Hunting for the Undefined Threat: Advanced Analytics & Visualization

Similar documents
Practical examples of Big Data, security analytics and visualization

Evolution Of Cyber Threats & Defense Approaches

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

The Future of the Advanced SOC

The Role of Security Monitoring & SIEM in Risk Management

THE EVOLUTION OF SIEM

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Rashmi Knowles Chief Security Architect EMEA

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Redefining SIEM to Real Time Security Intelligence

Obtaining Enterprise Cybersituational

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Critical Security Controls

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Content Security: Protect Your Network with Five Must-Haves

How To Manage Security On A Networked Computer System

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Cisco Advanced Malware Protection

Big Data and Security: At the Edge of Prediction

Bridging the gap between COTS tool alerting and raw data analysis

Metric Matters. Dain Perkins, CISSP

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

All about Threat Central

Intelligence Driven Security

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Gaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente

Cisco Advanced Malware Protection for Endpoints

Security Operation Centre 5th generation

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Threat intelligence visibility the way forward. Mike Adler, Senior Product Manager Assure Threat Intelligence

Security Business Intelligence Big Data for Faster Detection/Response

Combating a new generation of cybercriminal with in-depth security monitoring

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Security strategies to stay off the Børsen front page

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

The SIEM Evaluator s Guide

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Cisco Advanced Malware Protection for Endpoints

Introducing IBM s Advanced Threat Protection Platform

A Primer on Cyber Threat Intelligence

Detecting Threats Via Network Anomalies. Paul Martini Cofounder and CEO iboss Cybersecurity

RSA Security Analytics

EnCase Analytics Product Overview

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

IBM SECURITY QRADAR INCIDENT FORENSICS

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

What s New in Security Analytics Be the Hunter.. Not the Hunted

WHITE PAPER: THREAT INTELLIGENCE RANKING

Find the needle in the security haystack

Security Operations Metrics Definitions for Management and Operations Teams

Data Loss Prevention with Platfora Big Data Analytics

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

SANS Top 20 Critical Controls for Effective Cyber Defense

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

First Line of Defense

Concierge SIEM Reporting Overview

Unified Security, ATP and more

Threat Intelligence: Friend of the Enterprise

Covert Operations: Kill Chain Actions using Security Analytics

SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Intelligence-Driven Security

100 Hamilton Avenue Palo Alto, California PALANTIR CYBER. An End-to-End Cyber Intelligence Platform

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

The Third Rail: New Stakeholders Tackle Security Threats and Solutions

Data Science Transforming Security Operations

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC

Integrating MSS, SEP and NGFW to catch targeted APTs

Accenture Cyber Security Transformation. October 2015

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Detect & Investigate Threats. OVERVIEW

Effective Methods to Detect Current Security Threats

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

SourceFireNext-Generation IPS

Evolving Threat Landscape

Transcription:

SESSION ID: ANF-W04 Hunting for the Undefined Threat: Advanced Analytics & Visualization Joshua Stevens Enterprise Security Architect Hewlett-Packard Cyber Security Technology Office

Defining the Hunt Team

Cyber Defense Evolution Point Solutions Ad-hoc monitoring per device console SIEM/SOC Real-time monitoring of known threats Hunt Teams Find unknown threats, understand new adversary TTPs 1995 2000 2003 2006 2013 Log Mgmt Centralized ad-hoc monitoring Threat Intel Track known adversary IOCs, TTPs, intent

Hunt er Skillsets Cyber Security Intrusion Analysis Malware Analysis Threat Intelligence Data Science Data Management Data Visualization Statistics Programming Mindset Desire to learn Creative Analytical Red team Hunter

Hunt Processes Unstructured Hunt Exploratory data analysis Pattern discovery Structured Hunt Identify and search for indicators of compromise Real-time Monitoring Create or modify detection methods

The Need for Data and Security Analytics

Hiding in Plain Sight Known Threat Unknown Threat Matches a signature New behavior Goes to a bad place Goes to an approved place Works in the clear Works encrypted Unauthorized use Authorized use Outside of baseline Inside of baseline Within monitored infrastructure Outside monitored infrastructure Bad guys know how to stay inside the bell curve!

Security Analytics Comes in Different Flavors

A 13-billion Event Prototype

Security Analytics Prototype Anomaly Detection Distributed R (models) Causal Analysis Cluster Analysis Security Analytics What-If Analysis Raw Events Vertica Data Store Hadoop Connectors Normalized events SIEM Correlation Kafka/Storm Prototype Ingested events SIEM Logging

5 Hunt Team Use Cases

Case 1: Cluster Analysis for Hunt Team Managers

View: Proportional Relationships Less VPN traffic and more IPS traffic reveals blind spots

Apply Categorization SIEM categorization and destination port surfaces hostile events.

Case 2: Track Anomalies for Security Analysts

View: Events by High Severity Rating and Volume

Change View to Destination Type Display trend of unique destinations visited

Apply Anomaly Chart Graph filtered from billions of events Anomalous Event Uncover unique event, alerting next level of investigation.

Case 3: Analyze the Haystack for the Hunt Team

View: IPS Events for 45 days

Model IPS Events by Technique

Filter on the Return Traffic Display IPS evasion, recurring pattern and gaps in visibility.

Case 4: Behavioral Analysis for the Hunt Team

View: Non-Security Events in the Environment

A Typical View of VPN Logging by Source

Overlay VPN Source with Recon Events Correlate two sources of information to identify atypical behavior

Case 5: Advanced Analysis for the Hunt Team

Source Drilldown Reveals Subtle Patterns Horizontal line denotes large scale brute force attempts Time

In Closing Defining the Hunt Team Leveraging Data and Security Analytics An internal analytics prototype Use cases for the hunt team

Apply What You Have Learned Today 1 Week Give Analysts 4 hours/week for unstructured hunting 3 Months Build data science skills into your hunt team 6 Months Feedback lessons learned into other operational teams 1 Month Identify relevant data to begin hunting 4 Months Implement a Hunt practice Incorporate use cases

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information