Security Analytics Town Hall Get the most out of Security Analytics Town Hall Rules  Do not be a silent participant – please take advantage of the unique opportunity to speak with our technical leadership!  Lets exchange ideas about the product – no technical question is out of bounds.  Managing the Conversation – We may choose to pause conversation on a topic. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 2 Agenda  Introductions  Product Themes and Discussion Points – Visibility (Packets\Logs\Endpoint) – Analysis (ESA\Archiver\Warehouse) – Action (Investigate\IncidentManagement)  Open dialog with the SMEs from RSA Security Analytics #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 3 Introductions #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 4 Scott Moore  Joined Netwitness in 2003  Mr. Moore is the lead engineer of the SA Core Platform. He has helped take the product from a simple 32 bit Windows packet capture service to a full-fledged 64 bit enterprise system. He has designed and implemented advanced subsystems like the proprietary NextGen packet db system, query and indexing databases, network architecture, SDK and client applications like Administrator and Investigator. Senior Consultant Engineer  Interested in: – New C++11 language features – Optimizing code #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 5 Tim Menninger  Joined Netwitness in 2003 – NextGen releases 8.0-10.0 – Warehouse/MA/ESA/RE releases 10.3-10.4  Senior Consultant Engineer Tim is the technical lead for ASOC Analytics. The ASOC Analytics product suite includes capabilities for Event Streaming, Malware Detection, Data Science, and Reporting. He joined NetWitness in 2004 as a integral developer on the Core Analytics platform. He later transitioned to focus on advanced analytical capabilities in both event streaming and big data problems. Tim's previous work experience ranges from government agencies to large contractor organizations to small start ups.  Interested in: – Large Fast Real Time Analytics Systems #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 6 Jeff Odom  Joined Netwitness in 2008 – Several of the NextGen Product Release and Security Analytics  Since joining Netwitness in 2008, Jeff has worked to define the architecture and direction of the Netwitness products as they are transformed and integrated into the RSA Advanced SOC platform. Senior Consultant Engineer  Interested in: – All areas of High Performance Computing #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 7 David BroeckelmanPost  Joined RSA in 2010 – Security Analytics 10.3, 10.4, 10.5  Since joining RSA in 2010, David has worked in various capacities across RSA. In his current role on the Architecture team, he works to define the technical direction and research initiatives of the RSA Advanced SOC portfolio.  Interested in: – Aware (Context/Pervasive computing, Ambient/Computational Intelligence Consultant Technologist #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 8 Abram Thielke  Joined Netwitness in 2011 – Security Analytics v10 family  Abram has worked for RSA since 2011 and is the RSA Security Analytics User Interface Technical Lead. He is currently focused on improving the overall user experience and performance of the UI.  Interested in: – Creating rich and usable web-based apps Senior Consultant Engineer #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 9 Product Themes and Discussion Points #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 10 A Recent News Story on CNN Money Steve had to change all of his Bank of America Cards. #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 11 Visibility Analysis Action LIVE Capture Time Data Enrichment Packets LIVE LIVE Security Operations Logs Endpoint RSA LIVE INTELLIGENCE © Copyright 2014 EMC Corporation. All rights reserved. Threat Intelligence | Rules | Parsers | Feeds | Reports RSA RESEARCH #RSAsummit 12 Security Analytics Town Hall So what are you doing with Security Analytics? #RSAsummit © Copyright 2014 EMC Corporation. All rights reserved. 13 THANK YOU Technology Focus Areas in 2014 Visibility Analysis Action Additional Ingest Methods ESA – Rule Builder Investigations Event Source Monitoring Enrichment Incident Management App Rules/Lua Parsers Archiving – Compliance Focus SecOps Integration ECAT Alerts\Feeds Warehouse – Data Science ECAT Integration Aveksa Alerts\Feeds © Copyright 2014 EMC Corporation. All rights reserved. #RSAsummit 15 Incident Management Must Evolve BROAD VISIBILITY & DETECTION BUSINESS & IDENTITY CONTEXT RAPID INVESTIGATIONS EFFICIENT OPERATIONS MANAGEMENT Fuse together network, endpoint and system data & threat intelligence to detect even the most advanced attacks Know which users and assets are important and the location of sensitive data drives investigative efficiency and prioritization Complete investigations in minutes versus hours Workflow driven incident response and SOC/CIRC operations/Reporting management © Copyright 2014 EMC Corporation. All rights reserved. #RSAsummit 16