FROM SECURITY DATA TO SECURITY INTELLIGENCE ZULFIKAR RAMZAN, CTO, RSA

2 Paper Towns and

3 What Came First: the Map or the

4

WALLS TALLER WON’T SOLVE OUR PROBLEM

6 Attacks are targeted (e.g., via repeated use of polymorphism and metamorphism); Macro-distribution supplanted by micro-distribution. Powerful attack toolkits available w/ tiered pricing, 24x7 customer support. Ecosystem for buying and selling tools and cybercriminal services democratizes advanced attacks Why Intrusions Are Successful Why are intrusions

Visibility Identity Risk Three Strategic

8 is the foundation for mitigating the risk of advanced threats visibility If you really want to protect your network, you really have to know your network. You have to know the devices, the security technologies, and the things inside it. -Rob Joyce, NSA TAO Chief, Usenix Enigma

9 Cloud Key Visibility Points Logs NetflowPackets Endpoints

10 12 TIME Attack Identified Response Advanced Attacks: Where to Focus 1 TARGETED SPECIFIC OBJECTIVE STEALTHY LOW AND SLOW 23 INTERACTIVE HUMAN

11 identity is foundational and will matter even more as the threat landscape

12 Advanced breaches don’t have to involve malware: SQL Injection -> Web Shell -> RDP Advanced breaches can be very simple – e.g., credential theft Every breach involves co-opting of identity (authentication isn’t the same as identity assurance) Malware Reality

13 Identity is More Than Authentication Governance Access / Auth Lifecycle

14 embrace and own your risk Supply chain risk Financial risk Operational risk IT Security risk Physical risk Currency fluctuation risk Regulatory

15 How we spend Prevention 80% Monitoring 15% Response 5% Prevention 80% Monitoring 15% Response 5% Prevention 33% How we should spend Monitoring 33% Response 33% Shift Priorities and

16 Takeaways We need pervasive and true visibility Identity and authentication matter even more Embrace and own your risk

17 Thank You