Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
|
|
- Lorraine Long
- 8 years ago
- Views:
Transcription
1 Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily life in America and around the world. Approximately 2 billion people use at least 12 billion computers and other networked devices. These devices range from personal computers and tablets to the servers and devices supporting our critical infrastructure, including industrial control systems. Malicious actors continue to grow in sophistication, organization, and financial backing. These actors seek to steal financial information, intellectual property, trade secrets, and other sensitive information from businesses, small and large. They also attempt to disrupt essential services, damage infrastructure assets, and potentially produce severe, cascading effects throughout the Energy Sector. As these actors capabilities grow, so does the risk to our critical infrastructure. As a Nation, it is vital that we develop the strategic capabilities to defend against the cyber threats that put our national and global interests at risk. Unfortunately, the ability of malicious actors to operate from anywhere in the world, the difficulty of eliminating software vulnerabilities, and the linkages between cyber and physical systems all contribute to making cyber defense a highly challenging endeavor. Couple this with the volume of attacks occurring every day and the limited manpower of any one organization, and the need for new approaches to cyber defense becomes clear. A New Approach: Beyond Access Control A major component of cyber defense is access control. This is evident in technologies such as firewalls, which traditionally control access based on source and destination information. Authentication schemes use various mechanisms to prevent unauthorized access to key resources. Unfortunately, many of today s cyber attacks work not because of cyber defenders lack of enabling access controls, but rather through weaknesses inherent in the controls themselves. Mistakes in software often create unintentional vulnerabilities that weaken otherwise useful controls (e.g., Heartbleed, Shellshock). Furthermore, social engineering can often enable malicious actors to exploit human traits such as
2 trust, curiosity, and memory limitations to bypass properly configured controls (e.g., spear phishing, password reuse). If, then, we recognize that access controls have weaknesses, what can we do? As the cyber community recognizes that access control has its shortcomings, a shift in mindset has begun. Increased monitoring of networks and systems is being done in hopes of identifying precursors to future attacks before they become compromises and identifying compromises before they become catastrophes. Dealing with the Flood: Enter Cyber Threat Information This increased monitoring brings with it a flood of data. There are firewall deny logs, traffic logs, web logs, system logs, intrusion detection system logs, antivirus logs, mail logs, and more. The manpower and time required to sift through all of this data properly, and in a timely manner, is unrealistic for even a small enterprise. Databases, correlation engines, and advanced tools such as security information and event management (SIEM) systems have come about to help deal with this problem. Ultimately, however, they still require a human to provide useful configuration, drive searches, and interpret abnormal data. To do their job well, analysts require both expertise and information, specifically information about the threats they must defend against. Cyber threat information includes indicators and intelligence. Cyber threat indicators are small pieces of information that can typically be acted upon in an automated manner at the machine level. An example of a cyber threat indicator is an internet protocol (IP) address engaged in malicious activity. Cyber threat intelligence may include indicators but generally also includes more detailed information to provide a bigger picture to analysts. Indicators help cyber defense in two ways. First, they can provide a good starting point for culling the data for indication of active threats, ideally while still in the reconnaissance phase. Second, if they are integrated into an active response system (by proactively acting upon them through blocking, sending to a blackhole, etc.) they can disrupt an ongoing attack and prevent future attacks. Intelligence not only helps inform analysts to better configure their defenses and better tailor their monitoring and analysis to current threats, but can also support situational awareness, potentially allowing threats to be anticipated before they reach critical targets. Integrating Cyber Threat Information through Machine-to-Machine Sharing Looking to the future, the authors believe the use of cyber threat information will likely be part of any mature cyber defense strategy. Building mature cyber defense strategies around cyber threat information generally consists of three phases: identifying, consuming, and producing cyber threat information. There exist many sources of cyber threat information. They can include internal
3 sources (such as intrusion detection logs, firewall denies, or antivirus signature matches) and external sources (such as blacklists, private intelligence companies, and government organizations). Sources will vary by volume, quality, timeliness, cost, and relevancy. Surveying the available sources and identifying which are of importance to you is the first phase of making use of cyber threat information. The second phase involves building processes to not only receive, but to consume and make use of cyber threat information. Consuming the information means not only receiving it, but parsing it and actually using it. For indicators, this includes automating the search of local data sources to identify previous interaction with the indicators. It can also include preventive measures such as pushing into perimeter protection devices to block known attacks or to redirect them to an analysis environment. For cyber threat intelligence, this includes providing a unified environment for analysts to access and consume the information, as well using the intelligence to tag and enrich existing data and indicators to provide greater situational awareness. In the third phase of maturing cyber defense strategies, consumers of cyber threat information recognize that the information that they are receiving is part of a shared situational awareness that can only improve as more entities contribute. The consumers then need to look at their own data and analysis processes to identify and provide their own relevant analysis to the broader community. This includes both the addition of new cyber threat information and the enrichment (adding knowledge) of information that was already known to the community. Throughout the maturing process, the speed of response is critical. When indicators come from an actual attack, mere seconds may pass before a weak link is discovered and allows the attack to turn into a compromise. The same urgency can be applied to the intelligence side, where, for example, the intelligence may provide information about a known upcoming attack. Moving to machine-to-machine information sharing removes the inherent delay that comes with human-to-human information sharing. Machine-to-machine sharing also improves the ability to automate analysis and, in some cases, response, thus allowing the analyst to spend more time focusing on discovering the unknown. Cyber Fed Model: A Reference Implementation In 2004, Argonne National Laboratory began researching the benefits of sharing cyber threat indicators among related peer organizations. This led to a grassroots movement to begin sharing indicators, and in 2009 the U.S. Department of Energy (DOE) Cyber Fed Model (CFM) program began providing a production capability for machine-to-machine sharing of cyber threat indicators among multiple DOE facilities. Since that time, the CFM program has expanded to support the Department of Homeland Security, multiple other U.S. Government organizations, and has begun
4 facilitating information sharing between government and private sector critical infrastructure owners and operators, particularly those in the energy sector. In addition, the CFM program has expanded beyond just cyber threat indicators to include the sharing of cyber threat intelligence and detection rules. As part of this expansion, CFM is committed to encouraging and supporting emerging standards such as Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII), while continuing to provide support for the legacy and custom needs of existing participants or those who cannot fully adapt for other reasons. At the core of CFM are the beliefs that collective knowledge is better than individual knowledge and that real-world relationships (shared interests, common infrastructure, geographic location, etc.) often translate into cyber-world relationships. Experience has shown that these relationships are often used by malicious actors to exploit common vulnerabilities, gain greater sector-wide control, or steal the sector-wide body of knowledge. CFM leverages these relationships in distribution and receipt to improve cyber defense by focusing on cyber threat information that has real relevance. Cyber Fed Model: How it Works In CFM, participants are added to groups referred to as federations. These federations are based on relationships; participants each may be part of many federations. Using encrypted web communication on top of data-level encryption, participants use CFM to provide one-to-one and one-to-many distribution of cyber threat information. CFM utilizes a secure web application to transport cyber threat information. When a participant produces cyber threat information, the information is tagged with handling parameters, including a distribution list, and uploaded to the CFM repository. It is checked for proper formatting and against whitelisted entries, then made available to those on the distribution list. (In some cases [generally dependent on relationships], data is anonymized before being released.) Consumers query the CFM repository for new cyber threat information and retrieve it. Although CFM participants are welcome to connect to the application programming interface (API) on their own, client software is provided to handle the communication. Uploading is as simple as dropping a file in a folder and calling a script. Downloading is handled by the same script, which retrieves the files and organizes them based on type and format. Work is currently underway to adapt CFM features, such as federation-based distribution, data anonymization, and centralized feed aggregation, to the TAXII protocol, which will be the basis of the next generation of CFM enhancements. At this time, TAXII is already supported through the use of other TAXII server software.
5 Cyber Fed Model: The Features and Benefits Machine-to-machine information exchange increases perimeter protection for individual participants and the community as a whole. When one entity detects an attack, indicator information can quickly be distributed to all and used to preempt the same distributed attacks and sector targeting by advanced persistent threats. Through CFM s experience with cyber threat information sharing, the CFM team has developed various features to combat commonly encountered problems. These include the following: Uses secure web-based protocols to help avoid the politics of opening firewall holes; Supports current standards like STIX, legacy formats such as Intrusion Detection Message Exchange Format (IDMEF), and custom formats such as comma separated values (CSV) to minimize the burden on producers; Using relationships for grouping, provides simplified distribution lists; Carries handling permissions forward explicitly, enabling trust; and Support exists for new exchange protocols, such as TAXII, to support existing and emerging communities without burdening them to change protocols or software. The following are additional features and benefits of CFM: Supports cyber threat indicators (alerts) and cyber threat intelligence (reports), as well as detection rules; Operates in near real time; Responds automatically, using machine-to-machine protocols; Is highly available (using geographically-distributed servers); and Is scalable to thousands of participants. Cyber Fed Model: Into the Future As CFM continues to grow, new features and enhancements are developed as needed. Currently planned enhancements include the following: Tools for local threat detection that provide a consistent confidence rating of hostile behavior across numerous organizations and entities; Tools that simplify the integration of cyber threat information with existing IT infrastructure, such as perimeter protection devices, monitoring systems, and analysis tools; Reducing the current lag time associated with near real time, and moving to more real-time streaming of information; Distributed search capabilities; and Interoperability between legacy and modern cyber threat information representation formats.
6 Beyond Cyber Fed Model The CFM program is just one in an ecosystem of cyber threat information sharing programs. In recognition of the broader ecosystem, CFM seeks to develop relationships and partnerships with others working on the same challenges. Today, CFM is an active participant in the Enhanced Shared Situational Awareness (ESSA) program, led by the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and National Security Agency (NSA). Together the ESSA partners strive to create a situational awareness capability that integrates actionable information about emerging trends, imminent threats, and the status of incidents that may affect critical infrastructure. In addition, the CFM program participates in information exchange with DHS s Cyber Information Sharing and Collaboration Program (CISCP) and the community of Information Sharing and Analysis Centers (ISACs). CFM is prepared to support machine-to-machine information exchange broadly across the energy sector and critical infrastructure today. Conclusion Malicious actors continue to grow in sophistication, organization, and financial backing. As a Nation, it is vital that we develop the strategic capabilities to defend against the cyber threats that put our national and global interests at risk. Through the integration of cyber threat information into our cyber defense strategies, we can coordinate responses to cyber threats and drive down the cost of cyber defense while increasing the costs for attackers. DOE s CFM, through experience, technology, and partnerships, is ready to help defend our Energy Sector and critical infrastructure. Ultimately, however, community backing and utilization of these efforts will be the key to future success.
Eight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationApplying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events
Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationCyber Situational Awareness for Enterprise Security
Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationIntelligent. Data Sheet
Cisco IPS Software Product Overview Cisco IPS Software is the industry s leading network-based intrusion prevention software. It provides intelligent, precise, and flexible protection for your business
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationNASCIO 2015 State IT Recognition Awards
NASCIO 2015 State IT Recognition Awards Title: State of Georgia Private Security Cloud Implementation Category: Cybersecurity Contact: Mr. Calvin Rhodes CIO, State of Georgia Executive Director, GTA calvin.rhodes@gta.ga.gov
More informationDigital Evidence and Threat Intelligence
Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationSymantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationKnow Your Foe. Threat Infrastructure Analysis Pitfalls
Know Your Foe Threat Infrastructure Analysis Pitfalls Who Are We? Founders of PassiveTotal Analysts/researchers with 10+ years of collective experience Interested in Better UX/UI for security systems Improving/re-thinking
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationAPPLICATION PROGRAMMING INTERFACE
DATA SHEET Advanced Threat Protection INTRODUCTION Customers can use Seculert s Application Programming Interface (API) to integrate their existing security devices and applications with Seculert. With
More informationWhite Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation
White Paper Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation Table of Contents Introduction... 3 Common DDoS Mitigation Measures...
More informationThreat Intelligence Platforms: The New Essential Enterprise Software
Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationCisco Remote Management Services for Security
Cisco Remote Management Services for Security Innovation: Many Take Advantage of It, Some Strive for It, Cisco Delivers It. Cisco Remote Management Services (RMS) for Security provide around the clock
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationCisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats
Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationThe Third Rail: New Stakeholders Tackle Security Threats and Solutions
SESSION ID: CXO-R03 The Third Rail: New Stakeholders Tackle Security Threats and Solutions Ted Ross Director, Threat Intelligence HP Security Research @tedross Agenda My brief background An example of
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationSecuring the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.
Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy. The number of Internet-connected smart devices is growing at a rapid pace. According to Gartner, the
More informationFile Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions
File Integrity Monitoring Challenges and Solutions Introduction (TOC page) A key component to any information security program is awareness of data breaches, and yet every day, hackers are using malware
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationTIBCO Cyber Security Platform. Atif Chaughtai
TIBCO Cyber Security Platform Atif Chaughtai 2 TABLE OF CONTENTS 1 Introduction/Background... 3 2 Current Challenges... 3 3 Solution...4 4 CONCLUSION...6 5 A Case in Point: The US Intelligence Community...7
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationCountering Cyber Attacks with Big Data and Analytics
June 2015 Countering Cyber Attacks with Big Data and Analytics Frost & Sullivan Analysis by Sandy Borthick Big Data & Analytics (BDA) Volume 3, Number 6 Countering Cyber Attacks with Big Data and Analytics
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationWEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services
WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationGetting Ahead of Advanced Threats
Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1 Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationBridging the gap between COTS tool alerting and raw data analysis
Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More information