Operationalizing the Three Principles of Advanced Threat Detection@Zulfikar_Ramzan, Ph.D

Chief Technology Officer, RSA

California Cyber Security Symposium 2016

cyber security companies

1500M&A deals/year

125IPOs/year

5Let’s assume NO

new VC investments

0

However you work it, at least

12 years of market overhang!

So What Does This All Mean?

Current State of Security

1 RSA Cybersecurity Poverty Index 2016

2 PWC Global State of Information Security Survey 2015

3 EY Global Information Security Survey 2015

4 RSA Threat Detection Effectiveness Survey 2016

5 RSA Estimate

70%

Compromised

in the last year1

56%

Unlikely to detect

an attack3

66%

Growth in

incidents YoY2

80%

CISOs re-thinking

strategy in next

12-18 months5

90%

Are unsatisfied

with response speed4

New Threat Actor

• Pale Hippo 1

• Weight: 400 lbs

• Normally hacks from his bed,

sometimes his couch

• First intelligence reports on 26-

Sep-2016

• Politically motivated

How bad is it?

Who was it?

How did they get in?

What information was taken?

What are the legal implications?

Is it under control?

What are the damages?

What do we tell people?

B U S I N E S S R I S K

Account lockouts

Failed user access attempts

Web shell deletions

Buffer overflows

SQL injections

Cross-site scripting

Denial-of-service

IDS/IPS events

Incident level fixes

S E C U R I T Y D E T A I L