Three Phases of Security
|
|
- Merilyn Hunter
- 6 years ago
- Views:
Transcription
1
2 Three Phases of Security
3 Security Analyst: Tools of the Trade Patrick Lane, M.Ed., Security+, Network+, CISSP, MCSE Senior Manager, Product Development Product Manager for: CompTIA Security+ CompTIA Cybersecurity Analyst (CSA+) CompTIA Advanced Security PracCConer (CASP) CompTIA Server+
4 Agenda 1. Why have security analyst skills become so important? 2. What tools do security analysts use? 3. How does a SIEM work unified security management? 4. How is threat intelligence integrated? 5. Real- world examples Splunk: Database hack discovered LogRhythm: Financial server hack discovered AlienVault: Bruteforce ayack discovered
5 Why have security 1 analyst skills become so important?
6 Seminal Event: Target Hack of 2014 Wake up call for the IT security world Brought widespread ayencon to the Advanced Persistent Threat Demonstrated that tradiconal security tools, such as firewalls and anc- virus, do not alone protect networks Recent high profile ayacks at Yahoo! and DemocraCc NaConal CommiYee (DNC)
7 The Advanced Persistent Threat (APT) CharacterisCcs: Never stop Oaen highly coordinated / state sponsored Bad actors lurk on systems and networks Hard to detect Planning Malware Introduc>on Command & Control Lateral Movement Target Iden>fica>on Exfiltra>on (AGack Event) Retreat
8 Lessons Learned We must apply behavioral analy>cs to the IT security market to improve the overall state of IT security. We must focus on network behavior in an organizacon s interior network We must idencfy network anomalies that indicate bad behavior We must train IT security professionals security analyst skills, which include: ü Threat management ü Vulnerability management ü Cyber incident response ü Security and architecture tool sets
9 TOTAL NUMBER OF JOB POSTINGS: Security Analyst Job Role Informa>on Security Analysts 130, ,000 90, % increase from 2012 to Data for U.S. only, but reflects an interna>onal need. 109,819 70,000 50,000 39,920 30,000 48,947 58,456 10, Source: Burning Glass Technologies Labor Insights, January 2016
10 AddiConal Indicators The U.S. Bureau of Labor StaCsCcs predicts that informacon security analysts will be the fastest growing job category, with 37% overall growth between 2012 and 2022.* In an analysis of recent U.S. Bureau of Labor StaCsCcs data, informacon security analysts saw an 8% bump in growth over the first three months of That s a new BLS record.** 8 in 10 managers indicate that IT security cercficacons are very valuable (38%) or valuable (42%) in terms of validacng security- related knowledge/ skills or evaluacng job candidates.*** * CompTIA, Trends in InformaCon Security 2015 ** U.S. Bureau of Labor StaCsCcs data *** InternaConal Trends in Cybersecurity, CompTIA, 2016
11 (Quick AdverCsement) CompTIA Cybersecurity Analyst (CSA+) Cer>fica>on Developed to address the need for IT Security Analysts. Exam available February 15, 2017 As ayackers have learned to evade tradiconal signature- based solucons, an analyccs- based approach has become extremely important. CSA+ applies behavioral analyccs to the IT security market to improve the overall state of security.
12 2 What tools do security analysts use?
13 Tools of the Trade Open Source Open source so^ware Descrip>on URL Wireshark Network protocol analyzer / packet capture tool hgps:// Bro and/or Snort Network intrusion deteccon systems (NIDS) hgps:// hgps:// AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange (OTX) Security InformaCon and Event Management (SIEM) soaware hgps:// products/ossim
14 Security InformaCon and Event Management (SIEM) soaware All about logs To constantly aggregate and analyze internal and external network logs To quickly prevent breaches or perform incident response using these logs What does it address? Threat management Incident response Compliance 80% of SIEMs are funded to close a compliance gap Security OperaCons Center (SOC) Security Analyst, SOC Analyst, Vulnerability Analyst, Cybersecurity Specialist Threat Intelligence Analyst, Security Engineer
15 Tools of the Trade Vendor Specific Vendor- specific so^ware Descrip>on URL Intel Security / MacAfee Enterprise Security Manager SIEM, threat deteccon hgp:// enterprise- security- manager.aspx Dell/EMC RSA Security AnalyCcs and RSA NetWitness Suite SIEM, threat deteccon hgp:// hgps:// us/products- services/ threat- detec>on- and- response Splunk Enterprise Security SIEM, threat deteccon hgps:// premium- solu>ons/splunk- enterprise- security.html AlienVault Unified Security SIEM, threat hgps://
16 Tools of the Trade Vendor Specific Vendor- specific so^ware Descrip>on URL HPE Security ArcSight ESM SIEM, threat deteccon hgp://www8.hp.com/us/en/so^ware- solu>ons/siem- security- informa>on- event- management/ IBM Security QRadar SIEM SIEM, threat deteccon hgp://www- 03.ibm.com/so^ware/products/en/ qradar- siem/ LogRhythm Unified Security Intelligence Plarorm SIEM, threat deteccon hgps://logrhythm.com/products/security- intelligence- pladorm/
17 SIEM Example
18 How does a SIEM 3 work unified security management?
19 OSSIM AlienVault Open Source SIEM (OSSIM) free, but no support AlienVault USM is commercial version ($32K). What it does: External Data Sources: applicacons and devices that generate events Sensors: collect and normalize events Server: conducts risk assessment, correlacon direccves and storage of events in an SQL database (SIEM) Storage: events are digitally signed and Cme stamped in a massive storage system, usually NAS or SAN, called Logger, that includes an addiconal database for forensics. Web Interface - provides a reporcng system, metrics, reports, dashboards, CckeCng system, vulnerability management system, real- Cme network informacon
20 Source: LogRhythm s Unified Security Intelligence PlaAorm
21 OSSIM InstallaCon OSSIM.ISO image includes Linux Debian, OSSIM, and OSSIM agent soaware AlienVault_OSSIM_64bits_5.3.2.iso (630 MB) hyps:// Implement on virtual machine Needs power AWS or Azure recommended
22 OSSIM Agents and Plug Ins SIEMs work best in a large organizacon with mulcple network devices, such as firewalls, IDS/IPS, anc- virus, web servers, etc. To collect logs from hosts Install agents, such as OSSEC (Linux) and Snare (Windows) To connect data- sources to OSSIM server Install plug- ins (XML- based configuracon file) at data source Plug- ins integrated into many security tools: CheckPoint, Cisco, Citrix, Exchange, IIS, Syslog, Wmi, Nessus, AnC- virus (Sophos, Symantec, McAfee, Avast), OSSEC, Snare Apache, Snort, Ntop, Nmap, OpenVAS, P0f, Pads, Arpwatch, OSSEC, Osiris, Nagios, OCS, Kismet
23 CorrelaCon Separates SIEM from IDS/IPS using intelligence Reduces false posicves Calculates mulcple input events and alarms into a more manageable number of events to address Cross CorrelaCon Works only with events that have defined descnacon IP addresses Checks IP address in database to determine any vulnerabilices Changes the reliability value of the event, which is used to calculate risk Removes a lot of alarms
24 CorrelaCon (cont d) CorrelaCon DirecCve Generates an alarm by following rules Rules wriyen in XML (there can be thousands most preconfigured) Analyze mulcple events and decide whether to raise an alarm or not E.g., mulcple login ayempts into a web server using SSH Capable of idencfying zero- day ayacks, since it uses rules based on behavior
25 OSSIM data management: Raw logs Events Alarms Tickets Risk CalculaCon Raw logs are sent to OSSIM server and normalized The logs become events Alarms are raised when the risk value of event is 1 on a scale to 10. [ASSET VALUE(0-5)*PRIORITY(0-5)*RELIABILITY(0-10)] /25 = RISK OF THE EVENT(0-10) Tickets are manually or automaccally created in OSSIM aaer reviewing alarms. Assigned to appropriate personnel.
26 ReporCng Highly scalable Easy to use Schedule reports and e- mail
27 4 How is threat intelligence integrated?
28 Threat Intelligence Source: hbps://
29 Source: hbps://
30 Source: hbps://
31 5 Real world examples
32 LogRhythm: Financial Server Hack Discovered
33 Source: hbps://logrhythm.com/products/security- intelligence- plaaorm/
34 Source: hbps://logrhythm.com/products/security- intelligence- plaaorm/
35 Splunk: Database Hack Discovered
36 Source: hbps:// solujons/splunk- enterprise- security.html
37 Source: hbps:// solujons/splunk- enterprise- security.html
38 AlienVault: Bruteforce ayack discovered
39 Source: hbps://
40 Source: hbps://
41 Thank You QuesCons?
SIEM Product Comparison
SIEM Product Comparison SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013) Only products with technology
More informationZix Support for Standards
COMPATABILITY GUIDE Zix works in your environment because our products are based in standards such as SMTP, SAML and OATH. We have thousands of customers using Zix in diverse environments, and we know
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationTechnology Incident Response and Impact Reduction. May 9, David Litton
Technology Incident Response and Impact Reduction May 9, 2018 David Litton dmlitton@vcu.edu Incidents and Impacts Yahoo! EQUIFAX MedStar Dyn, Inc. Stolen Data Destroyed Data Lost Service / Availability
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationModule 2: AlienVault USM Basic Configuration and Verifying Operations
AlienVault USM for Security Engineers 5 day course outline Course Introduction Module 1: Overview The Course Introduction provides students with the course objectives and prerequisite learner skills and
More informationFlowmon. IPv6 Summit & SINOG mee=ng Andrej Vnuk, network&security
Flowmon IPv6 Summit & SINOG mee=ng 2016 Andrej Vnuk, network&security andrej.vnuk@alef.com ALEF distribucija SI VAD for infrastructure: NetApp leading storage vendor in Europe VAD for Network and Security:
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationNot your Father s SIEM
Not your Father s SIEM Getting Better Insights & Results Bill Thorn Director, Security Operations Apollo Education Group Agenda Why use a SIEM? What is a SIEM? Benefits of Using a SIEM Considerations Before
More informationSimplify, Streamline and Empower Security with ISecOps
Simplify, Streamline and Empower Security with ISecOps Matthew O Brien Senior Global Product Manager Cybersecurity DXC.technology 1 What is Integrated Security Operations (ISecOps)? Intelligence Driven,
More informationSECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH
SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH 1 SECURITY+ VS GIAC GSEC Where does GSEC fit? 3 CompTIA Security+ and GIAC Security Essentials (GSEC) Feature CompTIA Security+
More informationAlienVault USM Appliance for Security Engineers 5 day course outline. Module 2: USM Appliance Basic Configuration and Verifying Operations
AlienVault USM Appliance for Security Engineers 5 day course outline Course Introduction Module 1: Overview The Course Introduction provides students with the course objectives and prerequisite learner
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationTop 10 use cases of HP ArcSight Logger
Top 10 use cases of HP ArcSight Logger Sridhar Karnam @Sri747 Karnam@hp.com #HPSecure Big data is driving innovation The Big Data will continue to expand Collect Big Data for analytics Store Big Data for
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationCertification and Career Guide
Certification and Career Guide CompTIA offers some of the most recognized entry-level certifications for IT professionals, including its A+, Network+ and Security+ certifications. This certification guide
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSecureVue. SecureVue
SecureVue SecureVue Detects Cyber-Attacks Before They Impact Your Business Provides Situational Awareness to Proactively Address Enterprise Threats Ensures Quick and Easy Compliance Reporting and Documentation
More informationManaged Security Services. I.T. Security Specialists. Managed Security Services 1
Managed Security Services I.T. Security Specialists Managed Security Services 1 Caretower s Service Elements 24x7 Management The Managed Security Services are delivered through our Security Operations
More informationSIEM (Security Information Event Management)
SIEM (Security Information Event Management) Topic: SECURITY and RISK Presenter: Ron Hruby Topics Threat landscape Breaches and hacks Leadership and accountability Evolution of security technology What
More informationINCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER
INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER 1 INCIDENT RESPONDER'S FIELD GUIDE TABLE OF CONTENTS 03 Introduction
More informationNetwork Security Monitoring: An Open Community Approach
Network Security Monitoring: An Open Community Approach IUP- Information Assurance Day, 2011 Greg Porter 11/10/11 Agenda Introduction Current State NSM & Open Community Options Conclusion 2 Introduction
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationHow to use Oracle Real ApplicaCon Clusters (RAC) in a Cloud? A Support QuesCon
How to use Oracle Real ApplicaCon Clusters (RAC) in a Cloud? A Support QuesCon Markus Michalewicz Senior Director of Product Management, Oracle RAC Development May 29 th, 2017 Markus.Michalewicz@oracle.com
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationUSM Anywhere AlienApps Guide
USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,
More informationHow can OSSIM help you with your PCI DSS Wireless requirements?
How can OSSIM help you with your PCI DSS Wireless requirements? Topics PCI DSS How PCI applies to Wireless What is OSSIM? The advantages of Open Source The Open Source approach PCI DSS PCI DSS is a security
More informationMcafee Network Intrusion Detection System. Project Report >>>CLICK HERE<<<
Mcafee Network Intrusion Detection System Project Report Selecting an intrusion detection and prevention system vendor can be a IDS/IPS protection, the current network configuration and the project budget,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationNetwrix Auditor Competitive Checklist
Netwrix Auditor Competitive Checklist DATA COLLECTION AND STORAGE Non-intrusive architecture Operates without agents so it never degrades system performance or causes downtime. Certified collection of
More informationChecklist for Evaluating Deception Platforms
Checklist for Evaluating Deception Platforms With over 700 reported breaches occurring annually, a modern day adaptive security defense requires a combination of prevention, detection, response, and prediction
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationHow to manage evolving threats on evolving ICT assets across Enterprise
How to manage evolving threats on evolving ICT assets across Enterprise Marek Skalicky, CISM, CRISC, Qualys MD for CEE November, 2015 Vaš partner za varovanje informacij Agenda Security STARTs with VISIBILITY
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationState of Security Operations
State of Security Operations Roberto Sandoval / September 2014 Security Intelligence & Operations Consulting Founded: 2007 The best in the world at building state of the art security operations capabilities/cyber
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationNew! Checklist for HIPAA & HITECH Compliance Pabrai
Ensure An Always Ready Audit State Ali, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, FBI InfraGard Agenda Step through compliance challenges and state of security in healthcare Review list
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationProtecting organisations from the ever evolving Cyber Threat
Protecting organisations from the ever evolving Cyber Threat Who we are .At a glance 16+ Up to 190B 2B+ Dell SecureWorks is one of the most promising MSSPs in the GCC region MSS Market Report on GCC, Frost
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationA Comprehensive Guide to Remote Managed IT Security for Higher Education
A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite
More informationin PCI Regulated Environments
in PCI Regulated Environments JULY, 2018 PCI COMPLIANCE If your business accepts payments via credit, debit, or pre-paid cards, you are required to comply with the security requirements of the Payment
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More information6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are
PROGRAM Objective Cyber Security is the most sought after domain, and NASSCOM projects a requirment of over 1 million trained professionals by 2025. Tevel training program is an industry & employability
More informationKASPERSKY ENDPOINT SECURITY FOR BUSINESS
KASPERSKY ENDPOINT SECURITY FOR BUSINESS 1 WHAT WE SEE TODAY 325,000 New Endpoint Threats per day Targeted attacks and malware campaigns Threat reports Continued Exploitation of Vulnerabilities in 3rd
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationJob Specification & Recruiting Profile of Vacancy
Job Specification & Recruiting Profile of Vacancy 26 March 2019 The following vacancy exists at NSFAS in Cape Town. Position Information Security Analyst Type & Grade Permanent, Grade 11 Vacancy No 76
More informationDATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationJuan R. Reyes, CISSP Kelly Drive, Point Venture, TX
Juan R. Reyes, CISSP -18913 Kelly Drive, Point Venture, TX 78645 512.567.2799 juan_reyes@mail.com - http://www.linkedin.com/in/jrreyes EDUCATION M.S. Computer Information Systems, 3.77 GPA - St. Edward
More informationEC-Council - EC-Council Certified Security Analyst (ECSA) v8
EC-Council - EC-Council Certified Security Analyst (ECSA) v8 Code: 3402 Lengt h: URL: 5 days View Online The EC-Council Certified Security Analyst (ECSA) program teaches information security professionals
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationCyber Security Occupations. in San Diego County
Cyber Security s in San Diego County February 2017 Prepared by Center of Excellence for Labor Market Research San Diego & Imperial Counties Region Labor Market Demand & Wages Currently, there is only one
More informationCIS Top 20 #12 Boundary Defense. Lisa Niles: CISSP, Director of Solutions Integration
CIS Top 20 #12 Boundary Defense Lisa Niles: CISSP, Director of Solutions Integration CSC # 12 - Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationVersion 5.3 Rev A Student Guide
AlienVault Launchpad Getting Started with USM Version 5.3 Rev A Student Guide 2 Launchpad v5.3 rev A Copyright 2017 AlienVault. All rights reserved. Table of Contents Course Introduction... 1 Overview...
More information50+ Incident Response Preparedness Checklist Items.
50+ Incident Response Preparedness Checklist Items Brought to you by: Written by: Buzz Hillestad, Senior Information Security Consultant at SBS, LLC 1 and Blake Coe, Vice President, Network Security at
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationNATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST
NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST TERMS OF REFERENCE February 2017 1 TERMS OF REFERENCE FOR
More informationTodays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products
Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products Agenda Today s Threat Landscape HP ArcSight Summary Agenda Today s Threat Landscape HP ArcSight Summary
More informationQuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview
Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have
More informationDeception: Deceiving the Attackers Step by Step
Deception: Deceiving the Attackers Step by Step TrapX Security, Inc. February, 2018 In 2017, Gartner emphasized how companies are transforming their security spending strategy and moving away from prevention-only
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationRULES VERSUS MODELS IN YOUR SIEM
WHITE PAPER RULES VERSUS MODELS IN YOUR SIEM INTRODUCTION There has been a rapid increase in malicious insider threats, compromised insiders, and sensitive data exfiltration targeting enterprises today.
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationSCADA Security: How Do I Know If I ve Already Been Owned?
SESSION ID: SOP-W04 SCADA Security: How Do I Know If I ve Already Been Owned? Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo 17-Leidos-0918-1850 Overview Reasons for Concern Cybersecurity
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More information