Extending Security Analytics to support Operational Efficiency. John A. Greco Deloitte & Touche LLP Cyber Risk Services



Similar documents
Analytics for Shared Services The three-minute guide

Does Providing Tax Services Impair Auditor Independence? Evidence from Assessing Tax Accrual Quality

Auto insurance telematics The three-minute guide

Information Life Cycle Management (ILM)

Revenue Cycle in Post- Acute Care Deloitte & Touche LLP Victor Shutack, Senior Manager June 2015

ERP Administrative Challenges Brian Jensen

Pricing Analytics The three-minute guide

Asset Management in the Cloud How to identify and manage Cloud based assets and services. September 19, 2014

Advanced Analytics for Better Insights. Part of the Insurance series: Benefits of a New Policy Administration System: Why Going Live is Not Enough

Sustainability Analytics The three-minute guide

Medicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP

Big data The three-minute guide

Using Hedge Accounting to Better Reflect Risk Mitigation Strategies. Jeff Craft Jason Weaver Deloitte & Touche LLP

Consumer products analytics The three-minute guide

Mary E. Galligan Director Deloitte & Touche LLP August 4, 2015

IPT 2015 Sales & Use Tax Symposium Indian Wells, CA. Tax Accrual Data Analytics Dashboards to Minimize Risk

Legal billing and predictive coding A fresh way to assess your legal spend

Service Organization Control (SOC) Reports

Social Business Intelligence Framework. Copyright 2012 Deloitte Development LLC. All rights reserved.

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Deloitte Discovery Caribbean & Bermuda Territory Guide

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Electronic Health Records and Performance Metrics. Thomas E. Britten, Specialist Leader, Deloitte Consulting LLP

Culture of purpose: A business imperative 2013 core beliefs & culture survey

Key Cyber Risks at the ERP Level

Captive Insurance Companies: Current Lay of the Land. Fred Thomas, Deloitte Tax Natasha Ng, Deloitte Tax

Documentation, coding, charging, and billing for medications Identifying risks and internal audit focus areas

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Risk Considerations for Internal Audit

State Tax Implications of an IRS Audit. Steve Spaletto, Deloitte Tax LLP

Mortgage series on management estimates

RSA enables rapid transformation of Identity and Access Governance processes

IDB Tax Reimbursement Benefit Seminar 2013 Settlements

U.S. Taxation and information reporting for foreign trusts and their U.S. owners and U.S. beneficiaries

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

CFO Insights How CFOs Can Own Analytics

Evergreen Solutions Lowering the cost of EHR ownership

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Talent 2020: Surveying the talent paradox from the employee perspective The view from the Health Care sector

Into the cybersecurity breach

Cybersecurity The role of Internal Audit

The Internet of Things

Great (sales) expectations. The growing gap between sales force expectations and the influence traditional sales compensation has on performance

1. Understanding Big Data

Third Party Security: Are your vendors compromising the security of your Agency?

Managing Risk Beyond a Plan's Direct Control: Improving Oversight of a Health Plan's First Tier, Downstream, and Related (FDR) Entities

Reserving for loyalty rewards programs Part III

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

Escrow Accounting and Internal Controls

A Human Capital Perspective of the Alternative Energy Industry

M&A analytics The three-minute guide

FinCEN Issues Notice of Proposed Rulemaking that Would Extend AML Requirements to Registered Investment Advisers

September 9, 2013 Don Hoag Deloitte Consulting, LLP

Cyber intelligence exchange in business environment : a battle for trust and data

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Current issues and trends in the Aerospace supply chain

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013

Unique combination of Business, Academia & Technology

HL7 EHR System Functional Model and Standard (ISO/HL ), Release 2

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

Interplant Costing using Oracle Sourcing Rules with Oracle Supply Chain Cost Rollup in Oracle R12. OAUG Cost Management SIG February 17, 2015

WIFIA Water Infrastructure Finance and Innovation Act: An Introduction

Auto Insurance Telematics: Where the Data Meets the Road

Conducting due diligence and managing cybersecurity in medical technology investments

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

Private foundations Establishing a vehicle for your charitable vision

February Audit committee performance evaluation

Developing Your Strategic Plan

Deloitte and IBM Smarter teaming for clients

HR Business Partnering A Custom Approach

Digital marketing and the mind of the CMO. AS adoption of digital media and devices. SIGNALS for strategists

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

May C Group ERP data bridge setup Typical approach

Controlled substances Identifying risks and internal audit focus areas

FSB: Reinsurance Regulatory Review Summary of Discussion Paper

340B Drug Discount Program Identifying risks and internal audit focus areas

Addressing Cyber Risk Building robust cyber governance

Foreign Account Tax Compliance Act (FATCA) Intergovernmental Agreement Model 1 Latest Updates and Requirements

Introduction to Tax Equity Structures Part II. Tom Stevens Bill Fisher Deloitte Tax LLP

How To Buy Insurance Online From An Insurer

US estate and gift tax rules for resident and nonresident aliens

Transcription:

Extending Security Analytics to support Operational Efficiency John A. Greco Deloitte & Touche LLP Cyber Risk Services

Extending security analytics to support operational efficiency Key components of the Security Analytics Architecture Log decoder Packet decoder Concentrator Analytics server/broker Archiver ESA (Complex Event Processing) 2

Security Analytics (SA) ecosystem 3

Extending Security Analytics to Support Operational Efficiency What s the REST API? REST (Representational State Transfer) is a simple stateless architecture that runs over http/https Similar to using a browser to pull a web page back The REST API (Application Programming Interface) can access the SA resource tree via URLs to receive data about the resource. Some examples: 4

REST API TCP Port Map 5

Extending Security Analytics to Support Operational Efficiency What s possible with the SA REST API? Allows simple access to the Security Analytics interface via http/https Ability to invoke programmatic ad-hoc queries with a meaningful Security context on behalf of forensic digs or active incidents Ability to extract useful metrics for statistics How to extract REST syntax & examples http://saconcentrator:50105/logs?msg=pull 6

Extending Security Analytics to Support Operational Efficiency 7

Extending Security Analytics to Support Operational Efficiency How do I REST with SA? Use curl to programmatically perform a REST API call to extract session ids from the SA Ecosystem /usr/bin/curl --user 'admin:netwitness' "http://saconcentrator:50105/sdk?msg=query&query=sele ct+sessionid+where+time%3d%272014-jul- 01+08%3A00%3A00%27-%272014-Jul- 31+09%3A00%3A00%27%26%26(alert%20exists)%26% 26(device.type%3Dfireeyewebmps)&size=100" 8

Extending Security Analytics to Support Operational Efficiency 9

Extending Security Analytics to Support Operational Efficiency How to signal an external system for task triage, ticketing 10

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 11

THANK YOU