Incident Response. Summary of Expertise and Experience

Transcription

1 Incident Response Summary of Expertise and Experience 2015 The copyright to this document is owned by Symantec. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without their prior permission.

2 Combined Expertise and Certifications Years of experience Degrees and Certifications Experience by Sector Private Sector Public Sector Patents and Process Experience 255 total years of forensic investigation experience on the delivery team, with the ability to call on an extended pool of over 1,000 security experts around the globe that are actively engaged in Managed Security Services, Security Technology and Response, and Managed Adversary & Threat Intelligence. Each incident response team member averages over 15 years of active investigation experience in the field. ACE, APMP, CCE, CCNA, CCNAS, CCNP, CCNPS, CCPF, CCSA, CCSE, CCSI, CCSK, CEH, CFCE, CHFI, CISSP, CSFA, CSTP, DOD-CCCI, EnCE, GCFA Gold, GFCW, GCFE, GCIH, GNFA, GPEN, GREM, GSEC, IACIS, MCMI, MCSE+, NSA CNSS NSTISSI #4011 and NSA CNSS CNSSI #4014, OSCP, PCI-QSA, PMP, PRINCE2, SCSA, SCSE, SFCP, J.D., M.S. in Forensics Extensive experience from founding start-up firms to international experience with the Big 4 consulting organizations. Symantec s leads have served as security consultant or analyst for many industries including: Finance Healthcare Manufacturing Entertainment and Gaming National Infrastructure Technology Retail Telco & Communications 124 combined years working in the U.S. and U.K. governments, with particular experience in: U.S. Department of Defense U.S. Department of Energy United States Naval Criminal Investigative Service U.S. Army Signals Intelligence FBI NATO U.K. National Cyber Crime Unit New Scotland Yard Computer Crime Unit Police Central e-crime Unit UK South West Regional Cyber Crime Unit Patents and Technology Automated threat intelligence across enterprise devices Machine-learning threat-intelligence feedback Dynamic malware analysis Covert/counterintelligence measures Process Collaborative incident response platforms Design for preserving and maintaining electronic evidence SCADA system architecture and defense Web applications and penetration testing

3 Leadership Special Individual Projects Malware outbreak response Incident response best practices Member of HTCIA, HTCC, CTIN, CERT, ISC(2), and other professional security forums Led primary research on the following malware: LSASS, Stuxnet, Duqu, Flamer, Elderwood Expert witnesses for criminal cases in the U.S., U.K., and Asia Developed and executed security plans for 2012 London Olympics including both physical and logical security Established and led the Computer Crime Investigation Unit in Durham, U.K. Customer Profiles and Statistics It is important not to look at each individual incident in a vacuum the same attack types are used by adversaries over and over when they have success. To anticipate possible future incidents one needs understand the patterns of these actors and learn the characteristics of the types of attacks that are currently being targeted against each organization size and type. To get a more detailed view of our most recent experience, we ve summarized all the incidents we ve triaged, investigated, and contained from January 2013 to March 2015 by vertical, by incident type, and by membership in the Fortune 500 on the following page.

4 Figure 1 Incident Response Engagements by Vertical: Jan 2013 March 2015 Healthcare 13% 13% Communications 3% 6% 14% 4% 1% 5% 14% Software Retail Financial Services Accounting 27% Telco Gaming Education Manufacturing Figure 2 Incidents by Incident Type: Jan 2013 March 2015 Virus 10% 27% 21% Web Application Attack Malware outbreak - known 17% Advanced Persistent Threat 21% 2% 2% DDoS Application Exploitation

5 Figure 3 Incidents by Fortune 500 Status: Jan 2013 March 2015

6 More Information Get help with a security incident [email protected] US Incident Response Hotline: (855) UK Incident Response Hotline: +44 (0) Visit our website Check out our Cyber Security Group blogs About Symantec Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses, and governments seeking the freedom to unlock the opportunities technology brings anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company operating one of the largest global data intelligence networks, has provided leading security, backup, and availability solutions for where vital information is stored, accessed, and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenue of $6.7 billion. To learn more go to or connect with Symantec at: go.symantec.com/socialmedia. Symantec World Headquarters 350 Ellis St. Mountain View, CA USA +1 (650) (800)