EFFECTIVE INCIDENT RESPONSE
|
|
- Arthur Beasley
- 6 years ago
- Views:
Transcription
1 ONLINE REPORT SPONSORED BY: Special Report: Incident Response EFFECTIVE INCIDENT RESPONSE INSIDE P2 PREPARATION IS ESSENTIAL P3 CHOOSE THE SERVICE APPROACH TO INCIDENT RESPONSE P4 ADOPT A MULTI- PRONGED APPROACH TO PREVENT CYBERATTACKS P5 RAPID RESPONSE P6 FIGHTING CYBERCRIME REQUIRES MORE THAN JUST TOOLS
2 PREPARATION IS ESSENTIAL When crafting an incident response plan, preparation is a critical component. Effectively mitigating cyberthreats and developing an appropriate response plan requires much more than simply putting the right technology in place. Without fully understanding the business environment and designing and testing a solid incident response plan, agencies are much more likely to experience far-reaching and damaging breaches. Unfortunately, this problem isn t uncommon. According to a report from the SANS Institute, the primary impediments to effective incident response include a shortage of staffing and skills, lack of procedural reviews and practice, inadequate visibility into events happening across different systems or domains, and lack of comprehensive automated tools. To be effective with incident response, you need to think of it as a program, not just a set of tools, says Tony Cole, Vice President and Global Government CTO at FireEye, a leading provider of real-time, dynamic threat protection. That means knowing what are the crown jewels of the agency, understanding the agency s risk tolerance, and developing and testing a comprehensive plan for incident response. Agencies that do have an incident response plan in place have often had their security teams develop the plan without adequate input from business stakeholders. Without that input, the plan may not fully address the issues, applications and data that are important to the agency s goals and leadership. Processes, Priorities and Tools Traditionally, much of an organization s security budget has been spent on tools to detect cyberbreaches, with considerably less emphasis on incident response. That s a mistake, says Cole. Without adequate incident response, agencies are at risk for the same or worse cyberevents occurring in the future. A major part of any incident response plan must involve processes and priorities. The plan must also specify technology that can not only detect breaches, but also resolve them and prevent them from reoccurring. Many agencies are already using too many different tools. According to research from Hewlett Packard Enterprise, the average organization is using 63 different technology products. Developing an effective incident response strategy requires pinpointing requirements and winnowing the list of tools down to those that can provide the intelligence and analytics required to combat today s cyberthreats. A report from FireEye finds that many organizations still use signature-based tools, which can t keep up with the speed at which attacks are evolving. Many tools provide alerts, but don t allow security personnel to revisit incidents to see what occurred. For incident response, it s best to choose tools that can generate alerts and provide the context necessary to fully resolve problems. FireEye s network forensics, host forensics and log forensic tools, for example, not only generate alerts, but help security personnel go back to examine the entire series of events that led up to the breach. These tools also recommend actions to not only remediate the issues, but prevent them from occurring again. As adversaries continue to create more sophisticated methods for compromising networks and agencies continue to push the boundaries of security with innovative technologies around mobility, the cloud and the Internet of Things (IoT), a solid incident response strategy will become even more important. The best way for agencies to prepare for the inevitable is to have a solid, living, changeable incident response plan along with technologies capable of adapting to the changing threat landscape. 2
3 CHOOSE THE SERVICE APPROACH TO INCIDENT RESPONSE Outsourced services can help fill the gaps in an agency s response plan. To stay ahead of the cybersecurity curve, agencies must have a comprehensive, tested incident response plan in place. And the right tools and capabilities must be in place to support that plan. That s the only way to detect and prevent advanced external threats, insider threats and state-sponsored attacks. While some agencies have the breadth of knowledge and enough skilled staff to manage incident response on their own, many do not. That s not surprising. According to research from Hewlett Packard Enterprise, up to 60 percent of organizations don t have enough skilled security staff onsite to manage their cybersecurity needs. Yet having the right expertise is critical. The fact is that you will get breached, and the entire resiliency of your organization depends on how you handle the response and recovery, says Earl Matthews, Vice President for Enterprise Security Solutions for the U.S. Public Sector at HP Enterprise Services. To ensure that type of resiliency, many organizations opt to use a service that can fill in the gaps where they lack the expertise or capability. In the case of an incident response service, critical capabilities include: Preparation: Agencies need help identifying security controls that will have the most significant impact on their security vulnerabilities, along with tools required to make network design and investigation as easy as possible. Detection and Analysis: Agencies also need tools and mechanisms to detect threats, prioritize and categorize leads, fully scope targeted attacks and proactively hunt for signs of compromise. Ideally, this will include 24x7 monitoring. It s all about following the evidence, says Matthews. It s important to understand how the attacker penetrated the environment and the true extent of what the attacker accessed or stole, he says. The thoroughness of the investigation directly affects the success of the remediation. Remediation: Any incident response plan must include steps to investigate, analyze and determine the most appropriate response, and then communicate and execute that plan. Thorough remediation involves three steps: containing the attack, eradicating the attacker from the environment and preventing the attacker from re-entering. It also essential to implement long-term strategic changes to the environment based on what was learned through examining the attack. The Global Incident Response Service from HP Enterprise and Mandiant can provide all of these services. HPE has long-term experience in providing managed security services to governments and major corporations, while Mandiant s expertise lies in managing advanced persistent threats and incident response using FireEye technology. The deep expertise of the two organizations can help the service team tie cyberincidents with data on previous campaigns they track on a continuous basis. This provides an extremely deep level of analysis and information that might otherwise have been missed. By combining forces, Global Incident Response can provide agencies with proactive investigation, assessment and resolution of the full range of cybersecurity events. It includes 24x7 operational management and administration. That includes not only security devices, but alert monitoring, threat investigation analysis, and remediation, mitigation and recommendations. The services also include a comprehensive threat compromise report for each incident. This will help agency security personnel react immediately by quarantining infected hosts, preventing future occurrences, significantly reducing and eliminating consequences of the breach. 3
4 ADOPT A MULTI-PRONGED APPROACH TO PREVENT CYBERATTACKS As the threat landscape continues to evolve, preventing attacks requires an increasingly multifaceted approach. Whether the work of sophisticated hackers or agency employees clicking on seemingly innocent links, the number of cybersecurity incidents continues to rise throughout the federal government. According to a study by the Government Accountability Office (GAO), the number of information security incidents reported by federal agencies rose from just 5,503 in FY 2006 to 67,168 in FY 2014 a 1,121 percent increase. The result of this rising threat level is far-reaching. It ranges from exposure of sensitive information and corruption of critical systems to devastation of national security not to mention significant expense. There are many reasons why cybersecurity incidents continue to rise despite agencies efforts to detect and resolve incidents. One major factor is the increasing creativity of hackers. As soon as one type of threat is detected and remediated, a newer, more sophisticated type of attack takes its place. And despite deploying more powerful and sophisticated technology to fight these cyberattacks, most agencies still have some manual processes. Also, not all information security technology and processes in place are fully integrated. Detect and Respond Improving cybersecurity requires attacking the problem on two fronts detection and response. While there has been improvement in both areas throughout the government, such as greater use of two-factor authentication and continuous monitoring, there is plenty of room for additional improvement. According to the GAO report, most federal agencies do not fully document their incident response activities. While most agencies document them to some extent, such as identifying the scope of the incident, they often didn t document the impact of the incident or actions taken to prevent the incident from recurring. A comprehensive incident response strategy requires having the most effective possible security toolset. That means employing not only tools like log analysis, SIEM, intrusion detection, network analyzers, vulnerability scanners and Web proxies, but also incorporating functions like analytics and visualization, intelligent packet capture and retrieval. By using an integrated set of tools and functions, agencies will be able to better understand how long the organization has been under attack, how the attacker entered the network, and the extent of the damage. While those types of tools are critical to effective incident response, they won t do the job without an integrated, big picture approach that applies to personnel as well as technology. On the technology side, automating as much of the process as possible and ensuring all tools are fully integrated and visible to each other is crucial. Whether cybersecurity personnel are internal or part of an outsourced service, they must be highly experienced and trained. By taking all these steps, a federally funded research and development center was able to thwart increasingly sophisticated cyberattacks. It s using technology that detects and stops advanced attacks on endpoints by dynamically analyzing traffic, blocking communication and quarantining malicious files. It can also contain systems and remediate them remotely. As a result, the organization has been able to better protect its systems and data. 4
5 RAPID RESPONSE Despite making progress, states and municipalities need better incident response capabilities. It should come as no surprise that cybersecurity is the top priority of state CIOs around the country, and has been for the past several years. The National Association of State Chief Information Officers (NASCIO) recently reported this finding, which underscores the continued concern state and local governments have about the increase in cyberattacks. That includes everything from malicious code and zeroday attacks to spear phishing, hactivism and distributed Denial of Service attacks. These threats can and do affect the privacy and security of confidential data, as well as business continuity of government agencies. And the threats continue to spiral out of control. According to an October, 2015 report from Ponemon Institute, state and local government agencies experience data breaches approximately every twelve weeks. The threats are growing more sophisticated as well. Hackers no longer rely solely on tried-and-true methods like packet sniffing and password code cracking. They ve added more complex threat signatures, such as cross-site scripting, distributed attacks, staging and advanced scanning. The Ponemon Institute report found that on average, federal agencies are better prepared to handle cyberthreats than state and local governments. More federal agencies have incorporated modern technology and processes like behavioral analytics, next-generation firewalls, big data solutions and intelligence sharing. Some states, however, have made significant progress. They re an important model for other state and local governments. California is one of the most mature with a cybersecurity task force, the California Cybersecurity Integration Center, and the Cyber Incident Response Team. California also has a well-developed, comprehensive incident response plan. Maryland has also been fairly successful, establishing a plan to develop rapid response strategies to protect the state from cybercrime. Other states with impressive plans include Idaho, Michigan, Rhode Island, Virginia and Texas. Still More to Do Despite pockets of progress, state and local governments still have a long way to go. In the area of incidence response, for example, only 38 percent of state and local government organizations are confident they could contain a cyberattack. That s in contrast to 52 percent of federal agencies, according to the Ponemon Institute study. Effective incident response requires greater visibility and faster response than most state and local governments can currently manage. It also requires integrated state-of-the-art tools and capabilities. Yet according to a 2014 Center for Digital Government survey, only 63 percent currently employ intrusion detection systems, 68 percent have automated malware protection systems, and only 49 percent have nextgeneration firewalls. Integration is also critical to achieving visibility and faster response. It requires incorporating functions like analytics and visualization, along with intelligent packet capture and retrieval. Using an integrated set of tools and functions, agencies can better understand how long the organization has been under attack, how the attacker entered the network, and the extent of the damage. Using this strategy, Maricopa County in Arizona helped secure the data for its nearly 60 departments, while maintaining compliance with a host of federal and industry regulations. Using a combination of FireEye s Threat Prevention (EX Series) platform, Network Threat Prevention, Host Prevention and Central Management platforms, the county was able to more effectively identify, manage and respond to threats in real-time in a fully automated fashion. This integrated technology suite helps the county s cybersecurity team observe behaviors and categorize trends and malware components. When the system spots an anomaly, it allows for quick analysis and remediation. 5
6 FIGHTING CYBERCRIME REQUIRES MORE THAN JUST TOOLS It s not just about the technology, but also assembling the right team. Government agencies are moving in the right direction by automating manual processes and employing more modern tools like next-generation firewalls, intrusion detection systems and behavioral analytics but that s not enough. While these steps are critical, they re just part of the solution. Without sufficiently experienced and well-trained staff, agencies are likely to miss warning signs of impending attacks. When attacks are identified, they may fail to effectively respond. While having trained, experience security personnel might seem obvious, there s much more to it than that. In some cases, there simply aren t enough trained security professionals for agencies to hire. According to an August, 2015 report from the SANS Institute, 66 percent of organizations, which included many government to spot anomalies and use the tools provided to detect and remediate incidents. The first step is ensuring there is enough staff dedicated to incident response in the first place. That s not always the case. A report from FireEye found 55 percent of organizations don t have a formal incident response team. An effective incident response team should include team members with formal training in incident detection, malware analysis, threat intelligence, forensics and breach management. Security staff that is directly responsible for incident response should definitely be trained on how to quickly identify and respond to likely attacks. The training should be more than a one hour lesson or online tutorial. It should include hands-on exercises and periodic refreshers. Even with appropriate training, the Security staff that is directly responsible for incident response should definitely be trained on how to quickly identify and respond to likely attacks. agencies, said the reason they didn t have an effective incident response process was because of a skills shortage. In many cases, the solution is to provide the appropriate training to existing personnel not only training those tasked with monitoring cyberincidents, but also training other employees on security awareness. However, a survey from Enterprise Management Associates found 56 percent of employees generally receive no security awareness training. Failing to educate users on how to spot suspicious activity means more are likely to fall for spear phishing or social engineering attacks. Training is Critical Besides user awareness training, it s critical to ensure agencies have enough technology staff trained in how overall shortage of skilled cybersecurity professionals, combined with tight budgets, leads many agencies to either outsource the entire incident response process or proceed with a combination of in-house and outsourced professionals. Including skilled outside experts is good for more than meeting budgets and checking boxes. As that is the outsourcer s area of expertise, external personnel are more likely to be up to date on the latest security threats and remediation techniques. Experienced incident response service providers have deep expertise developed over time, maintain profiles of key attack groups, and use tools that help automate investigative tasks and enable experts to quickly evaluate network traffic and host-based artifacts. 6
7 This is Bill. He infiltrates networks every day and proactively detects lurking threats with Advanced Compromise Assessment from Hewlett Packard Enterprise and Mandiant. For better security, think like a bad guy. hpeenterpriseforward.com/fightback Copyright 2016 Hewlett Packard Enterprise Development LP.
CYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationSECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?
SECURITY OPERATIONS CENTER BUY vs. BUILD BUY Which Solution is Right for You? How Will You Protect Against Today s Cyber Threats? As cyber-attacks become more frequent and more devastating, many organizations
More informationThe Modern SOC and NOC
The Modern SOC and NOC Network Operations Centers in Turkey December 2017 IT Services are Shifting Away From Asset to Business Process Support Preventive notifications Reactive break-fix Predictive analytics
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationPower of the Threat Detection Trinity
White Paper Security Power of the Threat Detection Trinity How to Best Combine Real-time Correlation, Insider Threat Analysis and Hunting to protect against cyber threats. Combine real-time correlation,
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationTripwire State of Cyber Hygiene Report
RESEARCH Tripwire State of Cyber Hygiene Report August 2018 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS When a high-profile cyberattack grabs the headlines, your first instinct may be
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationSECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE
SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationCyber Security in Timothy Brown Dell Fellow and CTO Dell Security
Cyber Security in 2016 Timothy Brown Dell Fellow and CTO Dell Security 2016 The middle of a perfect storm Technology Driving Innovation Advanced Adversaries Limited Resources Dell Secureworks Underground
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationTHREAT HUNTING REPORT
2018 THREAT HUNTING REPORT INTRODUCTION Organizations are experiencing new and evolving cyberthreats that are increasing in both sophistication and frequency, often overwhelming Security Operation Center
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationTHREAT HUNTING REPORT
2018 THREAT HUNTING REPORT TABLE OF CONTENTS INTRODUCTION KEY SURVEY FINDINGS THREAT HUNTING METHODOLOGY & DEMOGRAPHICS SPONSORS OVERVIEW CONTACT US 3 4 5 30 31 33 THREAT HUNTING 2018 REPORT INTRODUCTION
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationThe New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments
The New Normal Unique Challenges When Monitoring Hybrid Cloud Environments The Evolving Cybersecurity Landscape Every day, the cybersecurity landscape is expanding around us. Each new device connected
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationTHE CLOUD SECURITY CHALLENGE:
THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationPREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation
PREPARE & PREVENT The SD Comprehensive Cybersecurity Portfolio for Business Aviation SD CYBERSECURITY SERVICES At SD, security isn t a slogan, it is our culture. Just because you are in a business jet
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More informationWHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD
WHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD CONTENTS EXECUTIVE SUMMARY 1 MULTI-CLOUD CHANGES THE SECURITY EQUATION 2 SECTION 1: CLOUD SILOS IMPAIR VISIBILITY AND RESPONSE 3
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationRSA ADVANCED SOC SERVICES
RSA ADVANCED SOC SERVICES Consulting services to improve threat detection and response EXECUTIVE SUMMARY A holistic approach to enhanced cybersecurity operations This service is for organizations needing
More informationTHE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015
THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT 2 EXECUTIVE SUMMARY The growth of enterprise-developed applications has made it easier for businesses to use technology to work more efficiently and productively.
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationSecurity Incident Management in Microsoft Dynamics 365
Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More informationMedia Kit. California Cybersecurity Institute
Media Kit Fact Sheet Cybercrime A Growing Threat Cybercriminals are invisible enemies who jeopardize our nation s security in increasingly sophisticated and pervasive ways. According to the Government
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationStaffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today
Security Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Staff Augmentation, Executive Staffing, Flex Staffing Achieving our main goal
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationA quick-reference guide to secure your organization s data and reduce cybersecurity attacks
Cybersecurity & Network Security: Best Practices to Protect Your Data A quick-reference guide to secure your organization s data and reduce cybersecurity attacks 1 More and more cybersecurity breaches
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More information2018 Edition. Security and Compliance for Office 365
2018 Edition Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world,
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSecurity and Compliance for Office 365
Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world, you may be
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More information