Professional Documents
Culture Documents
#RSAC
#RSAC
Disclaimers
Devices
Applications
Networks
Data
Users
Degree of Technology People
Dependency Process
5
#RSAC
Devices
Applications Pre-Event
Structural Awareness
Networks
Post-Event
Data Situational Awareness
Users
Degree of Technology People
Dependency Process
6
#RSAC
Vendor Assets
Intrusion
Deception
Malware Vendor Risk
Sandboxes Assessments
Cloud Access
Security Brokers
Customer Assets
Endpoint Fraud
Threat Detection
Data Device
Finger- Web Fraud
printing Detection
Employee Assets
BYOD
MDM
Device
Finger- BYOD
printing MAM
9
#RSAC
DEVICES
Workstations, servers, VoIP
phones, tablets, IoT, storage,
network devices, infrastructure, etc.
APPS
The software, interactions, and
application flows on the devices
NETWORKS
The connections and traffic flowing
among devices and applications
10011101010101010010
01001101010110101001
DATA 11010101101011010100
10110101010101101010
10
Security Technologies Mapped by Operational #RSAC
Functions
Inventorying assets,
IDENTIFY measuring attack
surface, baselining
normal, risk profiling
Preventing or limiting
PROTECT impact, containing,
hardening, managing
access
Discovering events,
DETECT triggering on
anomalies, hunting
for intrusions
Acting on events,
eradicating intrusion
RESPOND footholds, assessing
MSSPs / IR
damage,
coordinating,
reconstructing
events forensically
Returning to normal
RECOVER operations, restoring Disclaimer: Vendors shown are
representative only. No usage or
services,
endorsement should be construed
documenting lessons because they are shown here.
learned
11
Security Technologies by Asset Classes & #RSAC
Operational Functions
Identify Protect Detect Respond Recover
Devices
Applications
Networks
Data
Disclaimer: Vendors shown are
Users
representative only. No usage or
endorsement should be construed
because they are shown here.
13
Use Case 2: Define Security Design Patterns #RSAC
Devices
Applications
Networks
Data
Users
Degree of Technology People
Dependency Process
14
Use Case 3: Maximizing Your Available #RSAC
Networks
Networks
Data Data
Users Users
15
Use Case 4: The (network) perimeter is dead. #RSAC
17
Use Case 6: Understand how to balance #RSAC
Devices
5 4 3 4 2 2 1 3 2 3 3 3 2 3 4
Applications
3 3 2Staff need
5 3training
2 2 3 2 5New4detection
3 3 technologies
3 5
EVERY YEAR to may need to be rolled out
maintain efficacy at EVERY TWO YEARS to maintain
Networks 3 4 4 50%2or higher
2 2 2 3 3 3 efficacy
4 3 at 50%
3 or3 higher
5
Data 5 5 5 5 3 3 5 4 4 5 1 5 4 2 5
Users 5 5 5 5 5 2 5 5 4 5 4 5 5 3 5
Degree of Technology People
Dependency Process
19
Use Case 8: Disintermediate Components for #RSAC
Easier Orchestration
Vendor
Application 010101001011010
010010101001011010 Protection
Enterprise
010010100100110111010010010100010110110111
Network 100010110110111
Detection
Enterprise
010010100111010101101010100 Device 010101101010100
Response
Customer Common
0100101001011010101010010100101010100100011101
Device
Identification
010100100011101
Message
0100101101100100100110010110010 Customer Fabric
Device 100110010110010
Protection
010010101011010
Threat Actor
Application 010010101011010
Identification
0100101001011011010100101110
Enterprise
Disclaimer: Vendors shown are Network 1011010100101110
representative only. No usage or Identification
endorsement should be construed
because they are shown here.
20
Use Case 9: Differentiate between a #RSAC
Devices
Product
Applications
Platform
What makes a technology a “platform”?
Networks
1. Enables enterprises to operate as
mechanics and not just chauffeurs
2. Exposes all its functions through APIs
Data
for easier integration with other
technologies and capabilities
3. Leverages data exchange standards
Users
that enable interchangeable
components
Degree of Technology People
Dependency Process
21
Use Case 10: Identifying Opportunities to Accelerate #RSAC
Devices
Applications
Embedded
Into Codified Into New
Networks Technology Discoveries
Playbooks & Checklists
and
Data War Stories!
Networks
Data
23
Model Shortfalls: Where is analytics? GRC? #RSAC
Orchestration?
This framework supports the higher level functions of orchestration, analytics, and
governance/risk/compliance, but they are represented on a different dimension
Orchestration
Analytics
GRC
24
Comparison of Models: Gartner’s Five Styles #RSAC
Style 3
Endpoint Behavior Endpoint
Endpoint
Analysis Forensics
Style 4 Style 5
Source: Gartner
25
#RSAC
This week
Use the matrix to categorize vendors that you encounter in the Expo Hall
Ask them where they fit and don’t allow them to be in multiple shopping aisles
Sounil Yu
sounil@gmail.com