IT S HUNTING SEASON! Tips for getting started with proactive detection
|
|
- Oscar Harper
- 7 years ago
- Views:
Transcription
1 Securely explore your data IT S HUNTING SEASON! Tips for getting started with proactive detection
2 ABOUT ME Security Architect at Sqrrl. Research areas include threat intelligence, security analytics and the art & science of hunting. 15 years of detection & response experience in government, research, educational and corporate arenas. A founding member of a Fortune 5 s CIRT. Spent 5 years helping to build a global detection & response capability (500+ sensors, 5PB PCAP, 4TB logs/day).
3 WHAT IS HUNTING? The collective name for any manual or machine-assisted techniques used to detect security incidents.
4 HOW TO BUILD A HUNT CAPABILITY Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot Then Pivot Again Automation is the Key to Continuous Improvement
5 TIP #1: EMBRACE BIG DATA Securely explore your data
6 THE THREE DATA DOMAINS Keep as much as you can comfortably store Network Authentication Session data Proxy Logs File transfers DNS resolution Host Authentication Audit logs Process creation Application Authentication DB queries Audit & transaction logs Security alerts
7 THE HUNTING PROCESS Successful hunting requires many iterations through this cycle. The faster your analysts get through this loop, the better. Hypothesize Revise Query Analyze Apache s Hadoop platform offers fast search and processing of huge amounts of data. You will still need tooling on top of whatever platform you choose.
8 THE HUNTING PROCESS Hypothesize Revise Query Analyze Keep as much data as you can comfortably store and work with!
9 TIP #2: GET YOUR DATA SCIENCE ON Securely explore your data
10 WHEN S THE LAST TIME YOU HEARD? It is a Best Practice to review all your logs each day.
11 WHEN S THE LAST TIME YOU HEARD? It is a Best Practice to review all your logs each day.
12 BEST-ER PRACTICE Parsing & Normalization Data Deduplication & Reduction Machine-Assisted Analysis
13 MACHINE-ASSISTED ANALYSIS Computers Bad at context and understanding Good at repetition and drudgery Algorithms work cheap! People Contextual analysis experts who love patterns Posses curiosity & intuition Business knowledge Empowered Analysts Process massive amounts of data Agile investigations Quickly turn questions into insight
14 TIP #3: ALWAYS HAVE A GOOD STRATEGY Securely explore your data
15 STRATEGY ENABLES RESULTS Where do I start? Your strategy determines the quality of your results. What should I look for? Choose a strategy that supports your detection goals. What s my path to improve? Don t underestimate the importance of good planning!
16 STRATEGY #1 Make the most of what you already collect Advantages You probably already collect at least some data. Someone is already familiar with its contents. You may already have some idea of the key questions you want answered. Disadvantages Your ability to ask questions is limited by the available data. External forces have more influence over your results. May confuse easy with effective.
17 STRATEGY #2 Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, Hutchins, Cloppert, Amin, (Last checked April 29th,2015)
18 STRATEGY #2 Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Find attacks already happening Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, Hutchins, Cloppert, Amin, (Last checked April 29th,2015)
19 STRATEGY #2 Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Expand the stories you are able to tell Find attacks already happening Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, Hutchins, Cloppert, Amin, (Last checked April 29th,2015)
20 STRATEGY #2 Follow the Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Predict attacks before they happen Expand the stories you are able to tell Find attacks already happening Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, Hutchins, Cloppert, Amin, (Last checked April 29th,2015)
21 TIP #4: ASK LOTS OF QUESTIONS Securely explore your data
22 ALL HUNTS START WITH QUESTIONS What data do I have and what does it look like?
23 ALL HUNTS START WITH QUESTIONS Is there any data exfiltration going on in my network? What data do I have and what does it look like?
24 ALL HUNTS START WITH QUESTIONS Is there any data exfiltration going on in my network? What data do I have and what does it look like? Are there any unauthorized users on my VPN?
25 ALL HUNTS START WITH QUESTIONS Is there any data exfiltration going on in my network? Have my users been spearphished? What data do I have and what does it look like? Are there any unauthorized users on my VPN?
26 ALL HUNTS START WITH QUESTIONS Is there any data exfiltration going on in my network? Is anyone misusing their database credentials? What data do I have and what does it look like? Have my users been spearphished? Are there any unauthorized users on my VPN?
27 ALL HUNTS START WITH QUESTIONS Is there any data exfiltration going on in my network? Is anyone misusing their database credentials? What data do I have and what does it look like? Have my users been spearphished? Are there any unauthorized users on my VPN? Is there any lateral movement going on?
28 QUESTIONS BECOME HYPOTHESES Hypothesize If this activity is going on, it might look like Revise Query That s your hypothesis! Analyze If at first you don t succeed, reimagine it.
29 TIP #5: PIVOT THEN PIVOT AGAIN Securely explore your data
30 ATTACKERS LEAVE TRAILS EVERYWHERE Endpoint process accounting logs HTTP proxy logs Authentication records Database query logs Filesystem metadata Network session data
31 DATA DIVERSITY Leverage different types of data to Reveal relationships Clarify the situation Highlight inconsistencies Tell a complete story
32 TOOLSET DIVERSITY Different techniques, different perspectives
33 BONUS TIP: AUTOMATION IS THE KEY TO IMPROVEMENT Securely explore your data
34
35 CONCLUSION Securely explore your data
36 LET S REVIEW Embrace Big Data Get Your Data Science On Always Have a Good Strategy Ask Lots of Questions Pivot Then Pivot Again Automation is the Key to Continuous Improvement
37 QUESTIONS? David J.
After the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationBAE SYSTEMS CYBERREVEAL G-CLOUD SERVICE DEFINITION
BAE SYSTEMS CYBERREVEAL G-CLOUD SERVICE DEFINITION 20 Table of contents 1 Introduction...2 2 CyberReveal Overview...3 2.1 CyberReveal Platform...3 2.2 CyberReveal Analytics...5 2.3 CyberReveal Investigator...7
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationSIEM FOR BEGINNERS. Or: Everything You Wanted to Know About Log Management But were Afraid to Ask
SIEM FOR BEGINNERS Or: Everything You Wanted to Know About Log Management But were Afraid to Ask A ROSE BY ANY OTHER NAME: SLM/LMS, SIM, SEM,SEC, SIEM Although the industry has settled on the term SIEM
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationA BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper
A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationPerforming Advanced Incident Response Interactive Exercise
Performing Advanced Incident Response Interactive Exercise Post-Conference Summary Merlin Namuth Robert Huber SCENARIO 1 - PHISHING EMAILS... 3... 3 Mitigations... 3 SCENARIO 2 - IDS ALERT FOR PSEXEC...
More informationEITC Lessons Learned: Building Our Internal Security Intelligence Capability
EITC Lessons Learned: Building Our Internal Security Intelligence Capability SESSION ID: SEC-W08 Tamer El Refaey Senior Director, Security Monitoring and Operations Emirates Integrated Telecommunications
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationIBM Smarter Cities Cybersecurity Update
IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches
More informationidata Improving Defences Against Targeted Attack
idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationHow To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)
SIEM FOR BEGINNERS EVERYTHING YOU WANTED TO KNOW ABOUT LOG MANAGEMENT BUT WERE AFRAID TO ASK www.alienvault.com A Rose By Any Other Name SLM/LMS, SIM, SEM, SEC, SIEM Although the industry has settled on
More informationProtecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!
We protect your most sensitive information from insider threats. Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes! VARONIS SYSTEMS About Me Dietrich
More informationSicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi
Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Giovanni Abbadessa, IBM IT Security Architect Umberto Sansovini, IBM Security Consultant Document number Big
More informationDRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario
DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with
More informationEmerging Technologies & the State of the SOC. John Kindervag, Vice President and Principal Analyst
Emerging Technologies & the State of the SOC John Kindervag, Vice President and Principal Analyst 2014 In Review 2015 Forrester Research, Inc. Reproduction Prohibited 3 2015 is bad too! 2015 Forrester
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationintegrating cutting-edge security technologies the case for SIEM & PAM
integrating cutting-edge security technologies the case for SIEM & PAM Introduction A changing threat landscape The majority of organizations have basic security practices in place, such as firewalls,
More informationUnstructured Threat Intelligence Processing using NLP
Accenture Technology Labs Elvis Hovor @kofibaron Shimon Modi @shimonmodi Shaan Mulchandani @alabama_shaan Unstructured Threat Intelligence Processing using NLP Enhancing Cyber Security Operations by Automating
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationAMPLIFYING SECURITY INTELLIGENCE
AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems Welcome to a Not So Friendly Cyber World Biggest
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationCyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014
CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationCombating the Insider Threat at the FBI: Real World Lessons Learned
FEDERAL BUREAU OF INVESTIGATION Fidelity, Bravery, and Integrity Combating the Insider Threat at the FBI: Real World Lessons Learned Patrick Reidy Disclaimer and Introduction The views expressed in this
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationBig Data Challenges and Opportunities
Big Data Challenges and Opportunities Ira A. (Gus) Hunt Chief Technology Officer Our Mission We are the nation's first line of defense. We accomplish what others cannot accomplish and go where others cannot
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationWhy Big Data Analytics?
An ebook by Datameer Why Big Data Analytics? Three Business Challenges Best Addressed Using Big Data Analytics It s hard to overstate the importance of data for businesses today. It s the lifeline of any
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More informationIndustrial Control System Cyber Situational Awareness. Robert M. Lee* June 10 th, 2015
Industrial Control System Cyber Situational Awareness Robert M. Lee* June 10 th, 2015 Executive Summary Cyber situational awareness is the concept of understanding and visualizing the networked environment
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationSQRRL ENTERPRISE Building the Modern Security Operations Center (SOC)
Target. Hunt. Disrupt. SQRRL ENTERPRISE Building the Modern Security Operations Center (SOC) WHAT ARE WE TALKING ABOUT TODAY? Who I Am Defining the SOC Functions of a SOC Do you even need a SOC? Organization
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationSecurity Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.
Security Trends The Case for Intelligence-Driven Security 1 Attack Surface and Threat Environment ¼ ZETTABYTE 2 40-60? ZETTABYTES ZETTABYTES 2007 2013 2020 Digital Content 2 Attack Surface and Threat Environment
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationExtending security intelligence with big data solutions
IBM Software Thought Leadership White Paper January 2013 Extending security intelligence with big data solutions Leverage big data technologies to uncover actionable insights into modern, advanced data
More informationSymantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
More informationAdvanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion
More informationCybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationData Science Transforming Security Operations
SESSION ID: STR-W03 Data Science Transforming Security Operations Alon Kaufman Ph.D. Director Data Science & Innovation RSA Agenda Transforming Security Operations with Data Science The Vision: Where we
More informationDATA. Big Data Operational Excellence Ahead in the Cloud. Detect Patterns with Mass Correlation. Limit Surprise with Smart Data
FY11 FY12 FY13+ DATA Big Data Operational Excellence Ahead in the Cloud Detect Patterns with Mass Correlation Limit Surprise with Smart Data Accelerate Discovery with Visual Analytics Ira A. (Gus) Hunt
More informationCloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationBIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY
BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY Shaun McLagan General Manager, RSA Australia and New Zealand 1 Things have changed #2 Buzz word 2012 Big Data only behind something called Fiscal
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationDefense Security Service
Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,
More informationThreat Intelligence is Dead. Long Live Threat Intelligence!
SESSION ID: STR-R02 Threat Intelligence is Dead. Long Live Threat Intelligence! Mark Orlando Director of Cyber Operations Foreground Security Background Threat Intelligence is Dead. Long Live Threat Intelligence!
More informationData- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
More informationCaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security
CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationThreat Intelligence Platforms: The New Essential Enterprise Software
Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationWhitepaper. Advanced Threat Hunting with Carbon Black
Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationGetting Ahead of Advanced Threats
Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1 Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationAll about Threat Central
All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward
More informationNetwork Payload Analysis for Advanced Persistent Threats Charles Smutz, Lockheed Martin CIRT
Network Payload Analysis for Advanced Persistent Threats Charles Smutz, Lockheed Martin CIRT 0000 7/6/2010 1 About Speaker Name Background Current Job Employer Education Charles Smutz Sysadmin, Networking,
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationIntroducing the Reimagined Power BI Platform. Jen Underwood, Microsoft
Introducing the Reimagined Power BI Platform Jen Underwood, Microsoft Thank You Sponsors Empower users with new insights through familiar tools while balancing the need for IT to monitor and manage user
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationApache Hadoop in the Enterprise. Dr. Amr Awadallah, CTO/Founder @awadallah, aaa@cloudera.com
Apache Hadoop in the Enterprise Dr. Amr Awadallah, CTO/Founder @awadallah, aaa@cloudera.com Cloudera The Leader in Big Data Management Powered by Apache Hadoop The Leading Open Source Distribution of Apache
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationNetwork Security Monitoring
Network Security Monitoring Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationThe Evolving Threat Landscape
The Evolving Threat Landscape IT Data and Security Analytics October 2014 Mike Larmie, MCITP Security Sales Engineer - NY, NJ, CT The Inflection Point 2 The Inflection Point 60% of organizations were affected
More informationPredictive Cyber Defense A Strategic Thought Paper
Predictive Cyber Defense A Strategic Thought Paper Don Adams Vice President, Chief Technology Officer, Worldwide Government TIBCO Software Federal, Inc 2 Summary The art and science of multi-sensor data
More informationSolution White Paper Connect Hadoop to the Enterprise
Solution White Paper Connect Hadoop to the Enterprise Streamline workflow automation with BMC Control-M Application Integrator Table of Contents 1 EXECUTIVE SUMMARY 2 INTRODUCTION THE UNDERLYING CONCEPT
More informationThreatSpike Dome: A New Approach To Security Monitoring
ThreatSpike Dome: A New Approach To Security Monitoring 2015 ThreatSpike Labs Limited The problem with SIEM Hacking, insider and advanced persistent threats can be difficult to detect with existing product
More informationThe PCI Dilemma. COPYRIGHT 2009. TecForte
The PCI Dilemma Today, all service providers and retailers that process, store or transmit cardholder data have a legislated responsibility to protect that data. As such, they must comply with a diverse
More informationCentre for the Protection of National Infrastructure Effective Log Management
Centre for the Protection of National Infrastructure Effective Log Management Tom Goldsmith, 2nd April 2014 response@contextis.com Effective Log Management / Contents Contents 1 Executive Summary 5 2 About
More informationlocuz.com Big Data Services
locuz.com Big Data Services Big Data At Locuz, we help the enterprise move from being a data-limited to a data-driven one, thereby enabling smarter, faster decisions that result in better business outcome.
More informationWhatWorks in Detecting and Blocking Advanced Threats:
WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective
More informationKASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE
KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE Global threat intelligence for local implementation www.kaspersky.com 2 A CLOUD-BASED THREAT LABORATORY
More informationAdvanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS
Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS Introduction Every year, cyber criminals become stronger and more sophisticated
More informationSIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS
SIEM 2.0: INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS AN IANS INTERACTIVE PHONE CONFERENCE SUMMARY OF FINDINGS OCTOBER 2009 Chris Peterson, LogRhythm CTO, Founder Chris brings a unique
More informationThe Future of the Advanced SOC
The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why
More information