Advanced Threats: The New World Order

Size: px
Start display at page:

Download "Advanced Threats: The New World Order"

Transcription

1 Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China 1

2 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC APTs Investigation Q&A 2

3 Traditional Security Is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 3

4 What is APT? 4

5 What is APT? Gartner uses a simple definition for APT : Advanced: It gets through your existing defenses. Persistent: It will keep trying until it gets in, and once done, it succeeds in remaining hidden from your current level of detection until it attains its objective. Threat: It can cause harm. Strategies for Dealing with Advanced Target Attacks Gartner, 6 Jun

6 Aims of APT Information compromise: Stealing, destroying or modifying business-critical information. Theft of service: Obtain use of the business product or service without paying for it. Denial of service: Disrupting business operations. 6

7 Known vs Unknown Threat Detection Known Unknown Firewall IDS/IPS AV DLP SIEM Others Detect What Where How Investigate 7

8 Unknown Threat. Targeted attacks often use custom-created malware that is undetectable by signaturebased techniques. Such attacks generally require some means of communication back to an outside party (beaconing). 8

9 APT leaves clues! APT footprints Payload (one or several) Compromised host Remote C2 server Network communications Routable IP address or a domain name pointing to it Registered with a fully qualified domain name Or an account with a DDNS provider Payload Binaries, strings & functions, etc. Configured with the address\domain Proactive Intelligence to detect these clues 9

10 Advanced Threats Are Different 1 TARGETED SPECIFIC OBJECTIVE 2STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time 1 Decrease Dwell Time [Attacker Free Time] Attack Identified 2 Speed Response Time Response 10

11 Resource Shift: Budgets and People Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Traditional Defense Increase the ability to detect and respond 11

12 A New Security World It will become increasingly difficult to secure infrastructure We must focus on people, the flow of data and on transactions 12

13 You need Visibility!! 13

14 SIEM has been a good start SIEM can provide: Valuable reporting on device and application activity Basic alerting on known sequences (i.e. basic correlation) Proof of compliance for internal and external auditors Central view into disparate event sources being collected In today s world Threats are multi-faceted, dynamic and stealthy The most dangerous attacks have never been seen before Threats often don t leave a footprint in logs 14

15 Today s tools need to adapt Today s tools need to be able to detect and investigate Lateral movement of threats as they gain foothold Covert characteristics of attack tools, techniques & procedures Exfiltration or sabotage of critical data Today s tools need to be able to scale To collect and store the volume and diversity of data required To provide analytic tools to support security workstreams Time to respond is critical in a breach situations and SIEM often falls short Traditional SIEM will not meet these needs! 15

16 Control Coverage Attack the control white space Defense in Depth DLP FW IDS AV End Point DLP Adversary Emerging Threats 0 day malware Trusted C2 Valid Credentials log log log log log full packet capture Assets SIEM threat intelligence Log Packet Intelligence ECAT Live Intelligence & CCI Governance

17 Holistic Approach to Address APT 17

18 Critical Questions against APTs Governance Comprehensive Visibility Actionable Intelligence What Matters? What is going on? How do I address it?

19 Use a Strategic Security Approach to Implement Tactical Best-Practice Controls Best Practice Strategies from Gartner Use a comprehensive approach; no one single technology will stop advanced targeted attacks, even products specifically targeted at advanced forms of attacks. Acknowledge that technology alone won t stop APT; your strategy must include the search for compromised systems, improvements in your forensics and incident response capabilities, and rapid response. 19

20 List of RSA offerings within Gartner control layers Technologies Authentication Technology Advanced Threat Protection Appliances Network forensics Security information and event management Security Intelligence Services Endpoint Threat Detection and response Incident Response Capabilities DLP Solution Offerings RSA SecurID RSA Security Analytics RSA Security Analytics RSA Security Analytics RSA Security Analytics RSA Cyber Crime Intelligence RSA ECAT RSA Archer RSA DLP Garnter:G

21 Korean Incidents The power of Detect and Investigate 21

22 Disruptive Attacks

23 Disruptive Attacks

24 Multi-Vector Co-ordinated Attack 24

25 What changed between 2011-> Target 1 Bank 3 Banks and a TV Station Destruction Delete Bootfiles & Reboot Delete MBR & Reboot Delivery Single Vector Multi-Vector SIEM No Mostly Network Forensics No Partial Investigative Capabilities None Minimal Downtime 2 Days 2 Hours 25

26 EMC CIRC 26

27 Global Security Organization Functional Areas Implement Office of Information Security Investigate Corporate Protective Services RISK MGT Enable Business Security Enablement Group Detect Critical Incident Response Group 27

28 Sphere of Protection Fed by more than 2,000 security devices which generate 12 to 14 million security events per hour Protecting critical infrastructure of thousands of customers spanning more than 500 sites in over 100 countries Manages Security Incidents, Investigate Suspicious Behavior, Vulnerability Analysis, Malware Analysis, and Threat Management Built on EMC Proven Technologies from RSA, including RSA Security Analytics and RSA Archer A specialized cross-functional highly skilled team focused just on monitoring for critical threats and incident response 28

29 EMC CIRC Statistics Reference After filtering, alerts that need to be handle is around 200 instances. Out of the 200 alerts, ~30 need to do further investigation. Need 3 person to handle the in-depth advance investigation. 29

30 Investigating against APTs - a case study 30

31 Solutions Highlights RSA Security Analytics (upgradable from RSA envision) Provide enterprise-wide visibility into network traffic and log event data to reduce attacker free time from weeks to hours. RSA ECAT (Enterprise Compromise Assessment Tool) Detect advanced malware and quickly response leveraging innovative live memory analysis. RSA Archer Provide business context hence incident prioritization, manage remediation procedures. 31

32 Planning Your Journey CONTROL COMPLIANCE IT RISK BUSINESS RISK MATURITY LEVEL Technology Focused Business Risk Focus 60

33 RSA ACD Services Portfolio NextGen SOC Design & Implementation Identity & Access Control Breach Management Cyber Threat Intelligence Breach Readiness Incident Response/Discovery Impacting the Attack Cyber Kill Chain Establish Beach Head Copyright 2011 EMC Corporation. All rights reserved. Infiltration Data Exfiltration 61

34

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to

More information

After the Attack. The Transformation of EMC Security Operations

After the Attack. The Transformation of EMC Security Operations After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations

More information

The Future of the Advanced SOC

The Future of the Advanced SOC The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

The Next Generation Security Operations Center

The Next Generation Security Operations Center The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

The session is about to commence. Please switch your phone to silent!

The session is about to commence. Please switch your phone to silent! The session is about to commence. Please switch your phone to silent! 1 Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2 TRUST? Years to earn, seconds to break 3 Market

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Rashmi Knowles Chief Security Architect EMEA

Rashmi Knowles Chief Security Architect EMEA Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE

More information

Advanced Persistent Threats

Advanced Persistent Threats Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated

More information

Intelligence Driven Security

Intelligence Driven Security Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings

More information

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.

SECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved. SECURITY MEETS BIG DATA Achieve Effectiveness And Efficiency 1 IN 2010 THE DIGITAL UNIVERSE WAS 1.2 ZETTABYTES 1,000,000,000,000,000,000,000 Zetta Exa Peta Tera Giga Mega Kilo Byte Source: 2010 IDC Digital

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY Shaun McLagan General Manager, RSA Australia and New Zealand 1 Things have changed #2 Buzz word 2012 Big Data only behind something called Fiscal

More information

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper ADVANCED THREATS IN THE ENTERPRISE Finding an Evil in the Haystack with RSA ECAT White Paper With thousands of workstations and servers under management, most enterprises have no way to effectively make

More information

DYNAMIC DNS: DATA EXFILTRATION

DYNAMIC DNS: DATA EXFILTRATION DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Enabling Security Operations with RSA envision. August, 2009

Enabling Security Operations with RSA envision. August, 2009 Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se

IT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE TAKE A HOLISTIC APPROACH TO CYBER SECURITY. Sophisticated corporate cyber attacks have become commonplace. They circumvent even the best-defended

More information

After the Attack: RSA's Security Operations Transformed

After the Attack: RSA's Security Operations Transformed After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? Drive-by Downloads are a common technique used by attackers to silently install malware on a victim s computer. Once a target website has been weaponized with

More information

Persistence Mechanisms as Indicators of Compromise

Persistence Mechanisms as Indicators of Compromise Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October

More information

Data Breach Lessons Learned. June 11, 2015

Data Breach Lessons Learned. June 11, 2015 Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Using Network Forensics to Visualize Advanced Persistent Threats

Using Network Forensics to Visualize Advanced Persistent Threats Using Network Forensics to Visualize Advanced Persistent Threats Dale Long, Sr. Technology Consultant, RSA Security 1 The Problem 2 Traditional Security Is Not Working 99% of breaches led to compromise

More information

Advanced Threat Detection: Gain Network Visibility and Stop Malware

Advanced Threat Detection: Gain Network Visibility and Stop Malware White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper

The Custom Defense Against Targeted Attacks. A Trend Micro White Paper The Custom Defense Against Targeted Attacks A Trend Micro White Paper Contents Executive Summary...3 The Anatomy of a Targeted Attack...4 The Reality and Costs of Targeted Attacks...5 Strategic Choices

More information

Joining Forces: Bringing Big Data to your Security Team

Joining Forces: Bringing Big Data to your Security Team Joining Forces: Bringing Big Data to your Security Team Alaa Abdulnabi, CISSP RSA Regional Pre-Sales Manager Turkey, Middle East & Africa @AlaaAbdulnabi 1 Facteurs de mutation du marché Appareils mobiles

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today

More information

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Getting Ahead of Advanced Threats

Getting Ahead of Advanced Threats Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1 Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized

More information

Detect & Investigate Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide

More information

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS

More information

Securing OS Legacy Systems Alexander Rau

Securing OS Legacy Systems Alexander Rau Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Data Science Transforming Security Operations

Data Science Transforming Security Operations SESSION ID: STR-W03 Data Science Transforming Security Operations Alon Kaufman Ph.D. Director Data Science & Innovation RSA Agenda Transforming Security Operations with Data Science The Vision: Where we

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has

More information

THE EVOLUTION OF SIEM

THE EVOLUTION OF SIEM THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet

More information

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Why a Network-based Security Solution is Better than Using Point Solutions Architectures Why a Network-based Security Solution is Better than Using Point Solutions Architectures In This Paper Many threats today rely on newly discovered vulnerabilities or exploits CPE-based solutions alone

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Getting real about cyber threats: where are you headed?

Getting real about cyber threats: where are you headed? Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

Win the race against time to stay ahead of cybercriminals

Win the race against time to stay ahead of cybercriminals IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

Custom Defense Against Targeted Attacks

Custom Defense Against Targeted Attacks A Trend Micro White Paper December 2014 Custom Defense Against Targeted Attacks Proven Protection Against Targeted Attacks and Advanced Threats >> See how adopting a Custom Defense approach will enable

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

The Power of Dynamic Threat Intelligence to Stop APT s

The Power of Dynamic Threat Intelligence to Stop APT s The Power of Dynamic Threat Intelligence to Stop APT s Evren BILGIC Senior Sales Engineer, Mediterranean Region evren_bilgic@trendmicro.com The Headlines Tell Only Half The Story 2 Copyright 2015 Trend

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture Using LYNXeon with NetFlow to Complete Your Cyber Security Picture 21CT.COM Combine NetFlow traffic with other data sources and see more of your network, over a longer period of time. Introduction Many

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Cyber Defense & Breach Response Privacy Issues

Cyber Defense & Breach Response Privacy Issues Cyber Defense & Breach Response Privacy Issues Kevin Boyle Partner 17 November 2014 Latham & Watkins is the business name of Latham & Watkins (London) LLP, a registered limited liability partnership organised

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Using SIEM for Real- Time Threat Detection

Using SIEM for Real- Time Threat Detection Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

What s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted

What s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM

More information

All Information is derived from Mandiant consulting in a non-classified environment.

All Information is derived from Mandiant consulting in a non-classified environment. Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.

More information

2011 Forrester Research, Inc. Reproduction Prohibited

2011 Forrester Research, Inc. Reproduction Prohibited 1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester

More information

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats

RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats Grzegorz Mucha grzegorz.mucha@rsa.com Advanced Threats Threat Landscape Criminals Petty criminals

More information