Cyber Security Operations: Building or Outsourcing
|
|
- Gabriel Reeves
- 7 years ago
- Views:
Transcription
1 Cyber Security Operations: Building or Outsourcing Michael Levin, Optum Stephen Moore, Anthem Jeff Schilling, Armor
2 Introduction Michael J. Levin, JD, CISSP, EnCE, GLEG, GSLC Director of Cyber Defense for Optum Former Director of Security Design and Innovation with U.S. Dept. Health and Human Services, Senior Associate with Deloitte, and Investigative Counsel with U.S. Office of Special Counsel
3 Cyber Defense Provides Cyber Security Services to UnitedHealth Group, monitoring security for over 150,000 endpoints Cyber Defense consists of Security Operations Center Cyber Forensic Investigations Persistent Threat Analysis Cyber Intelligence Services Active Cyber Defense Data Analytics and Security Innovation
4 Cyber Defense Structure CD Director SOC CFI PTA CIS ACD DASI
5 Magnitude of Security Data Monitoring 150,000 end nodes results in: ~2 TB of raw logs each day 1.5 Billion Network, Security, and End Point events daily (17,000 a second) This requires 24 hour, in house, security analyst support
6 Security Operations Center Utilizing the SIEM and manual analysis the SOC reduces the 1.5 billion daily events, to an average of 50 security incidents each day. On average, 20 incidents are escalated daily to CFI for advanced Incident Response and investigation. Raw Logs Network, Security, Host Based Events Security Incidents
7 Manpower Investigative Teams SOC 24/7 support across 3 shifts, 28 analysts, approx. 1 analyst per 5,000 end nodes CFI 13 Incident Responders, approx. 1 per 10,000 end nodes PTA 7 Security Hunters, sufficient manpower and experience to effectively hunt within the enterprise for unidentified threats. CIS 9 Intelligence Analysts, No easy rule to determined team size, rather gauged on output and success.
8 In-House vs Outsourcing Pros: Organizational Data maintained within org. Better organizational knowledge, access, and expertise, all inhouse No contract re-negotiation or arguments when specific security work is needed Immediate Incident Response activity Cons: Significant initial capital investment Upfront and on-going talent acquisition and retention
9 Options for building a SOC Jeff Schilling, CSO Armor
10 Great guide Carson Zimmerman MITRE Free!!!
11 The security process PROTECT Defense technologies such as DDOS mitigation, IPRM, WAF, etc. Threat intelligence feeds our rules engines, making intelligence systems smarter over time RECOVER Automation technologies to perform necessary cleaning measures and/or update policies and rules engines in real-time Precise processes and trained personnel to remove compromises and secure against repeat attacks CYBER & PHYSICAL SECURITY DETECT Detection technologies (e.g., AV/AM, FIM, SIEM and log correlation) tuned to the behaviors of real threat actors Experienced personnel on hand 24x7x365 differentiating real security events from false positives RESPOND Technologies to limit blast radius and prevent spread (e.g., hypervisor-based firewalls) Experienced personnel trained in preventative measures Proactive processes in place for notifying customers and other relevant parties (e.g., law enforcement agencies where appropriate)
12 The threat s process RECONNAISSANCE WEAPONIZATION DISTRIBUTION & STRATEGY EXPLOITATION PERSIST/LATERAL MOVEMENT COMMAND & CONTROL ACTION ON TARGET Open source research Social network research Port scan, IP sweep Google research Combine the exploit tool with the method Phishing Website drive by SQL inject script Infected Word Doc or PDF is opened Java script exploited in browser Command line SQL inject Registry Key changed Privilege Escalation Look for open connections Malware or compromised system reaches out for instructions Search the target Destroy or disrupt Package and prepare for and exfil data
13 Options SOC completely insourced Big Security budget Access to both technology and talent Defendable architecture SOC partially insourced partially outsourced Most likely solution Tuned to your team s technical capabilities and skills SOC completely outsourced Smaller, less complex environment
14 Assessing your capabilities TALENT TECHNOLOGY TECHNIQUES
15 Functions to assess Security OperaCon Center Threat Intelligence IndicaCons and Warnings Incident Response and Forensics Security Infrastructure Management Vulnerability Threat Management ü Threat assessment ü Threat Intel data analysis ü TradecraL analysis ü Threat trending ü Custom signature wricng ü Advanced Threat HunCng ü PenetraCon tescng ü Real Cme monitoring Triage Incident EscalaCon Incident Handling Call Center ü Memory analysis ü Host analysis ü Network analysis ü Malware Rev Eng Containment EradicaCon Security device mgt ü Security control sig mgt ü Security device patching Security device availability Managing CMDB ü Scanning the environment ü IdenCfying vulnerabilices RemediaCon/patch mgt
16 QUESTIONS?
Evolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationGaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente
Gaining and Maintaining Support for a SOC Jim Goddard Executive Director, Kaiser Permanente Objectives Agenda 1 Lessons learned 2 How to build interest 3 Producing tangible benefits 4 Building momentum
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationOrganizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation
Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationCYBER SECURITY OPERATIONS CENTRE
CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited CYBER SECURITY
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationCAS8489 Delivering Security as a Service (SIEMaaS) November 2014
CAS8489 Delivering Security as a Service (SIEMaaS) November 2014 Usman Choudhary Senior Director usman@netiq.com Rajeev Khanolkar CEO SecurView Agenda What is Security Monitoring? Definition & concepts
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationINSIDE A CYBER SECURITY OPERATIONS CENTRE
INSIDE A CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited Invited
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationAnatomy of Cyber Threats, Vulnerabilities, and Attacks
Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,
More informationChanging the Enterprise Security Landscape
Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationDo not forget the basics!!!!!
Do not forget the basics!!!!! Domenico Raguseo IBM Europe Security Systems Technical Sales Manager Attackers are relentless, victims are targeted, and the damage toll is rising We are in an era of continuous
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationUnstructured Threat Intelligence Processing using NLP
Accenture Technology Labs Elvis Hovor @kofibaron Shimon Modi @shimonmodi Shaan Mulchandani @alabama_shaan Unstructured Threat Intelligence Processing using NLP Enhancing Cyber Security Operations by Automating
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationCALNET 3 Category 7 Network Based Management Security. Table of Contents
State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2
More informationintegrating cutting-edge security technologies the case for SIEM & PAM
integrating cutting-edge security technologies the case for SIEM & PAM Introduction A changing threat landscape The majority of organizations have basic security practices in place, such as firewalls,
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationHow To Integrate Intelligence Based Security Into Your Organisation
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Threat Intelligence Managed Intelligence Service Did you know that the faster you detect a security breach, the lesser the impact to
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationCyber Security Operations Center (CSOC) for Critical Infrastructure Protection
SESSION ID: CXO-F02 Cyber Security Operations Center (CSOC) for Critical Infrastructure Protection Timothy Lee CISO City of Los Angeles @tswlj316 AGENDA Introduction Why do we need Cyber Security Operations
More informationCyber intelligence in an online world
Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationAttribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationL evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management
L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia Intervento al Security Summit Milano 2016 15 aprile Autore
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationDoris Yang dyang@vectranetworks.com Vectra Networks, Inc. June 16, 2015 The World Ahead
Doris Yang dyang@vectranetworks.com Vectra Networks, Inc. 1 June 16, 2015 The World Ahead June 16, 2015 The World Ahead Disclaimer The views and opinions expressed during this conference are those of the
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationNetwork that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE
Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationDealing with Big Data in Cyber Intelligence
Dealing with Big Data in Cyber Intelligence Greg Day Security CTO, EMEA, Symantec Session ID: HT-303 Session Classification: General Interest What will I take away from this session? What is driving big
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationThe Changing Nature of Risk and the Role of Big Data
The Changing Nature of Risk and the Role of Big Data Jack Danahy Director / North American Security Consulting IBM Incidents Continue to Grow in Spite of Investment 2012 Sampling of Security Incidents
More informationPost-Access Cyber Defense
Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center
More informationGRC & Cyber Security Conference - Bringing the Silos Together ISACA Ireland 3 Oct 2014 Fahad Ehsan
Fahad Ehsan Cyber Security Researcher Where it all started. ------------------------------------------------------------------------------------------ Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt)
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationSTRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE
ANALYST DAY STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE TRAVIS REESE, PRESIDENT, MANDIANT CONSULTING AND ISIGHT INTELLIGENCE COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED. INTELLIGENCE- LED
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationwww.obrela.com Swordfish
Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating
More informationWhite Paper: Leveraging Web Intelligence to Enhance Cyber Security
White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence
More information應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊
應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing
More informationThreat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationCybersecurity Strategic Talent Management. March, 2012
Cybersecurity Strategic Talent Management March, 2012 Cyber Operations - Starts with People Exploit Intel Attack Cyber Operations Defend Enablers 2 Talent Management Challenge Mission: Attract, Develop,
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationCompany Profile. 1344 S Flores #205 San Antonio, TX 78204 210-694-2797 www.thomasontech.com
Company Profile 1344 S Flores #205 San Antonio, TX 78204 210-694-2797 www.thomasontech.com Trusted Security Advisor For Industrial Control Systems Thomason Technologies provides world-class security solutions
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationUsing Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015
www.encari.com Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015 www.encari.com 2 The Problem Cyber attacks are not just a risk, they are a reality.
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More information