WHITE PAPER ONCE MORE INTO THE BREACH: The Top 10 Mistakes Incident Responders Make Combatting Advanced Threats SECURITY REIMAGINED
|
|
- Margaret Greer
- 8 years ago
- Views:
Transcription
1 WHITE PAPER ONCE MORE INTO THE BREACH: The Top 10 Mistakes Incident Responders Make Combatting Advanced Threats SECURITY REIMAGINED
2 CONTENTS Introduction...3 Strategic Mistakes...3 Technical Mistakes...6 Recommendations...7 Conclusion About FireEye
3 Introduction Whether they work for an up-and-coming startup or an industry giant, security response teams are under siege as never before. Today s cyber attacks are sophisticated, relentless, and devastating, costing U.S. businesses $8.9 million a year each on average. 1 Attacking in multiple stages across multiple vectors, advanced persistent threats (APTs) and other sophisticated attacks easily evade signature-based detection and other traditional defenses. The statistics are alarming. Nearly half of all IT security professionals recently surveyed by Information Security Media Group (ISMG) said they encountered malicious code in the last year that resulted in system downtime. 2 In addition, nearly two-thirds struggle to detect APTs 62 percent struggle with the speed of detection, and 44 percent struggle with the accuracy of detection. Even more worrisome: despite their feeling of cyber insecurity, only 28 percent of organizations have an incident response plan for APTs. Even fewer just one in five deemed their incident response programs very effective. Strong crisis-management skills are rare. In the frantic aftermath of a breach, crucial mistakes can prolong the attack and enable more damage. These errors tend to occur regardless of the size of the organization, the scope of the incident, or the technical savvy of the responders. Drawing on extensive front-line experience of the FireEye Labs team, this paper describes the 10 most common mistakes five strategic and five technical that incident response teams make when combatting attacks. The paper also explains the effect of these mistakes and how to avoid them with a well-defined incident response plan. Strategic Mistakes Strategic mistakes are flaws in the planning, structure, and approach to IT security. This category involves executive-level judgment and incident response in context of the larger business process. No. 1: Failing to determine the scope of an incident For many organizations, responding to a breach feels like a losing fight. They struggle with detecting and pinpointing locations of malware and, in turn, do not properly contain and repair the damage. And in most cases, after a lengthy effort to remediate the breach, they find themselves infected again. Both of these scenarios are symptoms of the same problem: not clearly understanding the threat. Many incident response teams do not understand who the threat actors are, how they are attacking, or what they are targeting. 1 Ponemon Institute Cost of Cyber Crime Study: United States. October Information Security Media Group, 2013 Incident Response Survey, July
4 This lack of knowledge leads to poor containment plans and inadequate resources assigned to a breach investigation. An organization might concentrate security in the wrong areas, for instance, or invest in the wrong skillsets for their IT security teams. Without taking the time to find patient zero (the first compromised machine) and determine how the malware spread from there, incident response teams are no wiser or resilient than when they started. No. 2: Inadequate process for handling incidents As the previously cited ISMG survey reveals, many organizations have a flawed incident response plan if they have one at all. The majority of plans reviewed by FireEye are outdated or untested, costing organizations precious time and resources when a breach occurs. Often an organization s incident response plan is simply wiping and rebuilding the infected machine. In addition to destroying potentially helpful evidence, this approach leaves organizations vulnerable to the same attack. Every response plan should have the following elements, which are explained further in the Recommendations section: Identification Classification Severity-level determination Communication Escalation Containment Remediation Reporting No. 3: Not involving executive leadership Although cyber attacks can have serious business implications including damaging your brand, losing money, and losing customers senior leaders are rarely involved in planning the incident response or overseeing the process after a breach. This critical oversight exacerbates the incident. Without a senior leader in charge, the weight of the decision-making process falls squarely on the organization s security staff, which tends to focus more on the technical aspects of an attack and fails to factor in the business impacts of their decisions. Security professionals work to fix the technical problem which often results in an incomplete response and do not take into account what the problem means for the business as a whole. Case in point: FireEye has seen incident response teams shut down the organization s Exchange server during a critical business period in a misguided effort to contain and investigate a breach. A senior leader would have considered the business impact of such a drastic move and better weighed the needs of the business against the technical requirements of the incident response. In an environment where intellectual property and customer data are among a company s most valuable assets, senior leaders can provide much-needed context and balance when responding to a breach and assessing its business impact. And if the attack spreads beyond the organization to its supply chain and other partners, executive leadership must decide whether to involve outside counsel or call emergency board meetings decisions that fall far outside the purview of the security team. 4
5 No. 4: Not considering the legal aspects Another reason to involve senior executives: the legal impact of a breach and response. Governments around the world have enacted notification and disclosure laws to protect businesses and consumers in the event of a breach. They can be complicated, varying by country and industry. In many cases, a breach also means communicating with law enforcement or regulators. Amid the urgency of containing a breach, many incident responders often overlook the legal, compliance, and notification implications of a data breach. But with customer privacy and potential civil liability at stake, chain-of-custody issues cannot be an afterthought. An incident response plan that fails to take legal issues into account could create problems that extend far beyond the breach itself. Most companies are aware of their obligations in these areas, especially those in heavily regulated sectors governed by the Food and Drug Administration (FDA), the Health Insurance Portability and Accountability Act (HIPAA), Securities and Exchange Commission (SEC) or PCI Security Standards Council. The same is true of government agencies subject to the Federal Information Security Management Act (FISMA) administered by the National Institute of Standards and Technology (NIST). But often, companies that make up the supply chain for these industries do not consider their responsibilities under these same rules. Incident responders must understand how the breach affects not only the targeted organization, but its partners, suppliers, and other stakeholders as well. Even when an organization recognizes these requirements, it often defers them until after the breach is contained and remediated too late to correct any problems with how the team handled and preserved evidence along the way. Instead, organizations should weave the legal aspects of a breach into their incident response from the start. The incident response plan must spell out howthe organization will handle evidence, document procedures, and promptly notify appropriate stakeholders. No. 5: Failing to communicate Communicating is always important and absolutely critical during the high-pressure, fast-moving setting of a data breach. If incident responders do not communicate with each other and with management, the situation can deteriorate quickly. The keystone of good communication in a breach is a daily, mandatory status meeting that includes all critical teams involved in the incident response. This meeting is particularly crucial for teams working in shifts; the status meeting doubles as a handoff meeting to coordinate efforts. Organizations should also notify end users about the incident response where appropriate, including those users responsibilities and how the incident response might affect them. For instance, say the incident response team needs a particular user s computer for forensic analysis. Letting the user of that machine know beforehand can minimize work disruption. As vital as open communication is to an incident response, the opposite is equally important Organizations must tightly control what information they convey, and to whom and ensure that all communication is secure. Technical Mistakes 5
6 Technical Mistakes Technical mistakes are flaws in execution the on-the-ground activity of an organization s IT security team when preparing for and responding to a breach. Even the best strategies will fail without the technical expertise required to discover, analyze, and root out today s advanced threats. No. 1: Not understanding the mechanics of the threat The strategic mistake of not appreciating the full scope of an incident, discussed earlier in this paper, has a counterpart: the technical mistake of failing to grasp operational details of the threat itself. Organizations tend to underestimate the impact of a breach, not fully understanding the complete scope of the incident or what points of entry were compromised. Pinpointing advanced malware on a system requires knowing the answers to these questions: How does the malware survive a reboot? This capability helps the malware achieve persistence on individual machines. How does the malware move laterally within your IT environment? This ability helps with reconnaissance, finding the organization s crown jewels, and achieving persistence in the network. How does the malware communicate beyond your network? This capacity enables the malware to receive instructions from command-andcontrol (CnC) servers and exfiltrate valuable data. What are the typical stages of APTs? The multiple stages of an APT make attacks more difficult to detect and block. How does the malware exploit vulnerabilities in the targeted system? Detecting the initial exploit is critical because subsequent stages of the attack are usually encrypted or obfuscated. Unless an organization spends enough time analyzing an attack, the answers are likely to be absent or incorrect. And flawed conclusions usually lead to flawed countermeasures and a failure to truly contain and remediate the threat. No. 2: Incomplete infrastructure awareness You would never hire bodyguards and forget to tell them whom they are supposed to be protecting. And yet many organizations take the same approach to their IT security. Incident responders often have an outdated or incomplete layout of their networks. They have not identified their most valuable assets, where mission-critical assets are located, or what activity is regularly logged on their system. In today s hectic business climate, keeping this information up to date is not always easy. Growth, mergers, acquisitions, and constantly changing technology mean constant flux for organizations infrastructure. Further complicating matters, many organizations outsource both IT and security functions and use tightly interconnected supply chains. This requires even better communication and correlation so key members of the incident response team have an accurate picture of the infrastructure and who is responsible for different pieces of it. For example, suppose a company outsourced its helpdesk, and that vendor in turn outsourced its IT operations. Mapping out the system and the various roles and responsibilities of the staff involved in each component becomes especially complicated. That complexity makes having a full awareness of your organization s points of presence, the location of sensitive data, and outsourced infrastructure all the more vital.
7 No. 3: Not monitoring internal network traffic In most cases, malware moves laterally across IT systems to reach a specific target once it has breached the organization s outer network defenses. Unless you know what is moving around in your network, your system is like a soft-boiled egg to attackers a hard shell with a delicate interior. Unfortunately, few organizations have adequate network-capture capabilities to monitor network activity, leaving them blind to malware movement within their own network. Monitoring activity on your network s perimeter is always important. But it is not enough against today s advanced threats. Internal monitoring is essential. No. 4: Failing to log No organization enjoys logging network traffic and other IT activity. Often a thankless task, logging has traditionally been cumbersome, expensive and until a breach occurs a low priority. But without these logs, detailed forensics are difficult, if not impossible. Investigators simply have nothing to examine: no trail of clues to follow, no behavioral patterns to analyze, no timeline to reconstruct. When it comes to incident response, logging is a fundamental requirement. The good news is that the chore is becoming easier and more economical. Today s modern logging tools make centralized logging a snap to implement. Moreover, the per-byte cost of data storage continues to plunge. Security professionals today have fewer hindrances to this vital task. Advanced security information and event management tools can not only aggregate your system logs, but help correlate information gathered from a range of security tools in your arsenal. No. 5: Not leveraging existing tools Your organization may genuinely prioritize IT security and even back up that commitment with the most sophisticated, cutting-edge cyber defense systems in the industry. But unless those systems are implemented effectively, even the most modern security defenses will not strengthen your incident response. Many organizations have security tools in place, including the FireEye platform. But a lack of training and management hinders their defensive capabilities. When working with customers on-site to optimize their security systems, FireEye often finds poor integration of customers existing security tools such as firewalls, network intrusion protection, host-based intrusion protection, anti-virus (AV) software, and other systems. A network tool may not communicate with endpoint-based security, for example. Or a logging tool may not be set up to identify the lateral spread of malware. Recommendations The best way to avoid these 10 common mistakes is to have a robust and tested incident response plan. Every organization should have a plan with a clear, consistent workflow. That plan should have clearly defined roles, a comprehensive communication strategy, and executive-level involvement for a big-picture view of cyber threats and the potential business and legal impacts of a breach. At the same time, incident response teams must comprehend the full scope of the threat from both a technical and business perspective. They should document their IT infrastructure and know where their most critical assets are. And they must leverage tools already in place to monitor both external and internal traffic, maintain detailed logs of activity, and make sure the individual components of their defense systems are working together as an integrated whole. 7
8 of a security team to quickly and accurately identify a security event from the first indicator of compromise. This feat requires competent security controls and a mature monitoring capability. Classification When a security event occurs, classify it into one of several event types. To ensure that events are categorized in a consistent manner, make sure everyone understands and acknowledges those categories. We recommend no more than 10 event types. The following examples, which classify incidents by attack vector, are taken from the National Institute of Standards and Technology 3 : External/removable media Attrition Theft or loss of digital assets Improper usage Loss or theft of equipment Other Severity-level determination Once you have identified and classified an event, assign it a severity level. This step determines the appropriate communication and escalation tracks. We recommend no more than five severity levels. Examples include: Investigation (blue) Level 0 Minor (yellow) Level 1 Elevated (orange) Level 2 Serious (red) Level 3 3 NIST. Computer Security Incident Handling Guide. August
9 Communication Communication is the backbone of incident response planning. The communication plan is usually broken down into two areas: internal and external. Internal communication deals with two questions: who in the organization is notified during a security incident, and how are they notified. The answers depend on the incident type and severity level. We recommend creating a communication flow diagram for each incident type and severity level. Also, put rules in place to control who communicates with whom during an incident to ensure that all information circulates on a need-to-know basis. External communication deals with exchanging incident information with outside organizations. These entities can include vendors, contractors, law enforcement, media agencies, regulatory groups, law firms, and others. Organizations must tightly control all external communication. FireEye recommends funneling all external communications through experts such as marketing, public relations, legal, and so on. Do not allow incident handlers to connect with external groups directly without oversight from the external communications team. Escalation Escalation is a predefined, formalized communication and response process that spells out how to notify and activate the incident responders. The escalation plan is always based on the incident type and severity level. For example, each plan should identify when the Computer Security Incident Response Team (CSIRT) is activated. The goal is ensuring that the appropriate resources the optimal number of people with the relevant skills are assigned to respond to an incident. Containment Containment refers to security countermeasures to stop an immediate threat. It is always focused on stopping the threat, not fixing the damage. For example, if an incident involves a serious malware outbreak, containment is the effort required to identify the threat, stop it from spreading, and ensure that the malware cannot communicate outbound. Remediation Remediation refers to restoring systems and services to their pre-incident state and implementing longerterm countermeasures to avoid similar attacks in the future. With traditional malware, containment and remediation could be combined in a blended process. But advanced malware is much more sophisticated, and today s threat actors typically embed themselves into your organization. That is why FireEye recommends a two-phased approach to incident response: focus on containment first, remediation second. Reporting Reporting is the final phase of an incident response. It involves creating a detailed incident report to use internally, plus the external notifications and reporting required for regulatory or industry-specific mandates. Use the reporting phase to re-evaluate the incident response plan. Conduct a post-mortem review, and define and implement any improvements or changes. 9
10 Conclusion In today s threat landscape, cyber attacks are a given. Threat actors are targeting your organization, their attacks are more sophisticated, and how you respond to a growing deluge of incidents has never been more critical. Avoiding key strategic and technical mistakes can mean the difference between successfully fending off attacks or becoming the next headline. For insightful incident response, organizations need an effective process and the right tools to fully understand attacks and respond to them in a timely and accurate manner. To find out about how FireEye can help your organization strengthen its incident response plan, visit our website at threat-protection-platform.html. About FireEye FireEye has invented a purpose-built, virtual machine-based security platform that provides realtime threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors, including Web, , and files and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,000 customers across more than 40 countries, including over one-third of the Fortune 100. FireEye, Inc McCarthy Blvd. Milpitas, CA FIREEYE ( ) info@fireeye.com FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. WP.TOP10.EN-US
What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape
What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape Contents Introduction 2 Many SMBs Are Unaware Of Threats 3 Many SMBs Are Exposed To Threats 5 Recommendations
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationProtecting Your Data, Intellectual Property, and Brand from Cyber Attacks
White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationCybersecurity Strategies for Small to Medium-sized Businesses
White Paper Cybersecurity Strategies for Small to Medium-sized Businesses Cyber Attacks Threaten Customer Data and Intellectual Property White Paper Contents Traditional Security Measures Fail Against
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationBig Threats for Small Businesses
White Paper Big Threats for Small Businesses Five Reasons Your Small or Midsize Business is a Prime Target for Cybercriminals White Paper Contents Introduction 3 Today s Attacks Target Small and Midsize
More informationThe Advanced Cyber Attack Landscape
The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationSecuring Cloud-Based Email
White Paper Securing Cloud-Based Email A Guide for Government Agencies White Paper Contents Executive Summary 3 Introduction 3 The Risks Posed to Agencies Running Email in the Cloud 4 How FireEye Secures
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationWhite Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks
White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets
More informationThe Numbers Game: An in-depth look at alert management in Europe. security Reimagined
S P E C I A L R E P O R T The Numbers Game: An in-depth look at alert management in Europe security Reimagined Contents Introduction 3 Executive Summary 4 IT Security Spending 5 Alert Management 6 Managing
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.
More informationSpear Phishing Attacks Why They are Successful and How to Stop Them
White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationWhite Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders
Emergency Incident Response: 10 Common Mistakes of Incident Responders Table of Contents This white paper was written by: Michael G. Spohn Principal Consultant McAfee Foundstone Professional Services Incident
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationRedefining Incident Response
Redefining Incident Response How to Close the Gap Between Cyber-Attack Identification and Remediation WHITE PAPER - How to Close the Gap Between Cyber-Attack Identification and Remediation 1 Table of Contents
More informationChoose Your Own - Fighting the Battle Against Zero Day Virus Threats
Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats 1 of 2 November, 2004 Choose Your Weapon: Fighting the Battle against Zero-Day Virus Threats Choose Your Weapon: Fighting the Battle
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationSecuring Your Business with DNS Servers That Protect Themselves
Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationTop 5 reasons incident response is failing. kpmg.com
Top 5 reasons incident response is failing kpmg.com b Top 5 reasons incident response is failing Introduction The Incident Response function within an organization is responsible for assessing the integrity
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationREPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED
REPORT FIREEYE ADVANCED THREAT REPORT 1H 2012 SECURITY REIMAGINED CONTENTS Inside This Report...3 Executive Summary...3 Finding 1 Explosion in Advanced Malware Bypassing Traditional Signature-Based Defenses...4
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationCFO Changing the CFO Mindset on Cybersecurity
CFO Changing the CFO Mindset on Cybersecurity What CFOs don t know can hurt their bottom line Despite increasing cybersecurity involvement, too many CFOs still lack the cyber-savvy necessary to get ahead
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationAdvanced Cyber Threats in State and Local Government
RESEARCH SURVEY Advanced Cyber Threats in State and Local Government January 2014 SHUTTERSTOCK UNDERWRITTEN BY: Section 1: Executive Overview In the past, scattershot, broad-based attacks were often more
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationFireEye Advanced Threat Report 1H 2012
FireEye Advanced Threat Report 1H 2012 FireEye, Inc. FireEye Advanced Threat Report 1H 2012 1 Advanced Threat Report Contents Inside This Report 2 Executive Summary 2 Finding 1 3 Explosion in Advanced
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationSecuring Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS/DHCP servers by intelligently recognizing various attack types and dropping attack traffic while responding only to
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationBy John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION
THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationWeb Protection for Your Business, Customers and Data
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
More informationFireEye App for Splunk Enterprise
FireEye App for Splunk Enterprise FireEye App for Splunk Enterprise Documentation Version 1.1 Table of Contents Welcome 3 Supported FireEye Event Formats 3 Original Build Environment 3 Possible Dashboard
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationNetwork Security Redefined. Vectra s cybersecurity thinking machine detects and anticipates attacks in real time
Network Security Redefined Vectra s cybersecurity thinking machine detects and anticipates attacks in real time Table of Contents Executive Overview 3 Relying on Prevention is Not Enough 4 Four Reasons
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationUnknown threats in Sweden. Study publication August 27, 2014
Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationSecurity Intelligence
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationA Modern Framework for Network Security in the Federal Government
A Modern Framework for Network Security in the Federal Government 1 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Trends in Federal Requirements for Network Security In recent years,
More informationCloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?
A Cloud Security Primer : WHAT ARE YOU OVERLOOKING? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationReinventing Network Security Vectra s cyber-security thinking machine delivers a new experience in network security
White Paper Reinventing Network Security Executive Overview Organizations are under constant attack from high-volume opportunistic threats and the less-frequent, but highly targeted attacks. Damage ranges
More informationDUUS Information Technology (IT) Incident Management Standard
DUUS Information Technology (IT) Incident Management Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-E 1.0 Purpose and Objectives Computer systems
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More information