Predictive Intelligence

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Predictive Intelligence"

Transcription

1 PI Predictive Intelligence Actionable Insight for the Digital Enterprise AUGUST 2014 PI = [ C4S + G4S + I4S + CR ] x MP

2 What problems are we trying to help clients solve? Managing the Threat Landscape Organizations are increasingly vulnerable to business disruptions. These disruptions may be caused intentionally by individuals or groups intending to do harm or to steal intellectual property, or unintentionally as a result of the geographic or socio-political operating environment. All aspects of the organization are vulnerable, from employees to business partners, and from supply-chain to IT assets. Organizations need to manage these risks and take advantage of the data and analytics to start to thrive and not just survive. How do we anticipate future attacks and take defensive actions before the attacks occur? How do I identify salient threats to my global operations, executives and workforce? What is the current level and business impact of cyber risks to our company? Tradecraft Analytics How can I detect subtle but potentially violent shifts in local threat environments? How can we provide timely, actionable intelligence to executive decision makers to manage risk, protect their organization but also thrive? What type of cyber incidents or breaches do we detect in a normal week? Technology Workforce How trained is our workforce to prevent, detect and respond to a cyber breach? How do we detect insider threats before rogue employees can do significant damage? What is the status of my incident response activities and are we ready and prepared? How compliant is our cyber security and supply chain vulnerabilities program with emerging regulations? Booz Allen Hamilton Inc. Copyright Proprietary. 2

3 Overview Failure is not an Option The sheer number, speed and sophistication of attacks against today s organizations are rapidly increasing. And so are the stakes. These threats take many forms including cyber and insider attacks, physical destruction and personal harm. And worse, these threats are constantly evolving so the risk is ever present despite current security measures. For most organizations, it is no longer a question of if but when. And more urgently, what can be done to effectively mitigate the risk and secure critical assets before the next attack. 200 Attacks Average annualized number of successful cyber attacks per company in the United States. 1 $11.56 Million Average annualized cost of a successful cyber attack in the United States. 1 26% Increase Net increase in cost over the past year. Represents an additional average annualized cost of $3 million per successful cyber attack in the United States Days Average time to resolve a cyber attack. 1 33% Increase Net increase in time to remediate attack over the past year. Represents an additional 10 days per successful cyber attack in the United States. 1 11% Insiders Annualized percent of cyber attack cost attributed to malicious insiders. 1 BREAKING NEWS Cost of Cyber Crime Study: United States, Ponemon Institute, October Target Data Breach; CEO and CIO resign Dec 18, 2013 Target breach compromises 110 million payment cards Pro-Russia Hacktivists attack NATO website Mar 15, 2014 Group disrupts NATO websites in response to activities in Ukraine Heartbleed Flaw in Internet Explorer Apr 7, 2014 Vulnerability exposed impacting 17% of the internet's secure web servers Al Qaeda kidnapping attempt in Yemen May 11, 2014 Al Qaeda gunmen tried to kidnap two U.S. Embassy employees in Yemen Protests hit Brazil ahead of World Cup May 15, 2014 Demonstrations held in 18 cities protesting billions spent on games instead of housing and health care Booz Allen Hamilton Inc. Copyright Proprietary. 3

4 INTELLIGENCE Minutes Hours Days Weeks Overview The Time to Act is Now Organizations that wait and respond to events after they occur miss the critical window to capitalize on the power of foresight. By using Predictive Intelligence to anticipate and prevent critical attacks from happening or from reaching their full objectives; organizations can significantly lessen the negative impacts of a successful attack. Global Situation Awareness Where Do You Fit? Anticipate Threats Probabilistic Warnings Continuous Diagnostics Advanced Adversary Hunting Detect Threats Prevent Damage Respond to Attacks Sanitize Breaches Policies & Compliance Minutes Hours Days Weeks DECISION MAKING Booz Allen Hamilton Inc. Copyright Proprietary. 4

5 Staying Ahead of the Curve Today s global environment is wrought with potential threats, risks, and opportunities. Success is predicated on an organization s ability to successfully sense, anticipate, and adjust course to mitigate risks, seize opportunities, and defeat adversaries. Achieving this outcome requires access to a diverse set of skills, techniques and technologies that enable an organization to become and remain predictive. While many competitors have one or two of these offerings, only Booz Allen s Predictive Intelligence has the end-to-end solutions needed to holistically address both the scale and severity of the current threat landscape. PI 1 2 Specialized Tradecraft Threat actor, linguistic, socio-cultural and attack-surface intelligence Big Data & Analytics Proprietary analytics and data libraries 3 Advanced Technology Systems integration and application development 4 Workforce Readiness Threat readiness and incident response solutions Booz Allen Hamilton Inc. Copyright Proprietary. 5

6 PI = [ ] x C4S G4S I4S CR MP Predictive Intelligence Predictive Intelligence combines tradecraft, big data & analytics, technology and workforce to help clients anticipate, prevent, detect and respond to global threats and global opportunities with real-time actionable insight about their environment internally, externally, globally and socially so they can take action to be ready, to manage risk, to protect assets and to thrive. Major Product Lines and Solutions Cyber4Sight Tailored, anticipatory threat intelligence provides actionable, near-real time alerts of specific impending malicious cyber attacks. Insider4Sight TM Holistic approach tailored to mitigate insider risk using advanced detection and analytical tools. MissionPlatform Technology architecture and tool suite for data collection, storage, processing, analytics, and userfocused visualizations, and includes talent management to leverage these solutions. Global4Sight TM Threat and business intelligence derived from social media and global datasets enables anticipatory actions, rapid threat mitigation, and strategic positioning. CyberReady TM Continuous, automated diagnostics to discover vulnerabilities and to quickly sanitize breaches. Booz Allen Hamilton Inc. Copyright Proprietary. 6

7 Product Lines Cyber4Sight C4S Cyber4Sight tailored threat intelligence products and services pro-actively defend our client s organizations against the most sophisticated cyber attacks. With Cyber4Sight products and services, clients receive actionable intelligence of future attacks in near real time to avoid tactical and strategic surprise. Cyber4Sight threat intelligence products and services collect and analyze the motivations, intentions, objectives, and capabilities of specific threat actors around the world most likely to launch an attack against a client and provide an early warning capability at a fraction of the cost to build a comparable intelligence analysis center internally. OFFERINGS SOLUTIONS Threat Alerting and Warning Services Anticipatory cyber threat alerts and warnings of impending future attacks, providing clients with an early warning system to defend their enterprise. Deep Web Intelligence Analysis Services Advanced intelligence tradecraft service to monitor specific threat actor s intentions, motivations and objectives to provide actionable insights for high risk, high consequence cyber threats. Cyber Threat Intelligence Summary Products Daily compendium report on global cyber threats and incidents with a focus on nation states, known hacktivist groups, and criminal syndicates. On-Call Intelligence Analysis Services On-demand services to answer client-submitted cyber threat intelligence questions that require in-depth analysis, which may be related to virtually any cyber threat intelligence topic. Specialized Cyber Threat Intelligence Studies In direct consultation with our clients, we create deepdive, open-source analytic products that present extensive views of current cyber threats and risks. Services Availability & Support Cyber4Sight services operate 24 hours per day, 365 days per year. Intelligence analysts are always available for help and support around the clock via a telephone hotline, , and Web portal access. OSIRIS Open Source Information Research and Investigation System Automated data collection and ingestion Automated filtering, correlation, and analysis Visualization and alerting dashboard for analysts Customized client collection plans based upon business priorities and protected assets ThreatBase TM Near Real-Time Knowledge Repository Automatic meta data ingestion and tagging Link and timeline analysis Object-based queries and advanced search and pattern recognition capabilities Web Portal access for clients Booz Allen Hamilton Inc. Copyright Proprietary. 7

8 Solutions ThreatBase TM C4S ThreatBase is the knowledge repository for Cyber4Sight finished intelligence products, accessible by clients via a secure portal to provide an overview of recent threat trends, including tracking actors, threat origins, and most popular TTPs (Tactics, Techniques and Procedures). The ThreatBase knowledge repository contains all Cyber4Sight finished intelligence, cross referenced and fully searchable. There are more than a dozen search options, each of which can also be used to pivot between attributes of interest. The ThreatBase knowledge repository dynamically maps the relationships between threat actors, their tactics, techniques, and procedures, and their targets. Threat statistics, patterns and trends may be analyzed, linking threat actors with targets, attack vectors, and exploits being used. Geo-location intelligence is stored as well, tracking threat actor locations over time using based near correlations. ThreatBase Screenshots // Secure Client Portal // Advanced Search // Relationship Finder Threat actor profiles depict the relationships between threat actors, their targets, and the methods of attack, allowing analysts to pull the threat from multiple entry points, enriching analysis and providing a more complete picture for clients. Booz Allen Hamilton Inc. Copyright Proprietary. 8

9 Case Study Global Enterprise Services Firm Defending Intellectual Property and Trade Secrets Through Anticipatory Threat Intelligence Results Achieved C4S The Challenge A global enterprise services firm with large-scale briefings for government and commercial clients was stung by a string of network beaches that undermined its intellectual capital and market reputation. The organization s cyber defense was reactive so its analysts had no intelligence to prioritize resource allocation and thwart dangerous threats that compromised its networks. To protect sensitive data and its critical infrastructure, the firm needed to implement a world-class Critical Incident Response Team/Security Operations Center (CIRT/SOC) or risk losing billions of dollars in reputation and future earnings. The company turned to Booz Allen Hamilton and its Cyber4Sight team for help. The Solution The Cyber4Sight team implemented 24x7 Threat Alerting and Warning Services, combined with strategic intelligence capabilities, to substantially elevate the client s security posture using an intelligence-driven computer network monitoring and defense capability that includes Tripwire Alerts, Spot Reports, Situation Reports (SITREPS), and Daily and Monthly Intelligence summaries. The Cyber4Sight team began transforming the client s critical data into informed, proactive computer network defense activities. In the first four months alone, the Cyber4Sight team delivered more than 100 serialized threat intelligence summaries and 700 analytic insights. Daily threat intelligence briefings helped guide the client s ongoing tactical operations, fostering an anticipatory approach that exponentially decreased cyber events. Cyber4Sight intelligence reports help predict malicious actors intentions, capabilities and probabilities of success before major events occur enabling the client to prepare for attacks in advance and effectively mitigate risk in real-time. The insight provided by Cyber4Sight analysts allows the client to better prepare for major cyber events before they occur, avoiding multi-million dollar losses of intellectual property and brand equity. The Cyber4Sight team also delivers daily threat intelligence reports and briefings to alert the client to potential threats. The Cyber4Sight team continues to field regular Requests for Information (RFIs) from the client to identify and understand developing threats. Booz Allen Hamilton Inc. Copyright Proprietary. 9

10 Product Lines Global4Sight TM G4S Global threats and global market opportunities can take many forms including threat intelligence monitoring, message and influence monitoring, and supply chain risk assessment. To protect their competitive advantage and to capitalize on new opportunities, organizations need comprehensive and actionable information. Global4Sight threat and competitive intelligence products and services combine a strong heritage of cloud architecture and applications development with leading edge open source and social media research and intelligence analysis tradecraft to provide actionable information on global threats and global market opportunities. OFFERINGS SOLUTIONS Threat Intelligence Monitor strategic and tactical environment to alert & inform clients of emerging and ongoing threats to people, facilities, and operations. Executive Protection Anticipate and mitigate physical, reputational and financial risk to individuals created through vulnerabilities exposed online. Supply Chain Risk Assessment Assess third party suppliers to alert clients to business risks. FinSight Thwart illicit actors taking advantage of new opportunities using alternative payment systems. Global Advantage Conduct business research and analysis on opportunities for and threats to market advantage in new environments. Application & Architecture Development Develop innovative solutions to track, visualize, and alert users to threats and opportunities by monitoring vast government, commercial, and publicly available data sets. Attack the Network Tool Suite Suite of Tools Enabling Analytic Hunt Geospatial, thematic, and string-based investigations against raw and machine extracted content Rapid cross-corpus search of all data types Visualization and displays to facilitate interrogation of data Weatherman Analytic Value-Chain Analytic to Track Global Threats Models and identifies relationship between activities within an enemy network Analyzes value chain nodes and tracks hits against keywords that signify activity Provides geospatial and temporal view of the changes in the value chain status Booz Allen Hamilton Inc. Copyright Proprietary. 10

11 Solutions OSIRIS OSIRIS (Open Source Information Research and Investigation System) fulfills four principal functions: targeted collection, ingestion of information feeds, correlation, and visualization. Number of Categorized Authors Per Hour G4S Automated data collection and ingestion from 1,250 data feeds Ingestion of 1 Terabyte of data each day into a data lake and proprietary cloud environment Automated filtering, correlation, and analysis Visualization and alerting dashboard for analysts OSIRIS unique client dashboards provide extensive collection and analysis customization and client data segregation including quick assessments into Twitter feeds. In the example shown right, OSIRIS shows the distribution of pro- and anti-government Twitter authors geotagged at a rally for the Turkish prime minister at the Istanbul airport on 6-7 June, Number of unique authors in the immediate vicinity of the Istanbul airport from June 6 through June 7 categorized by pro- and anti-government hashtags. OSIRIS Screenshots // Targeted Collection // First-Order Correlation // Analytics Center Booz Allen Hamilton Inc. Copyright Proprietary. 11

12 Case Study Supply Chain Risk Assessment Assessing supply chain vulnerabilities to make informed decisions on risk Results Achieved G4S The Challenge A government client required assistance in understanding the risk of using certain manufacturers of a high tech component for a critical operational system. The field of possible manufacturers of this new technology was large, operated around the globe, and most had multiple global business partners. The risks the client was concerned about included quality/counterfeit products that could put safety of personnel and operations at risk, or cyber threats from embedded malware or Trojans capable of stealing Intellectual Property. The client did not have a method for assessing the list of companies against relevant risk factors to reduce the number of companies to a manageable size for further research before selecting the right manufacturing partner. The Solution Global4Sight products and services provided valuable insight into the companies involved with the technology of interest while prioritizing overall risk. Our risk methodology is applicable to all technologies or systems to evaluate supply chain vulnerabilities quickly and efficiently. Our Supplier Risk service offering protects clients against working with suppliers and manufacturers who present a higher risk to the quality, performance or security of component parts integrated into larger systems. Our supply chain vulnerability framework is a proven, repeatable process that we tailor to specific client needs. Global4Sight TM intelligence analysts employed open source research and analysis against a proprietary risk framework, developed through years of supply chain assessments with both government and commercial clients, to evaluate the commercial vulnerability of the new technology across six distinct attributes. Our supply chain vulnerability framework is a proven, repeatable process that we tailor to specific client needs. A final, prioritized list of eight companies confirmed to be working with the technology of interest, and presenting a low risk as a manufacturing partner, was recommended to the client. Booz Allen Hamilton Inc. Copyright Proprietary. 12

13 Case Study Reputation and Safety Risk for Corporate Sponsor of International Events Protecting the safety and security of personnel, assets and corporate reputation Results Achieved G4S The Challenge A global corporation is sponsoring an international event being held under the cloud of local protests. The protests have included negative sentiment against the country s leadership for putting money into the event rather than using the money to support transportation, health, and labor issues that plague the local population. The global corporation is concerned that protests leading up to and during the event may turn violent and put the safety and security of senior executives attending the event, and its corporate reputation as a key sponsor, at risk. The company turned to Booz Allen with its Threat Intelligence, Executive Protection and Global Reputation Intelligence Services for help. The Solution The insights provided by the Global4Sight TM intelligence analysts allowed the client to better prepare for and respond to major events thereby avoiding loss of human life, loss of physical assets, and millions of dollars in reputational loss. The insights provided by Global4Sight intelligence analysts allowed the client to better avoid loss of human life, loss of physical assets, and millions of dollars in reputational loss. Booz Allen provided intelligence analysts and socio-cultural linguists to monitor local, national and international media, social media and other open source data for indications and warning of emerging protests and other events. Applying a diverse list of geo-political indicators against the diverse data sets, the analysts and linguists were able to provide early warning alerts, daily updates, weekly trend reports, and deep dive studies on emerging events, protest and other group leaders that informed decisions on safety and security precautions, as well as strategic communications for influencing local and global attitudes about the corporation and the good work they do to support local and national interests and needs. Booz Allen Hamilton Inc. Copyright Proprietary. 13

14 Case Study Actionable Competitive Intelligence Informing a client s decision on the type of cross-border alliance strategy to pursue The Challenge Our client, a Fortune 100 industrial products manufacturer, wanted to establish a strategic alliance with a publicly traded Chinese corporation. While there was an abundance of information about the partnering firm, the client sought further competitive intelligence on how other US and foreign companies had designed and executed similar alliances. In particular, the client was concerned about how an equity based transaction, such as a merger or joint venture (JV), would be treated by the Committee on Foreign Investment in the United States (CFIUS). The CFIUS is a Treasury Department led inter-agency committee authorized to review transactions that could result in control of a U.S. business by a foreign entity. The CFIUS had obstructed other deals in the past, resulting in lost opportunities and significant expenditure of resources on plans that did not materialize. Our challenge was to collect insights into best practices that would inform how the client designed their alliance, and how it was presented to the CFIUS. The Solution Booz Allen used a tailored combination of competitive intelligence techniques and a wide range of novel data sources to identify over 40 different alliances in China involving firms comparable to our client. Alliances were characterized by type. Repeatable, though not widely publicized, steps that ensured positive results in CFIUS review, were identified. Insights into best practices used to minimized unintended leakage of IP were also uncovered and tabulated for the client to use as needed. Results Achieved G4S Booz Allen uncovered unique new and actionable insights into successful prior cross-border alliances engaged in by the client s competitors. These insights informed the client s overall alliance strategy, resulting in the client choosing to execute a JV with their intended Chinese partner. Booz Allen s insights informed how the client presented their case for a JV to the CFIUS. Our insights contributed to the client s design of their JV in order to minimize risks of unintended leakage of intellectual property to the Chinese JV partner. The insights provided by Global4Sight TM intelligence analysts contributed to the client s design of their JV in order to minimize risks of unintended leakage of intellectual property to the Chinese JV partner. Booz Allen Hamilton Inc. Copyright Proprietary. 14

15 Product Lines Insider4Sight TM I4S Organizations face increasing risk from insider threats posed by employees, contractors and business associates who possess legitimate placement and access and thus are often unseen by network audit tools focused on protecting networks and information from outside intervention and compromise. Insider4Sight behavior-based assessment tools are applied against expected role models to detect rogue insiders before significant damage occurs. The benefits of Insider4Sight tools and services include reduced implementation cost, improved detection probability, predictive identification of risks and coordinated repeatable response. OFFERINGS SOLUTIONS Maturity Assessments & Benchmarking Baseline assessment of a client s insider threat program maturity, using a reference model to assess risk across people, process and technology dimensions. The maturity model uses control families and control objectives measured against industry best practices. An opportunity roadmap is created mapped to key risks and business objectives. Program Design Services Insider threat program design services to create a customized program for a client s organization. Services include policy development, critical asset analysis, role and behavioral modeling, governance and oversight design, privacy and legal assessment, security design, technology planning and roadmap development. Data & Architecture Services Evaluation of existing applications and available data to establish a baseline technology architecture for an insider threat program. Data fusion and machine analytics design services to close information gaps, based upon the goals of the overall program. Insider Threat Monitoring Services Managed security services to monitor a client s enterprise 24 hours per day, 365 days per year, using a customized alerting dashboard to collect evidence of rogue insider activities. Near real time alerts are escalated within the organization, applying analytic tradecraft and case management techniques. We continuously update and evolve expected role behaviors, develop and deploy anomaly triggers, evolve machine analytics, and update tool configurations based upon changing risks and critical asset priorities. Beacon Automated Workflow and Analytic Environment Guides the analyst in the response while providing an audit trail and chain of custody documentation. Enables behavioral analysis against Use Cases (spies, fraud) I4S Signature Repository Library of Behavioral and Risk Activity Triggers Provides indications of anomalous activity indicative of likely-threat behavior Evaluates multiple data sets ( , chat, badge activity) against baseline actor thresholds to characterize and cluster on behavior profiles Booz Allen Hamilton Inc. Copyright Proprietary. 15

16 Solutions BEACON I4S BEACON provides automated workflow and case management of risk alerts to detect, assess and secure against the risk of anomalous behavior. Insider threat audit relies on several key technology platforms to deliver and aggregate the required data for effective detection, analysis and resolution or investigation. Depending on the event, a repeatable workflow process is tailored to the alert and an organization s normal operating procedures. Analysts utilize contextual information to help determine if the anomaly is within the scope of expected role behaviors or it if warrants escalation. When escalation is recommended, the analyst creates a package which contains all the relevant data regarding the alert/behavior and all collected contextual information. The Escalation Package is transferred to an appropriate investigative authority. BEACON tracks and documents all of the analyst s activities to ensure that chain of custody is maintained for reported data and escalation packages. Whether benign or malicious, all activity is captured and stored for future reference and statistical purposes. BEACON Screenshots Anomalies in user activity are detected and compared against expected role behaviors. The analyst then assesses the risk of malicious behavior. // List of Potential Issues // Potential Issue Details // Escalation Package Booz Allen Hamilton Inc. Copyright Proprietary. 16

17 Case Study National Security Client Defending Sensitive and Classified National Security Information Through Anticipatory Threat Intelligence Results Achieved I4S The Challenge An overarching degree of trust given to an employee with access to highly classified information without the balance of auditing and analysis presents a high degree of risk. The WikiLeaks disclosures exposed the need for systemic oversight of policy compliance for any agency using classified information systems. Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, codified many steps for agencies to take in order to protect classified information. The EO affirmed that agencies bear the primary responsibility for the minimum standards regarding information security, personnel security, and systems security which includes establishing an integrated capability to monitor and audit information for insider threat detection and mitigation and gathering information for a centralized analysis, reporting and response capability. These new requirements require an approach that maximizes detection results within resource and budget constraints. The Solution Leveraging behavioral psychologists, we developed triggers around known use cases of malicious insiders, resulting in an 88% increase in the probability of detecting an event that required escalation (investigation). By trending data over time against expected role behaviors, we reduced the number of false positives from over 200 per day to 23 per week, dramatically reducing the number of labor hours required to investigate all of the false positive alerts. Booz Allen partnered with an Intelligence Community client to deploy an integrated monitoring capability on both unclassified and classified networks and a centralized analysis and response capability. Our expert analyst reviewed an alert for an employee who used a thumb drive in an unclassified laptop and desktop system, in violation of standard DoD policy. By leveraging internal databases, our analyst put context around the event and determined the employee had a written exception for use while performing legitimate work functions. Noting that files were on the thumb drive prior to the employee s employment, our analyst applied a suite of tools against the thumb drive files and identified anomalies that indicated a potential compromise of the network. The analyst immediately completed a detailed report into the malware discovered, an overview of possible APT actors and made a recommendation to escalate the event to appropriate government investigative agencies. The APT was subsequently isolated and removed from the network. Reduced the number of false positives from over 200 per day to 23 per week, dramatically reducing the number of labor hours required to investigate all of the false positive alerts. Booz Allen Hamilton Inc. Copyright Proprietary. 17

18 Product Lines CyberReady TM CR Without the ability to take action, even anticipatory threat intelligence is useless. So organizations need full command and control over their IT infrastructure, so that proactive changes can be made to mitigate risks. CyberReady products and services provide advanced technologies, dynamic algorithms, and sophisticated tradecraft to actively mitigate (not just discover) cyber risks, and to sanitize organizations in the event of a breach. Automated diagnostics running against fused data assess vulnerabilities, detect persistent threat actors, and enable fixes to be prioritized. And our National Security Cyber Assistance Program (NSCAP) accredited team of cyber incident responders can act quickly to drive intruders out. OFFERINGS SOLUTIONS Continuous Diagnostics & Mitigation Services Shortening the time between identifying and fixing vulnerabilities is the key to pro-active threat mitigation. Our continuous diagnostics and mitigation services can help clients achieve real-time risk awareness, and better close gaps in their infrastructure Algorithm & Analytics Development Services Fast, accurate, and decision-reliable algorithms are the heartbeat of any cyber operations center. Our team of data scientists has created a library of common analytics, and can create new ones on almost any tools platform. Policy Compliance Automation Services Tracking and accurately measuring cyber policy compliance eliminates manual assessment and reporting practices. This allows clients to better assess the cost of compliance and make better prioritization decisions. NSCAP-Accredited Incident Response Services Booz Allen is one of only six companies who are accredited by the US Government to conduct incident response activities, due to our highly skilled and qualified staff, repeatable processes, and custom tradecraft. NetRecon and Red Team Services Understanding how a client s organization looks to an outside attacker helps clients reduce their attack surface and proactively defend against cyber threats. Our team of white hat hackers can quickly identify vulnerabilities in client s systems. Tools Integration and Data Fusion Integrating cyber tools to support decision-making is critical to pro-active threat mitigation. Our team s datacentric approach helps extract decision-making data from tools, allowing a more holistic, analytics-driven approach. CyberReady Codex An integrated library of cyber analytics and indicators User Interface to create new analytics Based on 5+ years experience supporting some of the nation s largest cyber security operations centers Automated First Responder (AFR) Custom-built incident response platform Identifies one-off malware and persistent threat actors, even if no signatures exist for the threat Zero persistent install for quick deployment CyberReady Command and Control Dashboards Visualizes fused data pulled from a variety of sources Supports Executive-level decision making, incident response, and CIRT/SOC functions Booz Allen Hamilton Inc. Copyright Proprietary. 18

19 Solutions TM CyberReady NetRecon CR One of the best techniques an organization can employ to shore up their cyber defenses is acting like attacker. This means taking an external view of their enterprise, and trying to breach the network perimeter using any means necessary. While many automated vulnerability scanning tools exist, these are frequently rigid, rule-based and reliant on published vulnerabilities. CyberReady NetRecon overcomes these limitations and provides a holistic, comprehensive view of an organization s vulnerabilities. We provide: The Attacker Perspective: Extensive discovery techniques and years of intelligence analysis experience allow us to quickly get results. Actionable Intelligence: We provide a customized report for each client, that takes into account unique elements of each business. More Than Red Teaming: We find more vulnerabilities across the milewide surface area of an organization s network, providing clients more visibility and a better understanding of where defenses are needed. Examples of issues uncovered in our reports include: Undisclosed internet Points of Presence and disaster recovery locations; High value projects unknowingly correlated to undisclosed locations; Protocol eavesdropping analysis; Unknowingly published sensitive information. Screenshots // Reconnaissance Reports // Vulnerability Dashboards // Attack Surface Modeling Our highly-trained team of CyberReady NetRecon analysts is why we re different. They connect the dots, skillfully deploy state-of-the-art tools, and apply extensive research and training to each engagement. Booz Allen Hamilton Inc. Copyright Proprietary. 19

20 Case Study Commercial Financial Institution CR Sanitizing a Breached Network and Driving Out Persistent Threat Actors The Challenge A large commercial financial institution detected anomalous activity on their network, which posed a significant threat to their business operations and reputation. To determine the extent of the damage, shore up cyber defenses, and systematically drive out the intruders, the firm needed a multi-disciplined team of incident responders who could lead, coordinate, and execute a full-scale incident response activity. The organization turned to Booz Allen and its CyberReady TM Incident Response Team for help. The Solution Booz Allen s CyberReady Incident Response activities are accredited by the National Security Cyber Assistance Program 1, which ensures highly-skilled staff can provide state-of-the-art services within 21 separate Incident Response areas. Typical activities we provide to our clients include: Rapid, comprehensive impact assessments On-the-ground team of Subject Matter Experts (SMEs) that integrate with existing technical teams (e.g., CIRT/SOC) and non-technical staff (e.g., law enforcement, media relations) Systematic breach response to drive intruders out, quickly patch vulnerabilities, and maintain situational awareness Thorough forensics analysis and evidentiary support Comprehensive vulnerability assessment to proactively identify and remediate additional threat vectors Results Achieved Within 24 hours, Booz Allen deployed a CyberReady Incident Response team within the organization and completed an initial Breach Assessment using a rapid response mobile toolkit. An Initial Malware Triage was completed within 36 hours, which allowed containment and remediation measures to begin. Within 72 hours, the team deployed custom tools to capture and analyze 62+ billion encrypted Packet Capture (PCAP) packets, and 200,000+ firewall, application, and web logs, and to conduct forensics analysis on 60+ hard drives. The CyberReady Incident Response team produced a detailed event log with 5,000+ discrete intruder actions, delivered a 400 page legal / technical report with 15,000+ additional exhibits, and supported the organization s legal, law enforcement, media, and customer outreach efforts. Before concluding, the team conducted an independent verification of the organization s cyber defenses, to make sure that there were no additional avenues of attack. Booz Allen s CyberReady Incident Response provides rapid, on-the-ground support to quickly sanitize an enterprise s IT infrastructure in the event of a breach. 1 Booz Allen Hamilton Inc. Copyright Proprietary. 20

21 Product Lines MissionPlatform MP Underpinning the Predictive Intelligence s product lines is a set of core capabilities that provides the technology foundation, a cadre of trained staffing resources, and the mission understanding required to first establish, then scale, and finally realize the full potential of the Predictive Intelligence suite of offerings. Mission Platform is an enabling product line that acts as a force multiplier by providing a robust data analytic platform for rapid data integration and exploitation; proven methodologies for creating and evolving a PI workforce; and a pool of specialized subject matter experts that possess the deep mission understanding necessary to tailor people, process, and technology to mitigate potential threats and capitalize on advantage opportunities in multiple domains. OFFERINGS SOLUTIONS PI Platform Development and Integration Design, develop, and field data analytic platforms and analytical tools. Integrate new Predictive Intelligence technology with legacy capabilities to expose and enable analytics on all available data. Provided in multiple deployment models (remote-hosting, on premise). Rapid Prototyping Quick-win design, development, and rapid fielding of new technology focused on experimentation of novel approaches to current technical challenges. Provides users with tangible capabilities for direct feedback and collaboration on follow-on iterations. Software Development Center An incubation lab focused on the invention of new Predictive Intelligence capabilities. Staff are assigned on a rotational basis and execute Agile development projects to turn new ideas into innovative solutions. Talent Management and Workforce Development Advanced training, exposure to new technologies, and lab rotations are designed to cultivate and nurture the next generation Predictive Intelligence workforce. Next Generation Analysts Methodology, training, and lessons learned for building and operating innovative analytic teams (IATs) focused on new methodology creation, rapid prototyping, and innovation solution development. PI Data Analytic Platform Cloud Analytic Architecture Enables rapid integration, processing, and analysis of large volume and diverse datasets Designed for rapid integration of new data sources (<1 day) Provides advanced entity extraction, natural language processing, and automated risk assessments Packaged for cloud-based, remote, and on premise deployments SCARAB Distributed, dynamic network for low and mis-attributable collection of internet-based content Provides disposable, virtual client machines executed through cloud service providers Booz Allen Hamilton Inc. Copyright Proprietary. 21

22 Case Study Global Financial Services Institution Protecting Personal Information and Banking Infrastructure through an Established Cyber Security Capability Results Achieved MP The Challenge A global financial services company with diverse business segments, making it one of the world s prominent financial services institutions, was breached and personal information accessed. Recognizing it faced a continuous threat environment as a high-value target by internal and external actors, the client required a robust strategy to establish a workforce capable of addressing its unique risk/threat profile. To prevent attackers intended ability to gain a privileged look at, disrupt, or manipulate, its core business functions, the institution turned to Booz Allen for an independent, third-party validation of its cybersecurity workforce readiness capability. The Solution The MissionPlaform team built a customized set of Cyber Talent Management Interventions to close organizational capability gaps. Interventions were designed to meet the unique risk/threat profile of the institution and achieve short- and long-term risk mitigation objectives. Reports guided the client in identifying critical positions, examining cyber workforce distribution and establishing a Cyber Security Job Family. In under six weeks, the MissionPlatform team identified critical talent gaps, sub-optimal performance risks, and flawed hiring practices. Also revealed were organizational misalignments of workforce, increasing the firm s exposure to risk and limiting the ability of systems to meet cybersecurity requirements, as well as a cyber security talent deficit. The analysis implemented strategic plans to close gaps were limited, including inaccurate position targets and compensation projections at nearly 60% under market. Briefings to Risk Management, Information Systems and Human Resources established an action plan for adjusting the human capital strategy and making targeted investment decisions to expand capability. The institution turned to Booz Allen for an independent, third-party validation of its cybersecurity workforce readiness strategy. MissionPlatform activities launched initial stages of a comprehensive cyber security workforce strategy to effectively safeguard client information and infrastructure, critical to both U.S. national security and global economic prosperity. Booz Allen Hamilton Inc. Copyright Proprietary. 22

23 PI = [ ] x C4S G4S I4S CR MP Predictive Intelligence Predictive Intelligence combines tradecraft, big data & analytics, technology and workforce to help clients anticipate, prevent, detect and respond to global threats and global opportunities with real-time actionable insight about their environment internally, externally, globally and socially so they can take action to be ready, to manage risk, to protect assets and to thrive. Points of Contact Angela M Messer, Executive Vice President Predictive Intelligence Cyber4Sight Randy Hayes Vice President Global4Sight TM David Kletter Senior Vice President Insider4Sight TM Randy Hayes Vice President CyberReady TM Brad Medairy Senior Vice President MissionPlatform Brad Medairy Senior Vice President Raynor Dahlquist Vice President Leslie Raimondo Vice President Cyber4Sight is a registered trademark of Booz Allen Hamilton Inc. Global4Sight, Insider4Sight, CyberReady, and ThreatBase are trademarks of Booz Allen Hamilton Inc. Booz Allen Hamilton Inc. Copyright Proprietary. 23

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

Cybersecurity Delivering Confidence in the Cyber Domain

Cybersecurity Delivering Confidence in the Cyber Domain Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In

More information

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Operationalizing Threat Intelligence.

Operationalizing Threat Intelligence. Operationalizing Threat Intelligence. Key Takeaways Time is becoming more and more compressed when it comes to protecting the enterprise Security teams must be able to rapidly and effectively translate

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

Managed Security Services

Managed Security Services Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS ADVANCED CYBER THREAT ANALYTICS POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. Wynyard Advanced Cyber Threat Analytics (ACTA) is a Pro-active Cyber Forensics solution that helps protect organisations

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services TACTICAL FLEX, INC. AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF Aanval for Financial Services Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved Challenge for IT in Today s Financial

More information

I D C A N A L Y S T C O N N E C T I O N

I D C A N A L Y S T C O N N E C T I O N I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Defending against modern cyber threats

Defending against modern cyber threats Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation

More information

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Eight Essential Elements for Effective Threat Intelligence Management May 2015 INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Whitepaper. Advanced Threat Hunting with Carbon Black

Whitepaper. Advanced Threat Hunting with Carbon Black Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

Gaining the upper hand in today s cyber security battle

Gaining the upper hand in today s cyber security battle IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Win the race against time to stay ahead of cybercriminals

Win the race against time to stay ahead of cybercriminals IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

Cyber Situational Awareness for Enterprise Security

Cyber Situational Awareness for Enterprise Security Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

A Primer on Cyber Threat Intelligence

A Primer on Cyber Threat Intelligence A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

EnCase Analytics Product Overview

EnCase Analytics Product Overview GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Product Overview Security Intelligence through Endpoint Analytics GUIDANCE SOFTWARE EnCase Analytics EnCase Analytics Key Benefits Find unknown and undiscovered

More information

Cyber and Operational Solutions for a Connected Industrial Era

Cyber and Operational Solutions for a Connected Industrial Era Cyber and Operational Solutions for a Connected Industrial Era OPERATIONAL & SECURITY CHALLENGES IN A HYPER-CONNECTED INDUSTRIAL WORLD In face of increasing operational challenges and cyber threats, and

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information