Evolution Of Cyber Threats & Defense Approaches



Similar documents
Hunting for the Undefined Threat: Advanced Analytics & Visualization

THE EVOLUTION OF SIEM

Enterprise Cybersecurity: Building an Effective Defense

Defending Against Data Beaches: Internal Controls for Cybersecurity

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Critical Security Controls

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Agenda , Palo Alto Networks. Confidential and Proprietary.

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

Protection Against Advanced Persistent Threats

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

WHITE PAPER: THREAT INTELLIGENCE RANKING

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Enterprise Cybersecurity: Building an Effective Defense

With Great Power comes Great Responsibility: Managing Privileged Users

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

RSA Security Anatomy of an Attack Lessons learned

Intelligence Driven Security

Zak Khan Director, Advanced Cyber Defence

Defending Against Cyber Attacks with SessionLevel Network Security

Security Analytics for Smart Grid

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Fighting Advanced Threats

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Security Operation Centre 5th generation

SIEM is only as good as the data it consumes

How To Build Security By Silo

Eight Essential Elements for Effective Threat Intelligence Management May 2015

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

24/7 Visibility into Advanced Malware on Networks and Endpoints

THE NEW FRONTIER FOR PROTECTING CORPORATE DATA IN THE CLOUD

FIVE PRACTICAL STEPS

Cisco Advanced Malware Protection

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

After the Attack: RSA's Security Operations Transformed

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Endpoint Threat Detection without the Pain

Can We Become Resilient to Cyber Attacks?

CYBER ATTACK DEFENSE A KILL CHAIN STRATEGY WHITE PAPER

The Next Generation Security Operations Center

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Cyber Security Operations: Building or Outsourcing

Stay ahead of insiderthreats with predictive,intelligent security

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Under the Hood of the IBM Threat Protection System

Building A Secure Microsoft Exchange Continuity Appliance

Security Information and Event Management. White Paper. Expand the Power of SIEM with Real-Time Windows Security Intelligence

IBM QRadar Security Intelligence April 2013

DYNAMIC DNS: DATA EXFILTRATION

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Countering Cyber Attacks with Big Data and Analytics

Pivoting to Data-less Endpoints with High Security and Cloud Services. Robert Pell, Principal Architect, East Region Code42 Software

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Advanced Threats: The New World Order

Protecting Your Organisation from Targeted Cyber Intrusion

Incident Response. Six Best Practices for Managing Cyber Breaches.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Securing NoSQL Clusters

EITC Lessons Learned: Building Our Internal Security Intelligence Capability

Logging In: Auditing Cybersecurity in an Unsecure World

Bridging the gap between COTS tool alerting and raw data analysis

Big Data and Security: At the Edge of Prediction

A Case for Managed Security

Security of Cloud Computing for the Power Grid

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Unified Security, ATP and more

Using SIEM for Real- Time Threat Detection

Advanced Persistent Threats

Performing Advanced Incident Response Interactive Exercise

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

RSA Security Analytics

IBM Security re-defines enterprise endpoint protection against advanced malware

The Role of Security Monitoring & SIEM in Risk Management

Breach Found. Did It Hurt?

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

CyberArk Privileged Threat Analytics. Solution Brief

Increase insight. Reduce risk. Feel confident.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Software that provides secure access to technology, everywhere.

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Cyber intelligence in an online world

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Networking for Caribbean Development

Решения HP по информационной безопасности

EnCase Analytics Product Overview

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

High End Information Security Services

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Concierge SIEM Reporting Overview

Transcription:

Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm

Agenda About State Farm Evolution of Attacks Targeted Attacks Explained Legacy Defense Framework Based Defense An Approach to Protecting Passwords Big Data Security Analytics Bringing It All Together Conclusions Questions

About State Farm Ranked No. 41 on the Fortune 500 list of largest companies #1 Auto Insurance and life Insurance provider One of the largest private networks in the nation Network of 60,000 network nodes, and 24,000 network links installed Supports about 150,000 employees and agents Manages 625,000 devices 5,500 IT Staff Members 323 Security Experts and growing (Yes, we are hiring!!)

A Brief History of Cyber Attacks Talented Hackers Experiment or Attack Just Because They Can Often to Make Their Message Heard Louder All About Name and Fame Usually not About Money

A Brief History of Cyber Attacks Evolution of Attacks

Evolution Of Attacks Present Day Attackers Cyber Criminals Hactivists Nation States Cyber Terrorists?

Targeted Attacks In Depth Focused Cyber Attack Capture Credentials Steal Intellectual Property NPI Pivot Point to Attack Others Persistent High Success Rate

Targeted Attack In Depth Example - Email Based Attack

Targeted Attacks In Depth Watering Hole Attack

Targeted Attacks In Depth Post Compromise State

Legacy Defense LOL (Layers On Layers) Signature Based Stops Known Bad. But, What is Bad?

Framework Based Defense For a Defendable Network Four Pillars of Cyber Defense NIST Protect NIST Detect NIST Protect NIST Respond Recover

Framework Based Defense For a Defendable Network Four Pillars - Examples PREVENT DETECT PROTECT RESPONSE NextGen FWs IPS Antivirus Endpoint Protection Advanced Endpoint Protection Exploit Prevention (like EMET) Endpoint Execution Control SIEM Threat Feeds Security Analytics Network Sandboxes and BDS Endpoint Detection/Forensics Network Forensics DNS Analysis Flow Analysis Multifactor Auth Specific Use of Encryption Tokenization Network Segmentation Outbound traffic control Vulnerability Management Trained People Applicable Procedures Response & Recovery procedures Command structure 24/7 Monitoring and associated response Response Automation

Make It Harder For Bad Guys Using Capabilities From Different Pillars 6 Credentials Stolen 7 Data Exfil SIEM & Response Team Untrusted Trusted Enterprise Admins with Day to Day Credentials used for Email and Internet Hardened Virtual Machine Enforcing MFA Behind Separate Firewalls Enterprise Admins with Priviledged Credentials Separate From Their Day to Day Credentials

Security Analytics

System activity on workstations, networks and data centers generate log information.

Log information is collected and analyzed.

Log data is stored in multiple locations across the Enterprise.

Equals to Terabytes of log data collected each day.

Hadoop Platform is used to store and process data at scale. A combination of data scientists and security experts leverage analytic tools to dig deeper into the data set. Performing hunt activities Applying similar skills and tools we apply to business problem to security

Data is grouped in such a way to find anomalies and potential Indicators of Compromise (IoCs) and Indicators of Attack (IoA) within the Enterprise. Utilizing Machine learning algorithms and statistical models Hybrid Approach Buy and Build

We Are Sitting on Top Of a Goldmine. Lets Make use of It!

Bringing It All Together SIEM-Analytics Eco-System Hunt Team Intel Analyst Data Scientists Manual Correlation Rules Big Data to SIEM Correlation Rules (automatic) SIEM SIEM-Big Data Event Pull SIEM Console & Operator Database Database Database Database Delivered Reports for Business Partners Enterprise Log Sources

Bringing It All Together Integrated Defense Identity Management System Proxy Breach Detection System Encryption and Key Management End Point Security Big Data Defense System DNS NAC 1 Generic Preventive Control Firewall 2 DLP System

Conclusions Invest in Framework Based Defense to create a defendable network Be aware of blind spots and strive for greater visibility Make use of the logs you already collect. Mine for signals within all that noise. Automate threat response to the extend possible Invest in threat hunting capabilities Not only consume threat intelligence, but share it!

Questions Contact antony.abraham.ukuo@statefarm.com Kevin.mcintyre.hl1x@statefarm.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information