Using Big Data to Align IT Security with Business Risk Mark Seward, Senior Director, Security and Compliance
|
|
- Erik Nelson
- 8 years ago
- Views:
Transcription
1 Copyright 2013 Splunk, Inc. Using Big Data to Align IT Security with Business Risk Mark Seward, Senior Director, Security and Compliance
2 Legal Notices During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, the engine for machine data is a registered trademarks or trademarks of Splunk Inc. and/or its subsidiaries and/or affiliates in the United States and/or other jurisdictions. All other brand names, product names or trademarks belong to their respective holders Splunk Inc. All rights reserved. 2
3 A little about Splunk Over paying 5200 customers Over 300 free apps and templates Over 2300 security use case customers Half of all Fortune 100 companies are customers Named #1 in Big Data and Named #4 Most innovative company in the world by Fast Company Magazine 3
4 According to the Verizon Data Breach Investigations Report (DBIR), 92% of breaches are made public by someone other than the one who s been breached. An indictment of SIEM technologies - only 1% of breaches are detected by log analysis. WHY? 4
5 The Way Cyber Adversaries Think Where is the most important and valuable data? What s the typical patch cycle for applications and operating systems? What are the typical security defenses? How does the IT team prioritize vulnerabilities? What structural information silos that exist for the security team? Who in the organization has access to the most valuable data and credentials I can steal? Are normal IT service user activities routinely monitored and correlated? 5
6 Attack Vectors Have Gotten Personal 50% of Attacks based on compromised passwords. Are your security systems able to detect evil authenticated users? 6
7 Where s evidence of the attack? In log data most companies already have Many of these companies had a SIEM So if I have log data and a SIEM, why am I still breached Verizon Data Breach Report
8 The Way Some Security Folks Think I hope my AV, IPS, Firewall, (name your technology) vendor catches these guys. I have 300 rules on my SIEM. One of them will catch the attacker. Attackers know that if you have a static correlation engine, you are likely trusting it, and because often "No news is good news" 8
9 Why the Disconnect Between Attacker and Security Professional? Vendors have convinced security folks -- the reactive approach is the only approach Solutions don t reinforce skills -- SIEMs don t nourish the security person s inner hacker Security persons have been taught a data reduction strategy compromises data fidelity and limits investigations Current SIEMs can t accept enough data for long term pattern analysis Security folks see an attack as an event when its actually a process 9
10 Security has out grown the traditional SIEM Security Relevant Data Security Relevant Data (IT infrastructure logs / Physical Security / Communication systems logs / Application data / non-traditional data sources) Normal user and machine generated data credentialed activities unknown threats are behavior based require analytics SIEM Known events as seen by current security architecture vendor supplied hampered by lack of context 10
11 Current Architecture Issues Traditional SIEM Must Fit a Schema Selective Supported Raw Data Mostly traditional security data Correlation Reporting Data Discard Leak Data Reduction Model 11
12 The amount of data generated only gets bigger Volume Velocity Variety Variability Fastest growing, most complex, most valuable area of big data GPS, RFID, Hypervisor, Web Servers, , Messaging Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Stunt and Zeus mark the beginning of industrial, vertical attacks coming from machine data 12
13 What Does Machine Data Look Like? Sources Patient Portal Middleware Error Care IVR Community 13
14 What Does Machine Data Look Like? Sources Patient ID Patient Portal Middleware Error Time Waiting On Hold Patient ID Care IVR Patient ID Community ID Community 14
15 Text Based Search Time Index Ingestion Text Base Search Nested Search Cross Data-type Search Apend Abstract Cluster Bucket Multikv Scrub Join Rare The Love Child of Google and Excel + Over 150 data manipulation and visualization commands Statistical Analysis Cluster Associate Stats AVG Transaction Addtotals Delta Eval Stddev Rare Outlier Streamstats Timechart Copyright 2012, Splunk Inc. 15
16 Moving to a data inclusion model Specific behavior based pattern modeling for humans and machines Based on combinations of: Location Role Data/Asset type Data/Asset criticality Time of day Action type Action length of time No up front normalization Time-indexed Data Analytics and Statistics Commands Correlation Pattern Analysis Data Inclusion Model 16
17 New way of thinking: The big data security process The true sign of intelligence is not knowledge but imagination. A. Einstein 17
18 The new weapons of a security warrior Creativity + + Imagination 18
19 Using Statistical Analysis Action Phase Source Search Type SQL Injection Infiltration WebLogs Password Brutes Infiltration Auth Logs DNS Exfil Exfiltration DNS logs/fw Logs Outlier and exception Outlier and exception Outlier and exception Splunk Search len(_raw) +2.5stddev short delta _time count +2.5stddev Why Hacker puts SQL commands in the URL; URL length is standard deviations higher than normal Automated password guessing tools enter credentials much faster than humanly possible Hackers exfiltrate the data in DNS packet; standard deviations more DNS requests from a single IP Web Crawling Reconnaissance Web/FTP Logs Outlier and exception count(src_ip) +2.5stddev Web crawlers (copying the web site for comments, passwords, addresses, etc) will be the source IP behind page requests standard deviations higher than normal Port Knocking Exfil/CnC Firewall Outlier and exception Count outbound (deny) by ip Threat does inside-out port scan to identify exfiltration paths Copyright 2012, Splunk Inc. 19
20 A Process for Using Big Data for Security: Identify the Business Issue What does the business care about? What could cause loss of service or financial harm? Performance Degradation Unplanned outages (security related) Intellectual property access Data theft 20
21 A Process for Using Big Data for Security: Construct a Hypothesis How could someone gain access to data that should be kept private? What could cause a mass system outage does the business care about? What could cause performance degradation resulting in an increase in customers dissatisfaction? 21
22 A Process for Using Big Data for Security: It s about the Data Where might our problem be in evidence? For data theft start with unauthorized access issues Facility access data, VPN, AD, Wireless, Applications, others Beg, Borrow, SME from system owners 22
23 A Process for Using Big Data for Security: Data Analysis For data theft start with what s normal and what s not (create a statistical model) How do we normally behave? What patterns would we see to identify outliers? Patterns based on ToD, Length of time, who, organizational role, IP geo-lookups, the order in which things happen, how often a thing normally happens, etc.
24 A Process for Using Big Data for Security: Interpret and Identify What are the mitigating factors? Does the end of the quarter cause increased access to financial data? Does our statistical model need to change due to network architecture changes, employee growth, etc? Can we gather vacation information to know when it is appropriate for HPA users to access data from foreign soil. What are the changes in attack patterns? 24
25 Short form - Example The Steps Business Issue Construct one of more hypothesis (team creativity required) Gather data sources and expertise The Response Service degradation causes monetary damage and customer satisfaction issues. Unwanted bots can degrade service and steal content. What combinations of data would be considered definitive evidence? What might be the first signs of trouble? List all data in which this might be reflected. Determine the analysis to be performed Interpret the results Determine the types of data searches appropriate and automation requirements Do the results represent false positives of false positives or false negatives? Are there good bots and bad bots? Copyright 2012, Splunk Inc.
26 Big Data Platform: Insight for Business Risk App Monitoring Data Security Data IT Operations Data LDAP, AD Watch Lists Distribution System Data Business Process Data Business Risk and Security Security & Compliance IT Operations Management Business Analytics Web Intelligence Application Monitoring 26
27 Looking Beyond IT for Business Risk Manufacturing Parts/Ingredients (RFID) Data Raw Materials Data Shipping Data (when/who loaded the truck) Facility Security Data Personnel Data Industrial Control System Data HVAC data Distribution Monitoring Data (GPS) Point of Sale Data Traditional IT Data 27
28 What manufacturing questions could you ask of Splunk? Is the product quality compromised due to an increase in ambient temperature in the plant? What pattern of user activity did we see before they attacked the website? Who is accessing company data from outside the company but is sitting at their desk? Are the large file exchanges between these two employees normal? Who is stealing company property? What s the real-time ongoing drop off rate in sales after a specific sales promotion ends? Are there employees that surf to the same website at exactly the same time every day? Are terms like virus, bot, and Anonymous trending upward on twitter? 28
29 Why Big Data and Analytics are the Future of Security Confidentiality Integrity and Availability: A holistic view of business security and risk mitigation growing beyond traditional IT data sources Security is being redefined Monitoring & mitigating threats that compromise business reputation, service delivery, confidential data or result in loss of intellectual property Security folks need more data not less for accurate root cause analysis Complexity of threats will continue to grow and cross from IT to less traditional data / devices / sources A single investigation will include data from all parts of the business beyond IT data Using statistical analysis for Base-lining and understanding outliers is the way to detect advanced threats 29
30 Thank You Questions?
Big Data and Security: At the Edge of Prediction
Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most
More informationGood Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
More informationA Love Affair: Cyber Security, Big-data and Risk
A Love Affair: Cyber Security, Big-data and Risk Mark Seward, Senior Director Security and Compliance, Splunk Inc. Professional Techniques - Session 31 Security what s at stake On average, organizations
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationOperational Intelligence and Learning Analytics
Copyright 2015 Splunk Inc. Operational Intelligence and Learning Analytics David Jones Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future
More informationCopyright 2013 Splunk Inc. Introducing Splunk 6
Copyright 2013 Splunk Inc. Introducing Splunk 6 Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected performance
More informationSplunk Company Overview
Copyright 2015 Splunk Inc. Splunk Company Overview Name Title Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationCopyright 2013 Splunk, Inc. Splunk 6 Overview. Presenter Name, Presenter Title
Copyright 2013 Splunk, Inc. Splunk 6 Overview Presenter Name, Presenter Title Safe Harbor Statement During the course of this presentahon, we may make forward looking statements regarding future events
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationLeveraging Machine Data to Deliver New Insights for Business Analytics
Copyright 2015 Splunk Inc. Leveraging Machine Data to Deliver New Insights for Business Analytics Rahul Deshmukh Director, Solutions Marketing Jason Fedota Regional Sales Manager Safe Harbor Statement
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationDeveloping a successful Big Data strategy. Using Big Data to improve business outcomes
Developing a successful Big Data strategy Using Big Data to improve business outcomes Splunk Company Overview Copyright 2013 Splunk Inc. Company (NASDAQ: SPLK) Business Model / Products Customers (6000+)
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationThe Changing Nature of Risk and the Role of Big Data
The Changing Nature of Risk and the Role of Big Data Jack Danahy Director / North American Security Consulting IBM Incidents Continue to Grow in Spite of Investment 2012 Sampling of Security Incidents
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationDEC. 2015. Next Generation Security with Endpoint Detection and Response WHITE PAPER
DEC. 2015 Next Generation Security with Endpoint Detection and Response WHITE PAPER Table of Contents Endpoint Compromise a Sad State of Reality... 3 Traditional Endpoint Anti-virus Isn t Getting It Done...
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationHow to Instrument for Advanced Web Application Penetration Testing
How to Instrument for Advanced Web Application Penetration Testing Table of Contents 1 Foreword... 3 2 Problem... 4 3 Background... 4 3.1 Dynamic Application Security Testing (DAST)... 4 3.2 Static Application
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More informationBEST PRACTICES RESEARCH
Frost & Sullivan 1 We Accelerate Growth Contents Background and Company Performance... 3 Industry Challenges... 3 New Product Attributes and Customer Impact... 3 Conclusion... 6 Significance of New Product
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationUsing Big Data to Advance Social Missions. Convened by: Title Sponsor: Sponsor:
Using Big Data to Advance Social Missions Convened by: Title Sponsor: Sponsor: Welcome Diane Melley Vice President, Global Citizenship Initiatives IBM 2 #POLBizTrack What is Big Data? Big data relates
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationSplunk: Using Big Data for Cybersecurity
Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk Advanced Threats in the Headlines Cyber Criminals
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationTHE REAL-TIME OPERATIONAL VALUE OF BIG DATA MATT DAVIES SPLUNK @MATTDAVIES_UK
THE REAL-TIME OPERATIONAL VALUE OF BIG DATA MATT DAVIES SPLUNK @MATTDAVIES_UK THANK YOU FOR HAVING ME 2 WHY I LOVE SWEDEN #1 IT WAS HOME I LIVED IN STOCKHOLM FOR 3 MONTHS WHY I LOVE SWEDEN #2 FROZEN HAIR
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationDetecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.
Detecting Anomalous Behavior with the Business Data Lake Reference Architecture and Enterprise Approaches. 2 Detecting Anomalous Behavior with the Business Data Lake Pivotal the way we see it Reference
More information24/7 Visibility into Advanced Malware on Networks and Endpoints
WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationSecurity Intelligence. Information Sharing Strategies Using Trusted Collaboration
Security Intelligence Information Sharing Strategies Using Trusted Collaboration Executive Summary Human-source intelligence (HUMINT) has been used for thousands of years by adversaries to thwart an enemy
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationWHITE PAPER: INFORMATION-CENTRIC SECURITY
WHITE PAPER: INFORMATION-CENTRIC SECURITY PROTECTING YOUR DATA FROM THE INSIDE- OUT Despite the growing number of high profile data breaches and the anxiety they re causing organizations, too much information
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationComprehensive Security with Splunk and Cisco
Copyright 2014 Splunk Inc. Comprehensive Security with Splunk and Cisco Mario MASSARD Splunk Senior SE mario@splunk.com Company Company (NASDAQ: SPLK) Founded 2004, first software release in 2006 HQ: San
More informationSymantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationHow To Make Data Streaming A Real Time Intelligence
REAL-TIME OPERATIONAL INTELLIGENCE Competitive advantage from unstructured, high-velocity log and machine Big Data 2 SQLstream: Our s-streaming products unlock the value of high-velocity unstructured log
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationWeb Protection for Your Business, Customers and Data
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationIncident Handling. Applied Risk Management. September 2002
Incident Handling Applied Risk Management September 2002 What is Incident Handling? Incident Handling is the management of Information Security Events What is an Information Security Event? An Information
More informationSplunk Operational Visibility
Copyright 2015 Splunk Inc. Splunk Operational Visibility Matthias Maier Sales Engineer, CISSP Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationTOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT
TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT Would you rather know the presumed status of the henhouse or have in-the-moment snapshots of the fox? If you prefer to use a traditional
More informationDifferentiating Your Healthcare Institution While Improving Profitability // White Paper
The Smart Route To Visibility Healthcare, an industry in transition your services and healthcare professionals online through The demand for high-quality, safe and low-cost healthcare web portals, mobile
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More information