Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
|
|
- Kelly Parrish
- 8 years ago
- Views:
Transcription
1 Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1
2 ! Why/How security investments need to shift! Key functions of a Security Operations Center! Intersection of Visibility, Intelligence, and Management Agenda 2
3 Traditional Security Is Not Working 99% of breaches led to compromise within days or less with 85% leading to data exfiltration in the same time 85% of breaches took weeks or more to discover Source: Verizon 2012 Data Breach Investigations Report 3
4 Advanced Threats Are Different 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time Attack Identified Response 1 Decrease Dwell Time 2 Speed Response Time 4
5 Present Reality The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him. - Sun Tzu, The Art of War 5
6 The Adversary NATION STATE ACTORS Nation states Government, defense contractors, IP rich organizations, waterholes CRIMINALS Petty criminals Unsophisticated, but noisy Organized crime Organized, sophisticated supply chains (PII, PCI, financial services, retail) NON-STATE ACTORS Insiders Various reasons, including collaboration with the enemy Cyber-terrorists / Hacktivists Political targets of opportunity, mass disruption, mercenary 6
7 Online Trust Alliance Guide to Data Protection and Breach Readiness (2013)! 2,644 Breaches! 267 Million Records! $5.5M cost per Breach! $194 cost per Record! 99% records lost due to external hacking! 97% of data breach incidents were avoidable 7
8 Verizon Breach Report (2013) Highlights! Victims 37% financial 24% retail & restaurants 20% manufacturing! Perpetrators 92% outsiders 19% state-affiliated actors! Mode 76% exploit weak/ stolen credentials 75% financially motivated! Discovery 69% by external parties 66% took months or more to discover 8
9 Verizon Report Recommendations! Eliminate unnecessary data! Collect, analyze, share Incident data Threat intelligence! Focus on better and faster detection! Evaluate threat landscape 9
10 The Environment ~ 2,000 security devices ~55M security events per hour ~60K employees 350 sites 85 countries Core Intellectual Property 10
11 Security Is Becoming A Big Data Problem! More determined adversary means more data needed to identify attacks! More complex IT environment means even simple attacks can hide in plain sight! Security professionals are struggling to keep up 1 40% of all survey respondents are overwhelmed with the security data they already collect 35% have insufficient time or expertise to analyze what they collect 1 EMA, The Rise of Data-Driven Security, Crawford, Aug 2012 Sample Size =
12 Today s Security Requirements Big Data Infrastructure Need a fast and scalable infrastructure to conduct short term and long term analysis High Powered Analytics Give me the speed and smarts to discover and investigate potential threats in near real time Comprehensive Visibility See everything happening in my environment and normalize it Integrated Intelligence Help me understand what to look for and what others have discovered 12
13 Basic Security Operations.vs. Incident Response Security Operations Critical Incident Response Adds, moves and changes, security questions, password changes, device health, etc. Respond to security incidents, investigate suspicious behavior, conduct vulnerability analysis, malware analysis, threat management, etc. 13
14 Desired State Protect organizational mission Evolve with the threat environment Operational efficiencies & best practices Process Technolog y People 14
15 What SOC/CIRCs Need: BROAD VISIBILITY & DETECTION Fusing together massive amounts of telemetry data & threat intelligence to detect even the most advanced attacks CONTEXT Knowing which IT assets are important and the location of sensitive data drives investigative efficiency and prioritization FAST INVESTIGATIONS Complete investigations in minutes versus hours REMEDIATION & OPERATIONS MANAGEMENT Workflow driven incident response and SOC/CIRC operations management 15
16 Critical SOC/CIRC Elements! Breach readiness/response services! SOC design/optimization services! Anomaly detection! Sensitive data discovery! IT asset information! Threat intelligence! Fast investigations! Malware analytics! Incident management! SOC operations management! Compliance reporting 16
17 Introducing the RSA Solution Integrated yet modular solution for improving cyber defenses! Services of the RSA ACD Practice! RSA Security Analytics! RSA Live/RSA FirstWatch! RSA ECAT! RSA Data Discovery (DLP)! RSA Archer for security operations 17
18 Security Operations Management Domain Process People Orchestration Technology Security Operations Management Incident Management Threat Intelligence Management Breach Management SOC Program Management Business-driven SOC Management IT Security Risk Management 18
19 Integration and Context are Essential People, Process and Technology in a single Operational Model Controls A/V IDS / IPS Logs Firewall/VPN SIEM Platform Alerts Visibility & Management RSA SecOps Business Context Context Line of Business Owner Policy Proxy Packets Incident, Breach & SOC Mgmt Risk Context Assessments Criticality Vulnerability Host File DLP Alerts Alerts Threat Context Subscriptions Community Open Source Device Administrators Workflow automation, rules, alerts & reports Tier 1 Triage Tier 2 Forensics Tier 3 Malware Threat Analysis Data Warehouse Ticketing System Administration Content Intelligence Analytic Intelligence Threat Intelligence IT Expertise 19
20 Should be a 2 minute investigation for a SOC!! Received by 1046 EMC employees! 17 employees clicked on the link within! Two people clicked through our security warning 20
21 RSA Security Analytics If you remove the hay, only needles remain All Network Traffic & Logs Terabytes of data 100% of total Downloads of executables Thousands of data points 5% of total Type does not match extension Hundreds of data points 0.2% of total! Create alerts to/from critical assets A few dozen alerts 21
22 Security Visibility Architecture Enrichment Data Logs Packets DISTRIBUTED COLLECTION EUROPE NORTH AMERICA ASIA REAL-TIME WAREHOUSE THE ANALYTICS Reporting and Alerting Investigation Malware Analytics Administration Complex Event Processing Correlation Metadata Tagging Incident Management Asset and Data Criticality Endpoint Visibility LONG-TERM RSA LIVE INTELLIGENCE Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 22
23 Integrated Intelligence Know What To Look For RSA LIVE INTELLIGENCE SYSTEM Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions Gathers advanced threat intelligence and content Aggregates & consolidates data Automatically distributes correlation rules, blacklists, parsers, views, feeds OPERATIONALIZE INTELLIGENCE: Take advantage of what others have already found and apply against your current and historical data 23
24 Endpoint Forencsics Server Agent Supports Windows, 32/64-bit Full system inventory Identify all executables, DLL s and drivers Agent status via UDP, full report via SSL Unknown files sent to repository, scanned and analyzed Global repository of scan results ECAT Server 24
25 Complete Endpoint & Network Visibility RSA ECAT & RSA Security Analytics RSA Security Analytics Capture & Analyze Packets, Logs & Threat Feeds Syslog alert of high Machine Suspect Levels RSA ECAT Directly query SA from ECAT! Advanced threat detection on endpoints! Complete network and endpoint visibility! Faster investigations to shorten attacker dwell time Detect suspicious endpoint activity 25
26 Data Discovery Discover sensitive data & improve investigations with DLP SharePoint File Servers Databases RSA Data Discovery Data Discovery Feed NAS/SAN Endpoints RSA Security Analytics Content-level Intelligence Security Analyst 26
27 Data Discovery for Visibility Data Discovery provides context Data Discovery attributes available in SA Investigation UI help Security Analysts identify high risk assets and prioritize investigations 27
28 People & Process Technology requires talent and discipline 28
29 Security Operations Management User Personas Security Operations Management Threat Intel Analyst L1 Analyst L2 Analyst SOC Analysts Incident Management Threat Intelligence Management SOC Manager Persona Driven Design CISO/CSO SOC Management Breach Management SOC Program Management Business-driven SOC Management CIO Business Mgr. Privacy Officer Compliance Legal HR Cross Functional Teams IT Security Risk Management 29
30 RSA Archer Security Analytics RSAIntelligence Security Analytics + RSA ECAT RSA Live +for RSA Security Analytics RSA Security + RSA Archer for Security RSA Data Discovery/RSA DLP! Team & + Shift Management! Open/All Source Actor Attribution! KPI Monitoring Tier 2 Analyst! Attack Sensing & Warning CLICK FOR DETAILS! Incident Queue Management! Social Media Tier 1 Analyst! Reporting & Business Impact CLICK FOR DETAILS! High Value Target (HVT) Analysis! Eyes-on-Glass Reverse Malware Engineering!! Integration! Event Triage Host & Development Network Forensic!! Content! Preliminary Investigation Threat Intelligence Analyst CLICK FOR DETAILS Cause & Origin Determination!! Reporting! Incident Containment Dataand Exfiltration Evaluation!! Alert Rule Creation! 24x7 Coverage Analysis & Tools Support Analyst CLICK FOR DETAILS SOC Manager CLICK FOR DETAILS 30
31 Critical Results! The Ability to Measure Event time to Assignment to Escalation to Resolution Average time to closure! Scan every image file for.exe content! 55M events per hour become 2-3K incidents per month 90 incidents for 94 person hours per day! Time to closure is now about 1 day! Program can Scale 31
32 CIRC Dashboard! Multiple metrics! Live Data! Tracked by analyst! One-click access to incidents 32
33 CIRC Dashboard! Average Time to Close Low Medium High! Incident Totals by Month 3521 DEC, JAN, FEB, MAR, APR,
34 CIRC Dashboard! Common Threats 34
35 CIRC Dashboard! Events Per Day 35
36 Advanced Cyber Defense Program NextGen SOC Design & Implementation Security Operations Management Vulnerability Risk Management Cyber Threat Intelligence Incident Response Strategy & Roadmap Readiness, Response & Resilience 36
37 A journey with many intersections Networking Policy Analytics Log Data Intelligence Alerting Staffing Cloud Facilities Big Data Baselining Access Controls Reporting Workflow 37
38 Thank you!
After the Attack. The Transformation of EMC Security Operations
After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA
More informationThe session is about to commence. Please switch your phone to silent!
The session is about to commence. Please switch your phone to silent! 1 Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2 TRUST? Years to earn, seconds to break 3 Market
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationGetting Ahead of Advanced Threats
Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil Territory Manager Israel & Greece 1 Threats are Evolving Rapidly Criminals Petty criminal s Unsophisticated Organized
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationThe Future of the Advanced SOC
The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why
More informationThe Next Generation Security Operations Center
The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationJoining Forces: Bringing Big Data to your Security Team
Joining Forces: Bringing Big Data to your Security Team Alaa Abdulnabi, CISSP RSA Regional Pre-Sales Manager Turkey, Middle East & Africa @AlaaAbdulnabi 1 Facteurs de mutation du marché Appareils mobiles
More informationDetect & Investigate Threats. OVERVIEW
Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationRashmi Knowles Chief Security Architect EMEA
Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationUsing Network Forensics to Visualize Advanced Persistent Threats
Using Network Forensics to Visualize Advanced Persistent Threats Dale Long, Sr. Technology Consultant, RSA Security 1 The Problem 2 Traditional Security Is Not Working 99% of breaches led to compromise
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationBest Practices to Improve Breach Readiness
Best Practices to Improve Breach Readiness Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC http://blog.emc2.de/trust-security @RobtWesGriffin 1 Security Breaches 2 Security
More informationDiscover & Investigate Advanced Threats. OVERVIEW
Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics
More informationBernard Montel Directeur Technique RSA. Copyright 2012 EMC Corporation. All rights reserved.
Bernard Montel Directeur Technique RSA 1 RSA Security Management Compliance Vision Delivering Visibility, Intelligence and Governance 2 Traditional Security Is Not Working 99% of breaches led to compromise
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationRSA Security Analytics the complete approach to security monitoring or how to approach advanced threats
RSA Security Analytics the complete approach to security monitoring or how to approach advanced threats Grzegorz Mucha grzegorz.mucha@rsa.com Advanced Threats Threat Landscape Criminals Petty criminals
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationA New Perspective on Protecting Critical Networks from Attack:
Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationBIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY
BIG DATA CHANGING THE REALM OF POSSIBILITY IN SECURITY Shaun McLagan General Manager, RSA Australia and New Zealand 1 Things have changed #2 Buzz word 2012 Big Data only behind something called Fiscal
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationData Science Transforming Security Operations
SESSION ID: STR-W03 Data Science Transforming Security Operations Alon Kaufman Ph.D. Director Data Science & Innovation RSA Agenda Transforming Security Operations with Data Science The Vision: Where we
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationDealing with Big Data in Cyber Intelligence
Dealing with Big Data in Cyber Intelligence Greg Day Security CTO, EMEA, Symantec Session ID: HT-303 Session Classification: General Interest What will I take away from this session? What is driving big
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationSECURITY MEETS BIG DATA. Achieve Effectiveness And Efficiency. Copyright 2012 EMC Corporation. All rights reserved.
SECURITY MEETS BIG DATA Achieve Effectiveness And Efficiency 1 IN 2010 THE DIGITAL UNIVERSE WAS 1.2 ZETTABYTES 1,000,000,000,000,000,000,000 Zetta Exa Peta Tera Giga Mega Kilo Byte Source: 2010 IDC Digital
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationInformation Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC
Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationSecurity Operations. Key technologies for your Security Operations Center. Davide Veneziano - RSA Technology Consultant
Security Operations Key technologies for your Security Operations Center Davide Veneziano - RSA Technology Consultant 1 The evolving threat landscape The right route towards a SOC model The RSA advanced
More informationMucho Big Data y La Seguridad para cuándo?
Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationCHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics
CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a
More informationPalo Alto Networks. October 6
Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationHP ArcSight User Behavior Analytics
Insider Threat HP ArcSight User Behavior Analytics Application Misuse Sensitive Data Access Hakan Durgut ArcSight Specialist Nordics/Baltics 1 The insider threat challenge IT Security focus in on the external
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationState of SIEM Challenges, Myths & technology Landscape 4/21/2013 1
State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 Introduction What s in a name? SIEM? SEM? SIM? Technology Drivers Challenges & Technology Overview Deciding what s right for you Worst
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDYNAMIC DNS: DATA EXFILTRATION
DYNAMIC DNS: DATA EXFILTRATION RSA Visibility Reconnaissance Weaponization Delivery Exploitation Installation C2 Action WHAT IS DATA EXFILTRATION? One of the most common goals of malicious actors is to
More informationFuture Threat Landscape - How will technology evolve and what does it mean for cyber security?
James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationLeading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA
Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationAdvanced Persistent Threats
Advanced Persistent Threats Craig Harwood Channel Manager SADC and Indian Ocean Islands 1 Agenda Introduction Today s Threat landscape What is an Advance persistent Threat How are these crimes perpetrated
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationInformation-driven Security and RSA Security Analytics and RSA ECAT
White Paper Information-driven Security and RSA Security Analytics and RSA ECAT By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by RSA, The Security Division
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More informationThe Five W's of SOC Operations. Kevin Young, @IT3700
The Five W's of SOC Operations Kevin Young, @IT3700 Thank you Todd Thanks to Randall Munroe https://xkcd.com/838/ Overview Introduction Five W s of SOC Operations When do I need a SOC? Readiness What exactly
More informationOffice 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.
Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information
More information