It s not a matter of if but when. Actionable Threat Intelligence, Accelerated Response

Transcription

1 It s not a matter of if but when Actionable Threat Intelligence, Accelerated Response

2 Rapid Advanced Detection and Response (RADAR), is a managed information security service, offering comprehensive security defense through monitoring, detection, correlation, expert analysis, and incident response. Comparison With Traditional Measures RADAR provides a powerful component to the defensible security program, giving clients the ability to quickly detect and respond to threats with agility and expertise with no blind spots. As part of a security infrastructure, RADAR provides a comprehensive alternative to traditional security monitoring infrastructure or services to provide highly actionable, verified threat information. RADAR not only includes the technology required to perform advanced monitoring, detection, and response, but skilled expertise to ensure that only real threats and malicious activity are reported and acted upon. Security Monitoring Intrusion Detection Malware Detection Incident Response & Forensics INTERNAL Cost Of Solution Cost Of Implementation Configuration / Tuning Training Of Staff Staff Time To Monitor Potential Blind Spots Cost Of Solution Cost Of Implementation Configuration / Tuning Training Of Staff Staff Time To Monitor Traditional Signaturebased Anti-Virus Possible Blind Spots Hardware / Software Cost Of Implementation Training Of Staff Requires Experienced Staff RADAR Comparison With Traditional Measures INCLUDED INCLUDED Device Monitoring beyond signature checking for anomalous activity INCLUDED Complete visibility into your environment, providing a cost-effective service that helps you sleep at night. RADAR requires no investment in infrastructure, and is what you ve been waiting for if you ve been trying to cobble together an expensive and complicated defense-in-depth infrastructure with tools, resources, and processes. 2

3 Protecting Yourself In Today s World: Three Requirements Protecting Yourself in Today s World: Three Requirements 1 You re blind on your security devices, network endpoints, servers, applications and databases VISIBILITY Know what's running on every device, network segment, and endpoint All file events All file executions All network traffic Copy of every executed binary Selected processes Selected registry settings All connected devices 2 You can t know what s bad ahead of time DETECTION See and analyze everything; detect threats in real-time with accurate intelligence Advanced malware detection Indicators of compromise Emerging threat feeds Malicious IPs/URLs/Domains Custom watch lists and feeds Customized threat profile Visualization and analytics Reputation service 3 Incident response is too slow and expensive RESPONSE Contain and control threats with automatic intelligent response to alerts Recorded history of all file, process, and network activity, and the relationships between them Fast enterprise-wide search across all data Automatic and on-demand analysis of suspicious files or activity 24/7/365 expert response Traditional security monitoring, intrusion detection, and antivirus doesn t cut it anymore. The solutions are overpriced, difficult to implement, require extensive staff training, and dedicated resources to properly monitor and maintain. To make matters worse, traditional monitoring and most other managed security monitoring services usually only cover critical assets, not everything in your infrastructure. Compound these problems with the fact that current solutions only spit out unintelligent alerts that aren t actionable and are often cryptic to understand, let alone act upon. RADAR provides unmatched visibility, advanced intelligence and analytics, and automatic expert response. 3

4 Complete visibility in to your infrastructure, offering advanced threat analysis, and rapid response. Actionable Threat Intelligence Visibility & Prioritization: Network, Security, Endpoint, Application, and Database Alerts Advanced Analysis: Indicators of Compromise, Emerging Threats, Anomaly Detection Accelerated Response Automatic Analysis of All Suspicious Files and Activity On-Demand Analysis of Suspicious Files and Activity Dedicated Response: 24/7/365 Access to Qualified Expertise The lightweight and extensible design means that RADAR can be deployed with no blind spots, at a relatively inexpensive cost. This unmatched level of visibility, coupled with actionable threat intelligence and accelerated response, put the RADAR service in a class of its own, unlike anything in the industry. Security Devices Network Devices Servers Endpoints Applications Databases 4

5 Not just the how and why, but detailed relational information to draw factual conclusions and respond with laser-like focus. Records Everything And Maintains Relationships File Modifications Application Logs File Executions Security Events Network Traffic Database Events Executed Binaries Registry Modifications Visibility, Intelligence, And Instant Answers To Key Security Concerns 5

6 ABOUT BTB SECURITY We operate as if each customer is our only customer. Our customers success is our own success. If you are looking to achieve your goals and objectives by leveraging honest and trustworthy partners, then you have come to the right place. We tell you what you need to hear, which is not always what you want to hear. BTB Security was founded in 2006 with some fundamental goals in mind: Build a customer base and name within the professional services industry by telling the truth and practicing with integrity. Deliver high-quality and high-value projects for every service we offer. Become a trusted advisor with every customer, no matter how big or small. Conduct business in a manner that focuses on ethics, decency, and service. Background & Expertise BTB Security was founded by four individuals whose backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. Prior to leading information security groups, each founding member of BTB Security worked extensively in delivering the service offerings we provide today. This provides BTB with a unique perspective when helping our clients with their information security needs. While we excel at providing assistance with developing strategy to overcome obstacles at a high level, we also have the technical acumen to design and implement the solutions necessary to effect change. All members of BTB Security maintain industry recognized certifications such as the Certified Information Systems Security Professional (CISSP) designation and hold current Certified Computer Examiner (CCE) credentials. The BTB Difference As demonstrated, we value delivery excellence, honesty, and know-how without the big price tag, but BTB Security is also a forward thinking thought leader in the security and forensics fields. We ve developed or been integral in creating and fostering applications and techniques used by other security and forensics consulting firms (even our competitors), and in some cases, commercial applications or devices. RevInetd/Revnet: penetration tool Forensic Indexer SQLExecute: SQL penetration tool Active Response Toolkit Btb-bot: malware, command /control bot NetBIOS Name Spoofing Detection Metasploit Bypass AV (415) (484) California Pennsylvania (630) Illinois info@btbsecurity.com 2014 BTB Security