Building Successful Threat Intelligence Programs
|
|
- Gwenda Singleton
- 6 years ago
- Views:
Transcription
1 Threat Intelligence-Driven Security Building Successful Threat Intelligence Programs Allan Thomson, LookingGlass CTO June 2017
2 Intelligence-Driven Security Threat Intelligence evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to IT or information assets. It can be used to inform decisions regarding the subject s response to that menace or hazard. 1 1Market Guide for Security Threat Intelligence Services Gartner 14 October 2014 Informs Threat Mitigation the elimination or reduction of the frequency, magnitude, or severity of exposure to risks, or minimization of the potential impact of a threat or warning Reduces Risk the possibility that something bad or unpleasant (such as an injury or a loss) will happen. 3 3 Webster's Dictionary 2017 LookingGlass. All Rights Reserved. 2
3 The Threat Landscape * Courtesy - Google Keynote Presentation FIRST 2017 Technical (not people) People who are not good at computers People who are good at computers People who are good at computers, organized & experienced People who are good at computers, organized, experienced & kinetic Threat Sophistication Which threat level do you face? 2017 LookingGlass. All Rights Reserved. 3
4 Intelligence Lifecycle Assess changes to requirements Define Needs With Organization Discuss Impact, Manage Follow Up Actions Configure Collection Management System Draft and Deliver to Intelligence Product Organization Review and Fine Tune System Tasking Analyze Relevant Data Sort, Filter, Vet & Prioritize Data 2017 LookingGlass. All Rights Reserved. 4
5 Intelligence Efforts Focus Identify intelligence efforts that protect the following Indirectly Connected Priority #1: Self Third Party & Supply Chain Priority #2: Third Party & Supply Chain Priority #3: Indirectly Connected Self 2017 LookingGlass. All Rights Reserved. 5
6 The Need For Cyber Assessment Use Case An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak Verizon s Data Breach Fighter Gets Hit With, Well, a Data Breach Hackers Threaten to Release 30GB of Stolen Data From San Francisco s Municipal Railway LookingGlass. All Rights Reserved. 6
7 Threat Intelligence Program Framework - What you need - Who you need - How they re organized 7 Parts - How the program works What the program uses How its measured What & How it delivers 2017 LookingGlass. All Rights Reserved. 7
8 Intelligence Program Part LookingGlass. All Rights Reserved. 8
9 Intelligence Program Part 1 Continued Phishing Examples Phish Honeypots, spam , and links Customer Abuse Box Feed/Monitoring Org Web Logs Phone/SMS messages Domain Name Registrations and Go Live Alerts Phishing Sites Detection System Brand Protection Examples Logos and Visual Marks Impostor Social Media Accounts Copyrighted Image Search Claimed Relationships Takedown Services Examples Malware Imposters Confidential Files Phishing Phone LookingGlass. All Rights Reserved. 9
10 Cyber Assessment: Use Case Provide to security executives, assessment on either self or Third Party & Supply Chain systems and assets Build program to continuously assess and report Areas to consider Network Footprint System Compromises & Infections Account Compromises External Facing Vulnerabilities Domain & Spear-Phishing Risk Intelligence Indications & Warnings 2017 LookingGlass. All Rights Reserved. 10
11 Intelligence Program Part 2 Tip: Focused On Specific Deliverables Program - Planning - Architecture - Strategy Security Subject Matter Experts (SME) - Cyber Analysts - Social Analysts - Phishing Analysts - Malware / Forensic Specialists - Incident Response Specialists - Brand Protection Analysts - Rogue Applications - Third Party Risk Analysts - Physical Security Analysts - Language & Translation Specialists Network System SMEs - Network Security Operations - Network Integration Specialists Development SMEs - Software developers - Data processing - Data analytics - Data visualization 2017 LookingGlass. All Rights Reserved. 11
12 Cyber Assessment: Use Case required - Planning - Architect - Manager - Cyber Analyst - Social Analyst - Third Party Risk Analyst - Software developers covering Data processing Data analytics Data visualization 2017 LookingGlass. All Rights Reserved. 12
13 Intelligence Program Part 3 Tip: Consider Tiered Structure - Support 24x7 Operations Structure - Manager - Tier 1 Cyber Threat Analysts (junior) - Tier 2 Cyber Threat Analysts (senior) Typical Work Schedule - 12 hour shifts 4on/4off with relief support Tiered Structure Essential - Tier 1 Example: 24 full-time Cyber Analysts - Tier 2 Example: One full-time Senior Cyber Threat Analyst and Three full-time Cyber Threat Analysts Backup/Resiliency - Have permanent remote team members as geographic backup and resiliency support 2017 LookingGlass. All Rights Reserved. 13
14 Cyber Assessment: Use Case Structure - Manager - Cyber/Social/Third Party Analysts - Software Development Work schedule - On demand - 9-to LookingGlass. All Rights Reserved. 14
15 Intelligence Program Part 4 Tips: - Functional Area Specific - Keep It Current - Invest in Technology Improvements 2017 LookingGlass. All Rights Reserved. 15
16 Intelligence Program Part 4: High Level 24x7 Real-Time Intelligence ing Local Telemetry Tier 1: Rapid Alerting Tier 2: Contextual Alerting Local Org Data Ingest Feed Vetting/Noise Reduction Escalation Data Verification Third Party Data Data Tagging Adding Context 5Ws Review Criteria Relevancy Additional Tagging for Data Lake/Threat Landscape Industry Data Quality Feedback Additional Capture (e.g Screenshots) Relevancy Feedback Quality Review Global Actor Data Alert Hotline Global Cyber Data Average alert 1 to 3 min after collection Response 10 to 30 min after collection Organization Threat Response & SMTP SMS VOIP 2017 LookingGlass. All Rights Reserved. 16
17 Intelligence Program Part 4: Phishing Detection Specific Workflow System Start Assign Ownership Site Review Update Status Create Action Initiate Action Status Options Not Reviewed Under Review Call - Waiting for Response - Waiting for Response C&D - Waiting for Response No action needed Monitor Closed SOC Manager SOC Analyst Analyst Manager Action Needed Yes Determine Action Type Required Close Incident End Incident Target Issues Claimed Relationship Domain Name Violation Image Use Multi-Issue Objectionable Content Traffic Diversion Threat 2017 LookingGlass. All Rights Reserved. 17
18 Cyber Assessment: Gather - Domains & - User Accounts - Applications Assess - Network Footprint - System Compromises & Infections - Account Compromises - External Facing Vulnerabilities - Domain & Spear-Phishing Risk - Intelligence Indications & Warnings Use Case Report 2017 LookingGlass. All Rights Reserved. 18
19 Intelligence Program Part 5 Tips - Identify system based on functional requirements - Best-in-class focus to support process include - Threat Intelligence Platform - Response Management - Cyber Intel Workflow - Phishing Workflow - Social Media Intel Workflow - Help Desk INTEL - Time Management 2017 LookingGlass. All Rights Reserved. 19
20 Intelligence Program Part 5 Use Case Custom Web Application for Analysts - Enter profile data - Monitor and review status of automated pipeline - Connects set of collection systems Used - Vulnerability Scanner - Both Open Source and Commercial Network Footprinting - Domain Analysis - Dark and Surface Web Crawlers - Database and Spreadsheets - Threat Intelligence Platform (and aggregated MRTI) - Internet Intelligence 2017 LookingGlass. All Rights Reserved. 20
21 Intelligence Program Part 5 System Use Case x.x.x.xx x.x.x.xx x.x.x.xx x.x.xx.xxx Infection Records Compromises Network Intelligence Open Source Vulnerability Scan acme acme acme acme acme acme acme acme acme acme acme acme acme acme Acme Group acme acmegrp access.acme 2017 LookingGlass. All Rights Reserved. 21
22 Intelligence Program Part 6 Tips: - Who are reports for - Expected outcomes of reports Including - Daily/Weekly Metrics - Threshold Alerting - Event Notifications - Visual and Electronic Event Triggers - Workflow/Time analysis 2017 LookingGlass. All Rights Reserved. 22
23 Intelligence Program Part 6 Reports - Specific - Segmented - Actionable - Business Relevant Good Afternoon, Brand Abuse Detection Report This is the Brand Abuse Detection Report for the week of [Date]. Cyveillance has identified seven incidents that infringe on the [Brand Name] Brand. A list of these infringements consist of: One Domain Violation Two Impersonation Pages One Claimed Relationship Three Logo Violations The data we collected for the week is reflected in the charts below: Threat Types Imposter Social Media Accounts Company Name Incidents By Source A quick summary of how the page is impersonating your brand will go here. Company Name A quick summary of how the page is impersonating your brand will go here. Domain Name Registration Monitoring Newly registered domains of interest: cyveillance.ooo (whois) cyveillance.io (whois) cyveillance.finance (whois) The top TLD('s) registered using the [brand] name for this week are:.ooo.finance.io 2017 LookingGlass. All Rights Reserved. 23
24 Intelligence Program Part 6: Report/System & Account Compromises Analysis & Summary on - Total Records Analyzed Use Case - Recent Breaches Listing - Unique Users Covered - Malware Infections Found - High-Recurrence Users - Reputation Risks - Executive Credentials 2017 LookingGlass. All Rights Reserved. 24
25 Intelligence Program Part 6: Report/Vulnerabilities Use Case Listing sites analyzed Assessment of active vulnerabilities found Number of instances 2017 LookingGlass. All Rights Reserved. 25
26 Intelligence Program Part 6: Report/Domain & Spear-Phishing Risk Use Case Company owned domains High risk domains 2017 LookingGlass. All Rights Reserved. 26
27 Intelligence Program Part 6: Report/Intelligence & Warnings Use Case Aggregated view of threat intelligence reports Context and background to support analysis Analysis and prioritization Recommendations on critical intelligence to act on 2017 LookingGlass. All Rights Reserved. 27
28 Intelligence Program Part 6: Report/Exec Summary Use Case Provide to security professionals Insight into application vulnerabilities Information on potential leaks, theft of sensitive data Identify holes in internal security posture to ensure compliance Identify latest data breaches and compromised user accounts Reduce risk of high impact exploits such as ransomware, website defacements or malicious injection 2017 LookingGlass. All Rights Reserved. 28
29 Intelligence Program Part 7 Tip: Empower rapid response to incidents and maintain goodwill Internal and Groups - SecOps/NetOps - IT, Compliance, Third Party Risk Supply Chain - Infosec/SecOps Industry - Data Feeds (Open, Commercial) - Technology Learnings - Trusted Sharing Law Enforcement 2017 LookingGlass. All Rights Reserved. 29
30 Intelligence Program Part 7 Final report influences and updates connected teams Patched Vulnerability Mgmt s Use Case Policy & Password Changes IT Supply Chain Updates Policy and Enforcement Third Party Risk Security Rules Update NetOps & SecOps s 2017 LookingGlass. All Rights Reserved. 30
31 Define Recommendations Justify Threat Intelligence Program to reduce business risk Justify Define program across Focus intelligence Self Focus Third Party Indirect Protect Protect business leveraging threat intelligence 2017 LookingGlass. All Rights Reserved. 31
32 /company/lookingglass /+LookingGlassCyber
CloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationTHREAT INTELLIGENCE PLATFORM
THREAT INTELLIGENCE PLATFORM FROM LIMITLESS INFORMATION TO ACTIONABLE CYBER THREAT INTELLIGENCE CONTENT 2 - INTRODUCTION: LOST IN DIGITAL BABEL 3 - THREAT INTELLIGENCE PLATFORMS 4 - THE LOOKINGGLASS APPROACH
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationLAB2 R12: Optimize Your Supply Chain Cyber Security
LAB2 R12: Optimize Your Supply Chain Cyber Security Post Conference Summary Allan Thomson Jamison M. Day, Ph.D. Table of Contents INTRODUCTION... 3 SUPPLY CHAIN CYBER SECURITY TRENDS... 4 Outsourcing Increases
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationNoam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age
Noam Ikar R&DVP Complex Event Processing and Situational Awareness in the Digital Age We need to correlate events from inside and outside the organization by a smart layer Cyberint CEO, Dec 2017. Wikipedia
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationBuilding and Instrumenting the Next- Generation Security Operations Center. Sponsored by
Building and Instrumenting the Next- Generation Security Operations Center Sponsored by Webinar Logistics Optimize your experience today Enable pop-ups within your browser Turn on your system s sound to
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCybersecurity for Service Providers
Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018 There are two types of companies:
More information4/13/2018. Certified Analyst Program Infosheet
4/13/2018 Certified Analyst Program Infosheet Contents I. Executive Summary II. Training Framework III. Course Structure, Learning Outcomes, and Skills List IV. Sign-up and More Information Executive Summary
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationEXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.
EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT An Insight Cyber White Paper Copyright Insight Cyber 2018. All rights reserved. The Need for Expert Monitoring Digitization and external connectivity
More informationCERT Development EFFECTIVE RESPONSE
CERT Development EFFECTIVE RESPONSE CERT Development: EFFECTIVE RESPONSE 2 Effective Response Effective Response Well funded, organized attackers threaten your network IT attacks can result in: Loss of
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationPULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc
#RSAC SESSION ID: AIR-R04 PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 Emma Smith Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc Pulling
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationUse Cases. E-Commerce. Enterprise
Use Cases E-Commerce Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the e-commerce sector. Each use case describes an individual challenge faced by e-commerce
More informationDoxxing, Dissidents, And. Digital Extortion. Fortify Your Digital Risk Defenses. Nick Hayes, Senior Analyst
Doxxing, Dissidents, And Digital Extortion Fortify Your Digital Risk Defenses Nick Hayes, Senior Analyst A different type of threat Snippets From Mueller Indictment Of Russian Operatives 2018 Forrester
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationThe Digital Risk Dilemma
SESSION ID: STR-T07 The Digital Risk Dilemma How To Protect What You Don t Control Nick Hayes Vice President, Strategy IntSights @nickhayes10 Our attack surface keeps growing IT Our attack surface keeps
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationCYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting
CYBER THREAT INTEL: A STATE OF MIND Internal Audit, Risk, Business & Technology Consulting WHO ARE WE? Randy Armknecht, CISSP, EnCE Protiviti Director - IT Consulting randy.armknecht@protiviti.com Albin
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationRBS OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution of 5
RBS-2017-001 OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution 2018-03-22 1 of 5 Vendor / Product Information OpenEMR is a Free and Open Source electronic health records and medical
More informationWhat makes a good KRI? Using FAIR to discover meaningful metrics
SESSION ID: GRC-R02 What makes a good KRI? Using FAIR to discover meaningful metrics Steve Reznik Director, Operational Risk Management ADP Metrics Love them! or hate them? Without data, you are just another
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationBETTER Mobile Threat Defense (BMTD)
BETTER Mobile Threat Defense (BMTD) Powered by BETTER Mobile Security, Inc. Enterprise Challenges Today s enterprise IT managers are looking for better and more efficient ways to empower workforces utilizing
More informationMachine Learning and Advanced Analytics to Address Today s Security Challenges
Machine Learning and Advanced Analytics to Address Today s Security Challenges Depending on your outlook, this is either an exciting time or a terrible time to be part of an enterprise cybersecurity team.
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationChallenges and. Opportunities. MSPs are Facing in Security
Challenges and Opportunities MSPs are Facing in 2017 Security MSPs work in an environment that is constantly changing for both the needs of customers and the technology in which they provide. Fanning the
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationAn All-Source Approach to Threat Intelligence Using Recorded Future
nn Enterprise Strategy Group Getting to the bigger truth. Solution Showcase An All-Source Approach to Threat Intelligence Using Recorded Future Date: March 2018 Author: Jon Oltsik, Senior Principal Analyst
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationCyberEdge. End-to-End Cyber Risk Management Solutions
CyberEdge End-to-End Cyber Risk Management Solutions In a rapidly changing landscape, CyberEdge provides clients with an end-to-end risk management solution to stay ahead of the curve of cyber risk. CyberEdge
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationBuilding an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO
Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment
More informationDo You Know Your Organization's Top 10 Security Risks?
SESSION ID: GRC-F01 Do You Know Your Organization's Top 10 Security Risks? Min-Hwei Liu Director, Information Security, Aetna 14,300 Network alerts # of Applications # of Servers Monitored What does the
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More information8 Must Have. Features for Risk-Based Vulnerability Management and More
8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in
More informationBOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016
BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016 Overview Current Threats Where we fail Cyber Security Lifecycle Key Areas to Continuously Monitor Security Metrics Where to prioritize Security
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationC T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified
EC-Council C T Certified I A Threat Intelligence Analyst CERTIFIED THREAT INTELLIGENCE ANALYST PROGRAM BROCHURE 1 Predictive Capabilities for Proactive Defense! Cyber threat incidents have taken a drastic
More information