Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Similar documents

Advanced Threat Protection with Dell SecureWorks Security Services

Attack Intelligence: Why It Matters

You ll learn about our roadmap across the Symantec and gateway security offerings.

Integrating MSS, SEP and NGFW to catch targeted APTs

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

RETHINKING CYBER SECURITY

Comprehensive Advanced Threat Defense

RETHINKING CYBER SECURITY

SPEAR PHISHING AN ENTRY POINT FOR APTS

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Unified Security, ATP and more

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Cyber Situational Awareness for Enterprise Security

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Security Analytics for Smart Grid

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

Zak Khan Director, Advanced Cyber Defence

QRadar SIEM and FireEye MPS Integration

Modern Approach to Incident Response: Automated Response Architecture

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

After the Attack. The Transformation of EMC Security Operations

Into the cybersecurity breach

Cisco Cyber Threat Defense - Visibility and Network Prevention

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

Practical Steps To Securing Process Control Networks

Symantec Cyber Security Services: DeepSight Intelligence

IBM Security Intelligence Strategy

Defense Security Service

IBM Smarter Cities Cybersecurity Update

Continuous Network Monitoring

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Accenture Cyber Security Transformation. October 2015

Introducing IBM s Advanced Threat Protection Platform

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Security Intelligence Services.

DYNAMIC DNS: DATA EXFILTRATION

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Cyber and Operational Solutions for a Connected Industrial Era

Protecting against cyber threats and security breaches

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

SECURITY BEGINS AT THE ENDPOINT

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Achieving World-Class Security in Today s Cost-Conscious Business Climate

Security Intelligence

Protecting critical infrastructure from Cyber-attack

CYBER ATTACK DEFENSE A KILL CHAIN STRATEGY WHITE PAPER

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

EnCase Analytics Product Overview

A Modern Framework for Network Security in Government

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

ENABLING FAST RESPONSES THREAT MONITORING

Fighting Advanced Threats

Stay ahead of insiderthreats with predictive,intelligent security

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

應用 SIEM 偵測與預防 APT 緩攻擊

Advanced Endpoint Protection

Hope is not a strategy. Jérôme Bei

Risk Analytics for Cyber Security

IBM QRadar Security Intelligence April 2013

Practical Threat Intelligence. with Bromium LAVA

Situational Awareness A Discussion

CyberArk Privileged Threat Analytics. Solution Brief

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Gaining the upper hand in today s cyber security battle

Security and Privacy

Introduction to Runtime Application Self Protection (RASP) Making Applications Self Protecting, Self Diagnosing and Self Testing

How To Integrate Intelligence Based Security Into Your Organisation

Countering Insider Threats Jeremy Ho

High End Information Security Services

Solution Path: Threats and Vulnerabilities

Advanced Threats: The New World Order

How To Manage Security On A Networked Computer System

Things To Do After You ve Been Hacked

Data Center security trends

Content Security: Protect Your Network with Five Must-Haves

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Combating a new generation of cybercriminal with in-depth security monitoring

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

Intelligence Driven Security

Transcription:

Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products

IDC Visit us at IDC.com and follow us on Twitter: @IDC 2

Agenda Evolving Threat Environment Attack Campaigns Security Challenges Threat Intelligence Proactive Security IDC Visit us at IDC.com and follow us on Twitter: @IDC 3

Evolving Threat Landscape Increase in attack volume, vectors, variety Advanced Professional Threats (APT) Specialized Goal Oriented Patient Targeted Attack Campaigns Hacktrepreneur http://threatgeek.typepad.com/.a/6a01 47e41f3c0a970b01a3fd393b95970b-pi IDC Visit us at IDC.com and follow us on Twitter: @IDC 4

Cyber-Attack Campaigns The process used to penetrate a specific target Operations Reconnaissance Penetrate the network Custom-made malware Extract valuable information Stealth Mode Time generally not a consideration IDC Visit us at IDC.com and follow us on Twitter: @IDC 5

Attack Campaign Activities Operation Aurora Dark Seoul/Operation Troy El Machete Inception/CloudAtlas Deep Panda Codoso/Sunshop Group IDC Visit us at IDC.com and follow us on Twitter: @IDC 6

Security Threat Concerns Regardless of whether you have protection in place, what security threats are concerns to your company? PHISHING /SPEAR PHISHING 87% MALICIOUS FILE ATTACHMENTS / MALWARE 86% MALICIOUS URL LINKS / MALWARE 84% VIRUSES ADVANCED THREATS (APTS) / MALWARE CAMPAIGNS 79% 83% SPAM 68% OTHER 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Innovation Trends in Securing Email Infrastructure Survey, Dec. 2014 N=104 IDC Visit us at IDC.com and follow us on Twitter: @IDC 7

IDC Visit us at IDC.com and follow us on Twitter: @IDC 8

Security Challenges Disjointed techniques rely on a whac-a-mole approach Lack of Security Professionals Technology Overload Inertia Security v. Business Needs v. User Experience Intelligent Security IDC Visit us at IDC.com and follow us on Twitter: @IDC 9

Still Fighting the Last War Facing new situations with strategic thinking dominated by old issues, old weapons, and old tactics. IDC Visit us at IDC.com and follow us on Twitter: @IDC 10

Security Product Toolbox IDC Visit us at IDC.com and follow us on Twitter: @IDC 11

Kill Chain Recon Weaponize Deliver Exploit Control Execute Maintain Know Adversaries Methods Vigilance Recognize Threat Prevention Tools Isolate Disrupt Activities Report Behavior Clean Malware Fix Vulnerabilities Update Forensics Reassess Report IDC Visit us at IDC.com and follow us on Twitter: @IDC 12

Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers IDC Visit us at IDC.com and follow us on Twitter: @IDC 13

Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers Non-Signature based, use many different technologies (sandboxing, execution control, white-listing, anomalous behavior, and more) Automation Enhance visibility between endpoint, network, and gateway activities IDC Visit us at IDC.com and follow us on Twitter: @IDC 14

Enhanced Malware Protection Features: Speed of Detection Accuracy Detect New Threats On-demand Remediation Appropriate Prioritization Malware Forensic Analysis Threat Intelligence Support IDC Visit us at IDC.com and follow us on Twitter: @IDC 15

Digital Exhaust Attacks leave a trail of "digital exhaust" Metadata that can't be avoided Challenge is to find the exhaust over time Requires Big Data Analysis and Threat Intelligence IDC Visit us at IDC.com and follow us on Twitter: @IDC 16

Big Data & Threat Analytics Big Data Capture, Manage and Process large data sets Processing Time Critical 3 Dimensional Volume i.e. increasing volume (amount of data), Variety (range of data types and sources) Velocity (speed of data in and out) Threat Analytics Algorithms designed specifically to detect attack digital exhaust Correlates data from wide variety of sources Reveals trends and malicious behavior patterns Provides enhanced insights Can help predictive prevention IDC Visit us at IDC.com and follow us on Twitter: @IDC 17

Threat Intelligence Big Data and Threat Analytics combined enables Threat Intelligence Threat Activity Vulnerability Information Security Devices Users & Endpoints Event correlation ----------------- Activity Baselines & Anomaly Detection Security Incidents Application Activity IDC Visit us at IDC.com and follow us on Twitter: @IDC 18

Predictive Security Threat Intelligence enables Predictive Security AWARENESS REACTIVE Defensive Minimalist Event Driven CALCULATIVE Situational STATIC Internal Data Correlation Point Products Metrics Tactical Compliance Driven Basic Planning Offensive Contextual Threat Analytics Strategic Anticipate Risk Focus Prospective Metrics External Data Automated Response Advanced Metrics PROACTIVE PREDICTIVE ACTIONABILITY IDC Visit us at IDC.com and follow us on Twitter: @IDC 19

Analyst Final Thoughts Sophisticated, professional attack campaigns increase organizational risk and potential damage Stop fighting the last war, incorporate advanced malware protection into IT Security toolbox Big Data and Threat Analytics allow for the discovery of attack digital exhaust Use Threat Intelligence to move from reactive to proactive to predictive security Act, don t be acted on 20