Speed Up Incident Response with Actionable Forensic Analytics

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Speed Up Incident Response with Actionable Forensic Analytics"

Transcription

1

2 WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015

3 Table of Contents Introduction 3 Current Threat Landscape 3 How Typical IT/Security Processes Inhibit Effective Incident Response 4 Typical IT/Security Processes 4 Common Challenges 4 Challenges Specific to Forensic Analytics and Incident Response 5 Actionable Forensic Analytics 5 Flexible Incident Response 5 Tenable Continuous Monitoring Platform 6 Benefits of the Tenable Continuous Monitoring Platform 7 Actionable Forensic Analytics 7 Speeds-up Incident Response 7 Use-Cases 7 Forensic Analysis of Suspicious Activity 7 Incident Response Options 8 Conclusion 9 About Tenable Network Security 9 2

4 Introduction Cyber criminals are using advanced targeted attacks and modern malware to bypass traditional security controls and easily steal credit card data, sensitive corporate information, and national secrets. According to the 2014 Ponemon Report 1, the average total organizational cost of a data breach for companies participating in the survey worldwide increased by 15% over the previous year to $3.5 Million. The average cost paid for each stolen record containing sensitive data increased more than 9% from $136 in 2013 to $145 this year. In part, these costs are due to delays in breach detection, which can often take weeks to months after the initial compromise. Delays occur because security teams do not have actionable forensic data to pinpoint compromised hosts or identify sensitive data that has been stolen. Tenable provides a comprehensive continuous network monitoring solution that enables you to rapidly respond to security incidents, by providing actionable forensic data that can help detect incidents more accurately. In this paper, we will explore the forensic analytics and incident response capabilities of Tenable SecurityCenter Continuous View (SC CV), a network security platform that identifies vulnerabilities and threats, reduces risk, and ensures compliance. Topics covered will include: Recognizing how organizational silos and inefficient process inhibit the effectiveness of IT and Security Operations. Gathering actionable forensic analytics data is needed to identify advanced attacks both at the network and host levels. Responding to security incidents requires flexible techniques that leverage both workflows and automation. Current Threat Landscape Fig. 1: Verizon 2014 DBIR Report -Top 10 types of security incidents that resulted in breaches The Verizon 2014 Data Breach Investigation Report (DBIR) 2 covers breaches affecting organizations in 95 countries in The top 10 categories of security incidents (as shown in Fig. 1) totaled up to approximately 63,000 incidents, out of which 1,367 (2%) resulted in breaches (data disclosure). However, the same four categories of attacks - POS intrusions, web app attacks, cyber espionage, and card skimmers - have contributed to the top breaches between 2011 and Only 33% of victims discover breaches internally according to Mandiant s 2014 M Trends Threat Report 3. Furthermore, in 67% of the cases, victims were notified by external entities after it was already too late to save the reputation of the company. Security breaches can have a devastating impact on any company. For example, in the Target breach alone, 40 million credit/debit card data records and 70 million total data records were stolen in the month of November The attack vector used in Target was a known exploit that had impacted other retail chains. This scenario is all too common. Therefore, to protect against advanced attacks and security breaches, a company s IT security strategy should include: Continuous network monitoring for known vulnerabilities and threats. Correlating anomalous activity at the network and host levels to detect the unknown threats Cost of Data Breach Study: Global Analysis, Ponemon Institute, May Data Breach Investigations Report, Verizon, April Threat Report M Trends Beyond the Breach, Mandiant a FireEye Company, April

5 How Typical IT/Security Processes Inhibit Effective Incident Response Typical IT/Security Processes Fig. 2: Typical IT/Security Operations Processes Typical IT/Security processes (as illustrated in Fig. 2) encompass the following four phases: 1. Prevent: Identify all vulnerabilities in all known/managed assets in your enterprise. Automatically classify them into asset groups based on OS and applications/services running on them. Perform configuration audits and patch them to prevent bad configurations and known vulnerabilities. This enables you to reduce attack surface and prevent known attacks. 2. Detect: Discover unknown/unmanaged assets on your network, including mobile devices, virtual machines and cloud services. Automatically identify operating system and application services that have exploitable vulnerabilities. Detect known threats based on threat intelligence from intrusion detection/prevention devices on your network. 3. Analyze: Correlate anomalous activity with real-time threats (events) and monitor for changes to systems/endpoints to see if they match known indicators of compromise. Collect accurate forensic data and present this in a consumable way. Sophisticated analytics are required to tie together the asset and vulnerability data from across assessment scan, networks sniffed, and log data and produce actionable reports. 4. Respond: Use forensic data to generate alert notifications to take prioritized manual (workflow-based) actions or automated (API-based) actions to prevent threats from resulting in security breaches. Forensic Analytics and Incident Response corresponds to the Analyze and Respond phases (bottom-half) of the IT/Security process. Common Challenges Common challenges encountered by organizations implementing this model include: Organizational Silos: Desktop administration, network, and security operations in medium to large companies are typically managed by three different organizations IT Helpdesk, Network Operations Center (NOC), and Security Operations Center (SOC), who use different tools that do not communicate well with each other. Unmanaged Assets: All assets on the network are not discovered or known to IT, and hence they are not monitored or managed, especially mobile phones, tablets, and virtual environments (e.g., VMware instances), which may have vulnerabilities that can be easily exploited. Unknown Applications/Services: Many unmanaged assets are not hardened or patched to eliminate known vulnerabilities, such as Heartbleed. These assets could be used as launch pads for malware to penetrate the enterprise. Lack of Network Visibility: Any anomalous network traffic to botnets and Command and Control (CnC) servers can go undetected if there are no network monitoring tools with application level (layer 7) visibility looking for traffic to known suspicious destinations. Un-prioritized Vulnerabilities: Vulnerabilities are not prioritized by Common Vulnerability Scoring System (CVSS) scores, asset criticality, or users/ roles. IT will be unable to quantify business risk without such prioritization. 4

6 Challenges Specific to Forensic Analytics and Incident Response No Actionable Forensic Data: Security and network operations staff are inundated with security events for which they do not have the right actionable data. This includes indicators of compromise for advanced attacks that go undetected by traditional defenses. Inflexible Incident Response: Security and network operations staff have limited ways in responding to incidents, e.g., generating notifications and reports, initiating manual work flows, or spawning automated actions. Having the flexibility to associate different types of response actions with alerts enables IT/Security Operations to speed up incident response and reduce business risk. Actionable Forensic Analytics The typical requirements for actionable forensic analytics include the following capabilities: Network Forensics: Logs of all network traffic, which includes packet capture or meta-data captures from network sensors, application flow data from switches and routers, and application logs from network proxies. This data is useful for identifying suspicious traffic that can be attributed to botnets or CnCs to or from bad sites without deploying any agents on endpoints. Host Forensics: Monitoring hosts and endpoints for file integrity, system configurations, processes, DNS queries, and network connections. This typically requires credential-based scanning of endpoints, or agents running on endpoints to gain evidence (using tell-tale signs of indicators of compromise). Log Correlation: Encompasses behavioral and statistical analysis to determine anomalies in network and host forensic data. Infuses contextual information about asset location and user identity, and also filters logs using blacklists from external threat intelligence sources. These correlation features are vital for zeroing-in on security incidents that need immediate attention. Actionable forensic data should include monitoring for: Network meta-data: Source and target of attack: IP address, host name, port/protocol associated with botnets or CnC traffic URL/domain name of server hosting malware Sender/recipient address of phishing attack Host Indicators of Compromise: IP address or hostnames of compromised endpoints Hashes of malware files/binaries System configurations or auto-runs that should be checked for integrity OS registry changes and processes associated with malware Flexible Incident Response Any solution that identifies security incidents should further enable you to respond to them with the following types of configurable response actions, based on the simplicity or complexity of the problem identified. Notifications/ Send notifications via the console or by , and include the recommended action. Dashboards/Reports: Automatically update a dashboard or generate a report with the current state of incidents in progress, assigned to appropriate personnel. Work Flows: Trigger trouble tickets with workflows assigned to the person responsible for follow through. Especially useful for the most complex and the least understood incidents. Automated Actions: Automatically invoke scripts or application programmatic interfaces (APIs), which perform specific actions such as adding a URL to the blacklist of a web gateway or update an ACL on a firewall to automatically block CnC servers. Automated actions are most applicable for frequently occurring incidents that are well understood. 5

7 Tenable Continuous Monitoring Platform Fig. 3: The Tenable Platform Continuous Monitoring of Vulnerabilities, Threats, and Compliance Tenable SecurityCenter Continuous View breaks down silos between IT, network, and security operations, and delivers actionable forensic data, asset information, and vulnerability context, to speed up incident response. The SecurityCenter Continuous View platform (depicted in Fig. 3) includes the following Tenable products and components: Nessus : is the industry s most widely-deployed vulnerability, configuration, and compliance scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, patch management integration, and vulnerability analysis. Nessus Manager provides a scalable on premise solution to manage multiple Nessus scanners. The SaaS version, Nessus Cloud adds external perimeter scanning and PCI ASV scan validation. Passive Vulnerability Scanner (PVS): is a non-intrusive network monitoring tool that discovers all devices, applications, services, and their relationships currently active on your network. It automatically pinpoints potential security risks posed by vulnerable assets and new or unknown rogue systems, including SaaS and IaaS services being accessed by users. Log Correlation Engine (LCE): collects and correlates logs from Nessus, PVS, and external sources on the network including firewalls, switches, routers, endpoints, and servers. It can also generate alerts when malware matching indicators of compromise from external threat intelligence sources (e.g., Reversing Labs and IID) are encountered. All log data is compressed and stored in an indexed file system and can be rapidly searched using keywords. SecurityCenter Continuous View (SC CV): enables continuous monitoring of vulnerabilities, threats, and compliance violations discovered by Nessus, PVS, and LCE. It provides one management console with configurable dashboards, reports, and notifications to provide a comprehensive visualization (as shown in Fig. 4 below) of a company s vulnerabilities, threats, and compliance posture. Fig. 4: SecurityCenter Executive Summary Dashboard 6

8 Benefits of the Tenable Continuous Monitoring Platform Tenable s Security Center Continuous View breaks down silos between IT, network, and security Operations and enable you to gather actionable forensic data, information about assets, and vulnerability context to speed up incident response efforts. Actionable Forensic Analytics Automatically discovers and tags 100% of assets physical, virtual, mobile, and cloud Performs audits to discover known vulnerabilities based on security policies Discovers advanced threats by scanning for indicators of compromise Continuously monitors network traffic to detect hidden attack paths and suspicious activity Speeds-up Incident Response Provides asset and vulnerability context for every incident detected Identifies residual risk with correlated vulnerability and threat data Automatically generates alerts with configurable response options manual and automated Provides actionable information in customizable dashboards and reports Use-Cases The following use cases illustrate how Tenable SecurityCenter Continuous View (SC CV) gathers accurate forensic data to detect advanced attacks and set up flexible responses to prevent security incidents and breaches. Forensic Analysis of Suspicious Activity SecurityCenter Continuous View, which includes SecurityCenter, Nessus, PVS, and LCE, can be used to track both inbound and outbound suspicious network traffic to zero in on advanced attacks. Inbound: Detect downloads of malware from an external web server and validate if an endpoint was truly compromised. Tenable PVS can be used to capture all inbound network traffic, and LCE can be used create a watchlist of internal assets that exhibit suspicious file/exe downloads from known botnets and websites, as shown in Fig. 5 below: Fig. 5: Indicators dashboard to track inbound/outbound suspicious activity Tenable Nessus can be used to scan a watchlist of assets to look for advanced malware using known Indicators of Compromise (IoC). If IoCs are found on an endpoint (as shown in Fig. 6 below), then the endpoint is confirmed to be compromised. 7

9 Fig. 6: Indicators of Compromise (IoC) found on a compromised endpoint Outbound: Detect an internal host already compromised trying to beacon out to botnet/cnc server. PVS can be used to capture an anomalous set of failed DNS queries to a known CnC server, which indicates a compromised host that is trying to beacon out to potentially exfiltrate information. Fig. 7 below depicts how such anomalies can be identified in PVS. Fig. 7: Anomalous outbound communication identified by PVS Incident Response Options SC CV allows you to set up actions for every alert. The following types of actions can be configured for each alert: Alert Sample Targeted IDS New Host Discovered Telnet Server Detected Host has a compliance failure Critical exploitable vulnerability on Windows endpoint Configurable Action NOC Launch a compliance scan Generate a report of services on host Notify compliance officer Notify appropriate systems administrator 8

10 Fig. 8 below shows a screen shot of the Alerts window with configurable options in SC CV. Fig. 8: Configurable response actions for an alert in SC CV Conclusion While enterprise IT and security teams deploy and manage an expanding array of defensive technologies, many remain challenged to detect and assess the impact of threats until long after vulnerable systems are compromised. Tenable Network Security addresses this situation with its industry-leading continuous monitoring platform - SecurityCenter Continuous View, a comprehensive solution for vulnerability, threat and compliance management. SecurityCenter Continuous View transforms organizational silos and operational processes by providing meaningful and actionable forensic analytics with which enterprises can dramatically accelerate incident response. About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View, which provides the most comprehensive and integrated view of network health, and Nessus, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, please visit tenable.com. For More Information: Please visit tenable.com Contact Us: Please us at or visit tenable.com/contact Copyright Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter and Passive Vulnerability Scanner are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners. EN-JAN V4 9

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

VULNERABILITY MANAGEMENT

VULNERABILITY MANAGEMENT Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will

More information

Eliminating Cybersecurity Blind Spots

Eliminating Cybersecurity Blind Spots Eliminating Cybersecurity Blind Spots Challenges for Business April 15, 2015 Table of Contents Introduction... 3 Risk Management... 3 The Risk Blind Spot... 4 Continuous Asset Visibility... 5 Passive Network

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Detect & Investigate Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Managing Business Risk

Managing Business Risk Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and

More information

SourceFireNext-Generation IPS

SourceFireNext-Generation IPS D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture

More information

Discover & Investigate Advanced Threats. OVERVIEW

Discover & Investigate Advanced Threats. OVERVIEW Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics

More information

Whitepaper. Advanced Threat Hunting with Carbon Black

Whitepaper. Advanced Threat Hunting with Carbon Black Advanced Threat Hunting with Carbon Black TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage Comprehensive Threat

More information

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE

Strategic Anti-malware Monitoring with Nessus, PVS, & LCE Strategic Anti-malware Monitoring with Nessus, PVS, & LCE August 2, 2012 (Revision 2) Copyright 2002-2012 Tenable Network Security, Inc. Tenable Network Security, Nessus and ProfessionalFeed are registered

More information

Endpoint Threat Detection without the Pain

Endpoint Threat Detection without the Pain WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

Enabling Security Operations with RSA envision. August, 2009

Enabling Security Operations with RSA envision. August, 2009 Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

I D C A N A L Y S T C O N N E C T I O N

I D C A N A L Y S T C O N N E C T I O N I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)

More information

The Sophos Security Heartbeat:

The Sophos Security Heartbeat: The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that

More information

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information

More information

Outcome Based Security Monitoring in a Continuous Monitoring World

Outcome Based Security Monitoring in a Continuous Monitoring World Outcome Based Security Monitoring in a Continuous Monitoring World December 2012 Ron Gula Chief Executive Officer / Chief Technology Officer White Paper Copyright 2002-2012 Tenable Network Security, Inc.

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Security Event Management. February 7, 2007 (Revision 5)

Security Event Management. February 7, 2007 (Revision 5) Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST

More information

The Symantec Approach to Defeating Advanced Threats

The Symantec Approach to Defeating Advanced Threats WHITE PAPER: THE SYMANTEC APPROACH TO DEFEATING ADVANCED........... THREATS............................. The Symantec Approach to Defeating Advanced Threats Who should read this paper For security practioners

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Advanced Threat Detection: Gain Network Visibility and Stop Malware

Advanced Threat Detection: Gain Network Visibility and Stop Malware White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

Unified Security Monitoring Best Practices

Unified Security Monitoring Best Practices Unified Security Monitoring Best Practices This white paper outlines several best practices when deploying and optimizing a USM platform to perform security and compliance monitoring for enterprise networks.

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

June 8, 2011. (Revision 1)

June 8, 2011. (Revision 1) Unified Security Monitoring Best Practices June 8, 2011 (Revision 1) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of

More information

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1) Continuous Monitoring for the New IT Landscape July 14, 2014 (Revision 1) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the New IT Landscape... 5 Tenable s Continuous Monitoring

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information

Agile Cyber Security Security for the Real World, Architectural Approach

Agile Cyber Security Security for the Real World, Architectural Approach Agile Cyber Security Security for the Real World, Architectural Approach Osama Al-Zoubi Senior Manger, Systems Engineering Fahad Aljutaily Senior Solution Architect, Security Market Trends Welcome to the

More information

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges

More information

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond Trend Micro Cloud App Security for Office 365 October 27, 2015 Trevor Richmond Too many malware incidents >90% Targeted Attacks Start with Email Attackers: Target specific companies or individuals Research

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

April 11, 2011. (Revision 2)

April 11, 2011. (Revision 2) Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

From the Bottom to the Top: The Evolution of Application Monitoring

From the Bottom to the Top: The Evolution of Application Monitoring From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

Automate PCI Compliance Monitoring, Investigation & Reporting

Automate PCI Compliance Monitoring, Investigation & Reporting Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

More information

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

February 22, 2011. (Revision 2)

February 22, 2011. (Revision 2) Real-Time Massachusetts Data Security Law Monitoring Leveraging Asset-Based Configuration and Vulnerability Analysis with Real-Time Event Management February 22, 2011 (Revision 2) Copyright 2011. Tenable

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO

More information

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management Prevent cyber attacks. SEE what you are missing. See Your Network MAPS. Prevent cyber attacks. [RedSeal] is meeting our expectations and is playing an integral role as it feeds right into our overall risk

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the

More information

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1) Configuring Virtual Switches for Use with PVS February 7, 2014 (Revision 1) Table of Contents Introduction... 3 Basic PVS VM Configuration... 3 Platforms... 3 VMware ESXi 5.5... 3 Configure the ESX Management

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro Staying Secure After Microsoft Windows Server 2003 Reaches End of Life Trevor Richmond, Sales Engineer Trend Micro Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock)

More information

Comprehensive Advanced Threat Defense

Comprehensive Advanced Threat Defense 1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Advanced Threat Protection

Advanced Threat Protection Advanced Threat Protection DR151026D December 2015 Miercom www.miercom.com Contents Executive Summary... 3 Overview... 4 Methodology... 5 Results Summary... 9 Fair Test Notification... 13 About Miercom...

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta.

Performanta Pty Ltd. Company Profile. May 2012. Trust. Practical. Performanta. May 2012 Trust. Practical. Performanta. Company Overview Performanta Pty Ltd is an information security organisation that has a practical approach, competitively priced services, strong client commitment,

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

IBM Global Technology Services Preemptive security products and services

IBM Global Technology Services Preemptive security products and services IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

WHITEPAPER. Nessus Exploit Integration

WHITEPAPER. Nessus Exploit Integration Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information

More information

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)

Continuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4) Continuous Network Monitoring for the New IT Landscape March 16, 2015 (Revision 4) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the Modern IT Landscape... 5 Tenable s Five Critical

More information

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management Prevent cyber attacks. SEE what you are missing. See Your Network MAP. Prevent Cyber Attacks. Driven by the need to support evolving business objectives, enterprise IT infrastructures have grown increasingly

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon

More information