Modern Cyber Defense with Automated Real-Time Response: A Standards Update
|
|
- Terence Wright
- 5 years ago
- Views:
Transcription
1 SESSION ID: AIR-F01 Modern Cyber Defense with Automated Real-Time Response: A Standards Update Bret Jordan Director of Security Architecture Joe Brule Executive Director OpenC2 Forum
2 Today we will answer What is wrong with cyber defense today? What is STIX? What is OpenC2? What is TAXII? How will these standards improve cyber defense? 2
3 Traditional Cyber Defense 3
4 Everyone is getting hacked No vertical, sector, or industry is immune Does not matter the size of the organization Who will make the front page this year? Some quick highlights from last year 4
5 Defense Industrial Base Hackers carry out $55m cyber heist from Boeing aerospace parts manufacturer The U.S. weapons systems that experts say were hacked by the Chinese Chinese cyberspies are believed to have compromised the designs for more than two dozen major weapons systems 5
6 Technology 6
7 What s wrong with Cyber Defense? Defenses are statically configured and operate in isolation Changes take time to implement Human discovery Business approval Cross-team coordination Manual deployment which can take forever to get all devices and systems in the network Architectures that are not working 7
8 What s wrong with Cyber Defense? (cont.) Cyber Attacks Sophisticated Adaptive and Automated Occur in Seconds Ever increasing attack surface Cyber Response Slow Manual 8
9 Lucrative business Defenders Cost to US Industry ~ $336 Billion/ year (2012 NSA estimate) Targeted Companies include General Motors, Lockheed Martin, Boeing, Valspar Malware as a Service (MAAS) Cost for a DDoS ~ $38/hr Cost for 10,000 hosts (World mix) ~ $200 We really ought to do something about it 9
10 Traditional cyber security architecture NIST Cyber Security Framework Identify Protect Detect Respond Recover Asset Management Access Control Anomalies and Events Response Planning Recovery Planning Business Environment Awareness and Training Security Continuous Monitoring Communications Improvements Governance Data Security Detection Processes Analysis Communications Risk Assessment Info Protection Processes and Procedures Mitigation Risk Management Strategy Maintenance Improvements Protective Technology 10
11 Another View 11
12 With more detail 12
13 Actual implementations 13
14 Turning the tide on a losing battle We can not win the war this way Not a question of if you will be breached, but when? We need to work together and respond more quickly Need to speak the same language and protocols Need to share what we know about attacks in cyber-relevant time 14
15 Cyber Threat Intelligence (CTI)
16 STIX at a glance It is a language for Cyber Threat Intelligence It has been around for almost 5 years It provides a structured way to document CTI It enables improved understanding and cyber defense through context Lets look at some specific problems STIX can solve 16
17 The problems STIX solves today 1/3 Who is responsible for the attack? Threat Actors Intrusion Sets Campaigns Identity 17
18 The problems STIX solves today 2/3 How are they doing it, what is their modus operandi and TTPs? Attack Pattern Malware Tools Vulnerability 18
19 The problems STIX solves today 3/3 How do you detect it and stop it? Indicator Observed Data Sighting Course of Action (manual) 19
20 Status of STIX 2.0 STIX 2.0 was finished last month STIX now supports a Patterning Grammar for Indicators with conditional and temporal logic support CybOX is no longer a standalone specification It was folded in to STIX 2.0 as Parts 3 and 4 of the multipart document It is now called Cyber Observables It can still be used by other standards without inheriting all of STIX 20
21 How is STIX 2.0 different? Reduced a lot complexity Simplified and flattened the design Focused on making it easier to use and consume Moved the serialization to JSON This makes integration with existing Web2.0 applications easier This also means no more XML namespaces or XSI-Type pain to deal with 21
22 How is STIX 2.0 different? cont. Graph based model External relationship structure This allows 3 rd parties to assert relationships about content they do not own You could NOT do this in STIX Lets look at one of the new STIX Domain Objects and see how it relates to other objects in the model 22
23 Relationships! 23
24 Relationships! You can now do things like 24
25 Patterning You can now build both simple indicator patterns and very complex indicator patterns Here are 3 examples 25
26 Patterning Matching a File with a SHA-256 hash [file:hashes."sha-256" = 'aec070645fe53ee3b f058cc337247c978add178b6ccdfb0019f ] Matching a File with an MD5 hash, followed by (temporally) a Registry Key Object that matches a value, within 5 minutes [file:hashes.md5 = ' fb1a26e4bc422aef54eb4'] FOLLOWEDBY [win-registry-key:key = 'HKEY_LOCAL_MACHINE\\foo\\bar'] WITHIN 300 SECONDS 26
27 Patterning Matching three different, but specific Unix User Accounts [user-account:account_type = 'unix' AND user-account:user_id = '1007' AND user-account:account_login = 'Peter'] AND [user-account:account_type = 'unix' AND user-account:user_id = '1008' AND user-account:account_login = 'Paul'] AND [user-account:account_type = 'unix' AND user-account:user_id = '1009' AND user-account:account_login = 'Mary'] 27
28 What does it look like? (STIX 2.0 Indicator) { "type": "indicator", "id": "indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created_by_ref": "identity--f431f b-45e0-aa1c-6a4751cae5ff", "created": " T20:03:48.000Z", "modified": " T20:03:48.000Z", "labels": ["malicious-activity"], "name": "Poison Ivy Malware", "description": "This file is part of Poison Ivy", "pattern": "[ file.hashes.md5 = '3773a88f65a5e780c8dff9cdc3a056f3' ]", "valid_from": " T00:00:00Z" }, 28
29 What about future 2.x versions Future releases of STIX will be additive STIX 2.1 should be done by end of 2017 STIX 2.1 will contain some added functionality and a few new STIX Domain Objects Lets look at some of the possibilities 29
30 Potential STIX 2.1 additions Opinion / Intel Notes Updates to Malware / Infrastructure Updates to Course of Action / Playbooks Confidence Location Incident / Event Internationalization IEP Data Marking 30
31 Automated Courses of Action
32 OpenC2 at a glance Enables coordinated defense in cyber relevant time Simplicity Low overhead on sensor and actuator Focuses on Acting portion of cyber-defense External Dependencies Analytics; Why you are acting Decision; Which action Sensing; What triggers the action OpenC2 is agnostic of transport and information assurance mechanisms 32
33 OpenC2 Terminology Actuator: The device or sensor that executes a native OpenC2 command Orchestrator: Is a mission manager that will issue the OpenC2 commands to the appropriate actuators, and in the synchronous case, ensure the commands are executed in the correct order Profile: A minimum to implement set of OpenC2 commands that a class of actuators support OpenC2 Proxy: Provide a mapping of OpenC2 commands to and from devices that do not natively support OpenC2. 33
34 OpenC2 Syntax The Lexicon Decouples the aspects of the commands ACTION: What is to be done TARGET: What you are doing it to ACTUATOR: Who is executing the command Benefits of decoupling Facilitates integration of new technologies Supports high level effects based AND device specific use case Extensions permit additional precision to the commands MODIFIER: Additional details for the Verb SPECIFIER: Additional details for the Nouns 34
35 Example of what OpenC2 can do Abstract Use Case Mitigate Evil Domain Local Orchestrator Deny Evil Domain Scan Evil.pdf Contain Evil Firewall executes command Implement on OpenC2 Message Fabric Orchestration OpenC2 Message Fabric OpenC2 Proxy Hardware API 35
36 Possible Implementation Orchestrators and Actuators converge on the OpenC2 message fabric OpenC2 Proxy maps to hardware API Converging on Message Fabric Facilitates implementation OpenC2 Message Fabric OpenC2 Proxy Hardware API 36
37 Change out the Actuators Allows Corporate wide sharing of cyber defense tactics Minimizes impact when changing components OpenC2 Message Fabric OpenC2 Proxy Hardware API 37
38 Abstracts the cyber-defense function Deny Command is executed REGARDLESS of product Simplifies integration of new technologies that achieve similar actions Unified tactical approach independent of equipment set SDN Controller Whitebox Switch 38 OpenC2 Publisher OpenC2 Subscriber OpenC2 Proxy Device Manager API Hardware API
39 Level of Abstraction Extensible to permit different levels of abstraction High level commands are suitable for inter-domain coordination Additional precision needed for intra-domain commands to the actual devices 39
40 OpenC2 Syntax 40
41 TAXII, Share all the things!
42 TAXII at a glance TAXII is an application protocol for transmitting and sharing CTI It has been around for almost 5 years Enables the good citizen philosophy of see something, say something Offers the possibility of plug-n-play interoperability between security tools and sensors Enables two fundamental ways of communicating threat intelligence Lets look at these 42
43 Data Collections via Request / Response 43
44 Channels via Publish / Subscribe 44
45 TAXII 2.0 Architecture Discovery Collections Objects API Root Channels Messages Status 45
46 Status of TAXII 2.0 TAXII 2.0 is nearing completion It supports a pure HTTPS RESTful design It enables network level discovery from DNS SRV records It support API discovery It supports running multiple trust groups on a single instance of TAXII 46
47 Improving your Cyber Defense
48 STIX + TAXII + OpenC2 We believe that everyone gets the general idea Fundamentally, we need an ecosystem where actionable CTI with automated Courses of Action are shared and acted upon in a standardized manner across verticals and public / private sectors in near real-time to address the ever increasing cyber threat landscape What are the benefits? 48
49 Why should you adopt these standards? Gain proactive defense Reduce your long-term risk Enable herd immunity Improve your operational understanding of the threats Enable automated real-time remediation / mitigation Bottom line Lower cyber insurance premiums Lower integration costs Gain greater situational awareness value 49
50 Working as one! Last year I showed you my vision of what could be Now let me show you how this can be solved with using STIX, TAXII, and OpenC2 50
51 End to end workflow SIEM 51
52 Step 1 52
53 Step 2 53
54 Step 3 TAXII Server SIEM 54
55 Step 4 TAXII Server 55
56 Step 5 TAXII Server 56
57 Step 6 TAXII Server Talk to product s API OpenC2 DENY Command OpenC2 Proxy (convert to product s native API commands) OpenC2 SCAN, UPDATE (to prevent future issues), DELETE Command 57 OpenC2 Orchestrator
58 Step 7 TAXII Server OpenC2 INVESTIGATE, MITIGATE, REMEDIATE Command TAXII Server 58
59 Conclusions
60 How do we fix cyber defense Get more context about who and what is attacking our networks We need inter and intra domain coordinated automated responses in cyber-relevant time We need to decouple the functional blocks We need standardized interfaces 60
61 Why standards? Standards enable interoperability STIX and TAXII are sub-committees of the OASIS CTI TC OpenC2 is in the process of entering OASIS These standards are gaining broad adoption Significant international vendor support for STIX, OpenC2, and TAXII The OASIS CTI Technical Committee is made up of 249 members from 85 different organizations. The OpenC2 Forum is made up of 34 member organizations with approximately 120 participants. 61
62 Conclusions Threat sharing and orchestration are moving to a better place Actionable threat intelligence is REAL Automated Courses of Action are REAL Combining STIX, TAXII, and OpenC2 fills in the missing pieces in cyber defense 62
63 What should you do now? Next week you should Start learning the basics of STIX and OpenC2 and get involved Start identifying areas of your network / enclave that can benefit from OpenC2 Plan for a CTI sharing program that includes automated Courses of Action Identify key stakeholders in your organization that can help you get this going Developers, start thinking about reference implementations 63
64 What should you do now? In the first three months following this presentation you should Start looking at TIP and orchestration vendors that support OpenC2 and TAXII and learn how they can automated your cyber defenses. Work with Legal/C-suite to gain approval to cooperate and share CTI Identify integration gaps and start hammering on your vendors Don t underestimate the value of when we make our next purchasing decision for $category; we are really looking for $feature Vendors, identify ways to incorporate STIX and OpenC2 64
65 What should you do now? Within six months you should Integrate threat intelligence and automated COAs in to your security playbook Start training your SOC team on CTI and automated Courses of Action Require STIX 2.0 / TAXII 2.0 / OpenC2 compliance on all RFIs and RFPs Think outside the box Be willing to share and trade Courses of Action or Indicators for extra context 65
66 SESSION ID: AIR-F01 Modern Cyber Defense with Automated Real-Time Response: A Standards Update Bret Jordan Director of Security Architecture Joe Brule Executive Director OpenC2 Forum
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity
How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationPatterning in STIX 2.0 John-Mark Gurney Principal Security Architect New Context. Minneapolis, MN April 13, 2017
Patterning in STIX 2.0 John-Mark Gurney Principal Security Architect New Context ICS A Joint Lean Working Security Group Firm Spring 2017 Minneapolis, MN April 13, 2017 WHAT IS STIX? Machine readable Cyber
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCybersecurity in Government
Cybersecurity in Government Executive Development Course: Digital Government Ng Lup Houh, Principal Cybersecurity Specialist Cybersecurity Group 03 April 2018 Agenda Cyber Threats & Vulnerabilities Cyber
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCyber Threat Intelligence Sharing Standards
SESSION ID: PST-W08 Cyber Threat Intelligence Sharing Standards Jerome Athias Cybersecurity Specialist Saudi Aramco @JA25000 Agenda Cyber Threat Intelligence (CTI) CTI Sharing Standards Summary & Apply
More informationPULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc
#RSAC SESSION ID: AIR-R04 PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 Emma Smith Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc Pulling
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationOpen Command and Control (OpenC2) Language Specification. Version 0.0.2
Open Command and Control (OpenC2) Language Specification Version 0.0.2 OpenC2 Language Specification Working Draft 0.0.2 09 Oct 2017 Technical Committee: OASIS OpenC2 Technical Committee Chair: Editors:
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationAchieving a Secure and Resilient Cyber Ecosystem: A Way Ahead
Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead January 2016 Continuing to strengthen the security and resilience of our nation s critical infrastructure in partnership with you Our Responsibilities
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationSecurity Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response
Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,
More informationProposed Capability-Based Reference Architecture for Real-Time Network Defense
Proposed Capability-Based Reference Architecture for Real-Time Network Defense 16 November 2015 DISTRIBUTION STATEMENT A - APPROVAL FOR PUBLIC RELEASE: DISTRIBUTION IS UNLIMITED Based on work funded by
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationCurrent Research and Standards for Security Automation An overview of US Government efforts to support and promote security automation
Automation An overview of US Government efforts to support and promote security automation Charles Schmidt About Me Current Research and Standards for Security Charles Schmidt 18 years at MITRE supporting
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCyber Threat Intelligence: Technical Committee (CTI TC)
www.oasis-open.org Cyber Threat Intelligence: Technical Committee (CTI TC) Monthly Meetings July 20, 2017 Session #1 & Session #2 & www.oasis-open.org Agenda Richard Struse Chairman, CTI TC Welcome & Meeting
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationCTI-TC Weekly Working Sessions
CTI-TC Weekly Working Sessions Meeting Date: October 18, 2016 Time: 15:00:00 UTC Purpose: Weekly CTI-TC Joint Working Session Attendees: Agenda: Jordan - Moderator Darley Christian Hunt Rich Piazza TAXII
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationTRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS
SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual,
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationThe Resilient Incident Response Platform
The Resilient Incident Response Platform Accelerate Your Response with the Industry s Most Advanced, Battle-Tested Platform for Incident Response Orchestration The Resilient Incident Response Platform
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationSharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data
Sharing What Matters Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data Dan Gunter, Principal Threat Analyst Marc Seitz, Threat Analyst Dragos, Inc. August 2018 Today s Talk at
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationCyberattack Analysis and Information Sharing in the U.S.
Cyberattack Analysis and Information Sharing in the U.S. Promoting the sharing and utilization of the Analyzed Information Sean Barnum February 2013 Sponsored by the US Department of Homeland Security
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationCYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE
CYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE Richard Kerkdijk December 7th 2017 A WORD ABOUT TNO Dutch innovation and advisory body, founded by law in 1932 and currently comprising some 2800
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationApplication Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9
Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9 About Me Chief Security Officer @ Bit9 Former Director of Technical Operations and Information Security @ Center for
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationIntroducing Cyber Observer
"Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationSandboxing and the SOC
Sandboxing and the SOC Place McAfee Advanced Threat Defense at the center of your investigation workflow As you strive to further enable your security operations center (SOC), you want your analysts and
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationCyber Threat Intelligence Debbie Janeczek May 24, 2017
Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationFROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM
SESSION ID: TECH-F02 FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM Mike Ostrowski VP Proficio @proficioinc EXPERIENCE FROM THE CHASM Managed Detection and Response Service Provider Three Global Security
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationWhy we need Intelligent Security? Juha Launonen Sourcefire, Inc.
Why we need Intelligent Security? Juha Launonen Sourcefire, Inc. 11-2010 About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. 2 Founded in 2001
More informationThe Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1
The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber
More informationConsolidation Committee Final Report
Committee Details Date: November 14, 2015 Committee Name: 36.6 : Information Security Program Committee Co- Chairs: Ren Flot; Whitfield Samuel Functional Area: IT Functional Area Coordinator: Phil Ventimiglia
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationGetting Security Operations Right with TTP0
0 Getting Security Operations Right with TTP0 Ismael Valenzuela SANS Instructor, McAfee @aboutsecurity Rob Gresham Splunk> Phantom @SOCologize Where were you in 1986? 0 What is the story? Google Market
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More information