First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Size: px
Start display at page:

Download "First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc."

Transcription

1 18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

2 Secure Enterprise Mobility

3 Identity (X.509, Asset ID, Device ID) Device Hardware Visibility Network and Interactions Apps Analytics Security Posture 3 QSC Conference, 2018 December 6, 2018

4 4 QSC Conference, 2018 December 6, 2018

5 5 QSC Conference, 2018 December 6, 2018

6 6 QSC Conference, 2018 December 6, 2018

7 Vulnerability Management Security Asset Lockdown Asset Hardening Enterprise Integrations 7 QSC Conference, 2018 December 6, 2018

8 Compliance Policies On Enrollment Continuous Monitoring Protection Enforcement and Remedial Actions Policy Management Containerization 8 QSC Conference, 2018 December 6, 2018

9 9 QSC Conference, 2018 December 6, 2018

10 DIY Portal Privacy Audit Control Ownership (Corporate/BYOD) Transparency 10 QSC Conference, 2018 December 6, 2018

11 Roadmap Feb 2019 Closed Beta Multiple releases during QSC Conference, 2018 December 6, 2018

12 Security Analytics & Orchestration

13 Security Analytics & Orchestration Human Guided Policy-Driven Response Playbooks for Bi-Dir Ecosystems Integration BYOP- Bring-Your-Own-Playbook Response & Orchestration Advanced Analytics Correlation & Enrichment Cross-Product Correlation Additional Context from 3 rd Party Sources Detect KNOWN threats w/ out-ofbox rules Detect UNKNOWN threats Using Machine Learning Hacker Behavioral Analytics Predictive & Prescriptive SoC 13 QSC Conference, 2018

14 Security Analytics & Orchestration Apps ML/AI Service Patterns Outlier Predictive SoC Orchestration & Automation Ecosystems Integration Playbooks Response UEBA User & Entity Behavior Analytics Threat Hunt Search Exploration Behavior Graph Security Analytics Anomaly Visualization Dashboard Advanced Correlation Actionable Insights Out-of-box Rules Qualys Security Data Lake Platform Data Ingestion Normalization Enrichment Governance CA VM AI PC IOC WAS WAF Network Security Server Endpoint Apps Cloud Users IoT Qualys Apps Qualys Quick Connectors 14 QSC Conference, 2018

15 Characteristics of Data Lake Collect Anything Dive in Anywhere Flexible Access Future Proof 15

16 What is Security Data Lake? Single data store (single source of truth) Structured and unstructured data Data is transformed, normalized, and enriched Threat Intelligence feed integration, GeoIP etc. Data has governance, semantic consistency, and access controls Store-once / Process-once / Use-multiple Apps, dashboards, data analytics Cross product search, reporting, visualization Machine learning, forensics, etc. 16

17 Simplified View SECURITY LOGS FROM MULTIPLE SOURCE BEHAVIOR ANALYTICS CLOUD CONNECTORS DATA VALIDATION DATA AGGREGATION DATA VISUALIZATION THREAT HUNTING SECURITY ANALYTICS LOG CONNECTORS DATA NORMALIZATION ML/AI MODELLING RESTFUL API SERVICES ORCHESTRATION AUTOMATION QUALYS SECURITY DATA LAKE PLATFORM 3 RD PARTY INTEGRATION AD/LDAP/HRMS 17 QSC Conference, 2018

18

19 Secure Access Control

20 Agenda What is Secure Access Control Use-cases Capabilities Policy-based orchestration Operationalizing Secure Access Control Mockups 20 Qualys Security Conference, 2018 December 6, 2018

21 Use Cases Block vulnerable assets from accessing critical network resources Limit access (e.g. quarantine) of vulnerable assets Grant access to resources only on a need basis. Block everything else Automated asset attribute processing and enforcement without the need for manual action 21 Qualys Security Conference, 2018 December 6, 2018

22 Use Cases Vulnerabilities Quarantine assets if vulnerable Vulnerability Found Local Data Center LDC-01 Remote Office Remote Data Center RDC-01 Employee Laptop Quarantine 22 Qualys Security Conference, 2018 Enterprise December 6, 2018 DHCP Server DNS Server Active Directory Windows Update Servers *.windowsupdate.microsoft.com *.windowsupdate.microsoft.com *.download.windowsupdate.com test.stats.update.microsoft.com

23 Use Cases Asset Inventory Access control using asset inventory attributes Attributes Block Managed Assets System Information Hardware Operating System Services Network Interfaces Open Ports Software Inventory Software Lifecycle ACL Allow Quarantine Assign ACL Unmanaged Assets Assign VLAN

24 Use Cases Compliance - Block assets which fail compliance Compliance Malware Controls Mandates Control Policies Family Category Score Block Allow Indications of Compromise File Process Mutex Network Registry Incidents Quarantine Managed Assets Threat Protection File Integrity Zero Day Public Exploit Actively Attacked High Lateral Movement Action Actor High Data Loss DoS No Patch Exploit Kit Easy Exploit Target Incidents ACL Assign ACL Assign VLAN 24 Qualys Security Conference, 2018 December 6, 2018

25 Policy-based Orchestration Security Control Policy Action Options Assets 6F:1A:5E:2B:4D:3C Server.company.co m Ruleset 6F:1A:5E:2B:4D:3C ACL 25 Qualys Security Conference, 2018 December 6, 2018

26 Policy-based Orchestration Access Control Policy Assets Source Inbound Traffic 6F:1A:5E:2B:4D:3C Server.company.co m F:1A:5E:2B:4D:3C Outbound Traffic Destination Allow Ruleset Allow Deny Deny 26 Qualys Security Conference, 2018 December 6, 2018

27 Best of Two Worlds In-Line Appliance Reliable first hand data Appliance enforces Low latency for data collection & enforcement SAC offers both modes Out of Band Switches Multiple enforcement options Traffic volume agnostic Powerful Together Unique Value Proposition 27 Qualys Security Conference, 2018 December 6, 2018

28 Operationalizing Secure Access Control Hardware Qualys Cloud App Bare-metal Virtual 28 Qualys Security Conference, 2018 December 6, 2018

29 MOCK-UPS Secure Access Control How do I trigger SAC Policies from Qualys Cloud Apps? How do I view and define policies? How do I troubleshoot an asset?

30 1 Trigger

31

32

33

34

35 2 View & Define

36

37

38

39

40 3 Troubleshoot

41

42

43

44 Breach & Attack Simulation

45 Problems Lack of confidence in the effectiveness of security controls Limited assessment scope and capabilities Red Team operations are expensive, not scalable, and not evaluated for completeness Blue Teams are blind towards the impact of new exploits and attacks on their existing security controls 45 Qualys Security Conference, 2018 December 6, 2018

46 Breach & Attack Simulation Automated simulation of real-world TTPs mapped to MITRE ATT&CK framework 46 Qualys Security Conference, 2018 December 6, 2018

47 Technical Approach Automated simulation of real-world TTPs Scale security assessments across the entire enterprise Transition towards a defense strategy based on offensive techniques Real-time insights mapped to MITRE ATT&CK framework Continuously measure security control drift over time 47 Qualys Security Conference, 2018 December 6, 2018

48 Breach & Attack Simulation Command-line interface to adversary agents running Qualys Cloud Agent 48 Qualys Security Conference, 2018 December 6, 2018

49 Breach & Attack Simulation Use case: Credential Harvesting and Reuse 1. Uploading / running mimikatz 2. Extracting stored credentials 3. Lateral movements 49 Qualys Security Conference, 2018 December 6, 2018

50 Breach & Attack Simulation Use case: Credential Harvesting and Reuse 1. Uploading / running mimikatz 2. Extracting stored credentials 3. Lateral movements 50 Qualys Security Conference, 2018 December 6, 2018

51

52 Breach & Attack Simulation Use case: Drupalgeddon2 (CVE ) 1. Remote system discovery 2. Exploit vulnerability to control system 3. Laterally spread using ETERNALBLUE 52 Qualys Security Conference, 2018 December 6, 2018

53

54 18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Merci, Grazie! Marco Rottigni

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc. 18 QUALYS SECURITY CONFERENCE 2018 First Look Showcase Expanding our prevention, detection and response solutions Sumedh Thakar Chief Product Officer, Qualys, Inc. Secure Enterprise Mobility Identity (X.509,

More information

Qualys Cloud Platform

Qualys Cloud Platform 18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform

More information

Regaining Our Lost Visibility

Regaining Our Lost Visibility 18 QUALYS SECURITY CONFERENCE 2018 Regaining Our Lost Visibility Sumedh Thakar Chief Product Officer, Qualys, Inc. Agenda Why are we doing what we are doing? The State of IT Now Security Today The Future

More information

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet

More information

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Security Automation Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis Network Admission Control See Managed Unmanaged Computing

More information

Qualys Indication of Compromise

Qualys Indication of Compromise 18 QUALYS SECURITY CONFERENCE 2018 Qualys Indication of Compromise Bringing IOC to the Next Level Chris Carlson VP, Product Management, Qualys, Inc. Adversary TTPs are Changing Early 2010s Zero-day Vulnerabilities

More information

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS

More information

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ Threat Containment and Operations Yong Kwang Kek, Director of Presales SE, APJ 2018-07-19 1 1 2017 Infoblox Inc. All Rights 2013 Infoblox Inc. All Reserved. Rights Reserved. Three Aspects of Security #1

More information

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation 18 QUALYS SECURITY CONFERENCE 2018 Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation Jimmy Graham Senior Director, Product Management, Qualys, Inc. Agenda

More information

Integrated, Intelligence driven Cyber Threat Hunting

Integrated, Intelligence driven Cyber Threat Hunting Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated

More information

Live Adversary Simulation: Red and Blue Team Tactics

Live Adversary Simulation: Red and Blue Team Tactics SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2

More information

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.

More information

Qualys Cloud Platform

Qualys Cloud Platform Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new

More information

Cisco Tetration Analytics

Cisco Tetration Analytics Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become

More information

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud Christopher Covert Principal Product Manager Enterprise Solutions Group Copyright 2016 Symantec Endpoint Protection Cloud THE PROMISE OF CLOUD COMPUTING We re all moving from challenges like these Large

More information

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation 18 QUALYS SECURITY CONFERENCE 2018 Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation Jimmy Graham Director, Product Management, Qualys, Inc. Agenda Expanding

More information

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more

More information

ForeScout ControlFabric TM Architecture

ForeScout ControlFabric TM Architecture ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%

More information

Everything visible. Everything secure.

Everything visible. Everything secure. Everything visible. Everything secure. Unparalleled visibility, end-to-end security and compliance for all your global IT assets Qualys Cloud Platform 2-second visibility across all your assets Continuous

More information

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK INTRODUCTION Attivo Networks has partnered with Cisco Systems to provide advanced real-time inside-the-network

More information

Cisco Secure Access Control

Cisco Secure Access Control Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security

More information

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever

More information

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing

More information

ForeScout Extended Module for Splunk

ForeScout Extended Module for Splunk Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look

More information

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing

More information

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access

More information

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response

More information

Building a Threat-Based Cyber Team

Building a Threat-Based Cyber Team Building a Threat-Based Cyber Team Anthony Talamantes Manager, Defensive Cyber Operations Todd Kight Lead Cyber Threat Analyst Sep 26, 2017 Washington, DC Forward-Looking Statements During the course of

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018 Office of the Legislative Auditor State of Minnesota National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018 Christopher Buse Deputy Legislative Auditor Boot Camp

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance. Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

Un SOC avanzato per una efficace risposta al cybercrime

Un SOC avanzato per una efficace risposta al cybercrime Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

The threat landscape is constantly

The threat landscape is constantly A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions

More information

RSA NetWitness Suite Respond in Minutes, Not Months

RSA NetWitness Suite Respond in Minutes, Not Months RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations

More information

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access

More information

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store

More information

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Aligning with the Critical Security Controls to Achieve Quick Security Wins Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins

More information

Datacenter Security: Protection Beyond OS LifeCycle

Datacenter Security: Protection Beyond OS LifeCycle Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000

More information

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Automated Response in Cyber Security SOC with Actionable Threat Intelligence Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent

More information

A Risk Management Platform

A Risk Management Platform A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention

More information

8 Must Have. Features for Risk-Based Vulnerability Management and More

8 Must Have. Features for Risk-Based Vulnerability Management and More 8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in

More information

USM Anywhere AlienApps Guide

USM Anywhere AlienApps Guide USM Anywhere AlienApps Guide Updated April 23, 2018 Copyright 2018 AlienVault. All rights reserved. AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, Unified Security Management,

More information

From Managed Security Services to the next evolution of CyberSoc Services

From Managed Security Services to the next evolution of CyberSoc Services From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry

More information

PrecisionAccess Trusted Access Control

PrecisionAccess Trusted Access Control Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised

More information

Transforming Security Part 2: From the Device to the Data Center

Transforming Security Part 2: From the Device to the Data Center SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation

More information

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats

More information

Popular SIEM vs aisiem

Popular SIEM vs aisiem Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors

More information

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved. Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon

More information

ForeScout Extended Module for Qualys VM

ForeScout Extended Module for Qualys VM ForeScout Extended Module for Qualys VM Version 1.2.1 Table of Contents About the Qualys VM Integration... 3 Additional Qualys VM Documentation... 3 About This Module... 3 Components... 4 Considerations...

More information

Compare Security Analytics Solutions

Compare Security Analytics Solutions Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch

More information

esendpoint Next-gen endpoint threat detection and response

esendpoint Next-gen endpoint threat detection and response DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that

More information

Security. Made Smarter.

Security. Made Smarter. Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team

More information

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER

More information

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient

More information

Security Configuration Assessment (SCA)

Security Configuration Assessment (SCA) Security Configuration Assessment (SCA) Getting Started Guide Security Configuration Assessment (SCA) is a lightweight cloud service which can quickly perform the configuration assessment of the IT assets,

More information

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD OVERVIEW Information security has been a major challenge for organizations since the dawn of the

More information

Security Challenges and

Security Challenges and Security Challenges and Opportunities for IoE Becoming an IoE Ready Organization Steve Martino, Chief Information Security Officer, Cisco Lokesh Sisodiya, President, ISC2, East Bay Chapter Cisco Public

More information

GDPR: An Opportunity to Transform Your Security Operations

GDPR: An Opportunity to Transform Your Security Operations GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)

More information

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc. Executive Summary The RiskSense Platform is a Software-as-a-Service

More information

Fast Incident Investigation and Response with CylanceOPTICS

Fast Incident Investigation and Response with CylanceOPTICS Fast Incident Investigation and Response with CylanceOPTICS Feature Focus Incident Investigation and Response Identifying a potential security issue in any environment is important, however, to protect

More information

Securing Digital Transformation

Securing Digital Transformation September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated

More information

Speed Up Incident Response with Actionable Forensic Analytics

Speed Up Incident Response with Actionable Forensic Analytics WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents

More information

ICS Security Monitoring

ICS Security Monitoring ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State

More information

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

Empower stakeholders with single-pane visibility and insights Enrich firewall security data SonicWall Analytics Transforming data into information, information into knowledge, knowledge into decisions and decisions into actions SonicWall Analytics provides an eagle-eye view into everything that

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

ForeScout Agentless Visibility and Control

ForeScout Agentless Visibility and Control ForeScout Agentless Visibility and Control ForeScout Technologies has pioneered an agentless approach to network security that effectively helps address the challenges of endpoint visibility and control

More information

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9 HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information

One Hospital s Cybersecurity Journey

One Hospital s Cybersecurity Journey MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital

More information

the SWIFT Customer Security

the SWIFT Customer Security TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This

More information

RSA IT Security Risk Management

RSA IT Security Risk Management RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity

More information

ForeScout Extended Module for Carbon Black

ForeScout Extended Module for Carbon Black ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent

More information

Pieter Wigleven Windows Technical Specialist

Pieter Wigleven Windows Technical Specialist Pieter Wigleven Windows Technical Specialist HOW DO BREACHES OCCUR? Malware and vulnerabilities are not the only thing to worry about 46% of compromised systems had no malware on them 99.9% of exploited

More information

McAfee Advanced Threat Defense

McAfee Advanced Threat Defense Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike

More information

McAfee Endpoint Threat Defense and Response Family

McAfee Endpoint Threat Defense and Response Family Defense and Family Detect zero-day malware, secure patient-zero, and combat advanced attacks The escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General

More information

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection BUILT TO STOP BREACHES Cloud-Delivered Endpoint Protection CROWDSTRIKE FALCON: THE NEW STANDARD IN ENDPOINT PROTECTION ENDPOINT SECURITY BASED ON A SIMPLE, YET POWERFUL APPROACH The CrowdStrike Falcon

More information

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Cisco Cloud Security. How to Protect Business to Support Digital Transformation Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,

More information

IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES

IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES Introduction Almost all enterprises have rogue or misconfigured certificates that are unknown to operations teams without a discovery tool they

More information

An Aflac Case Study: Moving a Security Program from Defense to Offense

An Aflac Case Study: Moving a Security Program from Defense to Offense SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster

More information

Evolution Of Cyber Threats & Defense Approaches

Evolution Of Cyber Threats & Defense Approaches Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution

More information

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

White Paper. Why IDS Can t Adequately Protect Your IoT Devices White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

How Vectra Cognito enables the implementation of an adaptive security architecture

How Vectra Cognito enables the implementation of an adaptive security architecture Compliance brief How Vectra Cognito enables the implementation of an adaptive security architecture Historically, enterprises have relied on prevention and policy-based controls for security, deploying

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age Noam Ikar R&DVP Complex Event Processing and Situational Awareness in the Digital Age We need to correlate events from inside and outside the organization by a smart layer Cyberint CEO, Dec 2017. Wikipedia

More information

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS DATA SHEET THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS LUMETA SPECTRE FOR 100% REAL-TIME INFRASTRUCTURE VISIBILITY, REAL-TIME NETWORK CHANGE MONITORING AND THREAT DETECTION FOR PREVENTING SUCCESSFUL

More information

Introduction to Threat Deception for Modern Cyber Warfare

Introduction to Threat Deception for Modern Cyber Warfare Introduction to Threat Deception for Modern Cyber Warfare Joseph R. Salazar Technical Deception Engineer CISSP, CEH, EnCE 1 Introduction AGENDA Attacker Playbook The Need for Deception Deception as Detection

More information

Cloud Threat Defense. Cloud Security Buyer s Guide Based on the. NIST Cybersecurity Framework

Cloud Threat Defense. Cloud Security Buyer s Guide Based on the. NIST Cybersecurity Framework Cloud Threat Defense Cloud Security Buyer s Guide Based on the NIST Cybersecurity Framework Overview 3 01 - Function: Identify 5 Asset Management Risk Assessment 5 6 02 - Function: Protect 7 Access Control

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Behavioral Analytics A Closer Look

Behavioral Analytics A Closer Look SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns

More information

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in

More information

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2, IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against

More information