Splunk and Big Data for Insider Threats
|
|
- Pauline Greer
- 8 years ago
- Views:
Transcription
1 Copyright 2014 Splunk Inc. Splunk and Big Data for Insider Threats Mark Seward Sr. Director, Public Sector
2 Company Company (NASDAQ: SPLK)! Founded 2004, first sohware release in 2006! HQ: San Francisco / Regional HQ: London, Hong Kong! Over 1000 employees, based in 12 countries! Annual Revenue: $299M (YoY +53%)! $5+ billion market valua]on Fast Company 2014: #4 Big Data Innovator Leader: Gartner SIEM Magic Quadrant, 2013 Business Model / Products! Free download to massive scale! On- premise, in the cloud and SaaS 7,000+ Customers; 2800 w/security Use Cases! Customers in over 90 countries! 60 of the Fortune 100! Largest license: 150 Terabytes per day 2
3 Machine Generated Data is a Defini]ve Record of Human- to- Machine and Machine- to- Machine Interac]on 3
4 Splunk as a Security Intelligence Solu]on INCIDENT INVESTIGATIONS & FORENSICS SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS REAL-TIME MONITORING OF UNKNOWN THREATS FRAUD DETECTION INSIDER THREAT Splunk Complements, Replaces, and Goes Beyond Existing SIEMs
5 What is meant by an Insider Threat? A current or former employee, contractor, or business partner who Has or had authorized access to an organiza]on s network, system, or data: And Inten]onally exceeded or misused that access in a manner that nega]vely affected the confiden]ality, integrity or availability of the organiza]on s informa]on or informa]on systems Common Sense Guide to Preven]on and Detec]on of Insider Threats
6 Employee Insider threats Are! Authorized users! Doing authorized things! Of malicious intent! A people centric behavioral problem Are not! Hackers using specialized tools! A technical or "cybersecurity" issue alone! Escala]ng their privileges for purposes of espionage
7 Security Incidents and Insider Threats 58% 33% 7% 18% Percent of security incidents can be amributed to insider threats Percent from employees Percent from ex- employees Percent from partners or suppliers Infosecurity May
8 The Difficulty Detec]ng Insider Threats 76% of respondents indicate insider threat not gepng any easier or gepng harder. 8
9 Mo]va]ons for malicious insider ac]vi]es Insider IT Sabotage The1 or modifica5on for financial gain The1 of informa5on for business advantage The conscien5ous objector 9
10 Data Collec]on Requirements/Guidelines Federal Intelligence Community Standards ICS Collec]on and Sharing of Audit Data Appendix B Set of Auditable Events Lists Auditable events or ac]vi]es Event details Events that indicate a viola]on of system ICS Use of Audit Data for Insider Threat Detec]on Goes beyond tradi]onal IT data Facility access informa]on Foreign contact informa]on Foreign travel informa]on Financial disclosure informa]on Personnel security informa]on Context for External / Internal Ac]vi]es 10
11 Analysis Types for Detec]ng Insider Threats StaIsIcal Context Personal Context AcIvity Context Rela%onship between analysis types indicates malicious intent 11
12 Sta]s]cal Analysis / Watching for Outliers DetecIon Type Detail Analysis Printer usage Number of print jobs over a given period of ]me Baseline/Outlier Logins to AD, SharePoint, custom applica]on or use of SSO Abrupt change in the ra]o of website categories visited Increase in size of print jobs Unusual ]mes of day Rare network printer use (the one not closest employee) Local vs. remote Time of day / aher or before normal shih During vaca]on ]mes / aher termina]on Access from IPs or subnets not normal for the employee Monitor s employee behavior and aptude changes (proxy data) Baseline/Outlier Baseline/Outlier Baseline/Outlier Baseline/Outlier Baseline/Outlier Baseline/Outlier Baseline/Outlier Outlier/Context Recent address changes Mul]ple address changes in a given period of ]me are a red flag Context/Look- up 12
13 External Personal Context Context Type Detail InformaIon Type Transfer / demo]on / poor service review (HR records) Unused Vaca]on - 18 months or longer Lay- off no]fica]on Always first in / first out of the office Personal life change According to CERT nearly 50% of all insiders acted out of revenge for a nega]ve event such as demo]on, new supervisor, transfer, or demo]on Employee remains in control - - work not turned over to others for review Monitor for file transfers by individuals that occur immediately before and aher lay- offs are announced Badge data, AD or applica]on data. Desire to control situa]on Marital status change stress trigger. Can jeopardize emo]onal stability HR system data Context / Look- up Context / Look- up Context / Look- up Context / Look- up Context / Look- up Non- business use of the internet Use proxy data to categorize internet usage Context / Look- up Credit report / Start a business Dunn and Bradstreet / Equifax Context / Look- up 13
14 Ac]vity Context Detec]ons for Insider Threats DetecIon Detail Type Unusual physical access amempts Monitor physical access logs to unauthorized loca]ons Direct indicator Amempts to use USB or CD Rom Log data events Direct indicator Use of back door and default accounts Access to network diagrams and code repositories Remote Logins to Infrastructure The two- man rule Monitor shared accounts, use of default user names, post employee or contractor termina]on Monitor for unauthorized reconnaissance for informa]on used to amack or steal data from systems Monitor the login and web surfing from data center infrastructure If ins]tuted monitor separa]on of du]es for administra]ve func]ons such as privileged user ac]ons and account changes Direct indicator Direct indicator Direct indicator Direct indicator 14
15 A Word or two on privacy! You mileage may vary based on! Employment contracts! Union rules! Agency / Department culture! Agency mission! Data sensi]vity However most companies/agencies and their employment agreements/contracts allow for some forms of data collec5on 15
16 Combina]on of Two Strategies for Comba]ng Primary Preven]on/Deterrence Pamern based Mul]ple factors Uses heuris]cs and sta]s]cal models Requires base lining / watching for outlier behaviors Secondary Detec]on Specific indicators or alerts Defini]ve evidence Physical detec]on (stolen documents) Rather than gecng wrapped up in predic5on or detec5on organiza5ons should start first with deterrence. Patrick Reidy CISO FBI 16
17 Insider Threat Use Case: Disgruntled Employee Splunk at a Large Aerospace and Defense Contractor Goal: Protect intellectual property at the hands of disgruntled employee Use Case Scenario: In an environment where employees are some]mes mis- treated, fired, reprimanded you never know when an employee has become disgruntle. Think of an employee receiving a "pink slip" and decides before his last day he wants to take company proprietary data from SharePoint servers Below explains how Splunk could be use to detect/ mi]gate that type of behavior: Data Sources: Host based FW logs, Single Sign- on(sso) logs, SharePoint connec]on logs, Content Logic Steps: 1. Upload all employees who received pink slips "login id's" to Splunk' s look- up table 2. Run trending reports on "id's" for the past 6 months 3. Correlate data sources with trend reports 4. Report on suspicious user id's who has increase downloads from SharePoint servers Splunk CapabiliIes: lookup, trends, reports, real- ]me alerts, index, correla]on analy]cs, real- ]me rules 17
18 Insider Threat Use Case: Data Leakage/Spill Splunk at a Large Aerospace and Defense Contractor Goal: To detect/monitor poten]al data leakage/spill of very sensi]ve intellectual property Use Case Scenario: In an environment where employees are Govt contractors who has access to sensi]ve R&D projects and/or suppor]ng Govt programs, data leakage is highly likable. An employee can inten]onal/uninten]onal download any text docs associated to that program/project to personal laptop, personal , etc. Below explains Data Sources: Data Loss preven]on (DLP) logs, key words, logs, An]- virus logs(usb) Content Logic Steps: 1.Upload "program keywords" and "user ids" in Splunk's lookup table 2. correlate data sources/lookup table 3. Develop/Report on alerts (rule hits) 4. Developed alert visualiza]on & monitor Data Sources: Data Loss preven]on (DLP) logs, key words, logs, AV, Splunk CapabiliIes: lookup, search processing language, real- ]me alerts, reports, visualiza]on, advance correla]on, real- ]me rules 18
19 Thank You
Comprehensive Security with Splunk and Cisco
Copyright 2014 Splunk Inc. Comprehensive Security with Splunk and Cisco Mario MASSARD Splunk Senior SE mario@splunk.com Company Company (NASDAQ: SPLK) Founded 2004, first software release in 2006 HQ: San
More informationSplunk Company Overview
Copyright 2015 Splunk Inc. Splunk Company Overview Name Title Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected
More informationWelcome. HITRUST 2014 Conference April 22, 2014 HITRUST. Health Information Trust Alliance
Welcome HITRUST 2014 Conference April 22, 2014 HITRUST Health Information Trust Alliance The Evolving Information Security Organization Challenges and Successes Jason Taule, Chief Security and Privacy
More informationComputer Security Incident Handling Detec6on and Analysis
Computer Security Incident Handling Detec6on and Analysis Jeff Roth, CISSP- ISSEP, CISA, CGEIT Senior IT Security Consultant 1 Coalfire Confiden+al Agenda 2 SECURITY INCIDENT CONTEXT TERMINOLOGY DETECTION
More informationTim Blevins Execu;ve Director Labor and Revenue Solu;ons. FTA Technology Conference August 4th, 2015
Tim Blevins Execu;ve Director Labor and Revenue Solu;ons FTA Technology Conference August 4th, 2015 Governance and Organiza;onal Strategy PaIerns of Fraud and Abuse in Government What tools can we use
More informationSophos Ltd. All rights reserved.
Sophos Ltd. All rights reserved. 1 Sophos Approach to Unified Security Integrated Security for Be9er Protec;on James Burchell & Greg Iddon, Sales Engineers UK&I, Technology Services What we re going to
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSecurity Leadership: Preven4ng and Responding to Future Cyber A<acks. Mark Seward, Sr. Director, Security and Compliance
Security Leadership: Preven4ng and Responding to Future Cyber A
More informationReneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response
Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response Incident Response What is the most importance component of an Incident Response Program? Tools? Processes? Governance?
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationKaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars
Kaseya Fundamentals Workshop DAY THREE Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 Day Two Overview Day Two Lab Review Patch Management Configura;on
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationFTC Data Security Standard
FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls
More informationPervade Software. Use Case PCI Technical Controls. PCI- DSS Requirements
OpAuditTM from is the first compliance management product on the market to successfully track manual controls and technical controls in the same workflow-based system. This ingenious solution gathers &
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationHow To Perform a SaaS Applica7on Inventory in. 5Simple Steps. A Guide for Informa7on Security Professionals. Share this ebook
How To Perform a SaaS Applica7on Inventory in 5Simple Steps A Guide for Informa7on Security Professionals WHY SHOULD I READ THIS? This book will help you, the person in the organiza=on who cares deeply
More informationISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps
ISSA Phoenix Chapter Meeting Topic: Security Enablement & Risk Reducing Best Practices for BYOD + SaaS Cloud Apps Agenda Security Enablement Concepts for BYOD & SaaS Cloud Apps! Intro and background! BYOD
More informationFinancial Fraud Threats & Preven3on. Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank
Financial Fraud Threats & Preven3on Mark Frank EVP, Senior Opera3ons Officer Colorado Business Bank Why Pay ACen3on to Fraud Risks? Fraud occurs everywhere, and NO organiza3on is immune Changing business
More informationTop Practices in Health IT Compliance. Data Breach & Leading Program Prac3ces
Top Practices in Health IT Compliance Data Breach & Leading Program Prac3ces Overview Introduc3on to ID Experts & Secure Digital Solu3ons Healthcare Data Breach Trends & Drivers Data Incident Management
More informationIdentity Centric Security: Control Identity Sprawl to Remove a Growing Risk
Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk John Hawley VP, Security CA Technologies September 2015 Today s Theme: Preparing for the Adversary How to Prepare Your Organization
More informationSplunk for Networking and SDN
Copyright 2013 Splunk Inc. Splunk for Networking and SDN Stela Udovicic Senior Product Marke?ng Manager, Splunk #splunkconf Legal No?ces During the course of this presenta?on, we may make forward- looking
More informationYour Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?
SOLUTION BRIEF Identity and Access Management Solutions from CA Technologies for Government Agencies Your Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?
More informationMember Municipality Security Awareness Training. End- User Informa/on Security Awareness Training
End- User Informa/on Security Awareness Training 1 Why Awareness Training? NCLM sanc:oned mul:ple Security Risk Assessments for a broad spectrum of member municipali:es The assessments iden:fied areas
More informationHow To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9
Copyright 2014 Splunk Inc. Splunk for Mobile Intelligence Bill Emme< Director, Solu?ons Marke?ng Panos Papadopoulos Director, Product Management Disclaimer During the course of this presenta?on, we may
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationThis is a picture of a kiqen
Who am I? 11 years in InfoSec with 5 years of hobby work prior to that Primary interests: penetra;on tes;ng, intrusion detec;on, and log correla;on Currently employed as an InfoSec generalist at a cloud
More informationA Love Affair: Cyber Security, Big-data and Risk
A Love Affair: Cyber Security, Big-data and Risk Mark Seward, Senior Director Security and Compliance, Splunk Inc. Professional Techniques - Session 31 Security what s at stake On average, organizations
More informationEmail/Endpoint Security and More Rondi Jamison
Email/Endpoint Security and More Rondi Jamison Sr. Marke)ng Manager - Enterprise Security Strategy Agenda 1 Why Symantec? 2 Partnership 3 APS2 Packages 4 What s next Copyright 2014 Symantec Corpora)on
More informationSplunk: Using Big Data for Cybersecurity
Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk Advanced Threats in the Headlines Cyber Criminals
More informationRisk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203
More informationSecure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath) Alex Pinto Chief Data Scien2st Niddel / MLSec Project @alexcpsec @MLSecProject @NiddelCorp Agenda Security Singularity
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCopyright 2013 Splunk, Inc. Splunk 6 Overview. Presenter Name, Presenter Title
Copyright 2013 Splunk, Inc. Splunk 6 Overview Presenter Name, Presenter Title Safe Harbor Statement During the course of this presentahon, we may make forward looking statements regarding future events
More informationDeveloping a successful Big Data strategy. Using Big Data to improve business outcomes
Developing a successful Big Data strategy Using Big Data to improve business outcomes Splunk Company Overview Copyright 2013 Splunk Inc. Company (NASDAQ: SPLK) Business Model / Products Customers (6000+)
More informationHandling Modern Security Issues
Whitepaper Handling Modern Security Issues Using ArcSight to Monitor Enterprise Threats and Risk Research 015-061909-01 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com
More informationThe Key to Successful Monitoring for Detection of Insider Attacks
The Key to Successful Monitoring for Detection of Insider Attacks Dawn M. Cappelli Randall F. Trzeciak Robert Floodeen Software Engineering Institute CERT Program Session ID: GRC-302 Session Classification:
More informationPatching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise
Copyright 2013 Splunk Inc. Patching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise Marquis Montgomery, CISSP, SSCP, GSEC Senior Security Architect, CedarCrestone #splunkconf
More informationRealm of Big Data Ini0a0ves
Realm of Big Data Ini0a0ves Kamlesh Mhashilkar Head - Analy0cs, Big Data and Informa0on Management (ABIM) Prac0ce TCS Digital Enterprise Copyright 2013 Tata Consultancy Services Limited 1 Realm of Big
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationHIGH-RISK USER MONITORING
HIGH-RISK USER MONITORING Using ArcSight IdentityView to Combat Insider Threats HP Enterprise Security Business Whitepaper Overview Security professionals once defended their networks against bots and
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationSecret Server Splunk Integration Guide
Secret Server Splunk Integration Guide Table of Contents Meeting Information Security Compliance Mandates: Secret Server and Splunk SIEM Integration and Configuration... 1 The Secret Server Approach to
More informationMain Research Gaps in Cyber Security
Comprehensive Approach to cyber roadmap coordina5on and development Main Research Gaps in Cyber Security María Pilar Torres Bruna everis Aerospace and Defence Index CAMINO WP2: Iden8fica8on and Analysis
More informationAugust 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach
August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationState of SIEM Challenges, Myths & technology Landscape 4/21/2013 1
State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 Introduction What s in a name? SIEM? SEM? SIM? Technology Drivers Challenges & Technology Overview Deciding what s right for you Worst
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationHigh-Risk User Monitoring
Whitepaper High-Risk User Monitoring Using ArcSight IdentityView to Combat Insider Threats Research 037-081910-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationBig Data and Security: At the Edge of Prediction
Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most
More informationAdventures in Bouncerland. Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs
Adventures in Bouncerland Nicholas J. Percoco Sean Schulte Trustwave SpiderLabs Agenda Introduc5ons Our Mo5va5ons What We Knew About Bouncer Research Approach & Process Phase 0 Phase 1 7 Final Test What
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationPALO ALTO SAFE APPLICATION ENABLEMENT
PALO ALTO SAFE APPLICATION ENABLEMENT 1 Palo Alto Networks Product Overview James Sherlow SE Manager WEUR & Africa jsherlow@paloaltonetworks.com @jsherlow Palo Alto Networks at a Glance Corporate Highlights
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationData Security What are you waiting for? Lior Arbel General Manager Europe Performanta
Data Security What are you waiting for? Lior Arbel General Manager Europe Performanta So, what is a DLP solution? DLP = Data Leakage (loss) Prevention Products that, based on central policies, identify,
More informationThe Elusive U,lity Customer: How Big Data & Analy,cs Connects U,li,es & Their Customers
The Place Analy,cs Leaders Turn to for Answers Member.U(lityAnaly(cs.com The Elusive U,lity Customer: How Big & Analy,cs Connects U,li,es & Their Customers Mike Smith Vice President, U(lity Analy(cs Ins(tute
More informationProtect Your Universe with ArcSight
Protect Your Universe with ArcSight The ArcSight SIEM Platform: Prevent Data Theft Enforce Compliance Defeat Cybercrime Before ArcSight, it was difficult to know in realtime what was happening from an
More informationSecuring Business Informa9on in the Cloud
Securing Business Informa9on in the Cloud For security and IT pros concerned with protec9ng sensi9ve informa9on across mul9ple endpoints and applica9ons. Explore how cloud can enable us to go back to basics
More informationPERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT
PERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT December 6, 2013 Julien Lavesque CTO Itrust j.lavesque@itrust.fr Security experts company founded
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIndustry leading Education
Industry leading Education Please ask questions #CGwebinar Todays slides are available http://compliancy- group.com/slides023/ Past webinars and recordings http://compliancy- group.com/webinar/ 855.85HIPAA
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationTOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT
TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT Would you rather know the presumed status of the henhouse or have in-the-moment snapshots of the fox? If you prefer to use a traditional
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More informationSUMMIT. November 2010
SUMMIT November 2010 Why Summit? Comprehensive Summit provides a unified approach to IT enterprise management following a prescriptive, ITIL based framework Rapid Deployment Summit is developed for and
More informationB2B Offerings. Helping businesses op2mize. Infolob s amazing b2b offerings helps your company achieve maximum produc2vity
B2B Offerings Helping businesses op2mize Infolob s amazing b2b offerings helps your company achieve maximum produc2vity What is B2B? B2B is shorthand for the sales prac4ce called business- to- business
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationEnabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media
Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks
More informationWindows Server 2003 End of Support. What does it mean? What are my options?
Windows Server 2003 End of Support What does it mean? What are my options? Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock) is looming No more patches from
More informationModern IT Security. Jerry Craft Sr. Security & Networking Consultant
Modern IT Security Jerry Craft Sr. Security & Networking Consultant August 5, 2014 Arcsight Managed Services Bio Senior Security & Networking Consultant for Nth Generation Computing Ethical Hacker and
More informationHow To Grow A Data Center System
Zettaset Big Data Ecosystem Discussion Guide Jim Vogt, President & CEO, Zettaset June 20, 2014 The informa,on provided in this document cons,tutes confiden,al and proprietary informa,on of Ze8aset, Inc.
More informationDNS Traffic Monitoring. Dave Piscitello VP Security and ICT Coordina;on, ICANN
DNS Traffic Monitoring Dave Piscitello VP Security and ICT Coordina;on, ICANN Domain Names ICANN coordinates the administra2on of global iden2fier systems Domain names provide user friendly identification
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationTrend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond
Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond Too many malware incidents >90% Targeted Attacks Start with Email Attackers: Target specific companies or individuals Research
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationPrivacy- Preserving P2P Data Sharing with OneSwarm. Presented by. Adnan Malik
Privacy- Preserving P2P Data Sharing with OneSwarm Presented by Adnan Malik Privacy The protec?on of informa?on from unauthorized disclosure Centraliza?on and privacy threat Websites Facebook TwiFer Peer
More informationGood Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
More informationReali9es of Being PCI Compliant
Reali9es of Being PCI Compliant Miguel (Mike) O. Villegas CISA, CISSP, GSEC, CEH, QSA, PA- QSA, ASV Vice President- K3DES LLC Professional Strategies S23 CRISC CGEIT CISM CISA Abstract PCI DSS compliance
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationCombating the Insider Threat at the FBI: Real World Lessons Learned
FEDERAL BUREAU OF INVESTIGATION Fidelity, Bravery, and Integrity Combating the Insider Threat at the FBI: Real World Lessons Learned Patrick Reidy Disclaimer and Introduction The views expressed in this
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationFind the intruders using correlation and context Ofer Shezaf
Find the intruders using correlation and context Ofer Shezaf Agenda The changing threat landscape What can you do to find intruders? Best practices for timely detection and mitigation HP ArcSight 2 Find
More informationHunk & Elas=c MapReduce: Big Data Analy=cs on AWS
Copyright 2014 Splunk Inc. Hunk & Elas=c MapReduce: Big Data Analy=cs on AWS Dritan Bi=ncka BD Solu=ons Architecture Disclaimer During the course of this presenta=on, we may make forward looking statements
More informationFight fire with fire when protecting sensitive data
Fight fire with fire when protecting sensitive data White paper by Yaniv Avidan published: January 2016 In an era when both routine and non-routine tasks are automated such as having a diagnostic capsule
More informationPrivileged Administra0on Best Prac0ces :: September 1, 2015
Privileged Administra0on Best Prac0ces :: September 1, 2015 Discussion Contents Privileged Access and Administra1on Best Prac1ces 1) Overview of Capabili0es Defini0on of Need 2) Preparing your PxM Program
More informationData Privacy and Data Security in Telemedicine Applica5ons. Patrick Harpes www.monitor it.lu
Data Privacy and Data Security in Telemedicine Applica5ons Patrick Harpes www.monitor it.lu Agenda Right to privacy Data/Informa@on security Data security measures Risks using telemedicine Composi@on of
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationRogue Programs. Rogue Programs - Topics. Security in Compu4ng - Chapter 3. l Rogue programs can be classified by the way they propagate
Rogue Programs Security in Compu4ng - Chapter 3 Rogue Programs - Topics l Rogue programs can be classified by the way they propagate l Virus l Trojan l Worm l Or how they are ac4vated l Time Bomb l Logic
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More information