Advanced Threat Hunting:
|
|
- Maximillian Justin Craig
- 6 years ago
- Views:
Transcription
1 Advanced Threat Hunting: Identify and Track Adversaries Infiltrating Your Organization In Partnership with: Presented by: Randeep Gill Tony Shadrake Enterprise Security Engineer, Europe Regional Director, Europe 2014 Bit9. All Rights Reserved
2 The Evolving Threat Landscape Criminal Enterprises Broad-based and targeted attacks Financially motivated Getting more sophisticated Hactivists Targeted and destructive attacks Unpredictable motivations Generally less sophisticated Nation-States Targeted and multi-stage attacks Motivated by information and IP Highly sophisticated, endless resources
3 Endless Stream of Data Breaches Source: Information is Beautiful, Oct. 2014
4 The Problem: Advanced Threats = $$$ In 2020, enterprises will be in a state of continuous compromise % Days to discover* Discovered externally* There are two kinds of companies: those that have been breached and those that don t know it yet. $ 5.4 MILLION Average cost* CIO Fortune 100 company *Sources: Mandiant, Verizon
5 Endless Stream of News
6 The Network is Not the Target Organizations continue to spend a lot of money on network security solutions, but it s the endpoint that is the ultimate target of advanced threats and attacks. July 2014
7 THREAT MODEL: 1: OPPORTUNISTIC 2: NOT DON T OVERCOMPLICATE THE THREAT
8 Opportunistic threats sell our computers. Goal: breadth of access. Advanced threats sell our data. Goal: precision of access.
9 Traditional Defenses Were Designed for Opp. Attacks ADVANCED OPPORTUNISTIC Hosts Compromised Hosts Compromised Signature available DETECTION THRESHOLD Time Goal for attacker is to compromise as many endpoints as possible Signature available (if ever) DETECTION THRESHOLD Goal for attacker is to compromise as few endpoints as possible? Time
10 But once they re in However they get in, we need to find them! Faster detection means: Shorter dwell time Smaller scope for your incident response Less damage to your business What do they do once they re in?
11 They often Live off the Land (and blend in)
12 Living off the Land Living Off the Land: the attacker uses built-in tools so there are very few new executables. The attacker typically needs to do the following: Execute code: Crack/Dump/Guess/Obtain Valid Credentials» See this with Backoff POS Malware Copy Data: Utilize tools like robocopy, xcopy, cmd.exe to gather data Utilize known good tools for compression or use scripts Exfil Data: ftp.exe, net.exe, Visual Basic script to control IE for POSTing data Manipulate: Download something not malicious but that will trip up detection When Admin logs in, credentials, keystrokes, etc., are captured and used Persist: Compromise or Add more user and system accounts Login to backup servers, staging servers, less noticeable parts of your enterprise Create scheduled jobs that will run and re-add accounts, communicate out, etc.
13 Living off the Land (cont d) More Things to Consider: PowerShell is Powerful Execute from remote URL Basically anything you would ever want to write code for, you can do with powershell, so as an adversary, I can really do some damage (powersploit, etc) Use Internal C2 Sites: Use blog comments and/or wiki to give your stuff new commands so there is no outside communications Use Well-Known Social Sites: Twitter (bots) Dropbox Google Drive Facebook < Insert Social Site Here > Find hardcoded credentials, re-use same password across an enterprise, Single-Sign- On design flaws, etc
14 Target?
15 So, back to Hunting
16 Is Your Environment Like This?
17 Or This?
18 What do you Hunt? Do you know what you re looking for? Are you running vulnerable software? Is it likely to be compromised? Have you hardened your systems, have you reduced surface area? Do you have shared passwords, plain-text credentials, etc? If you have too much entropy or very few standards, hunting will be DIFFICULT Then again, it is rarely easy What do the bad guys need to do? Execute Communicate Grab Data Steal/Add Credentials Persist
19 Which comes first Detection or Collection? By prioritizing collection over detection you can: (1) HUNT MORE EFFECTIVELY!!! (2) Rapidly find root cause (3) Quickly & confidently reconstruct timelines (4) Accelerate Discovery (determine scope) (5) Benefit from hindsight (evolve)
20 Java exploitation Highlight As Opposed to Filter Endpoint Visibility Highlight detected activity within endpoint visibility to understand root cause and scope Proactive Traditional data detection collection also filters enables out you endpoint to see and visibility detect entire only showing attack individual processes events DETECTED DETECTED User visits website Is sent malicious Java applet Spawns first stage payload Spawns second stage payload Detection probability increases over time Injects code into Windows Explorer Investigations seek root cause Takes malicious actions Goal: Understand root cause
21 Expand Detection Beyond the Moment of Compromise Traditional Focus Only See Individual Detection Event Missed without continuous data collection You can t know what s bad ahead of time Abnormal Behavior Lateral Movement & User Accounts Exfiltration & Data Gathering Weeks to Months (Years)
22 Actionable Endpoint Visibility Events Most organizations only have a static view of their business and the data they manage to collect What s more actionable? Traditional IR view Events + Intelligence With no insight into known bad, how can they pick the needles out of their data collection haystack? Events + Intelligence + Prevalence Without understanding prevalence, how can they prioritize detection events to accelerate threat discovery? svchost.exe ran Events + Intelligence + Prevalence + Relationships Without maintaining the recorded relationships, how do they quickly scope any impacted endpoints and lateral movement?? svchost.exe was spawned by unsigned binary under Modern abnormal user account and made a network connection IR view
23 Hunting Tips 1 Collect the RIGHT Data Netflow data and firewall logs can help, but if you aren t seeing what is executing and what is changing on your systems, you will not have as much hunting success. You need to hunt where the adversaries live! 2 Analyze RELATIONSHIPS Relationships are key to being able to detect abnormal behavior. Sure, the adversary lives off the land, but they re still going to do unusual things with the existing tools available to them. 3 Incorporate Reputation and Classification Information When you re hunting, you should not have to spend time manually checking the reputation of a binary or website, as that greatly slows down your ability to continue to the hunt. Being able to quickly say things are known good, known Bad is key, as is the ability to say if it is part of a particular campaign or attack. 4 Automate as much as possible! When you know what is normal, you should be able to be alerted when activity occurs outside of what is normal. And you should be able to automate this. You should also automate reputation and classification information retrieval, and automate discovery.
24 Some Ideas Are abnormal user accounts being used? Do windows processes (lsass, svchost, csrss) have strange parents? Are IE, Acrobat, Word, Notepad, etc., spawning child processes? Are Office Applications making outbound connections? Is Java spawning command shells? Is cmd.exe running as system? Are user accounts being added locally? Are thousands of files being modified by a single process? Is ftp or robocopy being used? Are processes executing that don t have a.exe or.scr extension?
25 Back to the Basics Are you recording every command line used by net.exe and looking for abnormalities? Are you watching when PowerShell.exe is used? Are you mapping user account activity to hosts to look for abnormal logins? Are you. <INSERT LOTS OF STUFF TO DO HERE>
26 Response is the closest thing we have in IT to dogfighting - Bruce Schneier, Blackhat 2014 Keynote
27 Customer Case Study 2014 Bit9. All Rights Reserved
28 Case Study: Major Nordics Mobile Operator Environment 10,000 endpoints/2,500 servers Multi-platform: Win, Linux & MAC Security Challenges June 2014: Had a security incident that took down many machines Under constant attack from Advanced Malware targeting Exec machines Traditional AV on Endpoints. Needed better Detection and stronger Prevention capabilities to combat advanced threats that bypassed existing AV security defenses Intellectual property and customer data at risk Solution Bit9 + Carbon Black Deployed to 50 machines and instantly found many had been compromised This included the identification of malicious files, network activity by unusual processes, legitimate processes performing suspicious actions and more. Key Benefits Visibility into all endpoints and servers Real-time Detection + Incident Response in seconds *Time to Response* is key to identifying & isolating incidents quickly to avoid monetary losses and reputational damage
29 THANK YOU 2014 Bit9. All Rights Reserved
ADVANCED THREAT HUNTING
ERADICATE CONCEALED THREATS: ADVANCED THREAT HUNTING WITH CARBON BLACK OVERVIEW OVERVIEW In a SANS survey, 56% of incident responders claim they assume their enterprise is already compromised i. By preparing
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationStreaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV
Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationesendpoint Next-gen endpoint threat detection and response
DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that
More informationWHITEPAPER. Hunt Like a Pro: A Threat Hunting Guide for Cb Response
WHITEPAPER Hunt Like a Pro: A Threat Hunting Guide for Cb Response OVERVIEW 91% of organizations reported improvements in speed and accuracy of response as a direct result of their threat hunting practices
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationSecurity analytics: From data to action Visual and analytical approaches to detecting modern adversaries
Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries Chris Calvert, CISSP, CISM Director of Solutions Innovation Copyright 2013 Hewlett-Packard Development
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationATT&CKing The Command Line & Hunting For More
ATT&CKing The Command Line & Hunting For More Evan Gaustad Principal Threat Detection Engineer LogicHub Agenda Threat Hunting Automation Motivation MITRE ATT&CK & LOLBAS Process Execution Logs Artificial
More informationENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE
ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit
More informationMcAfee Endpoint Threat Defense and Response Family
Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationBREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response
BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone of cyber security,
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationIncident Response Agility: Leverage the Past and Present into the Future
SESSION ID: SPO1-W03 Incident Response Agility: Leverage the Past and Present into the Future Torry Campbell CTO, Endpoint and Management Technologies Intel Security The Reality we Face Reconnaissance
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationTHE CLOUD SECURITY CHALLENGE:
THE CLOUD EMAIL SECURITY CHALLENGE: CLOSING THE CYBERSECURITY SKILLS GAP THROUGH AUTOMATION THE EMAIL SECURITY CHALLENGE Email remains at the heart of the business communications landscape. While nobody
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationWHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT
WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT THREE DECADES OF COMPUTER THREATS In 1986, the Brain boot sector virus caused the first widespread realization
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationSOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD
RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD OVERVIEW Information security has been a major challenge for organizations since the dawn of the
More informationApplication Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9
Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9 About Me Chief Security Officer @ Bit9 Former Director of Technical Operations and Information Security @ Center for
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationSOC Operations on the Autobahn. Don t let the green grass fool you
SOC Operations on the Autobahn Don t let the green grass fool you Who am I? Adrian Kelley 15+ Years of IT Experience Current: Sands Corp. (Vulnerability Management Engineer) United States Computer Emergency
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection Protecting Endpoints and Servers Nick Levay, Chief Security Officer, Bit9 @rattle1337 2014 Bit9. All Rights Reserved About Me Chief Security Officer, Bit9
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationMachine Learning and Advanced Analytics to Address Today s Security Challenges
Machine Learning and Advanced Analytics to Address Today s Security Challenges Depending on your outlook, this is either an exciting time or a terrible time to be part of an enterprise cybersecurity team.
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationTHREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT
THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT Threat Intelligence: The term Threat Intelligence is often thrown around too liberally and can mean many different things to different
More informationOperationalizing the Three Principles of Advanced Threat Detection
SESSION ID: SDS2-R08 Operationalizing the Three Principles of Advanced Threat Detection ZULFIKAR RAMZAN, PH.D Chief Technology Officer RSA @zulfikar_ramzan Dealing with Traffic Congestion Singapore: Major
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationDefend Against the Unknown
Defend Against the Unknown Stay ahead of new threats with McAfee Endpoint Threat Defense solutions Targeted exploits. Ransomware. Explosive growth in zero-day malware. Organizations are locked in an ongoing
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationOne Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious
One Phish, Two Phish, Three! Building an Active Threat Management Framework for Malicious Email - Ron Weiss, Incident Response Team lead Disclaimer: The information in this presentation is based on lessons
More informationPart 2: How to Detect Insider Threats
Part 2: How to Detect Insider Threats Amichai Shulman Chief Technology Officer Imperva Amichai Shulman CTO, Imperva Speaker at Industry Events RSA, Appsec, Info Security UK, Black Hat Lecturer on information
More informationATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network
More informationCisco Advanced Malware Protection (AMP) for Endpoints Security Testing
Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing 7 September 2018 DR180821E Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Test Summary... 4 3.0 Product Tested...
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationResolving Security s Biggest Productivity Killer
cybereason Resolving Security s Biggest Productivity Killer How Automated Detection Reduces Alert Fatigue and Cuts Response Time 2016 Cybereason. All rights reserved. 1 In today s security environment,
More informationIncident Response Tools
Incident Response Tools James Madison University Dept. of Computer Science June 13, 2013 1 Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network.
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationFast Incident Investigation and Response with CylanceOPTICS
Fast Incident Investigation and Response with CylanceOPTICS Feature Focus Incident Investigation and Response Identifying a potential security issue in any environment is important, however, to protect
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationRSA ECAT DETECT, ANALYZE, RESPOND!
RSA ECAT DETECT, ANALYZE, RESPOND! Cyber Threat Landscape Attack surface (& attackers) expanding Web app Existing strategies & controls are failing Laptop EHR Firewall Attacks sophistication on the rise
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationAbstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016
ESG Lab Review Proofpoint Advanced Threat Protection Enterprise Strategy Group Getting to the bigger truth. Date: January 2017 Author: Tony Palmer, Senior Lab Analyst; and Jack Poller, Senior Lab Analyst
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationInsiders: The Threat is Already Within
Insiders: The Threat is Already Within Shiri Margel & Itsik Mantin June 2016 About us Shiri Margel Itsik Mantin Data Security Research Team Leader Director of Security Research M. Sc. in Applied Math and
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationProactive Defense with Automated First Responder (AFR) Anuj Soni Jason Losco
Proactive Defense with Automated First Responder (AFR) Anuj Soni Jason Losco July 18, 2013 Combating increasingly sophisticated attackers requires a proactive cyber program incorporating diverse solution
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationUnderstanding Targeted Attacks. Sean Mason VP, Incident Response
Understanding Targeted Attacks Sean Mason VP, Incident Response Sean A. Mason www.seanmason.com @SeanAMason Security Analyst IR Mgr Director IR Executive IR Leader VP, Incident Response Sr. IT Auditor
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationBUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection
BUILT TO STOP BREACHES Cloud-Delivered Endpoint Protection CROWDSTRIKE FALCON: THE NEW STANDARD IN ENDPOINT PROTECTION ENDPOINT SECURITY BASED ON A SIMPLE, YET POWERFUL APPROACH The CrowdStrike Falcon
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationCombating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi
Combating APTs with the Custom Defense Solution Hans Liljedahl Peter Szendröi RSA Attack Overview : 1. Two spear phishing emails were sent over a two-day period targeted at low to mid- xls attachment with
More informationTanium Endpoint Detection and Response. (ISC)² East Bay Chapter Training Day July 13, 2018
Tanium Endpoint Detection and Response (ISC)² East Bay Chapter Training Day July 13, 2018 $> WhoamI 11 Years of Security Experience Multiple Verticals (Technology, Industrial, Healthcare, Biotech) 9 Years
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Analyze & prioritize alerts across various sources The cornerstone of security
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationINCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER
INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER 1 INCIDENT RESPONDER'S FIELD GUIDE TABLE OF CONTENTS 03 Introduction
More informationQualys Indication of Compromise
18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationSharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data
Sharing What Matters Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data Dan Gunter, Principal Threat Analyst Marc Seitz, Threat Analyst Dragos, Inc. August 2018 Today s Talk at
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationCybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale
Cybersecurity for the SMB CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized
More informationMcAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks
McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks Key Advantages Stay ahead of zero-day threats, ransomware, and greyware with machine learning and dynamic
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More information