Evolution Of Cyber Threats & Defense Approaches

Similar documents
THE EVOLUTION OF SIEM

PrecisionAccess Trusted Access Control

RSA NetWitness Suite Respond in Minutes, Not Months

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

the SWIFT Customer Security

The Evolution of : Continuous Advanced Threat Protection

BUILDING AND MAINTAINING SOC

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Building Resilience in a Digital Enterprise

How Breaches Really Happen

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Designing and Building a Cybersecurity Program

Critical Hygiene for Preventing Major Breaches

Managed Endpoint Defense

Cyber Resilience. Think18. Felicity March IBM Corporation

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Catch an Active Cyber Attack in minutes

The Future of Threat Prevention

Go mobile. Stay in control.

Traditional Security Solutions Have Reached Their Limit

ICS Security Monitoring

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Exposing The Misuse of The Foundation of Online Security

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Strategies for a Successful Security and Digital Transformation

Reducing the Cost of Incident Response

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

An Aflac Case Study: Moving a Security Program from Defense to Offense

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Un SOC avanzato per una efficace risposta al cybercrime

CYBERSECURITY RISK LOWERING CHECKLIST

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

CyberArk Privileged Threat Analytics

2017 THALES DATA THREAT REPORT

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Service Provider View of Cyber Security. July 2017

ForeScout ControlFabric TM Architecture

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Automated Threat Management - in Real Time. Vectra Networks

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Automated Context and Incident Response

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Building a Threat-Based Cyber Team

From Managed Security Services to the next evolution of CyberSoc Services

SIEM Solutions from McAfee

Security analytics: From data to action Visual and analytical approaches to detecting modern adversaries

Novetta Cyber Analytics

Incident Response Agility: Leverage the Past and Present into the Future

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Cybersecurity Auditing in an Unsecure World

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

align security instill confidence

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Are we breached? Deloitte's Cyber Threat Hunting

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

MODERN DESKTOP SECURITY

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

May the (IBM) X-Force Be With You

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

with Advanced Protection

Resolving Security s Biggest Productivity Killer

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Altitude Software. Data Protection Heading 2018

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Symantec Advanced Threat Protection: Endpoint

Cybersecurity Roadmap: Global Healthcare Security Architecture

Cisco Advanced Malware Protection. May 2016

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Best Practices in Securing a Multicloud World

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Managing an Active Incident Response Case. Paul Underwood, COO

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Agile Security Solutions

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

RSA INCIDENT RESPONSE SERVICES

CYBER SOLUTIONS & THREAT INTELLIGENCE

THALES DATA THREAT REPORT

empow s Security Platform The SIEM that Gives SIEM a Good Name

68 Insider Threat Red Flags

RSA INCIDENT RESPONSE SERVICES

CloudSOC and Security.cloud for Microsoft Office 365

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Abstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness

Transcription:

Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm

Agenda About State Farm Evolution of Attacks Targeted Attacks Explained Legacy Defense Framework Based Defense An Approach to Protecting Passwords Big Data Security Analytics Bringing It All Together Conclusions Questions

About State Farm Ranked No. 41 on the Fortune 500 list of largest companies #1 Auto Insurance and life Insurance provider One of the largest private networks in the nation Network of 60,000 network nodes, and 24,000 network links installed Supports about 150,000 employees and agents Manages 625,000 devices 5,500 IT Staff Members 323 Security Experts and growing (Yes, we are hiring!!)

A Brief History of Cyber Attacks Talented Hackers Experiment or Attack Just Because They Can Often to Make Their Message Heard Louder All About Name and Fame Usually not About Money

A Brief History of Cyber Attacks Evolution of Attacks

Evolution Of Attacks Present Day Attackers Cyber Criminals Hactivists Nation States Cyber Terrorists?

Targeted Attacks In Depth Focused Cyber Attack Capture Credentials Steal Intellectual Property NPI Pivot Point to Attack Others Persistent High Success Rate

Targeted Attack In Depth Example - Email Based Attack

Targeted Attacks In Depth Watering Hole Attack

Targeted Attacks In Depth Post Compromise State

Legacy Defense LOL (Layers On Layers) Signature Based Stops Known Bad. But, What is Bad?

Framework Based Defense For a Defendable Network Four Pillars of Cyber Defense NIST Protect NIST Detect NIST Protect NIST Respond Recover

Framework Based Defense For a Defendable Network Four Pillars - Examples PREVENT DETECT PROTECT RESPONSE NextGen FWs IPS Antivirus Endpoint Protection Advanced Endpoint Protection Exploit Prevention (like EMET) Endpoint Execution Control SIEM Threat Feeds Security Analytics Network Sandboxes and BDS Endpoint Detection/Forensics Network Forensics DNS Analysis Flow Analysis Multifactor Auth Specific Use of Encryption Tokenization Network Segmentation Outbound traffic control Vulnerability Management Trained People Applicable Procedures Response & Recovery procedures Command structure 24/7 Monitoring and associated response Response Automation

Make It Harder For Bad Guys Using Capabilities From Different Pillars 6 Credentials Stolen 7 Data Exfil SIEM & Response Team Untrusted Trusted Enterprise Admins with Day to Day Credentials used for Email and Internet Hardened Virtual Machine Enforcing MFA Behind Separate Firewalls Enterprise Admins with Priviledged Credentials Separate From Their Day to Day Credentials

Security Analytics

System activity on workstations, networks and data centers generate log information.

Log information is collected and analyzed.

Log data is stored in multiple locations across the Enterprise.

Equals to Terabytes of log data collected each day.

Hadoop Platform is used to store and process data at scale. A combination of data scientists and security experts leverage analytic tools to dig deeper into the data set. Performing hunt activities Applying similar skills and tools we apply to business problem to security

Data is grouped in such a way to find anomalies and potential Indicators of Compromise (IoCs) and Indicators of Attack (IoA) within the Enterprise. Utilizing Machine learning algorithms and statistical models Hybrid Approach Buy and Build

We Are Sitting on Top Of a Goldmine. Lets Make use of It!

Bringing It All Together SIEM-Analytics Eco-System Hunt Team Intel Analyst Data Scientists Manual Correlation Rules Big Data to SIEM Correlation Rules (automatic) SIEM SIEM-Big Data Event Pull SIEM Console & Operator Database Database Database Database Delivered Reports for Business Partners Enterprise Log Sources

Bringing It All Together Integrated Defense Identity Management System Proxy Breach Detection System Encryption and Key Management End Point Security Big Data Defense System DNS NAC 1 Generic Preventive Control Firewall 2 DLP System

Conclusions Invest in Framework Based Defense to create a defendable network Be aware of blind spots and strive for greater visibility Make use of the logs you already collect. Mine for signals within all that noise. Automate threat response to the extend possible Invest in threat hunting capabilities Not only consume threat intelligence, but share it!

Questions Contact antony.abraham.ukuo@statefarm.com Kevin.mcintyre.hl1x@statefarm.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback