The GSN 2015 Digital Yearbook of Awards

More documents

Recommendations

Info

GSN 2015 DIGITAL YEARBOOK OF HOMELAND SECURITY AWARDS RECIPIENTS IT Security Products and Solutions RSA, The Security Division of EMC 2015 Winner Awards Category: –––––––––––––––––––––––––––––––––––––––– Best Endpoint Detection and Response Solution Name of Nominated Product, Service, or Program: –––––––––––––––––––––––––––––––––––––––– RSA ECAT Reason this entry deserves to win: –––––––––––––––––––––––––––––––––––––––– RSA President Amit Yoran said “IT Security has Failed.” Organizations across a wide range of industries are breached, new malware, zero-day vulnerabilities are everywhere. Money, intellectual-property, hacktivism are only a few of the reasons. They are bombarded with crimeware, adware, targeted campaigns, and nationstate attacks. Attackers today can easily bypass traditional signature-based defenses, create persistency, move laterally, exfiltrate data while leaving organizations blind from those types of threats that will put their name on the first page of today’s news. RSA does not believe in this status quo! How is RSA ECAT doing things differently? ECAT is an endpoint threat detection and response solution focused on malware and other threats’ behavioral detection, able to provide visibility to how wide- spread an attack is and instantly determine the scope and mitigate in real-time. Analysts trust ECAT to identify both the known and unknown zero-day malware based on its behavioral-based detection capabilities. RSA ECAT’s approach provides: • Behavioral modeling via ECAT’s Instant Indicator of Compromise (IIOC). ECAT provides an out-of-the-box list (~300) of IIOCs for both Windows and Mac operating systems, being able to identify the exact attack vector used by threats and generic behavior indicative of malware. Based on IIOCs triggered, a machine and module risk score are generated enabling analysts for better detection and prioritization capabilities. ECAT’s IIOCs expose the attack characteristics by pointing the 72
analysts automatically at the suspicious modules and attack vectors identified such as: floating code, hidden/ temp/program data folder write to executable, scripts run (PSexec, whoami, etc.) which equips the analyst with tools and techniques used to not only identify the how but the who as well. All IIOCs are executed serverside as data is processed, reducing no overhead on the agent and client performance. • Detection and Visibility through Layered Approach. While ECAT performs live memory analysis and in-depth inspection of host behavior, it is also leveraging other ways of enriching data for analysis by using OPSWAT, Yara, module reputation models, and multiple threat intelligence data feeds including RSA Research and community-based intel via STIX, enabling analysts to quickly come to a resolution and take response action. • Detect, Investigate and Response. While threats will find their way into the organization, being able to trigger a response action to shorten dwell time is a key. ECAT is able to block and quarantine suspicious modules for endpoints within a corporate network as well as endpoints off network connected to the Internet. • Machine Learning Risk Score system. The Risk Score system collects and analyzes vast amounts of data on the endpoint and network data transferred in/out and compiles a module and machine risk score based on a statistical machine-learning, adaptive model. ECAT’s analysts leverage the risk score as the basis for prioritized investigation, working on the most risky endpoints such as: module behavior, machine status, threat intelligence, business context, etc. Significant contributors to ECATs Risk Scoring system are RSA’s data-science team and Incident Responders providing contact feedback and new findings identified. • Enterprise Scalability. ECAT protects 50,000 agents with a single ECAT server. Link to Web Page of Nominated Organization: –––––––––––––––––––––––––––––––––––––––– http://www.emc.com/domains/rsa/index.htm Link to additional information on product, service or program, with brief description: –––––––––––––––––––––––––––––––––––––––– RSA ECAT Home Page: https://www.emc.com/security/rsa-ecat.htm Name and organization of nominating contact for this entry, including name, title, organization: –––––––––––––––––––––––––––––––––––––––– Bryan Grillo, Vice President CHEN PR Nominating contact’s office telephone and cell phone: –––––––––––––––––––––––––––––––––––––––– office: (781) 466-8282 cell: (617) 947-0547 Nominating contact’s email address: –––––––––––––––––––––––––––––––––––––––– bgrillo@chenpr.com 73
Page 1:
The GSN 2015 Digital Yearbook OF Ai
Page 5 and 6:
purchases, Fumai said. And the gove
Page 7 and 8:
TABLE OF CONTENTS 4 6 7 8 12 60 122
Page 9 and 10:
National Programs and Protection Di
Page 11 and 12:
11
Page 13 and 14:
Winners in the 2015 Airport/Seaport
Page 15 and 16:
Link to Web Page of Nominated Organ
Page 17 and 18:
tage of applying for or issuing a v
Page 19 and 20:
will be sent with the notification
Page 21 and 22: Improving Traveler Safety with Adva
Page 23 and 24: age the system from any computer. T
Page 25 and 26: Link to Web Page of Nominated Organ
Page 31 and 32: as a standalone device and connecte
Page 33 and 34: subjected to hundreds of hours of r
Page 35 and 36: activated on site or remotely. LRAD
Page 37 and 38: communication. As part of field and
Page 39 and 40: ange against surface targets, while
Page 43 and 44: With this exceptional performance,
Page 45 and 46: 45
Page 51 and 52: ing and analytics, integration of s
Page 53 and 54: 53
Page 55 and 56: IPM (integrated process management)
Page 57 and 58: The VKS brings many unique attribut
Page 59 and 60: or near the Port of Greater Baton w
Page 61 and 62: Winners in the 2015 Homeland Securi
Page 63 and 64: means. Without relying on detection
Page 65 and 66: 65
Page 67 and 68: is recognized. Gemalto’s solution
Page 69 and 70: and then aggregates, normalizes, an
Page 71: 71
Page 75 and 76: on Big Data Analytics/Data Science,
Page 77 and 78: presents unique challenge faced by
Page 79 and 80: keys; isolating, monitoring, record
Page 81 and 82: information collected by big data a
Page 83 and 84: down switch ports to secure access
Page 85 and 86: esolving vital network issues. Sola
Page 87 and 88: officials and immigration officers
Page 89 and 90: Securiport, implementing advanced s
Page 91 and 92: footprint of the organization chang
Page 95 and 96: standard” of mass spectrometry to
Page 97 and 98: though not the only one. The hundre
Page 99 and 100: Suspect Search goes to work right a
Page 103 and 104: cation between all devices connecte
Page 105 and 106: the national train system, impactin
Page 107 and 108: the program was quickly seen by RTD
Page 109 and 110: solutions to detect and mitigate th
Page 111 and 112: advanced analytics in conjunction w
Page 113 and 114: and private sector stakeholders hav
Page 115 and 116: observe the highest levels of priva
Page 117 and 118: his team faced—from staffing to b
Page 119 and 120: the help of Situator with embedded
Page 121 and 122: es more than 5,700 emergency room v
Page 123:
sure pick up any possible gunshot s
show all

The GSN 2015 Digital Yearbook of Awards

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?