STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

Similar documents
Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Advanced Threat Protection with Dell SecureWorks Security Services

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Palo Alto Networks. October 6

WHITE PAPER: THREAT INTELLIGENCE RANKING

Splunk: Using Big Data for Cybersecurity

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Requirements When Considering a Next- Generation Firewall

Eight Essential Elements for Effective Threat Intelligence Management May 2015

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Combating a new generation of cybercriminal with in-depth security monitoring

Securing Your Business with DNS Servers That Protect Themselves

Protection Against Advanced Persistent Threats

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

McAfee Network Security Platform

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Comprehensive Advanced Threat Defense

Evolution Of Cyber Threats & Defense Approaches

Vulnerability Management

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Symantec Cyber Security Services: DeepSight Intelligence

Securing Your Business with DNS Servers That Protect Themselves

Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

Integrating MSS, SEP and NGFW to catch targeted APTs

After the Attack: RSA's Security Operations Transformed

Cisco Advanced Malware Protection for Endpoints

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Unified Security, ATP and more

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

How To Build Security By Silo

Security Analytics for Smart Grid

Find the needle in the security haystack

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Endpoint Threat Detection without the Pain

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

100 Hamilton Avenue Palo Alto, California PALANTIR CYBER. An End-to-End Cyber Intelligence Platform

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

You ll learn about our roadmap across the Symantec and gateway security offerings.

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco Advanced Malware Protection

Winning the Cyber Security Small-Medium Business Opportunity. Steve Pataky VP, WW Channels & Alliances

FROM PRODUCT TO PLATFORM

Using SIEM for Real- Time Threat Detection

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

SourceFireNext-Generation IPS

Zak Khan Director, Advanced Cyber Defence

A Primer on Cyber Threat Intelligence

Cisco Advanced Malware Protection for Endpoints

Breaking the Cyber Attack Lifecycle

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Speed Up Incident Response with Actionable Forensic Analytics

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

SANS Top 20 Critical Controls for Effective Cyber Defense

Accenture Cyber Security Transformation. October 2015

Braindumps QA

RETHINKING CYBER SECURITY

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC

AppGuard. Defeats Malware

WhatWorks in Detecting and Blocking Advanced Threats:

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

McAfee Server Security

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

The SIEM Evaluator s Guide

A New Approach to Assessing Advanced Threat Solutions

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

How To Protect Your Network From Attack From A Network Security Threat

ORGANIZADOR: APOIANTE PRINCIPAL:

Advanced Threats: The New World Order

Cisco Security Intelligence Operations

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

IBM Security re-defines enterprise endpoint protection against advanced malware

Transcription:

ANALYST DAY STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE TRAVIS REESE, PRESIDENT, MANDIANT CONSULTING AND ISIGHT INTELLIGENCE COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

INTELLIGENCE- LED SECURITY: THREAT INTELLIGENCE AND EXPERISE: DIFFERENTIATE OUR SOLUTIONS AND REPRESENT A SUSTAINABLE STRATEGIC ADVANTAGE DRIVE STRATEGIC CUSTOMER RELATIONSHIPS AND PRODUCT PULL-THROUGH SCALABLE THROUGH OUR TECHNOLOGY AND AUTOMATION

GLOBAL NATION STATE GRADE INTELLIGENCE

INTELLIGENCE DRIVES EVERYTHING

TRIPLE THREAT ECOSYSTEM FIREEYE GLOBAL THREAT MANAGEMENT PLATFORM

THE MOST COMPREHENSIVE INTELLIGENCE IN THE WORLD MACHINE INTELLIGENCE + HUMAN INTELLIGENCE = ACTIONABLE INTELLIGENCE

Threat Intelligence Video

FIREEYE THREAT INTELLIGENCE ENGINE ACQUIRE APPLY INCIDENT RESPONSE Over 100,000 incident response hours /year Hundreds of subject matter experts across 16 countries SENSORS 11 million sensors around the world Deployed across 60 countries 24x7x365 visibility through 6 worldwide SOCs ADVERSARY INTELLIGENCE 300+ experts, 18 countries, 29 languages EXPERTS across security, analytics, and geo-political domains 115+ MILLION node graph-based analytics engine 340 MILLION correlation relationships defined 212 PETABYTES sensor traffic analyzed each month 45 BILLION URLS analyzed each month ANTICIPATE Stay a step ahead of the attacker DETECT Identify threats that other solutions miss RESPOND Answer key questions and prioritize threats SHARE Collaborate to drive community defenses ANALYZE

INTELLIGENCE PORTFOLIO FIREEYE PRODUCTS & AS-A-SERVICE OFFERINGS FIREEYE FORWARD DEPLOYED ANALYST INTELLIGENCE PORTAL FIREEYE CLOUD ENDPOINT ORCHESTRATION (INTEGRATE 3 RD PARTY PRODUCTS) ADVANCE THREAT INTELLIGENCE DYNAMIC THREAT INTELLIGENCE VERTICALIZED THREAT INTELLIGENCE NETWORK INTELLIGNCE MANDIANT SERVICES (+NEW INTEL LED) PORTAL VERTICAL PARTNER PORTALS

INTELLIGENCE PORTFOLIO TACTICAL: Detect & Prevent DTI Best-of-breed detection with MVX codification of attacker intent isight s intelligence network extends visibility into new attacker motivations across 16,000 threat actors. CONTEXTUAL: Analyze & Respond ATI Alert context for FireEye alerts enhanced with derivative intelligence from isight IOCs STRATEGIC Assess & Prepare ATI+ Foundational strategic intelligence through the FIC portal 24/7/465 critical alert and detection efficacy monitoring ThreatScape APIs ThreatScape APIs Enhance existing security infrastructure with IOCs derived from earlier visibility into threats via over-the-horizon visibility Context for the alerts across the infrastructure; enhanced with FireEye s victim-based context from incident responders and deployed sensors Mandiant Response Combined FireEye and isight intelligence will inform incident response engagements Customer reports informed through isight threat intelligence ThreatScape MySIGHT Subscription Deep dive on specific motivations that present a higher level of risk to an organization Consultative intelligence engagements (e.g. client inquiries, engagement manager)

FURTHER EXTENDING THE PORTFOLIO VISIBILITY ACROSS THE ATTACK LIFECYCLE MAGNIFY CONTEXT AND ATTRIBUTION TO ACCELERATE RISK REDUCTION EXPAND PATHWAYS TO OPERATIONALIZE THREAT INTELLIGENCE ENHANCE FAAS & INCIDENT RESPONSE CAPABILITIES

NOT ALL THREAT DATA IS CREATED EQUAL COMMODITY FEEDS: RAW DATA Misses the threats that matter Becomes part of the problem The race to free THREAT INTELLIGENCE Curated data sources create highfidelity, precise alerts Right-sizes problem with context and attribution required to prioritize response

IMPACT OF THREAT INTELLIGENCE 1. Be Proactive 2. Shrink the Problem 3. Improve Prioritization 4. Enhance Executive Communications 5. Connect Security With Business Strategic Planning Assumption: By 2018, 60% of large enterprises globally will utilize commercial threat intelligence services to help inform their security strategies. Rob McMillan & Khushbu Pratap Market Guide for Security Threat Intelligence Services

MANDIANT PORTFOLIO AM I AT RISK? AM I PREPARED? Red Teaming and Penetration Testing Security Program Assessment Response Readiness Assessment ICS Security Assessment Compromise Assessment AM I COMPROMISED? I AM BREACHED! Incident Response PREPARE FOR FUTURE EVENTS Cyber Defense Center Development SOC/CIRT transformation Education Deployment & Integration

WHY SERVICES TRUSTED ADVISOR / STRATEGIC PARTNER INTELLIGENCE FROM THE FRONT LINES PRODUCT PULL THROUGH

HOW WE SCALE

SHRINK THE PROBLEM ATTACK SURFACE ATTACK ALERTS VICTIMS SIDE CORRELATED EVENTS INCIDENT INDICATORS NOISE TO SIGNAL INTELLIGENCE FROM isight VERIFIED THREAT INDICATORS PRE-PROCESSED ANALYSIS NEW OBSERVATION THREAT SOURCES

INTELLIGENCE AT THE CORE

GIVING THE ADVANTAGE BACK TO THE DEFENDERS

ANALYST DAY 2016 FIREEYE TECHNOLOGY & PRODUCT ROADMAP GRADY SUMMERS CHIEF TECHNOLOGY OFFICER COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

TECHNOLOGY UPDATE MVX Line Rate Intelligent Capture MVX Core POWER OF THE PLATFORM EVOLVING MVX PRODUCT INNOVATION

THIS IS NOT A PLATFORM 22 COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

FIREEYE PLATFORM 23 COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

ALERT TO FIX IN MINUTES ALERTS INDICATORS AND TTPs DTI HIGH FIDELITY ALERTS MVX / Analytics AUTOMATE WITH INVOTAS THREAT INTELLIGENCE CONTEXT isight & Mandiant FIX

PLATFORM CYCLE 1. Immediately block callbacks with FireEye NX 5. Analyst (in-house or FaaS) briefly reviews case summary, approves Invotas to initiate remediation process 2. Send data to FireEye TAP for indexing and correlation EX Alert 3. Open incident in Invotas Results sent to Invotas 4. Request HX triage package from potentially impacted computers Invotas workflow 1. Search TAP for prior evidence (or ArcSight/Qradar/Splunk) 2. Send suspect attachment to VirusTotal and Symantec for corroboration 3. Query DomainTools for reverse DNS and historical registration information 4. Review HX triage packages to verify extent of compromise 5. Determination: high severity alert that needs escalation 6. Block C2 using Blue Coat proxy 7. Update Cisco Sourcefire IDS with new signatures 8. Send sample to Symantec for AV updates 9. Add isight summary of threat actor to case and forward to Level 3 analyst

FIREYE PRODUCT & TECHNOLOGY HIGHLIGHTS MVX Re-Architecture Product Segmentation Endpoint Protection Orchestration Cloud FireEye as a Service 26 COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

NOT ALL DETECTION IS THE SAME

MVX ENGINE MVX Purpose-Built for Security Hardened Hypervisor Finds known/ unknown cyber-attacks in real time across all attack vectors Line Rate Intelligent Capture MVX Core (Detonation) Multi-flow Multi-vector Reduce False Negatives Reduce False Positives Scalable Extensible 28

FIREEYE PLATFORM ADVANTAGES MVX Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Correlation of Information Bi-directional Cloud Sharing Time to Protection 29

FIREEYE PLATFORM ADVANTAGES MVX Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Correlation of Information Bi-directional Cloud Sharing Time to Protection 30

FIREEYE PLATFORM ADVANTAGES MVX Web Email File Mobile Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Correlation of Information Bi-directional Cloud Sharing Time to Protection 31

FIREEYE PLATFORM ADVANTAGES MVX Web Email File CMS Cross-enterprise Mobile Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Crosscorrelated Intelligence Bi-directional Cloud Sharing Time to Protection 32

FIREEYE PLATFORM ADVANTAGES MVX Web Email Dynamic Threat Intelligence Cloud File CMS Cross-enterprise Mobile Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Cross-correlated Intelligence Bi-directional Cloud Sharing Time to Protection 33

FIREEYE PLATFORM ADVANTAGES Web MVX Email Dynamic Threat Intelligence Cloud Real Time Private Scalable Cross-Enterprise File CMS Cross-enterprise Mobile Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Cross-correlated Intelligence Bi-directional Cloud Sharing Time to Protection 34

FIREEYE PLATFORM ADVANTAGES Web MVX Email Dynamic Threat Intelligence Cloud Real Time Private Scalable Cross-Enterprise File CMS Cross-enterprise Mobile Thousands of Permutations (files, OS, browser, apps) Multi-Flow Analysis Multi-Vector Analysis Crosscorrelated Intelligence Bi-directional Cloud Sharing Time to Protection 35

TRUE POSITIVES: ACCURACY MATTERS 99% 37% 36% 37% 29% 26% 4% Cisco Trend Micro Palo Alto Networks AhnLab Check Point Intel Security 20 COPYRIGHT 2016 FIREEYE, INC. ALL RIGHTS RESERVED

FALSE POSITIVES: CHASE AND WASTE On average, an organization wastes $1.3 million annually on unreliable alerts 2/3 of the time spent by security staff responding to malware attacks is wasted because of faulty intelligence." Ponemon, The Cost of Malware Containment, January 2015 1.7x 4.3x 8.9x 23.9x 74.8x 246x Cisco AhnLab Check Point Palo Alto Networks Trend Micro Intel Security 21 COPYRIGHT 2016 FIREEYE, INC. ALL RIGHTS RESERVED

MVX RE- ARCHITECTURE Q4 15 Q3 16 Q4 16 Q1 17 MVX 2.0 Re-architect MVX 2.0 Distributed MVX 2.0 Hybrid/ Subscription MVX 2.0 Pure Cloud MVX Line Rate Intelligent Analysis Hardware & Virtual Hardware & Virtual MVX Core Line Rate Intelligent Analysis MVX Core MVX Core MVX Core FireEye Data Center FireEye Data Center MVX Core Customer Data Center 38 COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED.

NETWORK SECURITY SOLUTIONS FOR ALL ORGANIZATIONS AFFORDABLE ADVANCED THREAT PROTECTION COMPREHENSIVE ADVANCED THREAT PROTECTION Network Security Essentials Network Security Power MVX IPS + Riskware DTI MVX IPS IPS + Riskware MTP TAP ATI Network Security Essentials High detection efficacy Simple inline deployment Low TCO Expanded visibility Workflow integration Alert context Multi-vector correlation Orchestration / integration Cloud analytics

ENDPOINT ROADMAP 1H 2015 2H 2015 1H 2016 DETECT & PREVENT DTI-based detection NX Integration IoC validation (any source) Internationalization Exploit Detection FIPS/CC compliance ANALYZE & RESPOND Endpoint forensics One-click containment Internationalization Enterprise Search 2H 2016 Exploit Prevention Mac (OSX) support Q4 15 Enterprise Search 1H 16 Exploit Detection 2H 16 Exploit Prevention

ORCHESTRATION: A FORCE MULTIPLIER STREAMLINE REPEATABLE TASKS ELIMINATE SWIVEL CHAIR INVESTIGATIONS Automate repeatable tasks of a limited security staff Remove friction from managing hundreds of point solutions HUNTING VALIDATION ACCELERATE RESPONSE CREATE TIME FOR HIGHER ORDER TASKS Reduce risk by minimizing the risk exposure window and persistence of an attack Increase efficiency and performance of security staff to do more with less

INTELLIGENT SECURITY ORCHESTRATION AND AUTOMATION 1H 16 2H 16 Invotas On the FireEye Platform Orchestrating FireEye platform + isight Multi-vendor platform Integration Playbook Mandiant processes 42

FIREEYE FOR THE CLOUD EMAIL THREAT PROTECTION Email Threat Protection Anti-Virus / Anti Spam Advanced Threat Detection Contextual Intelligence 43

FIREEYE FOR THE CLOUD: THREAT ANALYTICS PLATFORM Amazon Cloudtrail Threat Analytics Platform Advanced Detection Indicators Rules Analytics 44

FIREEYE AS A SERVICE 45

FireEye as a Service Video

FIREEYE AS A SERVICE SEGMENTATION PRODUCTS ALERTS SERVICES DETECT INVESTIGATE FaaS Today NX EX HX ETP PX HX APT ONLY CONTINUOUS MONITORING (ATI+) CONTINUOUS PROTECTION CONTINUOUS VIGILANCE FaaS vnext NX EX HX ETP PX HX +TAP APT ONLY OR HIGH PRIORITY ALERTS ACROSS ALL PRODUCTS (VIA FIREEYE TAP) CONTINUOUS MONITORING (ATI+) CONTINUOUS PROTECTION CONTINUOUS VIGILANCE FaaS Essentials NO PRODUCT VULNERABILITY REPORTING & CALLBACKS REMOTE MONITORING

IT' S TIME TO REIMAGINE SECURITY

LUNCH BREAK

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information