski Security leveraged RSA analytics to build an advanced SOC and a multi-tenant security monitoring service.

src: KudelskiSecurity , RSA, 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s