Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
|
|
- Roland Lionel Jacobs
- 5 years ago
- Views:
Transcription
1 Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved.
2 Three Aspects of Security #1 Infrastructure Protection Better Application and Service Availability #2 Data Protection and Malware Mitigation Protect Users and Data #3 Threat Containment and Operations Efficiency & Optimization of Security Operations Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
3 Agenda The Big Disconnect in IT Infoblox solution for Threat Containment and Operations Why Infoblox Next Steps #1 Infrastructure Protection Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. #2 Data Protection and Malware Mitigation #3 Threat Containment and Operations
4 Today s Security Landscape 400+ VENDORS Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
5 And Yet There is a Disconnect Security You Want Security You Often Get Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
6 Silos Exist Between Teams and Technologies Network and Security Separate Teams with Different Priorities Network Team High Availability Network Infrastructure: routers, APs, switches, etc. Security Team Risk Mitigation Security Infrastructure: firewalls, endpoints, sandboxing, etc. Silos between network, edge, endpoint and data security systems and processes can restrict an organization s ability to prevent, detect and respond to advanced attacks. Network Logging and Monitoring Security Logging and Monitoring (SIEM) Best Practices for Detecting and Mitigating Advanced Threats, 2016 Update 29 March Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
7 Ineffective Threat Intelligence Poor incident response and manual processes 70% 46% 45% of survey respondents that felt Threat Intel is not timely 1 % of survey respondents unable to prioritize the threat by category 1 % of survey respondents lacked context for threat intel to make it actionable 1 Siloed Threat Intelligence impacts effectiveness & trust Lack of prioritization and context slows remediation 1. Source: Ponemon Institute, 2016 Second Annual Study on Exchange Cyber Threat Intelligence: There Has to Be a Better Way Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
8 No Knowledge of Threat Context Context environmental information required to take the right action WHO (identity) WHAT (what network device) WHERE (where and what part of the network) WHEN (time of day, how often) Today s security teams: Face too many alerts with no way to prioritize based on actual risk Lack easy access to network data for context Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
9 Lack of Automation Security tools can t take action automatically based on network activities When new network elements join the network When malicious activities are detected by DNS security tools Today s security teams use difficult, manual processes to assemble data from disparate sources Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
10 Solution: Threat Containment and Operations Ease Security Operations with Better Context, Automation and Consolidated Threat Intel Threat Intelligence Optimization Enforce policy using timely, consolidated & high quality threat intelligence Improve incident response with consolidate threat intelligence from multiple sources Eliminate silos and accelerate remediation by centralizing threat intelligence Security Orchestration Automatically share DNS IoCs with security ecosystem for more efficient incident response Share network context and actionable intelligence (IP address, DHCP fingerprint, lease history etc.) to help assess risk and prioritize alerts Rapid Triage/Resource Optimization Investigate threats faster to free up security personnel Timely access to context for threat indicators #1 Infrastructure Protection Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. #2 Data Protection and Malware Mitigation #3 Threat Containment and Operations
11 1 1 2 Solution Components Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
12 Consolidated Threat Intelligence A single vendor relationship enables organizations to Leverage specialized feeds from different vendors (no one source knows it all) across entire infrastructure Eliminate conflicts between sources NGEP Get higher rate of accuracy as all systems use same source of truth Efficient use of resources NGEP NGFW SIEM Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
13 Timely, Consolidated & High Quality Threat Intelligence Out-of-the-box Integration of native threat intelligence with DDI for policy enforcement Verified and curated threat intelligence with <.01% historic rate of false positives Easily Acquire, Aggregate and Distribute Threat Intelligence Data Easily Deploy Threat Intelligence Data to Mitigate Threats Operationalize Threat Intelligence Data Distribution of threat intelligence to existing security infrastructure to prevent future attacks Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
14 Leveraging Threat Intel Across Entire Security Infrastructure Infoblox C&C IP List SURBL Marketplace Custom TI TIDE Define Data Policy, Governance & Translation Phishing & Malware URLs Spambot IPs C&C & Malware Host/Domain Various file formats Dossier Investigate Threats RESULT: Single-source of TI management Faster triage Threat Prioritization Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
15 Security Orchestration Accelerating Incident Handling and Response with Automation Context to Prioritize Remediation Device Audit Trail and Fingerprinting SIEM Vulnerability Management DHCP Device info, MAC, lease history Threat Intelligence Platform Network Access Control IPAM Application and Business Context Metadata via Extended Attributes: Owner, app, security level, location, ticket number Context for accurate risk assessment and event prioritization Malicious activity inside the security perimeter Advanced Threat Detection Next-gen Endpoint Security DNS Includes BYOD and IoT devices Profile device & user activity Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
16 Visualize Your Network Clearly and Automatically Inform Ecosystem See every network asset, every IP address and switch port, with unmatched clarity. Consolidate core network infrastructure into a single, comprehensive, authoritative database. Automatically notify ecosystem of changes in network Manage Diverse Devices Intelligently as You Grow Identify New or Unmanaged Network Elements Quickly to Enforce Security Notify Security Tools of Network Changes in Real Time Discovery and Visibility IPAM Sync Ecosystem Integrations with security vendors Reporting Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
17 Mine Valuable Historical DNS data for Security & Troubleshooting Forensic data mining for security operations Determine scope of a security incident by searching for systems that visited malware control site Automate correlation of network context and data with security events Unified reporting of security events for on-premises and cloud Help reduce Splunk Enterprise license costs by optimizing DNS data transfer through filtering Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
18 Rapid Threat Investigation and Triage Single view for multiple sources Provides timely access to contextual information on threat actor, threat campaign, associated breaches in other organizations Allows rapid threat investigation and automation to free up security personnel Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
19 Why 1 2 Easy to apply threat intelligence not just in DNS infrastructure but across the entire security infrastructure In-house advanced threat research team 3 4 Proven Integrations with leading security technologies using STIX/TAXII, REST APIs, pxgrid, syslog for automating response to threats track record: market leader in DNS, DHCP and IPAM 50% market share, over 8000 customers Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
20 Next Steps Path to Engagement Free Trials/software ActiveTrust (on-premises) eval Security(PCAP) assessment Engage with Infoblox to find out if we integrate with your security tools Follow up with sales teams for deep dive on products Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
21 Q&A Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
22 Technical Section Note to presenter: Include technical slides if needed based on audience Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
23 How does Infoblox Threat Intel Provide the Most Value? High accuracy and wide coverage Provides context enabling security to focus on most crucial indicators Deletion of outdated intelligence utilizing TTL (time to live) Single source of truth: streamlines policy enforcement, incident response, and threat analyst activities (blacklisted domains easy to find in Dossier) Wide set of Threat Intel partners integrated into platform, business model and common API Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
24 Leveraging Threat Intel Across Entire Security Infrastructure Infoblox C&C IP List SURBL Marketplace Custom TI TIDE Define Data Policy, Governance & Translation Phishing & Malware URLs Spambot IPs C&C & Malware Host/Domain CSV File JSON STIX RBL Zone File RPZ Dossier Investigate Threats RESULT: Single-source of TI management Faster triage Threat Prioritization Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
25 The DNS, DHCP and IPAM Data Gold Mine DHCP Device Audit Trail and Fingerprinting A DHCP assignment signals the insertion of a device on to the network Includes context: Device info, MAC, lease history DHCP is an audit trail of devices on the network IPAM Application and Business Context Fixed IP addresses are typically assigned to high value devices: Data center servers, network devices, etc. IPAM provides metadata via Extended Attributes: Owner, app, security level, location, ticket number Context for accurate risk assessment and event prioritization DNS Activity Audit Trail DNS query data provides a client-centric record of activity Includes internal activity inside the security perimeter Includes BYOD and IoT devices This provides an excellent basis to profile device & user activity Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
26 Ecosystem API Integration Options Automated Action and Remediation STIX/TAXII Mitigation/Course of Action: Enable 3 rd party to block IP and Domain Third-Party Propriety REST API Infoblox Third-Party System Interfaces Indicator of Compromise: DNSFW or Data Exfiltration event notification to trigger automated action or provide to the monitoring platform Data Enrichment: 3 rd party requests data (IP Address, DNS records, Location) Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
27 Quarantining Endpoints and Containment Infoblox and Carbon Black Infoblox sends alert to Carbon Black Infoblox identifies domain associated with data exfiltration and blocks connection Infected endpoint attempts data exfiltration Carbon Black correlates endpoint, network data and remediates infected endpoint automatically Kills endpoint process, preserves evidence Updates security policy [kill process] on all endpoints Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
28 Improving Operational Efficiency thru Information Exchange Cisco ISE pxgrid Integration CISCO ISE pxgrid ecosystem Subscribe INFOBLOX The Challenge Security and Network Operation Center tools are isolated leading to inefficiency INFOBLOX publish EVENT CISCO ISE pxgrid ecosystem Infoblox Solution Infoblox will publish critical data that will enrich the ISE database and 3 rd party partners Infoblox will subscribe for user identity data available via ISE to enhance IPAM. Infoblox will publish Secure DNS events (infected devices) for further analysis and remediation by ecosystem partners. MITIGATE CISCO NETWORK Customer Benefits Easier Troubleshooting: With additional identity and network data Security Operations Efficiency: By sharing data Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
29 Easing Compliance & Audit Infoblox & Vulnerability Scanners Opportunity Lack of complete and up-to-date information about network devices and non-compliant hosts limits effectiveness of vulnerability scanning Solution Infoblox acts as the Single Source of Truth for the network and devices. Network & device discovery with metadata Notifies Qualys/Rapid 7 on new networks, devices as they are identified Triggers on-demand vulnerability scan Vulnerability Scans Policy Enforcement Remediation Benefits Efficient vulnerability management & compliance processes Faster response to potential risks associated with new devices or virtual workloads on the network Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
30 SIEM Integration Infoblox and LogRhythm DNS Security Events IP Address Changes Infoblox DNS security and DHCP services Infoblox provides visibility into DNS security events and IP address changes, which can be used by SIEM for analysis Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
31 SIEM Integration - Infoblox and Splunk Splunk Universal Forwarder Helps reduce Splunk Infoblox Data Connector VM Infoblox Grid Members CSV Infoblox Grid Master Splunk Enterprise Enterprise license costs by optimizing DNS data transfer through filtering Saves time and human resources by automating the collection, transfer, and conversion of DNS data from Infoblox Grid members Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
32 Gain Insights with Reporting and Analytics Unlock the Value of Core Network Services Data Harness rich network data to gain actionable insights Visibility into infected endpoints with contextual info(can include DHCP fingerprinting info username, MAC address, device type, lease history etc.) Ensure Compliance with Historical Visibility Identify Security Risks and Impacted Devices at Present Time Plan Future Requirements with Predictive Reports Integrated Data Collection Engine Historical Tracking of DDI Unique Algorithm and Predictive Reports Pre-built Reports and Customization Cost Effective Deployment Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
33 Backup Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
34 Industry Recommendations: SANS Critical Security Controls 1) Inventory of Authorized and Unauthorized Devices 2) Inventory of Authorized and Unauthorized Software 1 2 3) Secure Configurations for Hardware and Software 3 Source: Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. 13) Data Protection ) Boundary Defense 11) Secure Configurations for Network Devices 8 8) Malware Defenses
35 Additional Challenges Companies view their defense against cyber attacks as ineffective Companies view their processes to use internal and external actionable threat intelligence data and as ineffective. Information overload for users who are monitoring and responding to incidents Research and context gathering requires multiple tools leading to slow response Cannot share data internally in controlled manner Source: Second Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
36 서울시구로구디지털로 31 길 38-21, 609 호 ( 구로동, E&C 벤처드림타워 3 차 ) Tel. 02) / Fax. 02) / Copyrightc Expernet Co.,Ltd.All rights reserved Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.
Infoblox as Part of the Ecosystem
Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationWHITE PAPER. Why Infoblox for DDI. It is time to migrate from BIND and Microsoft
WHITE PAPER Why Infoblox for DDI It is time to migrate from BIND and Microsoft In many organizations the core services that enable reliable connectivity and access to the internet are based on free and
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationHow-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology
How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology Author: John Eppich Table of Contents About this Document... 3 Introduction
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationHow Vectra Cognito enables the implementation of an adaptive security architecture
Compliance brief How Vectra Cognito enables the implementation of an adaptive security architecture Historically, enterprises have relied on prevention and policy-based controls for security, deploying
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationIntegrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries
Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient
More informationAuthoritative IPAM QuickStart
SOLUTION NOTE Authoritative IPAM QuickStart SUMMARY Authoritative Internet Protocol Address Management (IPAM) QuickStart is an integration of network service tools that ensure identification and data accuracy
More informationDHS Automated Information Sharing (AIS) Program
DHS Automated Information Sharing (AIS) Program 2018 Infoblox Inc. All rights reserved. Page 1 of 5 2018 Infoblox Inc. All rights reserved. DHS Automated Information Sharing (AIS) Program Infoblox AIS
More informationStop Threats Before They Stop You
Stop Threats Before They Stop You Gain visibility and control as you speed time to containment of infected endpoints Andrew Peters, Sr. Manager, Security Technology Group Agenda Situation System Parts
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationSOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE
RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE KEY CUSTOMER BENEFITS: Gain complete visibility across enterprise networks Continuously monitor all traffic Faster analysis reduces risk exposure
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationPrescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC
Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationBuild a Software-Defined Network to Defend your Business
Build a Software-Defined Network to Defend your Business Filip Vanierschot Systems Engineer fvanierschot@juniper.net Kappa Data 2020 Software Defined Secure Networks Juniper s Innovation in Secure Networks
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationCLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS
Open third party integration for endpoint controls, policy and threat prevention While billions of Wi-Fi enabled smartphones and tablets connect to enterprise networks, it s a major challenge to ensure
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationBuilding an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO
Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Marco Rottigni Chief Technical Security Officer, Qualys, Inc. Secure Enterprise Mobility
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationDefending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks
Defending Against Unkown Automation is the Key Rajesh Kumar Juniper Networks When and not if you will get attacked! ON AVERAGE, ATTACKERS GO UNDETECTED FOR OVER 229 DAYS Root cause of Security Incidents
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationsecuring your network perimeter with SIEM
The basics of auditing and securing your network perimeter with SIEM Introduction To thwart network attacks, you first need to be on top of critical security events occurring in your network. While monitoring
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust
More informationImplementing a Well-Behaved Network for Your Cloud. David Veneski October 31, 2017
Implementing a Well-Behaved Network for Your Cloud David Veneski October 31, 2017 1 2017 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. What We ll Talk About The changing landscape Network
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationIntegration with McAfee DXL
DEPLOYMENT GUIDE Integration with McAfee DXL Visibility into Network Changes and Faster Threat Containment Using Outbound APIs 2017 Infoblox Inc. All rights reserved. Integration with McAfee DXL November
More informationTop 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)
ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationINTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.
INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking. Integrate IncMan SOAR s Orchestration, Automation and Response capabilities with your existing Jira solution. Solution
More informationAgile Security Solutions
Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization
More informationCisco Advanced Malware Protection against WannaCry
Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More information<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1
RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead
ClearPass Ecosystem Tomas Muliuolis HPE Aruba Baltics lead 2 Changes in the market create paradigm shifts 3 Today s New Behavior and Threats GenMobile Access from anywhere? BYOD Trusted or untrusted? Bad
More informationFirst Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.
18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,
More informationTechnical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform
Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationIntelligent Edge Protection
Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017 Flexible consumption Beacons, sensors and geo-positioning Driven by agile DevOps Mobile users, apps and devices
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationManufacturing security: Bridging the gap between IT and OT
Manufacturing security: Bridging the gap between IT and OT For manufacturers, every new connection point is an opportunity. And a risk. The state of IT/OT security in manufacturing On the plant floor,
More informationInfoblox: Company Update. Thomas Gerch Account Executive Infoblox, Date 30 march, 2017 Bern
Infoblox: Company Update Thomas Gerch Account Executive Infoblox, tgerch@infoblox.com Date 30 march, 2017 Bern Agenda Challenges and IT Key Initiatives The Core IB Portfolio Overview Security, DNS a valuable
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationRSA ECAT DETECT, ANALYZE, RESPOND!
RSA ECAT DETECT, ANALYZE, RESPOND! Cyber Threat Landscape Attack surface (& attackers) expanding Web app Existing strategies & controls are failing Laptop EHR Firewall Attacks sophistication on the rise
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationMcAfee Skyhigh Security Cloud for Amazon Web Services
McAfee Skyhigh Security Cloud for Amazon Web Services McAfee Skyhigh Security Cloud for Amazon Web Services (AWS) is a comprehensive monitoring, auditing, and remediation solution for your AWS environment
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationForescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1
Forescout Version 1.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationOrchestrating and Automating Trend Micro TippingPoint and IBM QRadar
Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar Response Automation SOCAutomation is an information security automation and orchestration platform that transforms incident response.
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationForescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More information