Speed Up Incident Response with Actionable Forensic Analytics
|
|
- Eustacia Young
- 5 years ago
- Views:
Transcription
1 WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015
2 Table of Contents Introduction 3 Current Threat Landscape 3 How Typical IT/Security Processes Inhibit Effective Incident Response 4 Typical IT/Security Processes 4 Common Challenges 4 Challenges Specific to Forensic Analytics and Incident Response 5 Actionable Forensic Analytics 5 Flexible Incident Response 5 Tenable Continuous Monitoring Platform 6 Benefits of the Tenable Continuous Monitoring Platform 7 Actionable Forensic Analytics 7 Speeds-up Incident Response 7 Use-Cases 7 Forensic Analysis of Suspicious Activity 7 Incident Response Options 8 Conclusion 9 About Tenable Network Security 9 2
3 Introduction Cyber criminals are using advanced targeted attacks and modern malware to bypass traditional security controls and easily steal credit card data, sensitive corporate information, and national secrets. According to the 2014 Ponemon Report 1, the average total organizational cost of a data breach for companies participating in the survey worldwide increased by 15% over the previous year to $3.5 Million. The average cost paid for each stolen record containing sensitive data increased more than 9% from $136 in 2013 to $145 this year. In part, these costs are due to delays in breach detection, which can often take weeks to months after the initial compromise. Delays occur because security teams do not have actionable forensic data to pinpoint compromised hosts or identify sensitive data that has been stolen. Tenable provides a comprehensive continuous network monitoring solution that enables you to rapidly respond to security incidents, by providing actionable forensic data that can help detect incidents more accurately. In this paper, we will explore the forensic analytics and incident response capabilities of Tenable SecurityCenter Continuous View (SC CV), a network security platform that identifies vulnerabilities and threats, reduces risk, and ensures compliance. Topics covered will include: Recognizing how organizational silos and inefficient process inhibit the effectiveness of IT and Security Operations. Gathering actionable forensic analytics data is needed to identify advanced attacks both at the network and host levels. Responding to security incidents requires flexible techniques that leverage both workflows and automation. Current Threat Landscape Fig. 1: Verizon 2014 DBIR Report -Top 10 types of security incidents that resulted in breaches The Verizon 2014 Data Breach Investigation Report (DBIR) 2 covers breaches affecting organizations in 95 countries in The top 10 categories of security incidents (as shown in Fig. 1) totaled up to approximately 63,000 incidents, out of which 1,367 (2%) resulted in breaches (data disclosure). However, the same four categories of attacks - POS intrusions, web app attacks, cyber espionage, and card skimmers - have contributed to the top breaches between 2011 and Only 33% of victims discover breaches internally according to Mandiant s 2014 M Trends Threat Report 3. Furthermore, in 67% of the cases, victims were notified by external entities after it was already too late to save the reputation of the company. Security breaches can have a devastating impact on any company. For example, in the Target breach alone, 40 million credit/debit card data records and 70 million total data records were stolen in the month of November The attack vector used in Target was a known exploit that had impacted other retail chains. This scenario is all too common. Therefore, to protect against advanced attacks and security breaches, a company s IT security strategy should include: Continuous network monitoring for known vulnerabilities and threats. Correlating anomalous activity at the network and host levels to detect the unknown threats Cost of Data Breach Study: Global Analysis, Ponemon Institute, May Data Breach Investigations Report, Verizon, April Threat Report M Trends Beyond the Breach, Mandiant a FireEye Company, April
4 How Typical IT/Security Processes Inhibit Effective Incident Response Typical IT/Security Processes Fig. 2: Typical IT/Security Operations Processes Typical IT/Security processes (as illustrated in Fig. 2) encompass the following four phases: 1. Prevent: Identify all vulnerabilities in all known/managed assets in your enterprise. Automatically classify them into asset groups based on OS and applications/services running on them. Perform configuration audits and patch them to prevent bad configurations and known vulnerabilities. This enables you to reduce attack surface and prevent known attacks. 2. Detect: Discover unknown/unmanaged assets on your network, including mobile devices, virtual machines and cloud services. Automatically identify operating system and application services that have exploitable vulnerabilities. Detect known threats based on threat intelligence from intrusion detection/prevention devices on your network. 3. Analyze: Correlate anomalous activity with real-time threats (events) and monitor for changes to systems/endpoints to see if they match known indicators of compromise. Collect accurate forensic data and present this in a consumable way. Sophisticated analytics are required to tie together the asset and vulnerability data from across assessment scan, networks sniffed, and log data and produce actionable reports. 4. Respond: Use forensic data to generate alert notifications to take prioritized manual (workflow-based) actions or automated (API-based) actions to prevent threats from resulting in security breaches. Forensic Analytics and Incident Response corresponds to the Analyze and Respond phases (bottom-half) of the IT/Security process. Common Challenges Common challenges encountered by organizations implementing this model include: Organizational Silos: Desktop administration, network, and security operations in medium to large companies are typically managed by three different organizations IT Helpdesk, Network Operations Center (NOC), and Security Operations Center (SOC), who use different tools that do not communicate well with each other. Unmanaged Assets: All assets on the network are not discovered or known to IT, and hence they are not monitored or managed, especially mobile phones, tablets, and virtual environments (e.g., VMware instances), which may have vulnerabilities that can be easily exploited. Unknown Applications/Services: Many unmanaged assets are not hardened or patched to eliminate known vulnerabilities, such as Heartbleed. These assets could be used as launch pads for malware to penetrate the enterprise. Lack of Network Visibility: Any anomalous network traffic to botnets and Command and Control (CnC) servers can go undetected if there are no network monitoring tools with application level (layer 7) visibility looking for traffic to known suspicious destinations. Un-prioritized Vulnerabilities: Vulnerabilities are not prioritized by Common Vulnerability Scoring System (CVSS) scores, asset criticality, or users/ roles. IT will be unable to quantify business risk without such prioritization. 4
5 Challenges Specific to Forensic Analytics and Incident Response No Actionable Forensic Data: Security and network operations staff are inundated with security events for which they do not have the right actionable data. This includes indicators of compromise for advanced attacks that go undetected by traditional defenses. Inflexible Incident Response: Security and network operations staff have limited ways in responding to incidents, e.g., generating notifications and reports, initiating manual work flows, or spawning automated actions. Having the flexibility to associate different types of response actions with alerts enables IT/Security Operations to speed up incident response and reduce business risk. Actionable Forensic Analytics The typical requirements for actionable forensic analytics include the following capabilities: Network Forensics: Logs of all network traffic, which includes packet capture or meta-data captures from network sensors, application flow data from switches and routers, and application logs from network proxies. This data is useful for identifying suspicious traffic that can be attributed to botnets or CnCs to or from bad sites without deploying any agents on endpoints. Host Forensics: Monitoring hosts and endpoints for file integrity, system configurations, processes, DNS queries, and network connections. This typically requires credential-based scanning of endpoints, or agents running on endpoints to gain evidence (using tell-tale signs of indicators of compromise). Log Correlation: Encompasses behavioral and statistical analysis to determine anomalies in network and host forensic data. Infuses contextual information about asset location and user identity, and also filters logs using blacklists from external threat intelligence sources. These correlation features are vital for zeroing-in on security incidents that need immediate attention. Actionable forensic data should include monitoring for: Network meta-data: Source and target of attack: IP address, host name, port/protocol associated with botnets or CnC traffic URL/domain name of server hosting malware Sender/recipient address of phishing attack Host Indicators of Compromise: IP address or hostnames of compromised endpoints Hashes of malware files/binaries System configurations or auto-runs that should be checked for integrity OS registry changes and processes associated with malware Flexible Incident Response Any solution that identifies security incidents should further enable you to respond to them with the following types of configurable response actions, based on the simplicity or complexity of the problem identified. Notifications/ Send notifications via the console or by , and include the recommended action. Dashboards/Reports: Automatically update a dashboard or generate a report with the current state of incidents in progress, assigned to appropriate personnel. Work Flows: Trigger trouble tickets with workflows assigned to the person responsible for follow through. Especially useful for the most complex and the least understood incidents. Automated Actions: Automatically invoke scripts or application programmatic interfaces (APIs), which perform specific actions such as adding a URL to the blacklist of a web gateway or update an ACL on a firewall to automatically block CnC servers. Automated actions are most applicable for frequently occurring incidents that are well understood. 5
6 Tenable Continuous Monitoring Platform Fig. 3: The Tenable Platform Continuous Monitoring of Vulnerabilities, Threats, and Compliance Tenable SecurityCenter Continuous View breaks down silos between IT, network, and security operations, and delivers actionable forensic data, asset information, and vulnerability context, to speed up incident response. The SecurityCenter Continuous View platform (depicted in Fig. 3) includes the following Tenable products and components: Nessus : is the industry s most widely-deployed vulnerability, configuration, and compliance scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, patch management integration, and vulnerability analysis. Nessus Manager provides a scalable on premise solution to manage multiple Nessus scanners. The SaaS version, Nessus Cloud adds external perimeter scanning and PCI ASV scan validation. Passive Vulnerability Scanner (PVS): is a non-intrusive network monitoring tool that discovers all devices, applications, services, and their relationships currently active on your network. It automatically pinpoints potential security risks posed by vulnerable assets and new or unknown rogue systems, including SaaS and IaaS services being accessed by users. Log Correlation Engine (LCE): collects and correlates logs from Nessus, PVS, and external sources on the network including firewalls, switches, routers, endpoints, and servers. It can also generate alerts when malware matching indicators of compromise from external threat intelligence sources (e.g., Reversing Labs and IID) are encountered. All log data is compressed and stored in an indexed file system and can be rapidly searched using keywords. SecurityCenter Continuous View (SC CV): enables continuous monitoring of vulnerabilities, threats, and compliance violations discovered by Nessus, PVS, and LCE. It provides one management console with configurable dashboards, reports, and notifications to provide a comprehensive visualization (as shown in Fig. 4 below) of a company s vulnerabilities, threats, and compliance posture. Fig. 4: SecurityCenter Executive Summary Dashboard 6
7 Benefits of the Tenable Continuous Monitoring Platform Tenable s Security Center Continuous View breaks down silos between IT, network, and security Operations and enable you to gather actionable forensic data, information about assets, and vulnerability context to speed up incident response efforts. Actionable Forensic Analytics Automatically discovers and tags 100% of assets physical, virtual, mobile, and cloud Performs audits to discover known vulnerabilities based on security policies Discovers advanced threats by scanning for indicators of compromise Continuously monitors network traffic to detect hidden attack paths and suspicious activity Speeds-up Incident Response Provides asset and vulnerability context for every incident detected Identifies residual risk with correlated vulnerability and threat data Automatically generates alerts with configurable response options manual and automated Provides actionable information in customizable dashboards and reports Use-Cases The following use cases illustrate how Tenable SecurityCenter Continuous View (SC CV) gathers accurate forensic data to detect advanced attacks and set up flexible responses to prevent security incidents and breaches. Forensic Analysis of Suspicious Activity SecurityCenter Continuous View, which includes SecurityCenter, Nessus, PVS, and LCE, can be used to track both inbound and outbound suspicious network traffic to zero in on advanced attacks. Inbound: Detect downloads of malware from an external web server and validate if an endpoint was truly compromised. Tenable PVS can be used to capture all inbound network traffic, and LCE can be used create a watchlist of internal assets that exhibit suspicious file/exe downloads from known botnets and websites, as shown in Fig. 5 below: Fig. 5: Indicators dashboard to track inbound/outbound suspicious activity Tenable Nessus can be used to scan a watchlist of assets to look for advanced malware using known Indicators of Compromise (IoC). If IoCs are found on an endpoint (as shown in Fig. 6 below), then the endpoint is confirmed to be compromised. 7
8 Fig. 6: Indicators of Compromise (IoC) found on a compromised endpoint Outbound: Detect an internal host already compromised trying to beacon out to botnet/cnc server. PVS can be used to capture an anomalous set of failed DNS queries to a known CnC server, which indicates a compromised host that is trying to beacon out to potentially exfiltrate information. Fig. 7 below depicts how such anomalies can be identified in PVS. Fig. 7: Anomalous outbound communication identified by PVS Incident Response Options SC CV allows you to set up actions for every alert. The following types of actions can be configured for each alert: Alert Sample Targeted IDS New Host Discovered Telnet Server Detected Host has a compliance failure Critical exploitable vulnerability on Windows endpoint Configurable Action NOC Launch a compliance scan Generate a report of services on host Notify compliance officer Notify appropriate systems administrator 8
9 Fig. 8 below shows a screen shot of the Alerts window with configurable options in SC CV. Fig. 8: Configurable response actions for an alert in SC CV Conclusion While enterprise IT and security teams deploy and manage an expanding array of defensive technologies, many remain challenged to detect and assess the impact of threats until long after vulnerable systems are compromised. Tenable Network Security addresses this situation with its industry-leading continuous monitoring platform - SecurityCenter Continuous View, a comprehensive solution for vulnerability, threat and compliance management. SecurityCenter Continuous View transforms organizational silos and operational processes by providing meaningful and actionable forensic analytics with which enterprises can dramatically accelerate incident response. About Tenable Network Security Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View, which provides the most comprehensive and integrated view of network health, and Nessus, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, please visit tenable.com. For More Information: Please visit tenable.com Contact Us: Please us at sales@tenable.com or visit tenable.com/contact Copyright Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter and Passive Vulnerability Scanner are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners. EN-JAN V4 9
Protecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationNIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation
NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation Automating Cybersecurity Framework Technical Controls with Tenable SecurityCenter Continuous View February
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationTenable for Palo Alto Networks
How-To Guide Tenable for Palo Alto Networks Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with Palo Alto Networks next-generation firewalls (NGFW).
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationTechnical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform
Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group
More informationAsset Discovery with Symantec Control Compliance Suite WHITE PAPER
Asset Discovery with Symantec Control Compliance Suite WHITE PAPER Who should read this paper: IT Operations IT Security Abstract Know Your Assets, Know Your Risk. A robust and easily managed host discovery
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCompliance Audit Readiness. Bob Kral Tenable Network Security
Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support
More informationTHE EVOLUTION OF SIEM
THE EVOLUTION OF SIEM Why it is critical to move beyond logs BUSINESS-DRIVEN SECURITY SOLUTIONS THE EVOLUTION OF SIEM Why it is critical to move beyond logs Despite increasing investments in security,
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationQualys Indication of Compromise
18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationTenable.io User Guide. Last Revised: November 03, 2017
Tenable.io User Guide Last Revised: November 03, 2017 Table of Contents Tenable.io User Guide 1 Getting Started with Tenable.io 10 Tenable.io Workflow 12 System Requirements 15 Scanners and Agents 16 Link
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationThreat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ
Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1
More informationARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE
ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive
More informationEnhanced Threat Detection, Investigation, and Response
Enhanced Threat Detection, Investigation, and Response What s new in Cisco Stealthwatch Enterprise Release 6.10.2 Cisco Stealthwatch Enterprise is a comprehensive visibility and security analytics solution
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationMachine Learning and Advanced Analytics to Address Today s Security Challenges
Machine Learning and Advanced Analytics to Address Today s Security Challenges Depending on your outlook, this is either an exciting time or a terrible time to be part of an enterprise cybersecurity team.
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationTenable SCAP Standards Declarations. June 4, 2015 (Revision 11)
Tenable SCAP Standards Declarations June 4, 2015 (Revision 11) Table of Contents Center for Internet Security (CIS)... 3 Common Criteria (NIAP)... 3 Common Vulnerability Enumeration (CVE)... 3 Common Configuration
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationWHITEPAPER. Protecting Against Account Takeover Based Attacks
WHITEPAPER Protecting Against Account Takeover Based Email Attacks Executive Summary The onslaught of targeted email attacks such as business email compromise, spear phishing, and ransomware continues
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationAligning with the Critical Security Controls to Achieve Quick Security Wins
Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationOrchestrating and Automating Trend Micro TippingPoint and IBM QRadar
Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar Response Automation SOCAutomation is an information security automation and orchestration platform that transforms incident response.
More informationWHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief
WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION A Novetta Cyber Analytics Brief Why SIEMs with advanced network-traffic analytics is a powerful combination. INTRODUCTION Novetta
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationChristopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud
Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationTenable for Google Cloud Platform
How-To Guide Tenable for Google Cloud Platform Introduction This document describes how to deploy Tenable SecurityCenter Continuous View (Security Center CV ) for integration with Google Cloud Platform.
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationThreat Centric Vulnerability Management
Threat Centric Vulnerability Management Solution Brief When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands even millions of vulnerabilities
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationAutomated Threat Management - in Real Time. Vectra Networks
Automated Threat Management - in Real Time Security investment has traditionally been in two areas Prevention Phase Active Phase Clean-up Phase Initial Infection Key assets found in the wild $$$$ $$$ $$
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationThe Future of Threat Prevention
The Future of Threat Prevention Bricata is the leading developer of Next Generation Intrusion Prevention Systems (NGIPS) technology, providing innovative, disruptive, high-speed, high-performance network
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationVectra Cognito. Brochure HIGHLIGHTS. Security analyst in software
Brochure Vectra Cognito HIGHLIGHTS Finds active attackers inside your network Automates security investigations with conclusive answers Persistently tracks threats across all phases of attack Monitors
More informationManaging Business Risk with Assurance Report Cards
Managing Business Risk with Assurance Report Cards This white paper explains how to manage cyber risk which is on the list of concerns for business executives. Table of Contents Introduction... 3 Cybersecurity
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationThe Cognito automated threat detection and response platform
Overview The Cognito automated threat detection and response platform HIGHLIGHTS Finds active cyberattackers inside cloud, data center and enterprise environments Automates security investigations with
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationCybowall Solution Overview
Cybowall Solution Overview 1 EVOLVING SECURITY CHALLENGES 2 EXAMPLES OF CYBER BREACHES INCLUDING CARD DATA 2013: Adobe Systems Hackers raided an Adobe back-up server on which they found and published a
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More information