The Critical Incident Response Maturity Journey

Similar documents
Security Operations Centers in Action

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Operationalizing the Three Principles of Advanced Threat Detection

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

RSA NetWitness Suite Respond in Minutes, Not Months

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Readiness, Response & Resilence:

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Un SOC avanzato per una efficace risposta al cybercrime

RSA Security Analytics

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

Introducing Cyber Observer

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

NEXT GENERATION SECURITY OPERATIONS CENTER

Business Context: Key for Successful Risk Management

Reinvent Your 2013 Security Management Strategy

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

RSA INCIDENT RESPONSE SERVICES

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

State of Security Operations

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

RSA INCIDENT RESPONSE SERVICES

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

CYBERSECURITY RESILIENCE

Behavioral Analytics A Closer Look

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

Proactive Approach to Cyber Security

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Intelligence Driven Incident Response Outwitting The Adversary

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

4/13/2018. Certified Analyst Program Infosheet

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

CyberSecurity: Top 20 Controls

Make IR Effective with Risk Evaluation and Reporting

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

FOR FINANCIAL SERVICES ORGANIZATIONS

A Risk Management Platform

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Designing and Building a Cybersecurity Program

RSA Cybersecurity Poverty Index

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.

Consolidation Committee Final Report

Integrated, Intelligence driven Cyber Threat Hunting

CERT Development EFFECTIVE RESPONSE

The Resilient Incident Response Platform

Securing Your Digital Transformation

Building a Resilient Security Posture for Effective Breach Prevention

Defense in Depth Security in the Enterprise

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

The Evolution of : Continuous Advanced Threat Protection

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

The Future of Threat Prevention

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

RSA IT Security Risk Management

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Cloud and Cyber Security Expo 2019

Aktueller Überblick über das RSA Portfolio

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

RSA ADVANCED SOC SERVICES

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

THE EVOLUTION OF SIEM

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

SIEMLESS THREAT MANAGEMENT

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Network Security Monitoring: An Open Community Approach

K12 Cybersecurity Roadmap

Traditional Security Solutions Have Reached Their Limit

Rethinking Security: The Need For A Security Delivery Platform

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Imperva CounterBreach

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

SIEMLESS THREAT DETECTION FOR AWS

Critical Hygiene for Preventing Major Breaches

to Enhance Your Cyber Security Needs

How to Write an MSSP RFP. White Paper

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

10x Increase Your Team s Effectiveness by Automating the Boring Stuff

align security instill confidence

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Transcription:

The Critical Incident Response Maturity Journey Why? Why Now? How? Matthew Gardiner, Sr. Manager, RSA 1

Our World is Changing Fast New Threats New Vulnerabilities New Assets 2

Advanced Attackers Are Advanced 3

Applying Yesterday s Techniques to Today s Problems? 4

Imagine Defending With a Purely Perimeter-Based Security System 5

And a Signature-Based System Meaning you Know Exactly What Your Attackers Look Like In Advance 6

Organizations That Get This are Shifting Their Security Investment Priorities Monitoring 15% Response 5% Monitoring 33% Response 33% Prevention 80% Prevention 33% Today s Priorities Intelligence-Driven Security 7

SOC/CIRCs are Moving Up on the Priority list Tier 2 Analyst Tier 1 Analyst Analysis & Tools Support Analyst Threat Intelligence Analyst SOC Manager 8

Why Have A SOC/CIRC Now? Threats Regularly Overcome Preventive Controls 1 TARGETED SPECIFIC OBJECTIVE 2 STEALTHY 3 INTERACTIVE LOW AND SLOW HUMAN INVOLVEMENT System Intrusion Attack Begins Cover-Up Discovery Leap Frog Attacks Cover-Up Complete TIME Dwell Time Response Time 1 Decrease Dwell Time Attack Identified 2 Speed Response Time Response 9

How to Think About Your CIRC Maturity? Cliché Alert 10

How to Think About Your CIRC Maturity? 3 Interdependent Factors People Process Technology 11

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response 12

How to Think About Your CIRC Maturity? Part Timers Process? Limited Visibility Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response 13

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response Full Timers Critical Assets Visibility & Context 14

How to Think About Your CIRC Maturity? Incident Response as an Emerging Organization Incident Response as a Key Force in security Ad Hoc Incident Response Specialized Team Cont. Improvement CIRC Tech. Platform 15

What Does a Mature CIRC Look Like? Tier 2 Analyst Tier 1 Analyst Analysis & Tools Support Analyst Threat Intelligence Analyst SOC Manager 16

How to Improve Your CIRC Maturity? People Focus on creating a couple CIRC rockstars Specialize from there as you staff-up Use service providers judiciously to fill gaps RSA provides a 5-course analyst education series Processes Create them, document them, learn from actual incidents, adjust them, repeat Simulate an incident & your response address gaps Measure your CIRC on an ongoing basis! RSA Advanced Cyber Defense provides breach readiness, IR, & SOC design services 17

Sources of Context CMDB/Assets RSA s CIRC Technology Platform Incident Mgmt. Breach Mgmt. SOC Program Mgmt. RSA Security Operations Management Risk Mgmt. Hosts SIEM RSA Security Analytics Data Discovery/DLP RSA ECAT Vulnerability Identity RSA Live Threat Intelligence Threat Intelligence Rules Parsers Alerts Feeds Apps Directory Services Reports and Custom Actions 18

This session is largely pulled from this WP http://www.emc.com/collateral/white-papers/h12651-wp-critical-incident-response-maturity-journey.pdf 19

Some Suggested Follow-On Actions Attend the following sessions in the SOC track Get my white paper It is free! Use the assessment framework to benchmark your CIRC Check out the following industry analysts Gartner Anton Chuvakin & Neil Macdonald Forrester Rick Holland Securosis Mike Rothman ESG Jon Olstik 20

THANK YOU 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback