Prevention vs Detection - Come ribilanciare gli investimenti sulla sicurezza IT. Manuel Minzoni Business developer Itway
|
|
- Chastity Cole
- 5 years ago
- Views:
Transcription
1 Prevention vs Detection - Come ribilanciare gli investimenti sulla sicurezza IT Manuel Minzoni Business developer Itway
2 NASDAQ: RPD Delivering Security Data & Analytics that revolutionize the practice of cyber security 5,100+ Customers 37% Fortune Countries 800+ Employees Confidential and Proprietary 2
3 5,100+ Customers in More Than 90 Countries Technology/ Communication Retail/ Wholesale Energy Financial Services Healthcare Manufacturing Education Media & Entertainment Government Public Sector Others Confidential and Proprietary 3
4 New Explosion Of High-Impact Cyber Attacks IT CONTROL & VISIBILITY Vastly expanding attack surface ATTACKER SOPHISTICATION & REACH Weaponization of cyber attacks TIME Confidential and Proprietary 4
5 Massive Shift to Risk-Based Approach to Security OLD MODEL: Prevention-Based Security Block and Protect Prevention Detection Correction Detection NEW MODEL: Risk-Based Security Correction Data & Analytics Prevention By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 20% in Gartner: Shift Cybersecurity Investment to Detection, dated 7 January 2016 Confidential and Proprietary 5
6 Security Advisory Services Accelerate Security Improvement Threat Exposure Management Reduce Your Risk of a Breach Incident Detection & Response Find The Attacks You re Missing Security Assessment Security Program Development Incident Response Program Development Nexpose Metasploit AppSpider UserInsight Incident Response Services 6
7 Rapid7 Solves Key Customer Questions AM I VULNERABLE? AM I COMPROMISED? AM I OPTIMIZED? THREAT EXPOSURE MANAGEMENT INCIDENT DETECTION & RESPONSE SECURITY ADVISORY SERVICES compliance reporting SECURITY ANALYTICS compliance reporting SECURITY ANALYTICS compliance reporting SECURITY ANALYTICS Legacy Vulnerability Management ATTACKER INSIGHTS REMEDIATION Log Aggregation BEHAVIORAL ANALYTICS CONTEXT SEARCH Traditional Testing SECURITY ASSESSMENT PROGRAM STRATEGY with technology-based differentiation to provide analytics-driven answers Confidential and Proprietary 7
8 Closing The Gap DAY 1 DAY 2 DAY 3 DAY 206 attacker threat threat gains entry detected malware contained 1. Detect compromise the same day threat detected 2. Scope the complete incident fast 3. Quickly hand off to remediation team DAY 234 threat contained??? Confidential and Proprietary 8
9 Cut Through the Noise Speed Investigations End Data Drudgery 9
10 Context Empowers Refinement Raw Events Relevant Activity Enriched, Attributed Events User & Asset Behaviors Notable Behaviors Suspicious Behaviors Alert Explore Search 10
11 Search - It s All About The Context Would you like to search through this? :10:54 R7-BOS-5545 : %ASA : Teardown TCP connection for outside: /443 to INSIDE: /57672 duration 0:00:14 bytes 4510 TCP FINs Or THIS? { "timestamp": " T21:10:54.000Z", "asset": kx acme.com, "user": Ronald Serpico, "source_address": " , "source_port": "443", "destination_address": " ", "destination_port": "57672", "direction": "INBOUND", "incoming_bytes": "4510", "outgoing_bytes": "0", "geoip_organization": "Amazon.com", "geoip_country_code": "US", "geoip_country_name": "United States", "geoip_city": "Ashburn", "geoip_region": "VA } 11
12 Alert not just Rules or just Anomalies How Attackers Work: Posing as a Legitimate User Incident Alerts Flag Suspicious Activity Compromised Credentials Streamline with Low Volume, High-Quality Alerts Network scans Lateral movement Phishing attempts 12
13 Investigate incident faster Focus the Scope Understand User Context Perform Fast Search 13
14 End Data Drudgery Active Directory LDAP DHCP DNS VPN IDS / IPS Web Proxy Firewall Servers Security Console Enterprise Cloud Applications Intruder Traps Single, Integrated Experience 14
15 Insight Platform Driving Innovation Threat Exposure Management Incident Detection & Response Managed Services Third-Party Applications PRE-PACKAGED ANALYTICS SEARCH VISUALIZE REPORT CONTEXTUAL DATA COLLECTION Asset Data User Data Behavioral Data Mobile Info Cloud Activity Controls Info 3rd Party Data Confidential and Proprietary 1 5
16 InsightIDR Solution Architecture Network Events Remote Endpoints Real-Time Endpoint Events Intruder Traps On-Premise Insight Collectors SSL SSL InsightIDR Attacker Analytics Platform Security Team Applications User Behavior Analytics Machine Learning Fully Searchable Data Set Existing Security Solutions, Alerts, and Events Enterprise Cloud Apps Mobile Devices 19
17 InsightIDR Event Sources FOUNDATIONAL EVENT SOURCES LDAP Microsoft Active Directory LDAP Active Directory Microsoft Active Directory Domain Controllers DHCP Cisco ios Infoblox Trinzic ISC dhcpd Microsoft DHCP VALUE-ADD EVENT SOURCES DNS VPN IDS / IPS Web Proxy Firewall Servers Security Console Enterprise Cloud Applications Intruder Traps 17
18 InsightIDR Event Sources Cont. DNS ISC Bind9 Infoblox Trinzic Microsoft DNS MikroTik PowerDNS Data Exporters FireEye Threat Analytics Platform HP ArcSight & ArcSight Logger Splunk VPN Cisco ASA VPN F5 Networks FirePass Fortinet FortiGate Juniper SA Microsoft IAS (RADIUS) Microsoft Network Policy Server Microsoft Remote Web Access OpenVPN SonicWALL Firewall & VPN Web Proxy Barracuda Web Filter Blue Coat Proxy Cisco IronPort Fortinet FortiGate Intel Security (fka McAfee) Web Reporter Sophos Secure Web Gateway Squid Watchguard XTM WebSense Web Security Gateway Microsoft ActiveSync (mobile devices) Microsoft Exchange Outlook Web Access Firewall Check Point Firewall Cisco ASA Firewall & VPN Cisco Meraki Fortinet Fortigate Juniper Netscreen Palo Alto Networks Firewall SonicWALL Sophos Firewall Stonesoft Firewall Watchguard XTM IDS / IPS Cisco Sourcefire Dell isensor Dell SonicWall HP TippingPoint McAfee IDS Metaflows IDS Security Onion Snort Rapid7 Windows Agentless Endpoint Monitor Mac Agentless Endpoint Monitor Honeypot & Honey Users Metasploit Nexpose Sophos Enduser Protection Symantec Endpoint Protection Cloud Services AWS Cloud Trails Box.com Duo Security Google Apps Office 365 Okta Salesforce.com Advanced Malware FireEye NX Palo Alto Networks WildFire SIEMs/Log Aggregators HP ArcSight IBM QRadar Intel Security (fka McAfee) NitroSecurity LogRhythm Splunk Virus Scanners McAfee epo Sophos Enduser Protection Symantec Enduser Protection Application Monitoring Atlassian Confluence Microsoft SQL Server 18
19 Reduce Your Risk of a Breach Nexpose Awards
20 Most Flexible Deployment Model Easy to Deploy, Easy to Integrate, Fastest Time to Value Engine Options Console Options SW Software SW Appliance Software Appliance Virtual Machine Laptop Cloud Virtual Machine Laptop Cloud
21 Flexible and Scalable Architecture Management Console Scan Engine Scan Engine Firewall Open API and Pre-Built Connector Scan Engine SIEM Log Management GRC IDS/IPS Network Topology Network Performance Analysis Pen Testing & Exploit Analysis
22 Dynamic Asset Groups Specific Assets By Type By Compliance By Location Windows By Importance Corporate Network Mac Windows Satellite Office Mac Linux Specific Risk By Single Vulnerability By Vulnerability Type By Vulnerability Risk Mac Windows Windows Linux Windows Data Center Windows Linux
23 Rapid7 s Prioritized Risk Reduction TRADITIONAL VULNERABILITY MANAGEMENT thousands of alerts clear, digestible & actionable by IT ID Title Occurrences MS05-43 MS04-61 MS05-72 MS03-32 AP04-32 AW01-34 AP04-16 FT01 VZ02 HPJ01 HW08 MS04-47 RHL013 PP32-1 SMOSL1 Microsoft Windows DCOM RPCSS Service Vulnerabilities Microsoft Windows DCOM RPC Interface Buffer Overrun Vuln Microsoft Windows ASN.1 Library Integer Handling Windows TCP/IP Remote Code Execution Apache Tomcat Directory Traversal APR-util Library Integer Overflow Apache 1.3 and 2.0 Web Server ProFTPD 1.3 2xc2 and Prior_mod SQL Injection OpenVZ Multiple Vulnerabilities HP NonStop Servers and Java Huawei Multiple Device Bypass Microsoft Messenger Service Buffer Overrun Vulnerability Red Hat Linux Instance 1.3 Multiple Vulnerabilities Plug and Play Remote Access Vulnerability SQL_mod remote Once Single Access Confidential and Proprietary 23
24 Reduce Your Risk of a Breach Know your weak points Prioritize what matters most Improve Your Outcomes Uncover your hidden attack surface Validate vulnerabilities with Metasploit Contextualize assets using RealContext Focus on the highest risks using RealRisk Deliver impactful, actionable remediation plans Implement best practice security controls Drive decisions using powerful reporting Meet vulnerability management compliance requirements
25 Know Your Weak Points Uncover your hidden attack surface Physical Virtual Cloud Mobile Validate Vulnerabilities with Metasploit Closed-loop Integration Contextualize assets using RealContext Asset Owner Asset Location Asset Importance
26 Prioritize What Matters Most Focus on the highest risks with RealRisk Granular Scoring (0-1000) Exploit & Malware Kit (Increases risk) Weighted Scoring (using RealContext ) Deliver impactful, actionable remediation plans Owner Assignment (using RealContext ) Top remediation reports Clear steps to follow Implement best practice security controls Visualize deployment of controls Measure effectiveness of controls Prioritizes controls for implementation
27 Nexpose Differentiator: Exploit & Malware Exposure; RealRisk 27
28 Improve Your Outcomes Drive decisions using powerful reporting Pre-built Report Templates (fully customizable) Risk Trending Charts A Benchmark Departments (using Risk Scorecard) Meet vulnerability management compliance requirements Pass Customizable Audit Reporting Compliance Reports Exception Workflow
29 SIEM Ticketing IT GRC Topology Risk NGFW - IPS Credentials Patch Virtualization SaaS NAC WAF Technology Partner Ecosystem
30 Lascia il tuo feedback su Nella pagina Agenda clicca sul nostro intervento e poi su «Inserisci il tuo feedback»
Bolster Your IR Program. Eric Sun, Solutions Mgr, Incident Detection &
Bolster Your IR Program Eric Sun, Solutions Mgr, Incident Detection & Response @exalted What is the Attack Chain, and why map to it? Today s state of Incident Detection & Response Rapid7 approach to Investigations
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationA Risk Management Platform
A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention
More informationTop 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
More informationInfoblox as Part of the Ecosystem
Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationZix Support for Standards
COMPATABILITY GUIDE Zix works in your environment because our products are based in standards such as SMTP, SAML and OATH. We have thousands of customers using Zix in diverse environments, and we know
More informationSecureVue. Version Supported Technologies List Updated: July 2015
SecureVue Version 3.6.7.4 Supported Technologies List Updated: July 2015 SecureVue The following table provides a detailed list of all network devices, security devices, hosts, applications, and databases
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationQuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview
Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationAby se z toho bezpečnostní správci nezbláznili Cisco security integrace. Milan Habrcetl Cisco CyberSecurity Specialist Mikulov, 5. 9.
Aby se z toho bezpečnostní správci nezbláznili aneb Cisco security integrace Aby se z toho bezpečnostní správci nezbláznili Cisco security integrace Milan Habrcetl Cisco CyberSecurity Specialist Mikulov,
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More information8 Must Have. Features for Risk-Based Vulnerability Management and More
8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in
More informationSecurity Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response
Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,
More informationMcafee Network Intrusion Detection System. Project Report >>>CLICK HERE<<<
Mcafee Network Intrusion Detection System Project Report Selecting an intrusion detection and prevention system vendor can be a IDS/IPS protection, the current network configuration and the project budget,
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection
More informationPut an end to cyberthreats
Put an end to cyberthreats Automated and centralized Advanced Security CORPORATE CYBERSECURITY Who is behind cyberthreats?1 73% 28% 12% 50% What is the cost to companies? Global cost: $600,000 M3 Cost
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationSecurity Made Simple by Sophos
Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationLeveraging Open-Source Intelligence (OSINT)
Leveraging Open-Source Intelligence (OSINT) How Social Footprints Lead to Cyber Risk Chris Coryea International Cyber Intelligence Services Manager 2017 LEIDOS. ALL RIGHTS RESERVED. The wording LEIDOS
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationIBM Internet Security Systems Proventia Management SiteProtector
Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationVendor Overview This is is the go to value-added distributor that accelerates market entry and growth for innovative cybersecurity, networking and inf
Vendor Overview Disruptive Distribution Accelerating market entry and growth for innovative cybersecurity technologies Vendor Overview This is is the go to value-added distributor that accelerates market
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationTenable for Palo Alto Networks
How-To Guide Tenable for Palo Alto Networks Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with Palo Alto Networks next-generation firewalls (NGFW).
More informationNot your Father s SIEM
Not your Father s SIEM Getting Better Insights & Results Bill Thorn Director, Security Operations Apollo Education Group Agenda Why use a SIEM? What is a SIEM? Benefits of Using a SIEM Considerations Before
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationHow to manage evolving threats on evolving ICT assets across Enterprise
How to manage evolving threats on evolving ICT assets across Enterprise Marek Skalicky, CISM, CRISC, Qualys MD for CEE November, 2015 Vaš partner za varovanje informacij Agenda Security STARTs with VISIBILITY
More informationThink Like an Attacker
Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationBUYER S GUIDE EVALUATING VULNERABILITY ASSESSMENT SOLUTIONS
BUYER S GUIDE EVALUATING VULNERABILITY ASSESSMENT SOLUTIONS How to define your needs and choose the right vendor > Introduction Page 3 Key Components Page 5 Solution Architecture 5 Network Vulnerability
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationInformation Security Specialist. IPS effectiveness
Information Security Specialist IPS effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of
More informationEvaluating Vulnerability Assessment Solutions
BUYER S GUIDE Evaluating Vulnerability Assessment Solutions How to define your needs and choose the right vendor TABLE OF CONTENTS Introduction 3 Solution architecture 5 Key Components 5 Network vulnerability
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Marco Rottigni Chief Technical Security Officer, Qualys, Inc. Secure Enterprise Mobility
More informationSecurity Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis
Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 HPE Security ArcSight SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 Copyright
More informationSimplify, Streamline and Empower Security with ISecOps
Simplify, Streamline and Empower Security with ISecOps Matthew O Brien Senior Global Product Manager Cybersecurity DXC.technology 1 What is Integrated Security Operations (ISecOps)? Intelligence Driven,
More informationSymantec Advanced Threat Protection: Endpoint
Symantec Advanced Threat Protection: Endpoint Data Sheet: Advanced Threat Protection The Problem Virtually all of today's advanced persistent threats leverage endpoint systems in order to infiltrate their
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector Release Notes 7.6.0.8009.0 May 15, 2017 HPE Security ArcSight SmartConnector Release Notes 7.6.0.8009.0 May 15, 2017 Copyright 2010 2017 Hewlett Packard
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I
DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016
Cisco Cyber Range Paul Qiu Senior Solutions Architect June 2016 What I hear, I forget What I see, I remember What I do, I understand ~ Confucius Agenda Agenda Cyber Range Highlights Cyber Range Overview
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,
More informationImperva CounterBreach
Imperva CounterBreach DATASHEET Protect Your Data from Insider Threats The greatest threat to enterprise security is the people already on the payroll. To do their jobs, employees, contractors, consultants
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationChecklist for Evaluating Deception Platforms
Checklist for Evaluating Deception Platforms With over 700 reported breaches occurring annually, a modern day adaptive security defense requires a combination of prevention, detection, response, and prediction
More information<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1
RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationKeeping your VPN protected
Keeping your VPN protected Overview The increasing use of remote access is driving businesses to look for an easy to manage, secure solution for providing access to sensitive company assets. To meet that
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationNOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print
DEDICATED TO THE HEALTH OF OUR COMMUNITY www.hcdpbc.org NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY Addendum No. 1 issued September 7, 2018 RFI responses are in red bold print How many public
More information