INSIDE A CYBER SECURITY OPERATIONS CENTRE
|
|
- Austen Freeman
- 8 years ago
- Views:
Transcription
1 INSIDE A CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited Invited Lecture, Post Graduate, Network & Information Security, Kingston University, February
2 CYBER SECURITY OPERATIONS CENTRE Abstract Cyber security operations centre is an essential business control aimed at protecting ICT systems and supporting Cyber Defense Strategy. Its overarching purpose is to ensure that Incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. Further, the difficulty and benefits of operating a CSOC are explained.
3 WELCOME TO OUR CYBER SECURITY OPERATIONS CENTRE 1
4 WELCOME TO OUR CYBER SECURITY OPERATIONS CENTRE 2
5 WELCOME TO OUR CYBER SECURITY OPERATIONS CENTRE 3
6 CYBER SECURITY OPERATIONS CENTRE What is a Cyber Security Operations Centre? It is a centre that comprises People (Analyst, Operators, Administrators etc.) who monitor ICT systems, infrastructure and applications. They use Processes, Procedures and Technology in order to deter computer misuse and policy violation, prevent and detect cyber attacks, security breaches, and abuse, and respond to cyber incidents. What do they do? They Ensure ICT, infrastructure and business applications of an organisation are identified. Ensure systems, infrastructure and applications are protected. Ensure vulnerabilities that may exist in, and within the IT estates are identified and managed. Identify threats that could compromise or exploit the vulnerabilities to break in. Identify threat actors that could be interested or that may wish to attack the business. Monitor the IT estate for real-time or near real-time cyber attacks, policy violations, security breaches or anomalous and symptomatic events, or deviations. Profile identities that appear suspicious, interesting and risky. Analyse events and alerts in order to determine if they are associated/related to streams of ongoing attack. Analyse historical events logs for patterns and trends (trending) symptomatic of an attack / compromise. Triage and investigate incidents. Coordinate, contain and respond to cyber incidents. Provide report and management information.
7 CYBER SECURITY OPERATIONS CENTRE Why Cyber Security Operations Centre? Jan 2015: The US Central Command (Centcom Twitter account was hacked by a group who call themselves the CyberCaliphate Dec. 2014: SONY suffered an unprecedented Cyber attacks to its Gaming and Film platforms! 2011: IPR theft of the RSA SecurID system and software believed to be State sponsored. Aug. 2014: Contact information >76 million households and about 7 million small businesses were compromised in a cybersecurity attack
8 CYBER SECURITY OPERATIONS CENTRE Why Cyber Security Operations Centre? Volume: Some Organisation posses myriad of devices in their IT estate, many of which are no longer managed, unsupported or legacy. Information / Data: All Organisation have various data that need to be protected such as Customer records, Student records, Citizens data, Bank/financial records, IP (Intellectual Property) etc. Growth: There s increasing growth in organisation user base, information and data. Networks are extended and expanded to accommodate collaboration, partnerships etc. Hence, isolated and localised point solutions struggle to protect the enterprise. Point Solution Management: Localised and point solution devices (log sources) need to be monitored, and properly managed, too. Borderless Perimeter: Collaboration, partnerships etc. and new ways of doing business (internet/ecommerce) means the boundary/perimeter is no longer hard but soft. Privileged User Abuse: Trusted users with privileged access can turn rogue, such risk must be monitored, mitigated and managed.
9 CYBER SECURITY OPERATIONS CENTRE Cyber Security Facts 1. Cyber incidents will always occur. 2. No Organisation is safe. 3. Every system, network, infrastructure or application can be attacked or hacked. 4. Vulnerability exists in every asset/organisation. 5. Risk mitigation is always a proportionality proposition. 6. Cyber landscape is constantly increasing (LAN, MAN, WAN, Internet, Cloud Computing, IoT, IoET etc.). 7. Technology is continuously evolving and complex. 8. Attack surface is growing. 9. Impacts of Cyber attacks can result to significant losses. 10.Attack methods are increasingly complex and well-thought.
10 Push command Cyber Situational Awareness Push command CYBER SECURITY OPERATIONS Switch Web Fraud Detection Push/pull Collection Log Collection Syslog events, SNMP, DPI, Flow and Audit Push/pull WAF L7 NIDS Portal HIDS Anti-Virus AV Gateway Analysis Threat Intel Enrich Corre late Fuse Interpret Database HIDS Integrity Anti-Virus VM Anti-Virus Hypervisor OS Privileged User Access Management HDB Response Incident Response & Forensic Investigations Vulnerability Management Trending CMDB Reporting Firewall Mobile Desktop Active Directory 10 Security Operations Centre
11 Every ICT should be configured to produce event logs. SIEMs are used to collect events logs of most formats. Most SIEMs have the capability to collect logs (push/pull) from a number of Log Sources. However, the deployment must enable this to happen! System Audit policy must be enabled, and audit logs must be consumed. Potential to do The right events must be logged (to providing the right set of accounting data) I have seen a deployment that produces several TB of logs daily but most of the logs are not useful. Switch Firewall LOG COLLECTION NIDS WAF L7 Portal HIDS Anti-Virus Database HIDS Integrity Anti-Virus VM Anti-Virus Hypervisor OS AV Gateway PUAM Mobile Desktop AD Push/pull Syslog (RFC 5424) SNMP (RFC 5343, v1, v2c, v3) Log Collection Possibly Big Data Syslog events, SNMP, DPI, Flow and Audit 11
12 SECURITY MONITORING
13 ANALYSIS Data feeds Network Discovery Events and Audit Logs DPI Capture Note: There are no set rule to the type of data collected, but the quality of data, and data types used will determine the accuracy of the analysis. Provided data analytics techniques used are of substantive nature. Vulnerability Scan Flow Big Data User agent Streaming Probe/Sensor User agent CMDB SIEM SIEM Web Fraud Detection Anomaly Detection 13
14 CYBER INCIDENT RESPONSE Internal Function External Function Containment Cyber Incident Responders Initial Triage Source of attack (Geo-IP), IP address of Attacker, suspected type of attack, target endpoint(s), location of endpoints, categorisation of incident based on type of attack/target Incidents Major Incidents Minor Incidents Control Counter measure Callout Specialist Services Digital Forensic Investigators FIRST* Responders Reporting Timeline Time is of essence / critical Major incident escalation / reporting and mitigation in minutes (approx.) * FIRST Forum of Incident Response and Security Teams 14
15 PEOPLE ANALYSTS, OPERATORS, ADMINS, ARCHITECTS, ENGINEERS ETC. 1. People are as important as Technology. 2. Analysts & Operators must be well trained and skilled. 3. Processes must exist, and should be followed, and policies must be adhered. 4. Cyber operations require specialist skills, and continuous investments in training, courses, certifications, memberships 5. The best Cyber operations can only be achieved through people. Man in the loop. 6. People are always the weakness link 15
16 MI Reporting REPORTING MANAGEMENT INFORMATION Report against the useful indicators important to the business, driving by stakeholders (senior Exec, and Analysts, too) S/N 1 Report against SLAs. Sample Important Elements of Cyber Reports 2 Performance of the Cyber operations (RoC *, false negative vs false positive vs real negative vs real positive). 3 Rolling "top 5" Cyber Attacks, Geography of origin of the attack. 4 Summary of Internal violations Privileged User misuse/abuse 5 Summary of current Policy Violations * ROC Receiver operating characteristics 16
17 REPORTING MANAGEMENT INFORMATION Typical Accounting Data (Sampled) Date and Time Date and Time and Log record reference Malware name, Application(1) stream detected in, Direction and Console Signature-base Version(1) and Console User, Workstation, URL and Reason User, Workstation or Process, URL of file and Reason User, Workstation or Process, URL and Reason User, Workstation and URL Criticality, Message contents and output Console User, Device, Console and Reason for failure Detecting Probe or Agent, Attack type, Source, Target and attack Detail 17
18 CYBER SECURITY OPERATIONS Strategy CENTRE STRATEGY Incidents 1 2 Analyse Identify Manage Escalate Resolve PMC11 3 Business Audit 4 Technical Audit 5 Event Monitoring 7 Correlation Business Rules on Business Systems Accountable to User by Independent person for Evidential Proof PMC12 System Rules on Any Device for Situational Awareness & Performance PMC10 PMC4 PMC8 Proactive Suspicious Behaviour Policy violation Sensors PMC5 HIDS, NIDS, DDoS Probes etc. PMC3 PMC6 Time Sync Cross Channel PMC1 8 9 Policy & Compliance Controls Assurance & Testing 6 Logs Risk Management & Security Accreditation Manage People & Process Accounting process (by device) Collection process (independent) Log Sources PMC2 PMC9 Recordable Events Alerts (Prioritised Events) Rules Privileged Users PMC7 12 Forensic & Legal Readiness Accountable Items 18 App Network System Security Host-based Database SEF Identify Event Time
19 CYBER SECURITY OPERATIONS Terms of Reference CENTRE OBJECTIVES The 12 Aspects include: Manage People & Process Policy & Compliance Controls Risk Management & Security Accreditation Deterrent Controls Business Audit Technical Audit Log Collection Proactive Controls Event Monitoring Privilege User Monitoring Correlation by Time across Multiple Channels Reactive Controls Analyse & Identify Incidents Manage Incidents to Resolution Forensic & Legal Readiness Retrospective Controls 19
20 Terms of Reference CONCLUSION 1. CSOC is an essential business control to ensure safe and secure business operations and services, esp. online digital service. 2. Business requirements should drive cyber security strategy, and CSOC capabilities & scope. 3. Continuous improvements, including lesson learned should be encouraged. 4. Cyber incident will happen, and every organisation should have proportionate incident response and management strategy, and incident readiness processes in place. 5. Forensic readiness should be considered important and business requirements should focus on this. 6. People and process are the key, while technology is equally important too. 7. Staff training and development should be considered essential. 20
21 REFERENCES / SOURCES 1. HMG Government 2. CESG Polices & Guidance The UK Cyber Security Strategy HMG Security Policy Framework HMG Good Practice Guide #13 Protective Monitoring of HMG ICT Systems 6. HMG Good Practice Guide #53 Transaction Monitoring for HMG Online Service Providers _Monitoring_issue_1-1_April_2013.pdf Steps to Cyber Security Cyber Essentials Scheme NIST 800-Series (SP ) Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organisations Reducing the Cyber Risk in 10 Critical Areas - _areas.pdf 12. FIRST Forum of Incident Response and Security Teams User Agent (HTTP) Syslog Standard (IETF 5424) Renaud Bidou Security Operation Center Concepts & Implementation 16. Cyril Onwubiko & Thomas Owens - Situational Awareness in Computer Network Defense: Principles, Methods & Applications
22 CONTACT Dr Cyril Onwubiko 1, 2 1 Chair Intelligence & Security Assurance E-Security Group, Research Series cyril@research-series.com 2 Steering Committee Chair Cyber Science Joint Conferences 2015 C-MRiC.ORG Invited Lecture, Post Graduate, Network & Information Security, Kingston University, February
23 Conference proceedings will be published by the Conference Publishing Services (CPS) and submitted for bibliographic indexing and listing on the following: IEEE Computer Society Digital Library, IEEE Xplore Digital Library, DBLP Computer Science Scopus CiteSeerX Computer Science Index EI Compendex Academic Search Complete CiteULike Google Scholar & Microsoft Academic Search.
24 CONFERENCES Joint and Co-located Conferences: Cyber Science 2015, June 8-9, London, UK International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2015), June 8-9, 2015, London, UK ( International Conference on Social Media, Wearable and Web Analytics (Social Media 2015), June 8-9, 2015, London, UK ( 2015home) International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2015), June 8-9, 2015, London, UK ( International Conference on Cyber Incident Response, Coordination, Containment & Control (Cyber Incident 2015), June 8-9, 2015, London, UK (
CYBER SECURITY OPERATIONS CENTRE
CYBER SECURITY OPERATIONS CENTRE Security Monitoring for protecting Business and supporting Cyber Defense Strategy Dr Cyril Onwubiko Intelligence & Security Assurance Research Series Limited CYBER SECURITY
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationIs your SIEM ready.???
New security threats: Is your SIEM ready.??? May 2011 Security is more than just compliance Compliance Measure of processes and procedures Conformity with policy and directive Reporting against rules Security
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationBeyondInsight Version 5.6 New and Updated Features
BeyondInsight Version 5.6 New and Updated Features BeyondInsight 5.6 Expands Risk Visibility Across New Endpoint, Cloud and Firewall Environments; Adds Proactive Threat Alerts The BeyondInsight IT Risk
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationRashmi Knowles Chief Security Architect EMEA
Rashmi Knowles Chief Security Architect EMEA AGENDA Transformation of IT New cyber-security challenges Intelligence Driven Security Security Analytics Q&A 2 ENTERPRISE DATA CENTER ADVANCED SECURITY A UNIQUE
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationINTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH
INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH INTRODUCTION: WHO S IN YOUR NETWORK? The days when cyber security could focus on protecting your organisation s perimeter
More informationCASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES
CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES PROTECTIVE MONITORING SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something
More informationLot 1 Service Specification MANAGED SECURITY SERVICES
Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationThreat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationCyber intelligence in an online world
Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world
More informationHP ArcSight User Behavior Analytics
Insider Threat HP ArcSight User Behavior Analytics Application Misuse Sensitive Data Access Hakan Durgut ArcSight Specialist Nordics/Baltics 1 The insider threat challenge IT Security focus in on the external
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationBuilding a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu
Building a Security Operations Center Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical
More informationGOOD PRACTICE GUIDE 13 (GPG13)
GOOD PRACTICE GUIDE 13 (GPG13) GPG13 - AT A GLANCE Protective Monitoring (PM) is based on Good Practice Guide 13 Comprises of 12 sections called Proactive Monitoring Controls 1-12 Based on four Recording
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationUsing SIEM for Real- Time Threat Detection
Using SIEM for Real- Time Threat Detection Presentation to ISSA Baltimore See and secure what matters Joe Magee CTO and Co-Founder March, 27 2013 About us Vigilant helps clients build and operate dynamic,
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationCorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014
CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014 Agenda 1. About CorreLog 2. Log Management vs. SIEM 3. The
More informationLeading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA
Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture
More informationCyber Security Operations: Building or Outsourcing
Cyber Security Operations: Building or Outsourcing Michael Levin, Optum Stephen Moore, Anthem Jeff Schilling, Armor Introduction Michael J. Levin, JD, CISSP, EnCE, GLEG, GSLC Director of Cyber Defense
More informationMalware isn t The only Threat on Your Endpoints
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationAppGuard. Defeats Malware
AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits
More informationSecuring business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationContinuous Cyber Situational Awareness
Continuous Cyber Situational Awareness Continuous monitoring of security controls and comprehensive cyber situational awareness represent the building blocks of proactive network security. A publication
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationNASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES
NASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES Introduction Les Chafin; Infrastructure Engineering Manager» HPES NASA ACES Responsible for:»
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationMcAfee Server Security
Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or
More informationMcAfee Security Architectures for the Public Sector
White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed
More informationBT Assure Rethink the Risk
BT Assure Rethink the Risk Analyst and Consultant Update May 2012 BT Assure. Security that matters Today's agenda Introductions Neil Sutton Vice President, Global Portfolio 3 Minutes BT Assure Overview
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationPractical Threat Intelligence. with Bromium LAVA
Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful
More informationAddressing the blind spots in your security strategy. BT, Venafi & Blue Coat
Addressing the blind spots in your security strategy BT, Venafi & Blue Coat Agenda Welcome & Introductions Phil Rodrigues, Director of Security Architecture, Asia Pacific, BT A blueprint for the perfect
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationCompliance Guide: ASD ISM OVERVIEW
Compliance Guide: ASD ISM OVERVIEW Australian Information Security Manual Mapping to the Principles using Huntsman INTRODUCTION In June 2010, The Australian Government Protective Security Policy Framework
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationDefending against Cyber Attacks
2015 AMC Privacy & Security Conference Defending against Cyber Attacks MICHAEL DOCKERY CHRIS BEAL PAUL HOWELL Security & Privacy Track June 24, 2015 In the News 2015 MCNC General Use v1.0 Healthcare Data
More informationIT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se
IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationAhead of the threat with Security Intelligence
Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More information