SECURITY OPERATION CENTER - Models, Strategies and development - By Ali Mohammadi Desember 12,13, 2017
|
|
- Hope Ashlyn Franklin
- 6 years ago
- Views:
Transcription
1 SECURITY OPERATION CENTER - Models, Strategies and development - By Ali Mohammadi Desember 12,13,
2 Outline Organizational Security Concept Security Operations Center (SOC) Concept SOC Models SOC Architecture SOC Strategies & Approaches SOC Develop & Plan 2
3 Organizational Security Concept 3
4 The current environment is putting new demands on security operations New Business Models, New Technologies Velocity of Threats Mobile Collaboration / BYOD Cloud / Virtualization Social Business Blurring Social Identities Large existing IT infrastructures with a globalized workforce, 3 rd party services, and a growing customer base Evolving Regulations - Potential Impacts Data or Device Loss or Theft Malware infection Loss of productivity $$$ Regulatory Fines Data Leakage 4 4
5 Why do we build operational security controls & capabilities? Reduce enterprise risk. Protect the business. Move from reactive response to proactive mitigation. Increase visibility over the environment. Meet compliance/regulatory requirements. 5
6 The organization drives the Security Model
7 GRC Information & Event Mgmt. Data Security Identity, Entitlement, Access Application Security Cryptography Host Security Network Security Physical Security Security Technology Stack
8 Data Security Host Security Monitor and control data flows on network Interconnected hosts on network Establish secure channel Control hosts on network Network Security Use identity Retrieve access control Send security logs Detect security incidents Identity and Access Security Info & Event Management Monitor and control applications running on network Key management Crypto offload Application Security Cryptography Network Security, and its relationships to the stack
9 Security Operations Center (SOC) Concept 9
10 What is a Security Operations Center, or SOC? A Security Operations Center is a highly skilled team following defined definitions and processes to manage threats and reduce security risk Security Operations Centers (SOC) are designed to: protect mission-critical data and assets prepare for and respond to cyber emergencies help provide continuity and efficient recovery fortify the business infrastructure The SOC s major responsibilities are: Monitor, Analyze, Correlate & Escalate Intrusion Events Develop Appropriate Responses; Protect, Detect, Respond Conduct Incident Management and Forensic Investigation Maintain Security Community Relationships Assist in Crisis Operations 10
11 Designing and building a SOC requires a solid understanding of the business needs and the resources that IT can deploy Multiple stakeholders, processes and technologies to consider Personnel skills: Security analysts, shift leads, SOC managers People In-house staff Partners Customers Outsourced Providers Threat Analysis Compliance Mgmt Change Mgmt Risk Assessment Process Vulnerability Mgmt Identity & Access SLA Mgmt Incident Mgmt An operational process framework Log Management Compliance Reporting Event Correlation Threat Reporting Technology Vulnerability Scanners Identity & Desktop Mgmt Ticketing System Change Tracking Physical space requirements and location 11
12 Building a Security Operations Center involves multiple domains People Process Do you need 24x7x365 staff? What are the skills needed? Where do you get staff? What about training? How do you keep staff? Metrics to measure performance Capacity planning Technology SIEM architecture & use cases Log types and logging options Platform integrations; ticketing governance, big data Web services to integrate them Technology should improve effectiveness and efficiency What does the plan look like? How do we measure progress and goals? What is the optimal design of core processes? (eg. incident management, tuning, etc.) Process and continual improvement Governance / Metrics Dashboard visibility and oversight Policy, measurement and enforcement Integrated governance that balances daily operations with strategic planning Ministry objectives Informing stakeholders Informing employees
13 CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical surveillance companies We re building a Cyber Security Operations Center (CSOC) that doesn t have any physical surveillance capability. It could be a component of a SOC in the future 13
14 (C)SOC vs. NOC Network Operations Center usually responsible for monitoring and maintaining the overall network infrastructure. Its primary function is to ensure uninterrupted network service. CSOC leverages security related network activity to refine security incidents response. CSOC and NOC should complement each other and work in tandem. 14
15 SOC Models 15
16 Operations Management Technology Mission & Strategy The changing requirements for enterprise security & risk management coupled with technology advancements have triggered a paradigm shift in the design and ongoing administration of a SOC. Legacy SOC Optimized SOC Charter Technology or service only Build a dedicated security operations capability Governance Self governed (IT Security) Cross-functional (IT, Business, Audit, etc.) Detect & react to threats. Strategy Tools Use Cases Referential Data Budget based, 12 month planning cycle SIEM tool only Standard rules Minimal customization Minimal importance, Secondary priority 3+ year cycle, priorities set by enterprise SIEM, ticketing, portal/ dashboard, Big Data Tailored rules based on risk & compliance drivers Required data, used to prioritize work Proactive. Visible. Anticipate threats. Mitigate risks. Measures Silos, ticket/technology driven Cross-functional, efficiency, quality, KPI/SLO/SLA Reporting Ticket/technology driven Metrics, analytics, scorecards, & dashboards 16
17 SOC Technology SOC Operations SOC Governance Security Operations Operating Model Cyber-Security Command Center (CSCC) Executive Security Intelligence Briefings Local Reg. Security Oversight SOC Governance Consolidated Security Analytics & Dashboards Local/Reg. Intel. Briefings SOC Service Delivery Management Service Level Management Operational Efficiency Service Reporting Escalation Architecture & Projects Incident Hunting PM Security Intelligence Use Case Recommendations Security Analytics & Incident Reporting Corporate Business Units Legal Audit Business Operations Business Ops Investigations Public Relations Legal / Fraud Emergency Admin Support Services Tool Integration Rule Admin Threat Monitoring Threat Analysis Impact Analysis Threat Triage Investigations Incident Triage Threat Response Adv. Event Analysis Escalations Incident Mgmt. CSIRT Management Corp. Incident Response Table-top Exercises Response IT Operations Incident Mgmt Problem Mgmt Change Mgmt Release Mgmt SOC Platform Components Security Device Data Event Data (Int./Ext.) Event Patterns Correlation Aggregate Security Events Log Data (Transactional) Unstructured Data (Big Data) Custom Rules SIEM Ticketing & Workflow Portal Integration Tools (e.g. Web Srvcs) Reporting / Dashboard Big Data IT Operations SOC Data Sources Logs (Transactional) Network Hierarchy & Design Business Data from Structure & Geography Unstructured (Big Data) Asset & Data Classifications Threat Intelligence SOC Legend IT / Corp
18 We understand that an effective SOC has the right balance of People, Process and Technology components People In-house staff Partners Customers Outsourced Providers Threat Analysis Compliance Mgmt Change Mgmt Risk Assessment Process Vulnerability Mgmt Identity & Access SLA Mgmt Incident Mgmt Log Management Compliance Reporting Event Correlation Threat Reporting Technology Vulnerability Scanners Identity & Desktop Mgmt Ticketing System Change Tracking 18
19 The SOC organization is organized around the standard plan, build and run model SOC Organization Chart SOC / Security Intel Architect (Plan) SOC Delivery Manager Governance Security Intelligence Manager (Build / Plan) IT Op era tio ns IT Operations Incident Mgmt SOC Engineering Manager (Build) SOC Monitoring Tier 1 (Run) SOC Triage Tier 2 (Run) SOC Escalation Tier 3 (Run) Problem Mgmt Security System Administrator Senior Threat Analyst Senior Threat Response Analyst Incident Case Manager Change Mgmt Security Policy Administrator Threat Analyst Threat Response Mitigation Analyst (Reactive) Senior ERS Incident Response Technical Analyst Release Mgmt Device Administrator Threat Analyst Trainee Threat Response Remediation Analyst (Proactive) Device Mgmt 19
20 A responsibility matrix for all SOC roles should be defined across each SOC service. SOC Analyst: Monitoring SOC Analyst: Triage SOC Analyst: Response Security Intelligence Analyst Security Incident Handler (Certified) SOC Tools Admin SOC Manager Security Forensic Analyst IT Security Admin IT Operations CERT Security Monitoring R C A Core Security Services Incident Triage C R C A Incident Response C C R C R A R I Delivery Management A I Use Case Design C C C R C A C C Deployment Services Log Source Acquisition R C R A C C Service Testing & Tuning R A I I Custom Playbook Development C C C R C C A C C Operations Training C C C R C A Security Intelligence Services Security Intelligence Analysis C C C A C C C Security Intelligence Briefings A C C C Use Case Reccomendations C C C A C C C SIEM Admininstration R A I I Administrative Services Contextual Data Management C R A C C Log Source Management C R A C C Log Source Heartbeat Monitoring C R A C C Reporting Services Security Reporting C C C C C A C I Efficiency Reporting C C C A C I Financial Reporting C C C C A I Enterprise Incident Management C A Optional Services Forensics Investigation C C C C C A C C Policy Violation Handling C C C C A C 20
21 SOC Architecture 21
22 Why? We ve been collecting security related data for a number of years and needed a focal point to help us see the big picture Data from Security Reviews Vulnerability scans (push/pull) IPS/IDS data System logs We want to build a security history for a host 22
23 Why? The CSOC is a logical place to collect, analyze and distribute data collected to support our Defense in Depth Strategy Preventing Network Based Attacks Preventing Host Based Attacks Eliminating Security Vulnerabilities Supporting Authorized Users Providing tools for Minimizing Business Loss 23
24 Where? OS Syslog/event logs, IDS logs, IPS logs, PID logs, Firewall logs, Pen Test Logs, PCI, netflow CSOC needs to be able to analyze and display this data quickly Data resides on separate, distributed servers CSOC pulls data from these servers as needed CSOC lives in the IT Security Office & Lab 24
25 What? Provides real-time view of the VT network s security status Provides info to assess risk, attacks, mitigation Provides metrics Executive Operational Incident 25
26 What? Event Generators (E boxes) Any form of IDS sensor (firewalls, IPS, IDS, Snort, Active Directory servers, Remedy, vulnerability scanners, TACACS, application software Most are Polling Generators Generate specific event data in response to a specific action Example: IDS or firewall 26
27 What? Events Databases (D boxes) Provide basic storage, search and correlation tools for events collected and sent to the CSOC Vulnerability databases contain info about security breaches, etc. 27
28 What? Events Reactions (R boxes) SOC Console Used for internal analysis Real-time monitors (Snort, Base, IPS, Dshield) Incident Handling Remedy trouble ticket system Location tools Statistical analysis End User Portals Multi level reporting for various target audiences Sysadmin, management 28
29 What? Analysis Engines (A Boxes) Helps ID Analyst determine if an incident has occurred, its spread, its impact, etc. Knowledge Base Engines (K boxes) Store security configs of critical assets, tips/tricks and effective solutions to previous problems Reaction and Report Engines (R boxes) Switches, routers, IPS and associated management tools 29
30 Security Operations Center (SOC) Access Management Automation & Integration of Security Operations 30
31 SOC Architecture 31
32 SOC Workflow 32
33 <Function> Security Operations Center Infrastructure v1.0 6/4/2008 Nessus Scan Results (PDF) User Initiated Scan User nmap Scanner ITSO Staff Daily Scan Nexpose Vulnerability Results Database Correlation & Report Generation text Acunetix Core Impact IP Ranges, Dept. Liaisons, DHCP, VPN, Modem Pool BASE Snort Sensors Central Syslog Servers Dshield Checknet Host Locator DB Remedy Green E boxes Blue D boxes Grey A boxes Yellow K boxes 33
34 SOC Strategies & Approaches 34
35 Selecting the optimal SOC operating model depends on balancing business and technical requirements, risk and financial constraints Centralized Business Requirements Single Global SOC CSCC Combined with SOC Lowest Cost Easiest to Manage Standard Decentralized Multiple SOC s (Geo. / BU) Single Global CSCC High Cost More Difficult to Manage Highly Customized Technical Requirements Simple Platform Lowest Cost to Implement/Operate Good Risk Mgmt Capabilities Easy to Scale Operations Moderate Detail on Threats Complex Platform High Cost to Implement/Operate Excellent Risk Mgmt Capabilities More Expensive to Scale Operations Rich Detail on Threats Externally Managed Internally Managed Risk Tolerance Day Implementation Lowest Cost to Implement/Operate Not Core to Business Leverage Industry Best Practices Long Implementation Lead Time High Cost to Implement/Operate Core to Business Frequent Independent Reviews Low Cost High Cost Financial Constraints Lowest Cost to Implement Lowest Cost to Operate Highest Cost to Implement Highest Cost to Operate 35
36 SOC Develop & Plan 36
37 To get started, the organization should consider the following questions in establishing its objectives What is the primary purpose of the SOC? What are the specific tasks assigned to the SOC? (e.g., threat intelligence, security device management, compliance management, detecting insider abuse on the financial systems, incident response and forensic analysis, vulnerability assessments, etc.) Who are the consumers of the information collected and analyzed by the SOC? What requirements do they have for the SOC? Who is the ultimate stakeholder for the SOC? Who will sell the SOC to the rest of the organization? What types of security events will eventually be fed into the SOC for monitoring? Will the organization seek an external partner to help manage the 37 SOC?
38 The Security Operations Optimization portfolio provides a flexible approach to the entire SOC/SIEM life cycle. Introduction Educational, share best practices Table-top, guided SOC maturity assessments Set high-level vision Develop next steps roadmap for action Assessment Strategy Define the mission Assess current operations and capabilities Define future environment Develop roadmap for action Design & Build Laying the foundation of capabilities Designing effective staffing models and supporting processes / technology Conducting training and testing Implementing tracking and reporting capabilities Run & Enhance People and Governance Processes and Practices Technology Leveraging acquired knowledge and experience Instituting formal feedback and review mechanisms Driving further value from the technology Expanding business coverage and functions Tuning and refinement Optimize Business aligned threat management and metrics Drive for best practices Integrated operations with improved communications Seek opportunities for cost takeout Continuous improvement 38
39 Refrences IBM Security Services Meadowville Technology Park, Chesterfield County, Virginia Carl Hill, President, Paladion Co, paladion.net Randy Marchany, VA Tech IT Security Office and Lab 39
40 Thank you for your time! Questions and Answers 40
locuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationRSA ADVANCED SOC SERVICES
RSA ADVANCED SOC SERVICES Consulting services to improve threat detection and response EXECUTIVE SUMMARY A holistic approach to enhanced cybersecurity operations This service is for organizations needing
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationFROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM
SESSION ID: TECH-F02 FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM Mike Ostrowski VP Proficio @proficioinc EXPERIENCE FROM THE CHASM Managed Detection and Response Service Provider Three Global Security
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe Resilient Incident Response Platform
The Resilient Incident Response Platform Accelerate Your Response with the Industry s Most Advanced, Battle-Tested Platform for Incident Response Orchestration The Resilient Incident Response Platform
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationMake IR Effective with Risk Evaluation and Reporting
SESSION ID: AIR-R02 Make IR Effective with Risk Evaluation and Reporting Mischel Kwon President/CEO MKA Cyber @mkacyber Justin Monti Sr. VP Security Engineering MKA Cyber You ve Got an Incident Now What?
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationSecureVue. SecureVue
SecureVue SecureVue Detects Cyber-Attacks Before They Impact Your Business Provides Situational Awareness to Proactively Address Enterprise Threats Ensures Quick and Easy Compliance Reporting and Documentation
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationNext Generation Policy & Compliance
Next Generation Policy & Compliance Mason Karrer, CISSP, CISA GRC Strategist - Policy and Compliance, RSA Core Competencies C33 2013 Fall Conference Sail to Success CRISC CGEIT CISM CISA Introductions...
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationHow to Write an MSSP RFP. White Paper
How to Write an MSSP RFP White Paper Tables of Contents Introduction 3 Benefits Major Items of On-Premise to Consider SIEM Before Solutions Security Writing an RFP and Privacy 45 Benefits Building an of
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationBe Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid
Computer Security Incident Response Team (CSIRT) Guide Maliha Alam Mehreen Shahid Plan Establish Connect Be Secure! CSIRT Coordination Center Pakistan 2014 i Contents 1. What is CSIRT?... 1 2. Policy,
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationThink Like an Attacker
Think Like an Attacker Using Attack Intelligence to Ensure the Security of Critical Business Assets Current State of Information Security Focused on detection and response Desire to reduce detection to
More informationSession ID: CISO-W22 Session Classification: General Interest
Session ID: CISO-W22 Session Classification: General Interest Pain Points What are your two biggest information security-related pain points?* Mobile Device Security Security Awareness Training User Behavior
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationProtecting organisations from the ever evolving Cyber Threat
Protecting organisations from the ever evolving Cyber Threat Who we are .At a glance 16+ Up to 190B 2B+ Dell SecureWorks is one of the most promising MSSPs in the GCC region MSS Market Report on GCC, Frost
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationTransforming IT: From Silos To Services
Transforming IT: From Silos To Services Chuck Hollis Global Marketing CTO EMC Corporation http://chucksblog.emc.com @chuckhollis IT is being transformed. Our world is changing fast New Technologies New
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationCloud and Cyber Security Expo 2019
Cloud and Cyber Security Expo 2019 The Terrain to Actionable Intelligence Azeem Aleem, VP Consulting, NTT Security Actionable Intelligence Actionable intelligence through Cyber Intelligence Embedding intelligence
More informationThe Modern SOC and NOC
The Modern SOC and NOC Network Operations Centers in Turkey December 2017 IT Services are Shifting Away From Asset to Business Process Support Preventive notifications Reactive break-fix Predictive analytics
More informationStaffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today
Security Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Staff Augmentation, Executive Staffing, Flex Staffing Achieving our main goal
More informationBuilding and Instrumenting the Next- Generation Security Operations Center. Sponsored by
Building and Instrumenting the Next- Generation Security Operations Center Sponsored by Webinar Logistics Optimize your experience today Enable pop-ups within your browser Turn on your system s sound to
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationFrom Managed Security Services to the next evolution of CyberSoc Services
From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationA Risk Management Platform
A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention
More informationA Comprehensive Guide to Remote Managed IT Security for Higher Education
A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite
More informationeplus Managed Services eplus. Where Technology Means More.
eplus Managed Services We Believe Managed Services Broker IT Innovation Superior IT Solutions IT Service Excellence Clear Business Outcomes Exceed Customer Expectations Customers tell us they need managed
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationSecurity Incident Management in Microsoft Dynamics 365
Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More information