The Five W's of SOC Operations. Kevin
|
|
- Lorena Ray
- 8 years ago
- Views:
Transcription
1
2 The Five W's of SOC Operations Kevin
3 Thank you Todd Thanks to Randall Munroe
4 Overview Introduction Five W s of SOC Operations When do I need a SOC? Readiness What exactly does the SOC do? Operational aspects Who will staff my SOC? Team & skills Where should my SOC be located? Challenges of geography We have it covered. Why would I need help from others? The supporting cast Q&A
5 About Me Kevin Young CISSP, GCIH, GNFA Adobe Systems Digital Marketing Business Unit, Lehi, Utah Adobe Marketing Cloud Manager, Security Operations Security Operations Center Incident Response The thoughts and opinions expressed here are my own and do not reflect those of Adobe Systems, Inc.
6 Our Environment Security Analytics Netflow Security Analytics IDS SOC (Monitoring & Assessment) Incident Incident Response (Handling) Syslog Archer Security Operations HIDS
7 My First Month
8 When do I need a SOC?
9 Organizational Maturity Do you have a clear vision and role for your SOC? What do you gain? Why do you want to change your current model? What is the expectation? Relationships Product teams External parties Vendors/Pro Serve Support requirements Use cases
10 Operational Maturity Information security Repeatable security processes Incident Response plan Investigation methodologies Service delivery Change control System configuration database Software load/image repository Documentation Network & architecture diagrams Storage strategy Identify key assets Contact List
11 Business Maturity Management support Capital Staffing Tools (hardware, upgrades, licensing, maintenence) Training (current & ongoing) On-Boarding/review process M&A
12 What exactly does a SOC do?
13 A Day in the Life of a SOC Correlate Reports HIDS/NIDS NetFlow data Logs Threat intel Investigate Escalate Contain/Mitigate Credit: Elvis Weathercock
14 SOC Tiers IR T2/T3 T1 Contain Containment, Recovery, Root Cause Analysis Incident Managers, Legal, PR, Customer Service Investigate Evaluation, review, analysis T2/T3 Analysts, Product Teams, SMEs Correlate Intake, Monitor, Triage, Priority T1 Analysts
15 Detect vs. Correlate Sweet spot of analysis RSA RSA Netflow IDS Netflow IDS
16 Incident Response Panic Identify/Investigate Contain Eradicate Recover Lessons Learned/Root Cause Analysis LL: Specific to team(s) RCA: Most fundamental cause (i.e. 5 Whys)
17 Hey Kevin, I need your metrics - Unnamed Project Manager
18 Metrics Tell Your Story Metric creation 1. Understand business objective 2. Establish/align the SOC goal 3. Define the metric 4. Develop a realistic way to capture the indicator
19 Metrics Tell Your Story Ref: Security Metrics, SANS Institute Reading Room, mitre.org, rsaconference.com blogs
20 but what does the SOC team do when it isn t handling an incident?
21 Metrics Tell Your Story Number of Investigations Reporting/Discovery Method % % % 40% 30% 20% Internal External Other 20 10% % % % of SIEM Events Closed 100% 80% 60% 40% 20% 0% Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
22 Who Will Staff My SOC?
23 Staffing Analysts (T1-3) Subject Matter Expert (SME) Incident Responder/Coordinator Management
24 Analyst Skills Hard skills Soft skills Intangible skills Hard Skills? Skills Soft Skills Analyst
25 Analyst Hard Skills Computer & security skills Network protocols Packet analysis Scripting/Parsing IDS Architecture and product knowledge Indicators of Compromise (IOC) Mixed results in two areas Malware analysis Threat intelligence Security Operations Analyst (SA) Levels 1 through 3 Uses, implements, reviews, or evaluates a variety of sensor types detect and prevent threat actors from infiltrating information system(s) or jeopardizing delivery infrastructure. Operates and uses wide variety of technology types (IDS, Netflow, full-packet capture, SPAN ports/taps, etc.) for monitoring of product delivery infrastructure. Provides information and reports regarding impact of breaches to confidentiality, integrity, and availability of service delivery.
26 Malware analysis Higher level of expertise Limited talent pool Beyond reach of entry level SOC effort Forensic analysis What is the objective? What do you hope to accomplish?
27 Threat intelligence Difficult to do well Cost to convert intel into usable knowledge is high Staffing limitations Credit: David Bianco Pyramid of Pain
28 Analyst Soft Skills Creativity Teamwork Psychology Mind of an attacker Understanding of risk Passion Off-hours interest Curiosity Natural desire to learn
29 Subject Matter Expert (SME) Penetration testing/hunter Forensic expertise Fast or thorough Infrastructure System admin Network admin Software development
30 Incident Coordinator Calm under fire Leadership Communication Technical Managerial Writing skills Project management Risk analysis
31 Manager/Leader
32 Where should my SOC be located?
33 Physical Location Adequate workspace Reference materials War/conference room Confidential communication Close to those whom you serve
34 Challenges of Geography Physical location(s) Coordination Language/culture
35 Coverage Model Hours of coverage 8x5 24x7 Weekends US/foreign holidays Follow the sun
36 Coordination Collaboration/geographical handoff Virtual meeting rooms Phone bridge/conference call Ticketing system Investigation tracking Security engineering team Tuning Upgrades
37 We can do it alone. Why would I need help from others
38 SOC Limitations Deciding what not to do is as important as deciding what to do. -Steve Jobs your scientists were so preoccupied with whether or not they could that they didn't stop to think if they should. -Dr. Ian Malcom, Jurassic Park
39 Necessary Expertise - Internal Product/Help Desk teams Breach investigation Response coordination User/customer notification System administration Network engineers System engineers Upstream providers Customer Service Password changes, service outages Customer communication
40 Necessary Expertise - Internal Public Relations SINGLE media spokesperson Limit outbound social media speculation Legal department/counsel Takedown/DMCA notices Privacy/HR issues Law enforcement interface
41 Necessary Expertise - External On-retainer security services from 3 rd parties Forensic investigation APT investigation Managed Security Service Providers (MSSP)
42 Takeaways
43 Organization & Operation Concept of Operations (ConOps) Incident Response Plan Playbook/Runbook Broad incident categories (DDOS, phishing attack, loss of passwords, loss of customer data, compromise of key systems)
44 Organization & Operation Training and development Tools Techniques Processes Change management, service management Management support Budget Firepower
45 SOC Development Your SOC is a journey, not a destination Rinse, lather, repeat (aka Lessons Learned, Root Cause Analysis) You will make mistakes Maintain realistic expectations
46 Start Now! "A good plan, violently executed now, is better than a perfect plan next week. -George S. Patton
47 Q&A
48 References SANS SANS Institute Reading Room Security Metrics: Replacing Fear, Uncertainty, and Doubt Ten Strategies of a World-Class Cybersecurity Operations Center Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
49 References Building a World-Class Security Operations Center: A Roadmap Concept of Operations Pyramid of Pain Security Weekly Podcasts Krebs on Security
50 References Collecting Security Metrics and What They Mean Blue Team Handbook: Incident Response Edition The Practice of Network Security Monitoring: Understanding Incident Detection and Response Understanding/dp/ /
51
Intelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationAT&T Global Network Client for Windows Product Support Matrix January 29, 2015
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationCOMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*
COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationNetwork Security Roadmap. February 15, 2011
Network Security Roadmap February 15, 2011 Awareness Spyware The IT Security landscape Malware Stopit Global Threats DDoS cookies DMCA Notifications Forensics FERPA botnets Policy Laws & Regulation keystroke
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationCyber Security Operations Center (CSOC) for Critical Infrastructure Protection
SESSION ID: CXO-F02 Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection Timothy Lee CISO City of Los Angeles @tswlj316 AGENDA Introduction Why do we need Cyber Security Operations
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More information5/29/2015. Auditing IT Contracts From Afar. Disclaimer. Agenda
Auditing IT Contracts From Afar Ensuring Compliance Michael Carr, JD, CISSP, CIPP Director, Enterprise IT Architecture & Chief Information Security Officer University of Kentucky June 2015 Disclaimer The
More informationComputing & Telecommunications Services Monthly Report March 2015
March 215 Monthly Report Computing & Telecommunications Services Monthly Report March 215 CaTS Help Desk (937) 775-4827 1-888-775-4827 25 Library Annex helpdesk@wright.edu www.wright.edu/cats/ Last Modified
More informationAnalysis One Code Desc. Transaction Amount. Fiscal Period
Analysis One Code Desc Transaction Amount Fiscal Period 57.63 Oct-12 12.13 Oct-12-38.90 Oct-12-773.00 Oct-12-800.00 Oct-12-187.00 Oct-12-82.00 Oct-12-82.00 Oct-12-110.00 Oct-12-1115.25 Oct-12-71.00 Oct-12-41.00
More informationCase 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8
Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138 Exhibit 8 Case 2:08-cv-02463-ABC-E Document 1-4 Filed 04/15/2008 Page 2 of 138 Domain Name: CELLULARVERISON.COM Updated Date: 12-dec-2007
More informationGaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente
Gaining and Maintaining Support for a SOC Jim Goddard Executive Director, Kaiser Permanente Objectives Agenda 1 Lessons learned 2 How to build interest 3 Producing tangible benefits 4 Building momentum
More informationCenters of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review
Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review Review Process The Knowledge Unit (KU) Review Calendar divides the entire CAE-C KU list into 12 months for the purposes of
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationEnhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017
From -JAN- To -JUN- -JAN- VIRP Page Period Period Period -JAN- 8 -JAN- 8 9 -JAN- 8 8 -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- -JAN- 8-JAN- 9-JAN- -JAN- -JAN- -FEB- : days
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationJUN 2012. Technology Services. Peak Metrics Report Out D E N V E R PERFORMANCE
JUN Technology Services D E N V E R Vision Alignment Citywide Vision: We will deliver a world-class city where everyone matters. Agency Vision : We will become the nation s model for delivery of technology,
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationLessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program
Orange County Convention Center Orlando, Florida May 15-18, 2011 Lessons from McKesson s Approach to Maintaining a Mature, Cost-Effective Sarbanes-Oxley Program Vickie Pilotti Kelly Worley Ben Wienand
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationProtect Yourself in the Cloud Age
Protect Yourself in the Cloud Age Matthew Wu Consultant Hong Kong Computer Emergency Response Team Coordination Centre About HKCERT HKCERT ( 香 港 電 腦 保 安 事 故 協 調 中 心 ) Established in 2001 Funding & Operation
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationLog Management as an Early Warning System
Log Management as an Early Warning System The Edge for Compliance Presented by: Nancy Wilson, CISA, CRISC, CISSP, C CISO Vice President, Compliance and Security Cautela Labs, Inc. Agenda What is log management
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationMassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management
MassMutual Cyber Security University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management Position Title: Threat Intelligence Intern Job Location: Boston, MA Timeframe:
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationRoles: Scrum Master & Project Manager
Roles: Scrum Master & Project Manager Scrum Master: Facilitate collaborative meetings Track team performance Remove impediments (Risk, Issue) Validate team alignment to Agile framework and scope Drive
More informationwww.pwc.com How to effectively respond to an information security incident
www.pwc.com How to effectively respond to an information security incident Agenda Analogy Plan Preparation Incident Handling Overview Collect & Triage Investigation Containment Eradication Recovery 2 Are
More informationVA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs
VA Data Breach Follow-Up Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs Incidents In The News - VA Is Not Alone Data HMO Report:
More informationCONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY
CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today
More information4/1/2009. Short-termterm
Hi, my name is Susan ITIL in the Workplace The Practical Application of a Best Practice Framework Susan Ryan April 3, 2009 IT industry worker for over 25 years ITIL v2 Manager Certified itsmf Minnesota
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationLEGAL SERVICE DESK SUPPORT
3rd Edition August 212 THE GURU S GUIDE FOR LEGAL SERVICE DESK SUPPORT LAW FIRM SPECIFIC METRICS & KEY PERFORMANCE INDICATORS WELCOME TO THE GURU S GUIDE, 3 RD EDITION I have been involved with the law
More informationEvaluating, choosing and implementing a SIEM solution. Dan Han, Virginia Commonwealth University
Evaluating, choosing and implementing a SIEM solution Dan Han, Virginia Commonwealth University A little about me Worked in IT for about 15 years Worked in Application Development, Desktop Support, Server
More informationConsumer ID Theft Total Costs
Billions Consumer and Business Identity Theft Statistics Business identity (ID) theft is a growing crime and is a growing concern for state filing offices. Similar to consumer ID theft, after initially
More informationTOP INNOVATIONS FOR CYBERSECURITY
1 TOP INNOVATIONS FOR CYBERSECURITY MATTHEW S TOP 10 SECURITY INNOVATIONS FOR THE PRESENT & NEAR FUTURE MATTHEW GARDINER, SR. MANAGER, RSA SECURITY 2 ROADMAP INFORMATION DISCLAIMER EMC makes no representation
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationBest Practices to Improve Breach Readiness
Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationThe New ROI: Results Oriented Intel. David Amsler, Founder
The New ROI: Results Oriented Intel David Amsler, Founder Foreground Security Dedicated Security services firm Founded in 2000 with offices in Florida, Virginia, and Maryland Federal and commercial clients
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationDealing with Big Data in Cyber Intelligence
Dealing with Big Data in Cyber Intelligence Greg Day Security CTO, EMEA, Symantec Session ID: HT-303 Session Classification: General Interest What will I take away from this session? What is driving big
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More information3rd Edition August 2012. The Guru s Guide for. Desk Support. Law firm specific metrics & key performance indicators
3rd Edition August 212 The Guru s Guide for Legal Service Desk Support Law firm specific metrics & key performance indicators WELCOME TO THE GURU S GUIDE, 3 RD EDITION I have been involved with the law
More informationIMT Performance Metrics and Qualitative Feedback
IMT Performance Metrics and Qualitative Feedback December 2015 Liz McNaughton Content Page 1.0 Executive Summary 1 1.1 Summary of statistics 2 2.0 Service performance 3 2.1 Significant incidents 3 2.1.2
More informationCYBER SECURITY OPERATIONS CENTRE
CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited CYBER SECURITY
More informationCisco IT Technology Tutorial Overview of ITIL at Cisco
Cisco IT Technology Tutorial Overview of ITIL at Cisco Ian Reddy, IT Manager David Lietzell, IT Program Manager May 2009 Produced by the Cisco on Cisco team within Cisco IT 2007 Cisco Systems, Inc. All
More informationWhat does it take to deliver the most technologically advanced Games ever?
What does it take to deliver the most technologically advanced Games ever? Enzo Sacco, Quang Tu October 20, 2015 Purpose of today s session To share our experiences and lessons learned in securing the
More informationPoint-of-Sale (POS) Malware: Tactics and Strategies for Protecting Customer Payment Information
Point-of-Sale (POS) Malware: Tactics and Strategies for Protecting Customer Payment Information Bit9 and Carbon Black Jeffrey J. Guy 20 Feb 14 jjguy@bit9.com @jjguy 2014 Bit9. All Rights Reserved Introduction
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationAdvice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation
Advice from the Trenches: Preparing for the Challenges and Pressures of a Security Incident Investigation Marshall Heilman Managing Director Craig A. Hoffman Partner Who we are Marshall Heilman Craig Hoffman
More informationRashmi Knowles Chief Security Architect EMEA
Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE
More informationThreat Intelligence. Darien Kindlund 11/25/2013 darien.kindlund@fireeye.com. Copyright (c) 2013, FireEye, Inc. All rights reserved.
Threat Intelligence Darien Kindlund 11/25/2013 darien.kindlund@fireeye.com Copyright (c) 2013, FireEye, Inc. All rights reserved. 1 Who am I? Manager of Threat Intelligence at FireEye Infosec Scientist
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationREQUEST FOR INFORMATION
Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationSpyders Managed Security Services
Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationCertification Programs
Certification Programs 2014 The SBS Institute serves community banks by providing educational programs that will certify a banker has the knowledge and skills to protect against todays information security
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationMcAfee Endpoint Protection Products
McAfee Total Protection Security Overview for MEEC Sumeet Gohri, CISSP Sr. Sales Engineer GovED + Healthcare McAfee, Inc. Agenda Protection Challenges McAfee Protection Products McAfee epo walkthrough
More informationEmployers Compliance with the Health Insurance Act Annual Report 2015
Employers Compliance with the Health Insurance Act Annual Report 2015 ea Health Council Health Council: Employers Compliance with the Health Insurance Act 1970 Annual Report 2015 Contact us: If you would
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationKELLER INDEPENDENT SCHOOL DISTRICT
BOARD OF SCHOOL TRUSTEES KELLER INDEPENDENT SCHOOL DISTRICT 12B. Report Date: January 17, 2013 SUBJECT: FUNCTION: DELL SERVICES Technology DISTRICT KEY STRATEGIC PRIORITY: Educational Excellence Excellence
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationCONSULTING IMAGE PLACEHOLDER
CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization
More informationProject Management Planning
Overview of Resource Planning Every organization has a limited number of resources to perform tasks. A project manager's primary role is to find a way to successfully execute a project within these resource
More informationAttribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationOrganizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation
Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options
More informationINSIDE A CYBER SECURITY OPERATIONS CENTRE
INSIDE A CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited Invited
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationCOMPANY PROFILE. Expert Advice. Experience Advantage. Proactive Security Solutions Through Cutting-Edge Research. www.pandoralabs.
A Security-as-a-Service Company. We Make IT Secure. COMPANY PROFILE Expert Advice. Experience Advantage. Proactive Security Solutions Through Cutting-Edge Research. Table of Contents PANDORA SECURITY LABS...
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationCyber Security Operations: Building or Outsourcing
Cyber Security Operations: Building or Outsourcing Michael Levin, Optum Stephen Moore, Anthem Jeff Schilling, Armor Introduction Michael J. Levin, JD, CISSP, EnCE, GLEG, GSLC Director of Cyber Defense
More informationManaged Security Services. Leverage our experienced security operations team to improve your cyber security posture
Managed Security Services Leverage our experienced security operations team to improve your cyber security posture Our approach to Managed Security Services Enterprises spend millions on technology to
More informationIs security awareness a waste of time?
Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities
More informationwww.obrela.com Corporate Security Intelligence Services
Corporate Security Intelligence Services We Keep Your Business In Business Using security analytics and sophisticated risk management technology we dynamically protect our clients by identifying, analyzing,
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More information2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012
2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit
More informationAshley Institute of Training Schedule of VET Tuition Fees 2015
Ashley Institute of Training Schedule of VET Fees Year of Study Group ID:DECE15G1 Total Course Fees $ 12,000 29-Aug- 17-Oct- 50 14-Sep- 0.167 blended various $2,000 CHC02 Best practice 24-Oct- 12-Dec-
More informationSupervisor Instructions for Approving Web Time Entry
Supervisor Instructions for Approving Web Time Entry Time Approval Deadlines by Category Local 2110 Members members submit time by NOON on Monday of the pay week. Time should be approved no later than
More information