Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Size: px
Start display at page:

Download "Automated Response in Cyber Security SOC with Actionable Threat Intelligence"

Transcription

1 Automated Response in Cyber Security SOC with Actionable Threat Intelligence

2 while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent problem across many other SANS surveys. The survey also found a need for more automation across the prevention, detection and response functions

3

4 SANS: Threat Intelligence White Paper Threat intelligence is evidencebased knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. Source:

5 The Challenges of the CISO and CIO Hacking-as-a-services DDOS-as-a-services RESEARCH INFILTRATION Regulation Compliance Governance Firewall, IPS, Proxy, APT, SSL Endpiont, DDOS, WAF, $ DISCOVERY SIEM, Manual Correlation CAPTURE CISO DETECTION Market Malware-as-a-services Ransomware-as-a-services EXFILTRATION Automated Scalable Specialized Collaboration INCIDENT RESPONSE People resource Manual Response Complexity High volume incident DNS Alert SMTP Alert Web Alert AV Alert Endpoint Alert DNS Alert SMTP Alert AV Alert Endpoint Alert Web Alert AV Alert DNS Alert Web Alert ,Palo Alto Networks. Confidential and Proprietary.

6 Challenges & Cyber Security SOC Requirements VOLUME Increased attack volume from automated adversaries - Reduce attack surface - Prioritize critical threats ALERTS Too many alerts from too many sources without context - Reduce false positive - Add attack contexts COMPLEXITY Highly manual response with complex workflows - Accelerate incident handling workflows and automated proactive response ,Palo Alto Networks. Confidential and Proprietary.

7 Today s Security Operation Center (SOC) Workflow 3 rd Threat Intel Firewall1,2,3,4 Only IOC IP URL Domain IPS Take actions Manually Search & Query Investigate Security Log Proxy Free community search Eg. Virus total, URL blacklist, malwaredomain SIEM APT Security Admin - Only some IOC provided - Less detailed Endpoint Summary Report Inform Actions

8 Metrics for success TIME TO IDENTIFICATION Decrease time to identify new, targeted attack TIME TO ERADICATION Speed mitigation without adding specialized staff ,Palo Alto Networks. Confidential and Proprietary.

9 How to improve security incident response operation workflow?

10 1. Using the global threat intelligence cloud Real-World attack from Wildfire, Industry s largest network-sandbox service. Cyber Threat Alliance: Sharing threat information 3 rd party feed, closed and open-source intel WildFire Palo Alto Network Global Passive DNS Network Unit 42, TI and Research team Malware Signature (1Billions) Threat IntelligenceCloud C&C/DNS Signature (Million) URL Signature (Billion) >15,000, WildFireglobal enterprise customers Malware/APT Feeds 3 rd party Passive DNS Network

11 Threat Intelligence: Detecting the unknown at scale WildFire delivers over 100K new protectionsto customers per day AutoFocus contains over 2 B files and over 500B artifacts (and growing) Enriched Information 150M samples/ month Over 1000 AutoFocus tags add human-curated intelligence to over 80% of yearly malware incidents Known good files = Reduce FP Known bad files =Reduce FN

12 Demo: Context from Autofocus Context: Malware families Attack campaigns Exploits Malicious behavior Threat actors Context: My org, My industry and Global view Top Malware Top application malware Top Src, Dst, Country Context: Malware Dynamic & Static analysis Malware behavior Indicator of attack and compromise Top attack source, - IP: Domain: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - URphil-army.gotdns.org/4c4f4f50/archive/ html destination and country ,Palo Alto Networks. Confidential and Proprietary.

13 Using Large Global Threat Intelligence Source 3 rd Threat Intel feed Only IOC IP URL Domain Firewall 1,2,3,4 IPS Take actions Manually Search & Query Security Log Proxy SIEM Security Admin Provided Deep Info for Investigation - Threat actors - Malware Family - Adversary campaign - Target Industries - Prioritize alerts - Malicious Behavior - Exploits techniques - Contexts: IP, Connectivity, Domain, URL, Passive DNS, etc. Accurate Summary Report More actionable actions Inform & provide actionable controls APT Endpoint

14 2. Orchestrate Threat Intelligence and Enforce Preventions-based Control Automatically Aggregate and correlate TI feeds Automated enforcement of prevention-based control Threat Intelligence Feeds Private Feeds Network Enforcers SIEM Threat Intelligence Platforms End Point Enforcers

15 Threat Intel Aggregator Architecture End Point Enforcers SIEM Input: Threat Feeds OSINT Commercial Organization (CERT, ISAC) Autofocus Processors IPv4/IPv6 aggregator URL aggregator Domain aggregator Outputs JSON STIX/TAXII External Dynamic List (EDL) Elastic Logstash Network Enforcers FW, IPS

16 Reduce the False Positive by Correlating TI 3 rd party Threat Intel Cross check & Correlation IP DNS URL _ End Point Enforcers Export IOC Network Enforcers FW, IPS SIEM

17 Orchestrate TI and Automated Enforce Prevention-based 3 rd party Threat Intel Control IP DNS URL Cross Check & IOC Export Search & Query IOC Feed JSON, STIX Automated poll IOC for prevention Security Log Firewall 1,2,3,4 IPS Proxy Provided Deep Info for Investigation - Threat actors - Malware Family - Adversary campaign - Target Industries - Prioritize alerts - Malicious Behavior - Exploits techniques - Contexts: IP, Connectivity, Domain, URL, Passive DNS, etc. API Call JSON, STIX SIEM Accurate Summary Report More actionable actions Watchlist & Traceback APT Endpoint Security Admin

18 How it Works Threat Intelligence 3rd Party TI Feed AutoFocus Threat Big DataWildFire Context Samples Search Match Cross Check Indicator Store Export TI Consolidator MineMeld Actionable Threat Intel Cloud On Premise Automated prevention control End Point SIEM Firewall Proxies Local MineMeld

19 Why Do We Need Security Platform? Legacy security responses increase complexity SIEM FULL VISIBILITY Sandboxing ALL LOCATION Web Security Gateway (Proxy) Web Security Gateway (Proxy) PREVENT ZERO- DAY THREATS Firewall Stateful inspection Legacy AV controls Intrusion prevention Firewall Stateful inspection Legacy AV controls Intrusion prevention Firewall Stateful inspection Legacy AV controls SPEED SECURITY ANALYSIS WORKFLOWS Next-generation Security Platform Workflow complexity

20 Key Benefits 1. Provide full visibility and prevention on all risk locations 2. Reduce complexity 3. Decrease numbers of event per second 4. Reduce log storage 5. Reduce false positive events 6. Improve detection, response & forensic times 7. Accelerate incident handling & response workflow

21

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1

More information

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally

More information

THE ACCENTURE CYBER DEFENSE SOLUTION

THE ACCENTURE CYBER DEFENSE SOLUTION THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly

More information

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various

More information

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Security Platform Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy The Next Generation Enterprise Security Platform Core Value Proposition An Enterprise Security

More information

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved. Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security

More information

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1 RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection

More information

Integrated, Intelligence driven Cyber Threat Hunting

Integrated, Intelligence driven Cyber Threat Hunting Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks

More information

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,

More information

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more

More information

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new

More information

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet

More information

BUILDING AND MAINTAINING SOC

BUILDING AND MAINTAINING SOC BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:

More information

Cisco Advanced Malware Protection against WannaCry

Cisco Advanced Malware Protection against WannaCry Cisco Advanced Malware Protection against WannaCry "A false sense of security is worse than a true sense of insecurity" Senad Aruc Consulting Systems Engineer Advanced Threats Group Nils Roald Advanced

More information

An All-Source Approach to Threat Intelligence Using Recorded Future

An All-Source Approach to Threat Intelligence Using Recorded Future nn Enterprise Strategy Group Getting to the bigger truth. Solution Showcase An All-Source Approach to Threat Intelligence Using Recorded Future Date: March 2018 Author: Jon Oltsik, Senior Principal Analyst

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response

More information

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC

More information

10x Increase Your Team s Effectiveness by Automating the Boring Stuff

10x Increase Your Team s Effectiveness by Automating the Boring Stuff SESSION ID: TTA-R02 10x Increase Your Team s Effectiveness by Automating the Boring Stuff Jonathan Trull Chief Cybersecurity Advisor Microsoft @jonathantrull Vidhi Agarwal Senior Program Manager Microsoft

More information

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION SELF-AUDIT GUIDE CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION A Primer for Moving Beyond AV and Firewalls 1 The Problem As software systems become more distributed and interactive

More information

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid

More information

Threat Intelligence, Layered Security, and CIS Controls

Threat Intelligence, Layered Security, and CIS Controls * Threat Intelligence, Layered Security, and CIS Controls Ted Gruenloh COO - Sentinel IPS @SentinelIPS Scott Smith, CISSP CISO - City of Bryan @CityOfBryan New-School Layered Security Prepare to be breached.

More information

CTI Capability Maturity Model Marco Lourenco

CTI Capability Maturity Model Marco Lourenco 1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information

More information

Qualys Indication of Compromise

Qualys Indication of Compromise 18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities

More information

Seceon s Open Threat Management software

Seceon s Open Threat Management software Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real

More information

Protecting organisations from the ever evolving Cyber Threat

Protecting organisations from the ever evolving Cyber Threat Protecting organisations from the ever evolving Cyber Threat Who we are .At a glance 16+ Up to 190B 2B+ Dell SecureWorks is one of the most promising MSSPs in the GCC region MSS Market Report on GCC, Frost

More information

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017 Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication

More information

McAfee Advanced Threat Defense

McAfee Advanced Threat Defense Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike

More information

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4

More information

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Enhancing Threat Intelligence Data. 05/24/2017 DC416

Enhancing Threat Intelligence Data. 05/24/2017 DC416 Enhancing Threat Intelligence Data By @3ncr1pted 05/24/2017 DC416 Security consultant researcher/analyst in Threat Intel. Loves APTs, mainframes, ICS SCADA & creating security awareness StarTrek! Boldly

More information

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting CYBER THREAT INTEL: A STATE OF MIND Internal Audit, Risk, Business & Technology Consulting WHO ARE WE? Randy Armknecht, CISSP, EnCE Protiviti Director - IT Consulting randy.armknecht@protiviti.com Albin

More information

Symantec Ransomware Protection

Symantec Ransomware Protection Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway

More information

Infoblox as Part of the Ecosystem

Infoblox as Part of the Ecosystem Infoblox Core Exchange Infoblox Core Exchange is a highly-interconnected set of ecosystem integrations that extend security, increase agility, and provide situational awareness for more efficient operations,

More information

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive

More information

Comprehensive datacenter protection

Comprehensive datacenter protection Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack

More information

Security Information & Event Management (SIEM)

Security Information & Event Management (SIEM) Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Reducing the Cost of Incident Response

Reducing the Cost of Incident Response Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,

More information

esendpoint Next-gen endpoint threat detection and response

esendpoint Next-gen endpoint threat detection and response DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that

More information

THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION

THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,

More information

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have

More information

A Comprehensive CyberSecurity Policy

A Comprehensive CyberSecurity Policy A Comprehensive CyberSecurity Policy Review of ALL NGFW Capabilities Attack Surface Reduction From Complex to Comprehensive Before and After of a PANW customer 1 2 1 Enhanced Policy on the L7 layer Leverage

More information

Un SOC avanzato per una efficace risposta al cybercrime

Un SOC avanzato per una efficace risposta al cybercrime Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat

More information

An Aflac Case Study: Moving a Security Program from Defense to Offense

An Aflac Case Study: Moving a Security Program from Defense to Offense SESSION ID: CXO-W11 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global CISO Aflac Threat Landscape Selected losses > 30,000 records (updated 10/15/16) Security

More information

Qualys Cloud Platform

Qualys Cloud Platform Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new

More information

Security Operations 2018: What is Working? What is Not.

Security Operations 2018: What is Working? What is Not. SESSION ID: TTA-F03 Security Operations 2018: What is Working? What is Not. Kerry Matre Security Operations Strategist Palo Alto Networks 2 How did we get here? Today Short Description Q1 20YY 01 Milestone

More information

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most

More information

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them

More information

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi Combating APTs with the Custom Defense Solution Hans Liljedahl Peter Szendröi RSA Attack Overview : 1. Two spear phishing emails were sent over a two-day period targeted at low to mid- xls attachment with

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Proactive Approach to Cyber Security

Proactive Approach to Cyber Security Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving

More information

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,

More information

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER

More information

Qualys Cloud Platform

Qualys Cloud Platform 18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform

More information

SOC AUTOMATION OF THREAT INVESTIGATION

SOC AUTOMATION OF THREAT INVESTIGATION SOC AUTOMATION OF THREAT INVESTIGATION White Paper When a Security Operations Center (SOC) is shown on TV, it has a specific portrayal. There is a large wall full of screens. World maps showing the threat

More information

SIEM Solutions from McAfee

SIEM Solutions from McAfee SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an

More information

RSA ECAT DETECT, ANALYZE, RESPOND!

RSA ECAT DETECT, ANALYZE, RESPOND! RSA ECAT DETECT, ANALYZE, RESPOND! Cyber Threat Landscape Attack surface (& attackers) expanding Web app Existing strategies & controls are failing Laptop EHR Firewall Attacks sophistication on the rise

More information

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,

More information

Stopping Advanced Persistent Threats In Cloud and DataCenters

Stopping Advanced Persistent Threats In Cloud and DataCenters Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data

More information

The New Era of Cognitive Security

The New Era of Cognitive Security The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,

More information

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye Designing an Adaptive Defense Security Architecture George Chiorescu FireEye Designing an Adaptive Security Architecture Key Challanges Existing blocking and prevention capabilities are insufficient to

More information

Threat Intel for All: There s More to Your Data than Meets the Eye

Threat Intel for All: There s More to Your Data than Meets the Eye Threat Intel for All: There s More to Your Data than Meets the Eye By @3ncr1pted 07/28/2017 Wall of Sheep Security consultant researcher/analyst in Threat Intel. Loves APTs, mainframes, ICS SCADA & creating

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE Ralf Kaltenbach, Regional Director RSA Germany 1 TRUSTED IT Continuous Availability of Applications, Systems and Data Data Protection with Integrated

More information

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors

More information

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market

More information

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Cognito Detect is the most powerful way to find and stop cyberattackers in real time Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive

More information

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

White Paper. Why IDS Can t Adequately Protect Your IoT Devices White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity

More information

Upgrade your SOC with Security Analytics and Orchestration

Upgrade your SOC with Security Analytics and Orchestration CyberActive SM Upgrade your SOC with Security Analytics and Orchestration Author: Rajat Mohanty, CEO, Paladion Networks 1 Overview Security teams are always on the lookout to enhance the capabilities of

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack

More information

Cybersecurity Roadmap: Global Healthcare Security Architecture

Cybersecurity Roadmap: Global Healthcare Security Architecture SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products

More information

The Cognito automated threat detection and response platform

The Cognito automated threat detection and response platform Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

AKAMAI CLOUD SECURITY SOLUTIONS

AKAMAI CLOUD SECURITY SOLUTIONS AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust

More information

Behavioral Analytics A Closer Look

Behavioral Analytics A Closer Look SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns

More information

Building a Threat-Based Cyber Team

Building a Threat-Based Cyber Team Building a Threat-Based Cyber Team Anthony Talamantes Manager, Defensive Cyber Operations Todd Kight Lead Cyber Threat Analyst Sep 26, 2017 Washington, DC Forward-Looking Statements During the course of

More information

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products Agenda Today s Threat Landscape HP ArcSight Summary Agenda Today s Threat Landscape HP ArcSight Summary

More information

From Managed Security Services to the next evolution of CyberSoc Services

From Managed Security Services to the next evolution of CyberSoc Services From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry

More information

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe

More information

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service

More information

Put an end to cyberthreats

Put an end to cyberthreats Put an end to cyberthreats Automated and centralized Advanced Security CORPORATE CYBERSECURITY Who is behind cyberthreats?1 73% 28% 12% 50% What is the cost to companies? Global cost: $600,000 M3 Cost

More information

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation Date: November 14, 2016 Underwritten by: Introduction Agencies deal with a greater volume and velocity of cyber threats

More information

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1 CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges Do You Have A Firewall Around Your Cloud? California Cybersecurity Education Summit 2018 Tyson Moler Oracle Security, North America Public Sector Conquering The Big Threats & Challenges Real Life Threats

More information