EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Similar documents
RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Are we breached? Deloitte's Cyber Threat Hunting

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

RSA INCIDENT RESPONSE SERVICES

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Integrated, Intelligence driven Cyber Threat Hunting

Incident Response Agility: Leverage the Past and Present into the Future

4/13/2018. Certified Analyst Program Infosheet

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

RSA INCIDENT RESPONSE SERVICES

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

esendpoint Next-gen endpoint threat detection and response

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

with Advanced Protection

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Reducing the Cost of Incident Response

Cyber Threat Landscape April 2013

deep (i) the most advanced solution for managed security services

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

External Supplier Control Obligations. Cyber Security

CYBER SOLUTIONS & THREAT INTELLIGENCE

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

From Managed Security Services to the next evolution of CyberSoc Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Continuous protection to reduce risk and maintain production availability

Operationalizing the Three Principles of Advanced Threat Detection

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

HOSTED SECURITY SERVICES

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Building a Threat-Based Cyber Team

Securing Your Digital Transformation

Traditional Security Solutions Have Reached Their Limit

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

The New Era of Cognitive Security

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

ForeScout Extended Module for Splunk

MITIGATE CYBER ATTACK RISK

10 FOCUS AREAS FOR BREACH PREVENTION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Managed Endpoint Defense

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

May the (IBM) X-Force Be With You

BUILDING AND MAINTAINING SOC

Real-time, Unified Endpoint Protection

Gujarat Forensic Sciences University

Combating Cyber Risk in the Supply Chain

Legal Aspects of Cybersecurity

Cybowall Solution Overview

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cyber Security Incident Response Fighting Fire with Fire

Trustwave Managed Security Testing

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

BETTER Mobile Threat Defense (BMTD)

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Security. Made Smarter.

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

CYBER RESILIENCE & INCIDENT RESPONSE

NEXT GENERATION SECURITY OPERATIONS CENTER

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Building Successful Threat Intelligence Programs

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

locuz.com SOC Services

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

The Convergence of Security and Compliance

CloudSOC and Security.cloud for Microsoft Office 365

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Nebraska CERT Conference

An All-Source Approach to Threat Intelligence Using Recorded Future

Transforming Security from Defense in Depth to Comprehensive Security Assurance

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

to Enhance Your Cyber Security Needs

Secure the value chain. Risk management in the omnichannel consumer and retail environment

THE ACCENTURE CYBER DEFENSE SOLUTION

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Evolution Of Cyber Threats & Defense Approaches

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

SIEM Solutions from McAfee

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cyber Resilience. Think18. Felicity March IBM Corporation

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Building Resilience in a Digital Enterprise

Part 2: How to Detect Insider Threats

Governance Ideas Exchange

Speed Up Incident Response with Actionable Forensic Analytics

RSA ADVANCED SOC SERVICES

Transcription:

EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave

THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER THREATS DATA EXFILTRATION CUSTOMERS INTERNET/CLOUD NETWORK PROTECTION EXECUTIVES COMPLIANCE MANAGED SECURITY THREAT INTELLIGENCE EXTENDED NETWORK E-MAIL NETWORK APPLICATIONS PRIVILEGED USER MONITORING CONTINUOUS DIAGNOSTICS AND MITIGATION (CDM) SOCIAL ENGINEERING EMPLOYEES PRIVILEGED USERS DB, MAIL & FILE SERVERS Considerations Complexity In addition, there is an expected shortageof qualified security professionals totaling between 1 and 2 million by 2019. 1 1 Information Week, Cyber-Security Skills Shortage Leaves Companies Vulnerable, 8/1/16

THE CYBER FOCUS UNDERSTANDING ADVANCED THREATS What is it? A cyber-threat is any malicious act that could gain access to a computer network without authorization. A cyber-threat perpetrator is known as a Actor or Bad Actor. What are some examples? Theft of identity, credit cards, intellectual property Spoofing wire transfers or access credentials Business disruption Criminal extortion Destruction Influence business decisions Weapons proliferation Criminal exploitation Who s responsible? National Governments Terrorists Industrial Spies and Organized Crime Groups Hackivists Hackers

CYBERCRIME MOTIVATIONS WHY THIS PROBLEM IS NOT GOING AWAY Trustwave Global Security Report research shows 1,425% Return on Investment Estimated ROI for a one-month ransomware campaign Based on Trustwave SpiderLabs research into underground markets One example: $5,900 investment = $84,100 profit

WHO S ASKING PERCEIVED VALUE OF SECURITY BUSINESS FOCUS OPERATIONS FOCUS PEOPLE PROCESS TECHNOLOGY Business leaders tend to view value more holistically and from top down. Operations leaders tend to view value starting from environment and work up toward people.

THREAT DETECTION & RESPONSE A SECURITY MATURITY MODEL Incident Response Operations & Forensics THREAT VISIBILITY Log Management collection Monitoring Automated Alerting User & Entity Behavior Analytics Hunting End points Hunting Network Proactive Hunting ANALYTICS AND INVESTIGATION Signature Based Correlation Rules & IOCs Behavioral Analytics Hands On Expertise

THREAT DETECTION & RESPONSE A SECURITY MATURITY MODEL Traditional MSS MDR MSS IR THREAT VISIBILITY Log Management collection Monitoring Automated Alerting User & Entity Behavior Analytics Hunting End points Hunting Network Incident Response Operations & Forensics Proactive Hunting Traditional MSS provides foundational detect and notify capabilities. MDR MSS provides detect and remediate capabilities. ANALYTICS AND INVESTIGATION Signature Based Correlation Rules & IOCs Behavioral Analytics Hands On Expertise

WHAT IS MDR? DEFINITION OF MANAGED DETECTION AND RESPONSE PROCESS PEOPLE TECHNOLOGY According to Gartner 1, Managed Detection and Response (MDR) services are: An emerging group of security monitoring providers with approaches that do not fit the traditional MSS model. These services aim to remove the burden from clients of having to figure out "what method or device to use" for a security monitoring and response capability. MDR services focus on specific outcomes threat detection, with 24/7 monitoring and alerting, and remote incident investigation and response included in the end-to-end service. How is this different than EDR? EDR is the technology piece of this service (does not include people and process). 1 Market Guide for Managed Detection and Response Services, 10 May 2016, G00294325.

WHAT IS MDR? PEOPLE Analyst Analyst Analyst Advanced Analysis / Response Advanced Analysis / Response Intel Network Hunter Management and Research Malware Hunter Tier 1 Tier 2 Console Monitoring Take action 5-7 minutes on average per alert Tier 3 Deep investigation Tuning and mitigation 30 minutes on average per alert Malware reverser Data pivot and trend Industry alert hunting Analyst Endpoint Hunter KEY S TO SUCCESS: 1. The Right People 2. Standard Processes 3. Leveraged Technology 1 Market Guide for Managed Detection and Response Services, 10 May 2016, G00294325.

WHAT IS MDR? PROCESS Endpoint behavior Executables File changes Registry mods Memory injection IOC s Unique threat intelligence Update EDR components Advise of further updates and/or policy changes to preventive solutions Update Defenses Real-time Detection Remediation Initial Response Notification Actions Account lockouts Kill processes Files deletions Quarantine File blacklisting Remote shell Remote actions Customer actions Potential onsite upon request for further remediation & forensics assistance Scope of Attack Lateral movement Network comms What Where When How

WHAT IS MDR? TECHNOLOGY Constant visibility & threat hunting for countless endpoints across the globe All system activity tracked, automated AI hunting, real time IR and remediation Immediate threat intel generation and enterprise threat hunting capability

MOVING TOWARD AN OFFENSIVE POSTURE INCIDENT READINESS AND THREAT HUNTING hunting and incident response are inextricably linked Plan Train Test Hunt Application Networks Social Engineering Red Team All elements of a robust incident readiness program Incident Readiness Penetration Testing Incident readiness is an organized, holistic, and systematic approach designed to rapidly: Prevent Identify Respond Remediate Forensics Reverse engineering Root Cause Analysis Network Remediation Incident Response Hunting / MDR Breach Assessments Identity Hunting Real-time response Cyber Intel

TIME MATTERS MINIMAL TIME TO DETECT AND REMEDIATE IS ESSENTIAL 9 8 7 6 5 4 3 2 1 0 Time to Respond No Retainer MDR + Retainer Retainer Time to Respond Every second an attacker is on your network, he/she is looking to move laterally and capture your golden secrets No retainer in place Provider selection, contract negotiations, NDA, payment, travel time Average time to respond 8 days IR retainer in place IR responder on-call 24/7 4-8 hour remote / 24-48 hour onsite global SLA MDR + retainer Constant proactive threat hunting Immediate remote IR many steps automated Analysis occurs concurrent to responder travel time Response & remediation time is minutes, not days

WHAT DOES GOOD LOOK AND FEEL LIKE? DEFINE SUCCESS AND LEVEL SET EXPECTATIONS PROCESS PEOPLE TECHNOLOGY Define business objectives Understand your existing security posture Identify goals that tie to business outcomes Prioritize activities based on risk exposure Rinse and repeat

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback