Integrated Active Cyber Defense. Reducing Your Risk of Compromise Through Integrated & Automated Active Cyber Defense

Similar documents
DEC Next Generation Security with Endpoint Detection and Response WHITE PAPER

KEYW uses acquired Sensage technology to form Hexis Cyber Solutions

cybereason Data Breaches Don t Blame Security Teams, Blame Lack of Context 2016 Cybereason. All rights reserved. 1

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Using SIEM for Real- Time Threat Detection

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

SANS Top 20 Critical Controls for Effective Cyber Defense

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

The Importance of Cybersecurity Monitoring for Utilities

Integrating MSS, SEP and NGFW to catch targeted APTs

Guidance Software Whitepaper. Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

VIGILANCE INTERCEPTION PROTECTION

Evolution Of Cyber Threats & Defense Approaches

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Requirements When Considering a Next- Generation Firewall

Guidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURITY 2.0 LUNCHEON

Unified Security, ATP and more

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

THE EVOLUTION OF SIEM

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Menaces avancées : Pourquoi l automatisation de la remédiation est- elle nécessaire? Détection Intégrée. Réponse Automatisée.

Things To Do After You ve Been Hacked

Cisco Cyber Threat Defense - Visibility and Network Prevention

Active Response: Automated Risk Reduction or Manual Action?

Cisco Advanced Malware Protection for Endpoints

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Managed Security Services. Leverage our experienced security operations team to improve your cyber security posture

Palo Alto Networks. October 6

Company Profile S Flores #205 San Antonio, TX

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

100 Hamilton Avenue Palo Alto, California PALANTIR CYBER. An End-to-End Cyber Intelligence Platform

Advanced Threat Protection with Dell SecureWorks Security Services

Redefining Incident Response

NEC Managed Security Services

IBM QRadar Security Intelligence April 2013

Concierge SIEM Reporting Overview

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

Endpoint Security for DeltaV Systems

Security Intelligence Services.

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cyber intelligence in an online world

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

McAfee Network Security Platform

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Analyzing HTTP/HTTPS Traffic Logs

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Symantec Advanced Threat Protection: Network

I D C A N A L Y S T C O N N E C T I O N

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

What is Security Intelligence?

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

POLIWALL: AHEAD OF THE FIREWALL

The Five Most Common Cyber-Attack Myths Debunked

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Persistence Mechanisms as Indicators of Compromise

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Content Security: Protect Your Network with Five Must-Haves

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

RETHINK SECURITY FOR UNKNOWN ATTACKS

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Obtaining Enterprise Cybersituational

ORGANIZADOR: APOIANTE PRINCIPAL:

IBM SECURITY QRADAR INCIDENT FORENSICS

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Industrial Control System Cyber Situational Awareness. Robert M. Lee* June 10 th, 2015

Solutions Brochure. Security that. Security Connected for Financial Services

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Enterprise Security Tactical Plan

QRadar SIEM and FireEye MPS Integration

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

POLIWALL: AHEAD OF THE FIREWALL

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

Running head: Next Generation Firewalls 1

Transcription:

Integrated Active Cyber Defense Reducing Your Risk of Compromise Through Integrated & Automated Active Cyber Defense

2 We think it [the future of Cybersecurity] lies in leveraging automation and integration to be able to detect and mitigate Cybersecurity risk in real time.

Our Moderators Today Pat Arvidson Director for Defending DoD Networks and Mission Assurance OSD, Office of the Principal Cyber Advisor (Moderator) Russell Glenn Director, Cybersecurity ACD Integration KEYW Corp. (Moderator) 3

Our Panelists Today Travis Rosiek Federal CTO FireEye (Panelist) Chris Fedde President Hexis Cyber Solutions (Panelist) Ryan Gillis Vice President, Cybersecurity Strategy and Global Policy Palo Alto Networks (Panelist) John Stoner Federal Security Strategist Splunk (Panelist) 4

State of Cyber Defense 5

State of Cyber Defense Cyber Network Defenders Overwhelmed Burdened under fog of alerts Unable to focus on APT/Nation State attacks Cyber Network Defenders Need Tools/processes that automatically handle basic threats (80%) Enables operators to hunt advanced threats with enriched threat intel Leveraging policy driven automation is not a new idea Ex: Automated System Lock out, Anti-virus 6

SHORTSTOP Architecture L4 L3 L2 Analytics Mission Threads Integration L1 NGFW Heuristic/ Sandbox ERD Compliance 7

Incident Response Story Current Incident Response Threat Incident Occurs Incident response team responds Incident analysis occurs from logs and existing data Threat is identified and damage assessment and Cleanup occurs So what if we created Automated Incident Response? What would it look like. 8

Integrated Approach + Logical Architecture The SHORTSTOP layered approach to cyber security leverages the traditional military strategy of the decision cycle Observe, Orient, Decide, and Act (OODA) applying it to all major threat vectors. SHORTSTOP System Analytics Mission Threads, Mission Effects Observe Integration, Data Enrichment / Splunk Act Observe Orient Sensor Analytics Sensor Analytics Sensor Analytics Sensor Analytics Act Orien t Sensor Threat Feeds Next Generation Firewall Heuristic / Sandbox Endpoint Remediation Device Compliance Decide Decide 9

SHORTSTOP Reference Architecture SHORTSTOP is provided as a turn-key system, or reference design, to deploy best-in-class cyber defense: Central management/threat aggregation layer for threat correlation Course Of Action development based on enterprise environment and threat posture Commercial security technologies to address all major threat vectors Detection and Heuristics at the perimeter, internal/external networks, and the endpoint. Continuous, automated, policy-driven response to confirmed threats 10

SHORTSTOP Reference Architecture Architecture Components Perimeter Network Inbound network IOC detection. On demand threat blocking. Internal network IOC detection, primarily sandboxing or threat replay technology, detecting advanced IOC. Endpoint Detect malicious activity and outbound threats emanating from host. Verify network threats existence on the endpoint. Apply policy driven countermeasures to remove the threat. Command/Control/Orchestration/Integration Correlate sensors and IOCs from Endpoint and Network. Provide common visibility of threat. Automate response to the threat at the endpoint and network layer.` Initial Deployment 11

SHORTSTOP Benefits to Enterprise Security Reduce incident response times through policy driven automation: Confirm host infections, increase detection effectiveness and reduce false positives. Automate response actions with HawkEye G s policy based response capabilities to more rapidly and efficiently contain and remove threats at machine speeds. Coordinate threat identification and tool integration with Splunk as the integration layer to automatically respond to threats Cyber Situational Awareness: Improve visibility through a unified solution architecture that combines detection at all layers of the enterprise into common visual representation with Splunk and HawkEye G Increase Blue/Hunt capabilities: Provide additional analytic and hunting capabilities by leveraging Splunk to collect, synthesize, and enrich all threat indicators from HawkEye G, Palo Alto Networks, and FireEye. 12

SHORTSTOP Benefits to Operations Operators: Increase capability of existing work force by leveraging automated technology Improve efficiency of incident response (Decrease onsite hunting, automate common threat response, correlate threats to prioritize alerts) Tools: Integrate with existing tools and investments Ease of integration of new tools and capabilities Coordination of sensor data improves threat identification, incident response, and hunting Custom development for analytics and COAs still enabled Processes: Simplify operational processes for operators Lower barrier for entry for trained forces 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information