CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

Size: px
Start display at page:

Download "CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY"

Transcription

1 CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1

2 OVER REACTING VS UNDER REACTING Reason for the world today CAR ALARM Security model 2

3 WHAT IS MISSING IN SOC TODAY? 1 Continuous Monitoring 2 Adaptive Security 3 Encrypted Traffic Management 3

4 WHAT IS MISSING IN SOC TODAY? 1 Continuous Monitoring 2 Adaptive Security 3 Encrypted Traffic Management 4

5 BURNING QUESTION TODAY How To Prevent My Organization From Suffering Security Breaches? 5

6 THE REALITY OF OUR SECURITY WORLD Globally, 18% of organizations in the Government & Defense sector reported at least one targeted attack 94% of companies reportedly encountered at least one externally-sourced data security incident within the past 12 months, including phishing attacks, DDoS attacks, and theft of mobile devices. In 28% of these instances, business reported the loss of sensitive business data. 6

7 BURNING QUESTION TODAY How To Prevent My organisation From Suffering Security Breaches? Am I Ready To Respond? 7

8 GARTNER: ADAPTIVE SECURITY ARCHITECTURE PROTECTION FROM ADVANCED ATTACKS On Adaptive Security Architecture Shift your security mindset from "incident response" to "continuous response," wherein systems are assumed to be compromised and require continuous monitoring and remediation Because enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to "incident response" is the wrong mindset. https://www.gartner.com/doc/ /designing-adaptive-security-architecture-protection Gartner, February

9 POST-PREVENTION SECURITY GAP HOW BIG IS IT? Initial Attack to Compromise Initial Compromise to Discovery Days 13% weeks 2% Seconds Hours 60% 11% Minutes 13% Months 62% Years 4% Hours 9% Days 11% Weeks 12% 84% 78% 9

10 USING HUMAN BODY AS AN ANALOGY Preventive Supplements, Multi-vitamins Exercise, Jogging Healthy Eating Sleep Early Repair GP clinics, Dental Diagnosis, X-Rays Remediation, Medication Hospitalisation Preventive IPS, Firewall, Gateway, Web Gateway, AV, Database Security, SIEM Defense in depth? Technology Repair Logs from System? Forensic (Manual)??? 10

11 THE POST BREACH QUESTIONS 2 main questions that all CIO expected from a SOC during a breach What happened? How did the system get compromised? What systems and data were affected? What are we doing about it? Have we done all the remediation? Can we be sure it is over? 11

12 SECURITY ANALYTIC A ROOT CAUSE ANALYSIS Security Analytic A Full Packet Capture of your traffic in your network, for analysis. INTERNET Answer the 2 most important question: - What Happened? - What are we doing about it? FIREWALL SECURITY ANALYTICS 12

13 EXAMPLE - THREAT ASSESSMENTS KEY FINDINGS Critical Findings No Findings Criticality 1 Downloads of malware Very High 2 Indicator of compromised host C&C Very High 3 Access to inappropriate site High Others (Situation Awareness) No Findings Criticality 1 Unusual protocol analyzed Medium 2 Unsecure File Transfer Protocol Medium 3 Visibility of Traffic (Videos) Low 4 Unsecure protocol identified Low 13

14 SECURITY ANALYTICS: FORENSIC CAPABILITY FOR HOSTED SITE Similarly, without proper forensic capability, if there is an attack to our hosted environment, it might be hard to identify how the attack happens INTERNET With a full network packet capture, Security Operator can go back in time to identify the source of the breach using the raw network content, and answers query such as: What was the exploitation done to the servers? FIREWALL How did the server respond to the exploitation? Were there any reconnaissance done before that? Was there any malware loaded into the server? What is the activity after or traffic anomaly after the attack? Are there any loss of information or anomaly activity after the breach? SECURITY ANALYTICS CENTRAL MANAGER File Server Hosted Service ST Sites 14

15 WHAT IS MISSING IN SOC TODAY? 1 Continuous Monitoring 2 Adaptive Security 3 Encrypted Traffic Management 15

16 GARTNER: ADAPTIVE SECURITY ARCHITECTURE PROTECTION FROM ADVANCED ATTACKS On Adaptive Security Architecture The goal is not to replace traditional SIEM systems, but rather to provide high-assurance, domain specific, risk-prioritized actionable insight into threats, helping enterprises to focus their security operations response processes on the threats and events that represent the most risk to them. Gartner, February

17 HOW TO ADDRESS THE OVER\UNDER REACTING SYNDROME? Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication Ongoing Operations Detect & Protect Block All Known Threats Incident Containment Analyze & Mitigate Novel Threat Interpretation 17

18 WHAT IS MISSING IN SOC TODAY? 1 Continuous Monitoring 2 Adaptive Security 3 Encrypted Traffic Management 18

19 MAKING MATTER WORSE SSL ENCRYPTED TRAFFIC IS PERVASIVE SSL Sites on the Web HTTPS traffic booming (20% Y/Y) 2,000,000 1,500,000 1,000, ,000 Enterprise apps Cloud apps i.e., SFDC, Amazon Internet apps i.e., Google, FB Mobile apps More protocols are SSL encrypted HTTP, SPDY, FTP, SMTP, XMPP, IMAP, POP3, etc

20 THE URGENCY OF SSL VISIBILITY SSL increasingly hiding security threats SSL is growing, BUT creates blind spots for enterprise security apps Meet data privacy & compliance regulations Protect security infrastructure Majority of APTs Operate Over SSL 25-70% of Traffic is Encrypted Provide advanced security w/o trading off performance Identify and block hidden malware such as Gameover, Zeus, ShyLock and SpyEye Reduce risk and costs associated with data breaches * 50% of all network attacks will use SSL by 2017 * Gartner Dec

21 NGFW IDS / IPS Host AV Web Gateway SIEM Gateway DLP Web Application Firewall SSL HIDES MALWARE Threat Actors Nation States Cybercriminals Hactivists Insider-Threats Traditional Advanced Threats Known Novel Malware Threats Zero-Day Known Malware Threats Targeted Known Attacks Files Modern Known IPs/URLs Tactics & Techniques Unknown SSL SIGNATURE-BASED DEFENSE-IN-DEPTH TOOLS 21

22 GARTNER: SECURITY LEADERS MUST ADDRESS THREATS FROM RISING SSL TRAFFIC On Rising SSL Traffic An increasing share of enterprise network traffic is encrypted, creating gaps in defense-in-depth effectiveness that security leaders should not ignore Complex sets of laws and regulations on privacy, along with a high risk of conflict with employees, kill most security leaders' outbound Web traffic decryption projects 22

23 IMPORTANT PIECE TO THE PUZZLE - SSL VISIBILITY APPLIANCE Incident Resolution Investigate & Remediate Breach Threat Profiling & Eradication ENCRYPTED TRAFFIC MANAGEMENT Ongoing Operations Detect & Protect Block All Known Threats ADVANCED THREAT PROTECTION LIFECYCLE DEFENSE Incident Containment Analyze & Mitigate Novel Threat Interpretation SSL Visibility Appliance 23

24 CONTINUOUS MONITORING 1. Build Continuous Monitoring, not just incident response 2. Build Adaptive Security Not products Do not be blinded by false positive 3. Encrypted Traffic Management - Remove your security blindfold 24

25 Matthias Yeo Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 25

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY

MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY PREVENT CYBER LOOTING - KEVIN FLYNN DIRECTOR, PRODUCT MARKETING BLUE COAT SYSTEMS (KEVIN.FLYNN@BLUECOAT.COM) - PAM GREELEY INFORMATION

More information

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How Attackers are Targeting Your Mobile Devices. Wade Williamson How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

McAfee Network Security Platform

McAfee Network Security Platform McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking

More information

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1 Fidelis XPS Power Tools Gaining Visibility Into Your Cloud: Cloud Services Security February 2012 PAGE 1 PAGE 1 Introduction Enterprises worldwide are increasing their reliance on Cloud Service providers

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to

More information

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

FROM PRODUCT TO PLATFORM

FROM PRODUCT TO PLATFORM FROM PRODUCT TO PLATFORM DATA EQUIPMENT 2016 Mikkel Bossen Agenda Today s Challenges Data Growth, SSL encryption, Application Growth & SaaS What s hiding in under the surface? Legacy Security is that really

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

Understanding the Security Vendor Landscape Using the Cyber Defense Matrix

Understanding the Security Vendor Landscape Using the Cyber Defense Matrix SESSION ID: PDIL-W02F Understanding the Security Vendor Landscape Using the Cyber Defense Matrix Sounil Yu sounil@gmail.com @sounilyu Disclaimers The views, opinions, and positions expressed in this presentation

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Modern Approach to Incident Response: Automated Response Architecture

Modern Approach to Incident Response: Automated Response Architecture SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Intelligence Driven Security

Intelligence Driven Security Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Palo Alto Networks. October 6

Palo Alto Networks. October 6 Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat Addressing the blind spots in your security strategy BT, Venafi & Blue Coat Agenda Welcome & Introductions Phil Rodrigues, Director of Security Architecture, Asia Pacific, BT A blueprint for the perfect

More information

The Need for Intelligent Network Security: Adapting IPS for today s Threats

The Need for Intelligent Network Security: Adapting IPS for today s Threats The Need for Intelligent Network Security: Adapting IPS for today s Threats James Tucker Security Engineer Sourcefire Nordics A Bit of History It started with passive IDS. Burglar alarm for the network

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

SIEM: The Integralis Difference

SIEM: The Integralis Difference SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION HOW TO BEAT ADVANCED THREATS WITH AN INTEGRATED APPROACH TO SECURITY VISIBILITY, ANALYTICS, THREAT INTELLIGENCE, AND ENFORCEMENT INTRODUCTION Today s threat protection

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Next-generation enterprise security platform. Walter Doria

Next-generation enterprise security platform. Walter Doria Next-generation enterprise security platform Walter Doria Why do you need network, endpoint, and cloud working together? The network is best for identifying and controlling all traffic, preventing known

More information

Securing Cloud-Based Email

Securing Cloud-Based Email White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures

More information

Security Analytics The Beginning of the End(Point)

Security Analytics The Beginning of the End(Point) Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy

More information

The Next Generation Security Operations Center

The Next Generation Security Operations Center The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized

More information

Attivo Networks BOTsink and McAfee NSP Integration DNS Sinkhole with URL Sandboxing

Attivo Networks BOTsink and McAfee NSP Integration DNS Sinkhole with URL Sandboxing NSP Integration DNS Sinkhole with URL Sandboxing Botnets are a complex and pervasive form of cyber attack that has been used by attackers, for over a decade, to compromise millions of endpoints in order

More information

Rashmi Knowles Chief Security Architect EMEA

Rashmi Knowles Chief Security Architect EMEA Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture

More information

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM

NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM NEXT GENERATION SECURITY ANALYTICS: REAL WORLD USE CASES KEY FEATURES AND NEW USES FOR THE BLUE COAT SECURITY ANALYTICS PLATFORM SECURITY ANALYTICS: MUCH MORE THAN NETWORK FORENSICS Prior generations of

More information

White. Paper. Understanding and Addressing APTs. September 2012

White. Paper. Understanding and Addressing APTs. September 2012 White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,

More information

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,

More information

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Glasnost or Tyranny? You Can Have Secure and Open Networks! AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009

More information

Protection Against Advanced Persistent Threats

Protection Against Advanced Persistent Threats Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are

More information

Securely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC Top Security Topics for 2013. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC Top Security Topics for 2013 Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

RETHINK SECURITY FOR UNKNOWN ATTACKS

RETHINK SECURITY FOR UNKNOWN ATTACKS 1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes

More information

THE EVOLUTION OF SIEM

THE EVOLUTION OF SIEM THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

State of Security Monitoring of Public Cloud

State of Security Monitoring of Public Cloud State of Security Monitoring of Public Cloud Shittu O. Shittu Enterprise Security Architect, BP Enterprise Security Architect, trainline.com Director and Principal Consultant, TRAIS Mavens Ltd Highlights

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE?

HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE? HOW TO DEAL WITH THE ADVANCED THREAT LANDSCAPE? MAY 5 TH 2015 Erik Engberg Advanced Threat Defense Specialist Nordics & Benelux 1 THE BURNING QUESTION How To Prevent My Organization From Suffering Security

More information

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture Using LYNXeon with NetFlow to Complete Your Cyber Security Picture 21CT.COM Combine NetFlow traffic with other data sources and see more of your network, over a longer period of time. Introduction Many

More information

The Future of the Advanced SOC

The Future of the Advanced SOC The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why

More information

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific v.yordanov@f5.com. Developments in Web Application and Cloud Security

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific v.yordanov@f5.com. Developments in Web Application and Cloud Security Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific v.yordanov@f5.com Developments in Web Application and Cloud Security Forces of Change Workforce and IT trends 2 Applications 3 Web Application

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

DNS Firewall Overview Speaker Name. Date

DNS Firewall Overview Speaker Name. Date DNS Firewall Overview Speaker Name 1 1 Date Reserved. Agenda DNS Security Challenges DNS Firewall Solution Customers Call to Action 2 2 Reserved. APTs: The New Threat Landscape Nation-state or organized-crime

More information

Uncover security risks on your enterprise network

Uncover security risks on your enterprise network Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up

More information

Advanced approach to network security and performance monitoring

Advanced approach to network security and performance monitoring Advanced approach to network security and performance monitoring Michal Drozd TrustPort Threat Intelligence Product Manager 18 slides Agenda Network monitoring Security and performance problems Common

More information

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information

More information

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity Detecting Threats Via Network Anomalies Paul Martini Cofounder and CEO iboss Cybersecurity Why is Anomaly Detection Important? Largest enterprises with the biggest investment in prevention are still getting

More information

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG. White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license

More information

Breaking the Cyber Attack Lifecycle

Breaking the Cyber Attack Lifecycle Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

CIP R1.5 Spring CIP Audit Workshop. April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor

CIP R1.5 Spring CIP Audit Workshop. April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor CIP-005-5 R1.5 Spring CIP Audit Workshop April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor CIP-005-5 Part 1.5 Learning Objectives Terminology Discussion of IPS/IDS & firewall

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com Cybercrime: evoluzione del malware e degli attacchi Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com About Palo Alto Networks We are the network security company World-class

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

21/12/2015 CLOUD ADOPTION TRENDS. Agenda. Cloud Adoption. Cloud Deployment Model. Public Cloud Usage

21/12/2015 CLOUD ADOPTION TRENDS. Agenda. Cloud Adoption. Cloud Deployment Model. Public Cloud Usage ITRC 在 挑 雲 戰 計 Forum 算 年 代 竭 2015 力 保 護 身 份 和 端 點 的 Understanding the Challenges of Protecting Identities and Endpoints in an increasingly Mobile and Cloud-based world Agenda Cloud Trend 2015 What measures

More information

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges

More information

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:

More information

Hillstone Intelligent Next Generation Firewall

Hillstone Intelligent Next Generation Firewall Hillstone Intelligent Next Generation Firewall Kris Nawani Solution Manager (Thailand) 12 th March 2015 1 About Hillstone Networks Founded 2006 by Netscreen visionaries World class team with security,

More information

Next Generation Enterprise Network Security Platform

Next Generation Enterprise Network Security Platform Next Generation Enterprise Network Security Platform November 2014 Lyndon Clough - Territory Sales Manager Derran Guinan Systems Engineer Agenda The Palo Alto Networks story Today s Threat Landscape The

More information