White Paper. Defending Against Advanced Threats at the Identity Perimeter
|
|
- Dorcas Wheeler
- 8 years ago
- Views:
Transcription
1 White Paper Defending Against Advanced Threats at the Identity Perimeter Written by Keith Graham, Chief Technology Officer, SecureAuth Stephen Cox, Chief Security Architect, SecureAuth May 2015
2 Introduction In the past few years, organizations have been experiencing monumental shifts. The headaches of in-house server rooms are waning in favor of the low-cost and flexible resources of the elastic cloud. Company-owned and company-managed personal devices are long gone, replaced by increasingly powerful and rapidly changing consumer devices. These shifts have shaken the concept of the traditional network perimeter to its very core. The edge of your network is increasingly difficult to define, as identities may carry it to data centers far beyond your control. Therefore, identity has become increasingly intertwined with the defense of your assets. It has become a perimeter of its own, often referred to as the new perimeter. In this whitepaper we explain why identity is a perimeter you should care about, how you can protect the identity perimeter, and how you can use identity to proactively detect and deflect advanced threats. It s time to stop talking about identity being the new perimeter and treat it like one. Assert Your Identity 2
3 Table of Contents Chapter 1: Why Identity is the Perimeter You Should Care About... 4 Traditional Options for Protecting Your Network s Perimeter Why Traditional Perimeter Protection Is No Longer Sufficient: the Anatomy of an Attack The Key Element to a Successful Attack: Credentials A Case Study: Target Why Are We Waiting For Breaches? Chapter 2: Protecting the Identity... 8 Considering Identity as the Perimeter Two-Factor Authentication Adaptive Authentication Life Sciences Case Study: A Case for Adaptive Authentication Single Sign-on Chapter 3: Making Identity the Perimeter Thwarting Attackers who Breach the Traditional Network Perimeter Identity Data Is the Key Factors that Can Be Used in Calculating and Alerting On Risk Identifying the Real Threats, in Real Time Incident Response Chapter 4: Becoming Even More Proactive Proactive Alerting Rapid Policy Updates Identity Containment Automatically Stopping Attacks Conclusion Assert Your Identity 3
4 Chapter 1: Why Identity is the Perimeter You Should Care About Traditional Options for Protecting Your Network s Perimeter The perimeter or edge of any network can very simply be defined as the boundary between a privately owned and managed network and a public network (commonly the Internet), which is usually accessed via some public service provider. The perimeter itself is usually formed by a network firewall or several firewalls structured to provide a demilitarized zone (DMZ). To protect organizations at the perimeter, firewalls perform some level of packet analysis as the packets flow from either side, they are inspected by the firewall, which decides which packets and connections to allow and which to disallow. For example, the firewall can block network packets on particular ports, protect against denial of service (DOS) attacks, and inspect the actual traffic flow for anomalous activity using stateful packet analysis. In addition to protecting the edge of the network with one or more firewalls, many organizations add layers of protection inside the network and the DMZ. Vendors offer a vast array of products to help, including intrusion detection systems, intrusion prevention systems, filtering, and anti-virus and antimalware software. Organizations can also choose more modern solutions designed to protect against today s advanced attacks; options include networkor endpoint-based threat detection products, incident response tools, and behavioral analysis products. Why Traditional Perimeter Protection Is No Longer Sufficient: the Anatomy of an Attack Although all of these traditional solutions add valuable additional layers of protection, none provides a silver bullet. In fact, we know from today s threat landscape and our experience in responding to attacks that protection at the perimeter of the organization is failing. While most traditional solutions provide some level of protection against attacks, we know that breaches are inevitable eventually, traditional perimeter protection will fail and attackers will get in. To understand why this is the case, let s look at the basic anatomy of today s advanced attacks, as illustrated in Figure 1. First, to penetrate an organization, attackers commonly use a combination of social engineering and malware, often in the form of an phishing attack. Specifically, they target an organization using information harvested via social engineering, social media, and open source data, and then lure unsuspecting users into downloading malware onto their computers. Once the attackers have established an initial foothold, either through the malware approach just described or by other means, they obtain legitimate credentials especially credentials with a privileged level of access or create new credentials, so that they can move laterally to perform reconnaissance and gain higher levels of access. Assert Your Identity 4
5 Attackers typically remain present in the target organization for long periods of time in fact, incident response firm Mandiant notes in its 2015 M-Trends report that the average mean time to detection now sits at about 205 days. During this phase, it s likely that the attacker is no longer using malware; rather, a human actor is using the legitimate credentials that have been obtained or created to blend in with the other activity in the environment. Once the attackers have found what they re looking for, they complete their mission by staging the data they re after anything from intellectual property to financial data and complete the process of stealing what they ve found (sometimes called exfiltration or simply exfil ). Maintain Presence Attacker Penetrate Establish Foothold Escalate Privileges Move Laterally Complete Mission Figure 1: Once attackers penetrate an organization and establish a foothold, they often remain present for many months until they fully complete their mission. The Key Element to a Successful Attack: Credentials However attackers breach an organization s perimeter, they need one critical thing to successfully complete their mission: credentials. Attackers can steal credentials from unsuspecting users through a brute force method, or they can obtain the password hash and pass it when required (a pass-the-hash attack). Either method enables attackers to masquerade as real users, blending in with the day-to-day noise of legitimate activity so they can move laterally without detection. In some case, attackers have the audacity to escalate their privileges often by exploiting a vulnerability and create their own credentials within the organization s identity store. Assert Your Identity 5
6 A Case Study: Target Let s explore a case study of an advanced attack to illustrate what we ve discussed so far. The December 2013 breach at US retailer Target is an older event in the grand lexicon of security, but let s take a slightly different angle on it. The timeline is well documented, making it very easy to analyze. Here is a (brief) timeline of the attack: Attacker Corporate Network POS Network Phishing Campaign Third Party Vendor Stolen Credentials Vendor Portal Compromise Active Directory Domain Controller Stolen Credentials POS File Server Malware Figure 2: A brief timeline of the 2013 Target attack POS System POS System POS System 1. Attackers performed research on HVAC vendors that Target engaged with, and discovered an online vendor portal associated with the company. 2. One of the HVAC vendors was breached via a phishing campaign. Credentials to the vendor portal were compromised. 3. The attackers used those credentials to log into the vendor portal. 4. Once inside the vendor portal, the attackers compromised a vulnerable Active Directory domain controller and gained access to legitimate credentials by cracking the NT Directory Service (NTDS) database. 5. Attackers used the legitimate credentials to pivot into the point-of-sale (POS) network, which was not protected by Two-Factor authentication. 6. Malware was likely distributed via an automatic update mechanism to infect a large number of POS machines in a short amount of time. 7. Attackers moved unfettered within the environment, stealing customer card information, until Target was notified by a third party. Assert Your Identity 6
7 Why Are We Waiting For Breaches? As noted, the Target breach was back in 2013, but organizations are unfortunately not getting the message. Breaches continue at a staggering rate, with report after report screaming about the need for strong and adaptive authentication. For example, although the Chief Financial Officers Act (CFO Act) was signed into U.S. law in 1990 to improve federal financial management, the U.S. Office of Management and Budget (OMB) notes in its 2015 annual report to Congress that, when the Department of Defense is not factored into the equation, less than half of all CFO Act agencies are implementing strong authentication that complies with National Institute of Standards and Technology (NIST) standards. < 50% of U.S. federal government CFO Act agencies are implementing strong authentication in compliance with NIST standards (DOD excluded) A recent study conducted by SecureAuth in the U.K. produced similar findings in the private sector: two in five IT decision makers reported that they were relying on passwords as the primary access control measure. Of these, only 22 percent reported having a plan to improve their authentication within 1 2 years, and 12 percent reported having no plan at all. Are Organizations Waiting to be Breached? Considering where you have password only access for your organisation s resources, are you planning to change or enhance this security model, if at all? 22% In the next 12 months 22% Within the next 1 to 2 years 11% Within the next 2 to 5 years 2% In over 5 years time 9% Have no plans yet 15% Password only security will remain 12% Don t know Figure 3: Less than a quarter of organizations surveyed have made plans to move beyond password-only security in the next year. Assert Your Identity 7
8 Chapter 2: Protecting the Identity Considering Identity as the Perimeter As we saw in Chapter 1, traditional perimeter protection (firewalls, intrusion detection systems, anti-virus software, and so on) is valuable but clearly no longer sufficient to keep attackers from gaining access to corporate networks. Therefore, to protect themselves, organizations need a new paradigm: what if we stop treating the edge of an organization s network as the only perimeter, and expand our definition of perimeter to include identity? How can this be achieved? Put simply, by supplementing traditional perimeter protection adding additional layers of security around the use of any credentials. This chapter explores three powerful approaches to identity protection: + Two-Factor authentication + Adaptive authentication + Single Sign-on (SSO) It s important to understand that these approaches not only help prevent attackers from using stolen credentials; they can also help prevent legitimate users from misusing their own credentials. It s also important to remember that any protection wrapped around the user s identity needs to apply wherever those credentials are used, including: + At the edge of the network, where the user is logging in externally via a VPN or via some external resources like webmail or a reverse proxy + During access to cloud-hosted applications + During access to on-premises applications Two-Factor Authentication The standard username and password can be a cost-effective method of basic security the system is inexpensive to set up and easy to manage, and it has little impact on the user experience. However, as we have seen, this type of credential is very easy for attackers to exploit and enables them to not just breach the edge of the network but to continue to move laterally within it unnoticed for weeks or months and achieve their objectives. Two-Factor authentication requires not only something the user knows (a username and password) but also something the user has, such as a one-time password (OTP) from a physical token. By increasing the level of protection associated with the authentication process by requiring a second factor, Two-Factor authentication mitigates the risk of attackers misusing legitimate credentials a stolen user ID and password become worthless to attackers because they lack the associated token or other second factor. For example, had Two-Factor authentication been in place in the Target attack described in Chapter 1, the attack would likely have been significantly hindered. In particular, a Two-Factor authentication solution would have been in a prime vantage point to intercede during three very critical points in this attack timeline: Assert Your Identity 8
9 + The use of compromised credentials to gain an initial foothold in the Target network + The use of compromised credentials on the hacked AD server to pivot into the POS network + The unfettered lateral movement within the network until discovery The question is, at what cost? Traditional Two-Factor solutions rely on hardware tokens that users must carry around on a keychain or in their pocket. These solutions involve both direct and indirect costs: there are the licensing fees, plus significant administration, distribution and management overhead, as well as reduced productivity due to disruption to the user experience. To help address these concerns, an effective, modern Two-Factor solution should support a variety of second factors and provide flexible, customizable workflows that customers can tailor to meet their particular user experience requirements and cost tolerance. Instead of hardware tokens, some Two-Factor solutions leverage existing trusted mechanisms and investments for example, an OTP can be dispatched to a trusted phone number by SMS or voice, or sent to an account. Other options include time-based one-time passwords (TOTPs) implemented using smart phone applications, or smart cards and proximity cards containing near-field communication technology which can be used in conjunction with either physical readers connected to an endpoint or smart phones with that capability. Finally, biometrics can also be used as an effective second or third factor. Fingerprints in particular arguably offer a good balance of security and usability. Of course, security is lower in consumer devices than in commercial, industrial, and high-security fingerprint sensors that offer higher resolution algorithms. Adaptive Authentication Another effective option for enabling stronger authentication is analyzing the context of the user behind the scenes: adaptive authentication. Adaptive authentication blends a variety of techniques for assessing a user s context to achieve an aggregated risk score that determines how an authentication request is handled. For example, adaptive authentication can take into account information about the user s IP address, device, geographical location, and behavior. Used individually, these techniques may not provide sufficient protection against attackers, but when combined, they can offer a good level of protection logon attempts that are deemed low risk proceed normally, while anomalous or suspicious attempts can be denied. This approach can be very effective at preventing attackers from moving laterally within the organization while limiting the impact on the experience of legitimate users. Adaptive authentication is even more effective when used in conjunction with Two-Factor authentication. In addition to allowing low-risk authentication attempts to proceed with just a password and denying very high-risk attempts outright, you can step up authentication for users with risk scores in the middle, requiring them to provide a second factor. That way, you limit the inconvenience of Two-Factor authentication to only a small number of legitimate authentication attempts and do not outright deny somewhat Assert Your Identity 9
10 unusual logon attempts from legitimate users. For example, since legitimate users do travel, you might force any user attempting to log on from an unusual geographical location to supply a second factor, rather than denying the logon attempt outright. Of course, the solution should enable you to tailor the various risk score ranges to your organization s preferred balance of usability to risk. In Chapter 3, we ll explore adaptive authentication in more detail. Life Sciences Case Study: A Case for Adaptive Authentication To help illustrate one of the benefits of adaptive authentication, let s explore how it helped provide an additional layer of protection for a life sciences company. This company sponsors academic research and trials globally. While its infrastructure is based in the U.S., it allows its globally dispersed partners to log in remotely for the purpose of inputting research data. To secure these user accounts, the company instituted password policies such as complexity requirements, and also used device fingerprinting to establish a level of trust with the endpoints being used. To improve security, the organization implemented adaptive authentication using IP reputation data. Very quickly, it was able to determine that a bad actor was using legitimate credentials to log in via the Tor anonymity network. With adaptive authentication in place, what had previously been a successful authentication request is now being denied, and the company s intellectual property is now being protected against continued theft. While this is just one example of a particular adaptive authentication technique, it helps illustrate how this additional level of analysis which is entirely transparent to the end user (or the attacker) can provide an additional level of protection without hindering legitimate users. Single Sign-on Single Sign-on (SSO) often improves the user experience since users have to log on only once to get access to their applications and data. But SSO also provides other benefits in particular, it can help safeguard a user s identity. That is, without SSO, users often suffer from username and password fatigue, and reuse relatively easy to guess usernames and passwords across applications. Therefore, attackers who steal one set of credentials can obtain access to many applications. With SSO, users have to remember only one password, so it s easier for organizations to implement stronger password policies, such as requiring more complex passwords and more frequent password updates, and thereby reduce the risk of attackers stealing credentials. Of course, if attackers do manage to steal credentials, SSO will enable them access to multiple systems. Therefore, SSO should be implemented in combination with strong authentication. Adaptive and Two-Factor authentication put additional protections around the identity and limit the usefulness of stolen credentials, while still allowing SSO to reduce the friction of using those credentials across all of your resources. Assert Your Identity 10
11 Chapter 3: Making Identity the Perimeter Thwarting Attackers who Breach the Traditional Network Perimeter As we saw in Chapter 1, an advanced attack involves multiple steps: penetrating the network, achieving a foothold, alternating escalating level of access and quiet snooping (lateral movement), finding what they re looking for, and stealing it. It is difficult to detect attackers moving laterally because a skilled attacker knows how to blend in with normal user activity. As mentioned before, the mean time to detection today now sits at around 205 days, a staggeringly long amount of time for an attacker go unchallenged inside your organization. Given that attackers will inevitably breach outer defenses and gain a foothold, organizations need to shift their focus to the later phases of the attack lifecycle: they need to focus on detecting the use of stolen credentials and lateral movement. This is currently a significant blind spot for organizations, since most security products focus on the early phases of keeping attackers out of the network. Identity Data Is the Key Adaptive authentication can help fill this blind spot. Adaptive authentication is in the perfect vantage point to observe and disrupt the credential seeking and lateral movement phases of the attack lifecycle. Moreover, by joining adaptive authentication information with other alerts in a security information and event management (SIEM) system, security practitioners can obtain a more complete view of an attack and write appropriate correlation rules to improve the organization s security posture. Correlation is key. One security event raises suspicion, but when that event is correlated with other security events, you have an incident. For example, an threat detection device may alert you that a malicious binary was sent to a particular user in your organization. That alert, combined with an adaptive authentication alert attached to the credentials of that user, paints an increasingly likely image of a breach in its early stages. Factors that Can Be Used in Calculating and Alerting On Risk Adaptive authentication revolves around a risk engine. Very early on in the authentication process, the engine is considering multiple data points in a decision to allow an authentication to proceed. Based on the risk score, the authentication can be stepped up to require an additional factor or blocked outright. In addition to providing a higher level of protection, these decision points represent potential security events that can be alerted on and correlated to the organization s security event stream. Let s explore some of the techniques that can be blended into adaptive authentication: Assert Your Identity 11
12 + IP reputation data IP reputation data, or blacklists of IP addresses, can be used to deny or step up authentication. For example, your organization might choose to deny authentication if the IP address of a user s machine is part of the Tor anonymity network or a known botnet, or an IP/subnet associated with known bad actors such as cyber-criminals, hacktivists, or particular nation states. + Device fingerprinting Device fingerprinting is typically a two-stage process: on first-time authentication, the solution registers an endpoint, and on subsequent authentications, it validates the endpoint against the stored device fingerprint. The device fingerprint comprises a set of characteristics about that endpoint, such as: Web browser configuration Language Installed fonts Browser plug-ins Device IP address Screen resolution Browser cookie settings Time zone + Fraud detection A number of techniques that can be employed to help detect fraudulent activity. For example, since every mobile phone number is unique and every mobile phone has a unique IMEI number, these numbers can be used to query the carrier networks to see whether the number being used to receive SMS or telephony OTPs is a mobile phone, pre-paid phone, landline, or VOIP account. For example, a burner phone or a phone that was very recently activated might be considered risky. The carrier networks can also be queried about whether the device has been stolen or lost. In addition, the geographic location of the mobile device can be ascertained from carrier data and correlated to other geographic location information gathered at login in order to ensure that the authenticating user is in the same location as the mobile device. If they re not in close proximity (however you choose to define it), the authentication can be stepped up or denied. + Geo-location Adaptive authentication can compare a user s current geographical location (a meaningful physical location) against known good or bad locations and act accordingly. For example, users on a campus location can be approved while users attempting to authenticate from outside of the campus can be denied. + Geo-fencing Adaptive authentication can also base decisions on a geographical area or a virtual barrier. For example, if the user s location is outside of a certain proximity, you can assign additional risk or deny the authentication attempt. + Geo-velocity Using a user s geo-location and login history together can also help prevent malicious access. For example, if a user logged in at 2 p.m. PST in California, it is reasonable to deny that user s logon attempt at 7 p.m. EST from the East Coast, since that can be considered an improbable travel event. Assert Your Identity 12
13 + Behavioral analysis Over time, a solution can gather information about the way that a given user interacts with the device using techniques such as keystroke dynamics and mouse and touch analysis. Obviously the type of interaction depends on the device; however, there are approaches for analyzing these measurable behaviors that are accurate enough now to help identify individuals, so later authentication attempts that fall outside established behavior patterns can be denied or stepped up to Two-Factor authentication. + Group membership Once attackers have access to your network, in addition to stealing existing credentials, they often create new ones. However, they often fail to create users correctly, with appropriate group membership and attributes. Therefore, by comparing a user s current information with the corresponding information kept in a directory or user store, you can thwart attackers attempting to use credentials they have created. + Alerts from threat detection solutions Some organizations already have investments in network-based threat detection products. A novel approach with adaptive authentication (especially where the threat detection solution is able to identify an identity that may be at risk) is to consume information about that identity and any risk associated with it and factor that information into its decisions. Identifying the Real Threats, in Real Time One concern about any solution that collects and analyzes data is whether it can identify the relatively few nuggets of valuable data quickly and efficiently. Seeing something odd in the logs is one thing, identifying true malicious behavior is another. Adaptive authentication data, and any alerts associated with determining risk, are high fidelity that is, the data has a very high signal to noise ratio. To elaborate, we will take the list of adaptive techniques above, separate them into a few general classifications, and explain the high fidelity nature of the technique: + Techniques that involve the lookup of a unique element of the identity against a source of intelligence. Alerts based on these types of techniques are high fidelity because of the uniqueness of the identifying factor. An example is a telephone number or an IP address. + Techniques that involve the analysis of some condition of the authentication for implausible scenarios. Alerts based on these types of techniques are high fidelity because of the physical impossibility of the triggering condition. An example is an improbable travel event or a change in the behavioral profile of the identity. + Techniques that involve the analysis of some conditions of the authentication for deviations from policy. Alerts based on these types of techniques are high fidelity because of their anomalous nature. For instance, an organization may have a policy of not letting users authenticate from outside the United States. Deviations from this policy would be anomalous and of high importance. Assert Your Identity 13
14 All these alerts are associated with the use of an identity. Often an attack using stolen credentials can be traced back to a deliberate action of a live person. If the live person is an attacker, you are likely breached. Identity compromise is typically much further along in the attack lifecycle. Other alert data around malware presence and execution is useful, but that data may not constitute an active breach. For instance, not every piece of malware on your system represents an active attack. Some of it is likely to be commodity malware that was simply delivered there programmatically by a drive by or other form of web exploit for example, there are many forms of malware that are just intended to send out spam as part of a spam botnet. In addition, in some cases, legitimate software may look like malicious software due to some of its behavior, all these false positives constitute significant noise that can drown out the signal of real attacks. Alerts that center on identity usage can cut through the noise, allowing security staff and incident responders to get right to the source of an attack in real time. Incident Response The rich data collected and analyzed by an adaptive authentication solution is extremely valuable during a security investigation and incident response. This data may include: + The username associated with the identity + The group membership associated with the identity + The IP address associated with the identity as it was presented in the authentication + Attribution data associated with that IP address, such as its geographical location or classification (for example, an anonymous proxy or known bad IP) + The system that the identity was attempting to access + The behavior profile(s) of the physical user associated with the identity + The biometric profile(s) of the physical user associated with the identity A timeline of this data can paint a clearer picture of the lifecycle of an attack. Forensic investigators can utilize it to analyze the movement of attackers in order to scope the intrusion and determine motive. This resolves a common blind spot for investigations. Assert Your Identity 14
15 Chapter 4: Becoming Even More Proactive Proactive Alerting Authentication alert data can also be used in a proactive manner, notifying your SIEM solution of critical security events specific to your organization. This can assist them in monitoring suspicious user activity and insider threat activity, as well as help with user de-provisioning. Examples of proactive alerting include: + Observing an identity A prime example of proactive alerting is observing a specific identity. Perhaps the identity has come under scrutiny due to suspicion that the credentials have been compromised or that the identity is being used in an insider threat or unethical activities, or because the identity has been recently de-provisioned. An alert could be configured that notifies an analyst any time that identity is observed trying to authenticate. + Observing a system You might also want to proactively alert on a specific system, such as one that is suspected of having been compromised or that is simply a crucial system in your environment. An alert could be configured that notifies an analyst any time that system is involved in an authentication. Rapid Policy Updates Moreover, adaptive authentication should fit into your security ecosystem, not only issuing alerts to your SIEM solution, but enabling you to act upon those alerts in a meaningful way during an attack. Specifically, an authentication system should support a rich API allowing for rapid updates to authentication policy, such as: + Identity step-up You ve received some sort of alert associated with a given identity, and you want the authentication workflow to be stepped up for that identity for a period of time. + Identity lockdown You ve received some sort of alert associated with a given identity, and you want the authentication workflow to block that identity for a period of time. + System step-up You ve received some sort of alert associated with a specific system, and you want the authentication workflow to that system to be stepped up for a period of time. + System lockdown You ve received some sort of alert associated with a specific system, and you want the authentication workflow to block accesses to that system for a period of time. In a compromise situation, entire groups of identities or systems could be stepped up or locked down in this way. Assert Your Identity 15
16 Identity Containment Automatically Stopping Attacks Having a timeline of an attack is critical in an investigation. The next stage in the evolution of advanced strong authentication solutions would be automatically putting controls around an identity as an attack unfolds. There are many threat detection products in the security world that are very good at specific types of detection: + Network threat detection centers around the analysis of network sessions for the presence of malicious behavior or binaries. In this case, the identity would be associated with the endpoint on the organization s side of the network session. + threat detection centers around the analysis of traffic for the presence of malicious links or attachments. In this case, an identity is very prominent, since the is being sent to an individual or group of individuals. + Endpoint threat detection centers around the analysis of an endpoint for the presence of malicious behavior or binaries. In this case, an identity is associated with the endpoint being analyzed. Network Identity Contained Identity PERIMETER Identity Endpoint Network Threat Detection Device Alert Contain Contain Alert Endpoint Threat Detection Device Identity Provider Figure 4: An advanced identity protection solution can put controls around an identity as an attack unfolds by detecting a range of threats and responding appropriately. Assert Your Identity 16
17 Generally these types of products support outbound alerting. An authentication system could consume these alerts, parsing each and deriving the identity associated with it. Then it could optionally: + Mark the identity for step-up authentication in other words, require additional factors the next time the identity is used. + Block use of the identity completely. + Generate an alert to notify an analyst this action has occurred, providing the attribution data. Network Step-up/Deny Contained Identity PERIMETER VPN Identity Provider On-premise Application Figure 5: Containing an identity creates a portable safety net around it, protecting your organization no matter where or how that identity attempts to access your systems, for example a VPN use case is shown above. By containing the identity, you have created a safety net that is portable with that identity it carries across physical locations, endpoints, mobile devices, and wearable devices. Moreover, you ve done it very soon after an initial attack is detected, before the attacker has had a chance to attempt to obtain credentials. Assert Your Identity 17
18 Conclusion Identity is the perimeter you should care about. Emerging practices, such as adaptive authentication, can help you protect it. Strategies around monitoring and alerting on identity can help you detect advanced threats before bad actors have a chance to steal your most valuable data. And integrating adaptive authentication solutions with other advanced detection solutions, such as network and endpoint threat detection, can rapidly increase your level of protection in a way that is very specific to attacks on your organization. As you start focusing on identity as a perimeter, you need to have the right access control solution in place. It must deliver the breadth of authentication strategies needed to build workflows that support the unique needs of your resources and stakeholders. In addition, it must offer adaptive authentication with both risk and context-based analysis, and support a broad list of Two- Factor methods. Consider SecureAuth IdP. IdP easily deploys into existing environments, leveraging your investments in data stores and other tools. With IdP you get an innovative access control solution that: + Is standards-based, with flexible deployment options that don t dictate authentication workflow and user experience + Supports cloud, mobile, on-premise, and VPN use cases + Integrates easily with legacy systems + Delivers powerful adaptive authentication, including risk and context analysis + Enables a low-friction user experience through methods such as device fingerprinting + Provides an API for tighter integration with home-grown applications + Delivers rapid time to value To learn more about SecureAuth IdP, visit Assert Your Identity 18
19 ABOUT KEITH GRAHAM Keith Graham is Chief Technology Officer at SecureAuth Corporation. His expertise comes from 15 years in security, product management, product development, and consulting at companies such as FireEye/Mandiant and Quest Software. As CTO, Graham leads product development and plays a major role in the creation and development of innovative features for all of SecureAuth s enterprise security solutions. ABOUT STEPHEN COX Stephen Cox is Chief Security Architect at SecureAuth. Stephen is a technology veteran with over 15 years in the information technology industry, including 10 years experience leading software development teams in the security industry. His expertise includes systems architecture, threat intelligence and malware analysis, as well as endpoint and network forensics, gained through employment with some of the most impactful IT security firms in the world including FireEye/Mandiant, RSA NetWitness and VeriSign. ABOUT SECUREAUTH Based in Irvine, California, SecureAuth offers identity and information security solutions that deliver innovative access control for on-premise, cloud, mobile and VPN systems to millions of users worldwide. SecureAuth IdP provides adaptive and Two-Factor authentication alongside Single Sign-on (SSO) in one solution. Its unique architecture enables organizations to leverage legacy infrastructures while also embracing nextgeneration technologies, so they can preserve existing investments while also meeting today s security challenges and tomorrow s. For the latest insights on secure access control, follow the SecureAuth blog, on Twitter, or visit Assert Your Identity 19
20 8965 Research Drive Irvine, CA p: f: secureauth.com WP-DefensingAgainstThreats
Preventing Attackers from Getting What They Want
Preventing Attackers from Getting What They Want A Case for Context-Based Authentication Written by Keith Graham, CTO, SecureAuth November 2014 Whitepaper Executive Overview Attacks on organizations are
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationexpanding web single sign-on to cloud and mobile environments agility made possible
expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationWhite Paper. Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare
White Paper Revolutionizing Remote Secure Access: Strong, Adaptive Authentication for Healthcare June 2015 Introduction The primacy of healthcare cyber security is accompanied by challenges unique to the
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationWHITE PAPER Moving Beyond the FFIEC Guidelines
WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationWhy Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor
Why Device Fingerprinting Provides Better Network Security than IP Blocking How to transform the economics of hacking in your favor Why Device Fingerprinting Provides Better Network Security than IP Blocking
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationHow To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationThe Top 7 Ways to Protect Your Data in the New World of
The Top 7 Ways to Protect Your Data in the New World of Shadow IT and Shadow Data Brought to you by Elastica and Centrify Introduction According to research conducted by Elastica, most companies use over
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationNetwork Security Monitoring: Looking Beyond the Network
1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationThe Sumo Logic Solution: Security and Compliance
The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationRunning the SANS Top 5 Essential Log Reports with Activeworx Security Center
Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationSecuring Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly
Securing Internet Facing Applications Ten years ago protecting the corporate network meant deploying traditional firewalls and intrusion detection solutions at the perimeter of the trusted network in order
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationWHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION
WHITEPAPER SECUREAUTH IDP DEVICE FINGERPRINTING LOW-FRICTION, BYOD AUTHENTICATION Executive Overview The explosion of devices laptops, desktops and now the plethora of mobile devices has left enterprises
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationMANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security
MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors
More informationLayered security in authentication. An effective defense against Phishing and Pharming
1 Layered security in authentication. An effective defense against Phishing and Pharming The most widely used authentication method is the username and password. The advantages in usability for users offered
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationWHITE PAPER WHAT HAPPENED?
WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationThe Symantec Approach to Defeating Advanced Threats
WHITE PAPER: THE SYMANTEC APPROACH TO DEFEATING ADVANCED........... THREATS............................. The Symantec Approach to Defeating Advanced Threats Who should read this paper For security practioners
More informationRetail Security: Enabling Retail Business Innovation with Threat-Centric Security.
Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationUnderstanding and Responding to the Five Phases of Web Application Abuse
Understanding and Responding to the Five Phases of Web Application Abuse Al Huizenga Director of Product Management Kyle Adams Chief Architect Mykonos Software Mykonos Software Copyright 2012 The Problem
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationSECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION
SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationWhite Paper. What is an Identity Provider, and Why Should My Organization Become One?
White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today
More informationTHE ROLE OF IDS & ADS IN NETWORK SECURITY
THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker
More informationBeyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationPortWise Access Management Suite
Create secure virtual access for your employees, partners and customers from any location and any device. With todays global and homogenous economy, the accuracy and responsiveness of an organization s
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationProtecting Point-of-Sale Environments Against Multi-Stage Attacks
SOLUTION BRIEF: PROTECTING POS DEVICES & BROADER ENVIRONMENT........................................ Protecting Point-of-Sale Environments Against Multi-Stage Attacks Who should read this paper Point-of-Sale
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More information