Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Similar documents
Disaster Unpreparedness June 3, 2013

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE ACCENTURE CYBER DEFENSE SOLUTION

CYBERSECURITY RESILIENCE

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Building a Threat Intelligence Program

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

AT&T Endpoint Security

CLOSING IN FEDERAL ENDPOINT SECURITY

THREAT HUNTING REPORT

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Sustainable Security Operations

RSA NetWitness Suite Respond in Minutes, Not Months

THE CYBERSECURITY LITERACY CONFIDENCE GAP

The Deloitte-NASCIO Cybersecurity Study Insights from

esendpoint Next-gen endpoint threat detection and response

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Best Practices in Securing a Multicloud World

ForeScout Extended Module for Splunk

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

RSA INCIDENT RESPONSE SERVICES

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

align security instill confidence

RSA INCIDENT RESPONSE SERVICES

An Aflac Case Study: Moving a Security Program from Defense to Offense

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Security in India: Enabling a New Connected Era

ACHIEVING FIFTH GENERATION CYBER SECURITY

CYBER RESILIENCE & INCIDENT RESPONSE

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

with Advanced Protection

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Traditional Security Solutions Have Reached Their Limit

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

CA Security Management

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Security in Today s Insecure World for SecureTokyo

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

locuz.com SOC Services

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Consolidation Committee Final Report

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

to Enhance Your Cyber Security Needs

DDoS MITIGATION BEST PRACTICES

People risk. Capital risk. Technology risk

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

IBM Security Services Overview

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

THREAT HUNTING REPORT

6 KEY SECURITY REQUIREMENTS

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

The Office of Infrastructure Protection

Critical Hygiene for Preventing Major Breaches

Protecting productivity with Industrial Security Services

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Building Resilience in a Digital Enterprise

Introducing Cyber Observer

Automating the Top 20 CIS Critical Security Controls

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

CYBER SOLUTIONS & THREAT INTELLIGENCE

empow s Security Platform The SIEM that Gives SIEM a Good Name

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

OA Cyber Security Plan FY 2018 (Abridged)

RSA IT Security Risk Management

Deep Instinct v2.1 Extension for QRadar

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

FROM TACTIC TO STRATEGY:

SECURITY SERVICES SECURITY

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

A Guide to Closing All Potential VDI Security Gaps

FOR FINANCIAL SERVICES ORGANIZATIONS

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Security Gap Analysis: Aggregrated Results

CloudSOC and Security.cloud for Microsoft Office 365

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Continuous protection to reduce risk and maintain production availability

Transcription:

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation Date: November 14, 2016 Underwritten by:

Introduction Agencies deal with a greater volume and velocity of cyber threats than ever before. To achieve actionable cyber awareness and drive continuity of vital operations, Federal cyber leaders must speed cyber response times for threat prevention, detection, and mitigation for known, and more importantly, unknown threats. Protecting against modern cyber attacks requires an intelligent threat protection infrastructure that not only aggregates threat data, but also learns and strengthens defenses in real time. To protect against threats, agencies need to create new protections in minutes, not hours or days. MeriTalk surveyed 150 Federal security operations professionals to understand how agencies are minimizing damage by deploying more automated solutions that leverage product and external threat feed intelligence. Because during a cyberattack, minutes even seconds are crucial. 2

Executive Summary Stuck in Manual Only 61% of Feds say their agency is automatically distributing info against malicious behaviors across different enforcement points in their organization Fewer than half guard newer or critical attack vectors Losing the Race Agencies ingest an average of 25 external threat feeds daily and most cannot act on that information for hours or days Only 15% can create new protections against newly discovered malicious behaviors within minutes Also, only 17% can reprogram their defenses against newly discovered malicious behaviors by distributing new protections within minutes (the lifetime of an attack) and prevent a breach How Can Feds Push the Pedal to the Metal? Embrace an automated approach to swift threat detection and analysis, enabling the creation of new protections faster, including the threat mitigation process, as just 41% say they would invest in this area today Improve threat intelligence correlation from all sources and the path to actionable cyber awareness If agencies improved threat intelligence monitoring, correlation, and automation of protections, Feds estimate they could save 27% of their cybersecurity budget or more than $5B annually 3

Pedal to the Metal Federal security operations professionals say they can address threats faster and save one-quarter of cyber budgets if they improve threat intelligence monitoring, correlation, and automation By improving monitoring, correlation, and automation, Feds say they could save 27% of their cybersecurity budget or more than $5 billion a year* The question: Automation is key. How can agencies rev it up? *Based on the $19 billion cybersecurity budget for 2017 Take Away: Time to Rev the Engine 4

Too Many Stuck in the Slow Lane Feds are flooded with threat data, but when faced with an unknown threat, can t create and distribute new protections fast enough Just 15% can create new protections within a few minutes (over a third still take days to take any action) Just 17% can distribute new protections within a few minutes Take Away: Every Minute Counts 5

Foggy Windows While most Feds focus on traditional entry points (mail server, internet gateway, Web), fewer than half guard against emerging and critical attack vectors, increasingly used as attack entry points* Data center north/south (41%) Data center east/west (39%) Demilitarized zone (DMZ) (39%) SaaS enforcement points (33%) Mobile endpoints (29%) *Respondents asked to select all that apply Take Away: A Road Full of Unseen Threats 6

Running Diagnostics 55% of Feds say their agency is currently not automatically correlating information from different locations about a threat campaign 30% do so manually & 25% don t do it at all Take Away: Not Yet Ready to Race 7

Under the Hood Many agencies don t use advanced security solutions to detect and analyze unknown content, i.e. potential new threats, on their networks Percentage who use the following to address unknown content or files:* Anti-zero-day/APT sandboxing 20% SaaS security Network A/V IPS 28% 34% 37% URL filtering Endpoint security (like A/V) 45% 50% Email security 65% Firewall 76% *Respondents asked to select all that apply Take Away: Missing Opportunities 8

Not Quite A Well Oiled Machine Less than half 47% of Feds can automatically correlate specific threat behavior to behavior seen in a host on their network, or elsewhere globally Additionally, only 45% of Feds say their agency can look for it backwards and forward in time *Respondents asked to select all that apply Take Away: In Need of Rewiring 9

Stuck at Go Despite a deluge of threat data, Feds aren t able to leverage and share insights quickly enough to protect against new threats Security operations teams ingest an average of 25 external threat feeds daily Most Common External Threat Feeds:* 1. Industry related 2. Purchased 3. Only for malware 4. Generic Almost half (47%) of purchased feeds are still only consumed via email 72% say it takes a few hours to a few days to assess if a unique threat is present and determine whether action is required 81% say it takes a few hours to a few days to create actionable changes in their organization s security posture to reflect and protect against a new threat that they received from external sources *Respondents asked to select all that apply Take Away: Actionable Awareness Needed 10

See Around the Bend 71% of Feds use automated analysis/reports to focus on targeted attacks; fewer than half take advantage of the following capabilities that, together, improve threat analysis and the ability to anticipate future threats:* Dynamic analysis (48%) Static analysis (32%) Machine learning (19%) Analyze threats Predict threat behavior Anticipate future threats The question: Without critical advanced threat analysis capabilities, can Feds reprogram their network defense fast enough to protect advanced threats? Take Away: Advanced Capabilities Deliver New Visibility *Respondents asked to select all that apply 11

Crowded Pit Crew Security operations teams are allocating skilled and limited resources on tasks that can be automated At least 20% of Feds noted 12 or more members of their agency s SOC team have the following tasks as their primary responsibilities:* Creating custom signatures for security technologies on your network Correlating isolated network events which may be related to part of a campaign Taking threat intelligence from various feeds and making it actionable Correlating different behaviors to associate them with one or more threat campaigns Additionally, more than a third pay to contract out parts, if not all, of these processes Take Away: Agencies Need Expertise & Automation *Of those who complete the following tasks in-house 12

Wish List Most agencies don t need more data they need the ability to make faster decisions from the data they have What are the most important investments to fight and win against advanced threats?* Actionable cyber awareness Correlation of global and government-specific threat knowledge Automation of mitigation process More threat feeds 30% 29% 28% 28% 41% More people for threat analysis 45% Automation of signature creation/distribution Visibility of behaviors across vectors *Respondents asked to select the top three investment areas Take Away: Rethink the Rule Book 13

Recommendations Revamp Driver Mentalities: A culture that s too focused on status quo cybersecurity puts agencies at great risk. Agencies need comprehensive threat anomaly detection and mitigation, across all potential attack vectors into their networks. Monitor Bumper to Bumper: Agencies must be able to correlate isolated tactical behaviors as a sign of a bigger attack pattern. They must also isolate network segments, reducing attack effectiveness. Automate to Improve Proactive Cyber Stance: To prevent new attacks, agencies need to: Analyze and accurately predict the next step in the attack (location and behavior) Leverage techniques together, including machine learning, dynamic, and static analysis Swiftly create new protections and reprogram enforcement points faster than the attack can spread in their networks 14

Methodology and Demographics MeriTalk, on behalf of Palo Alto Networks, conducted an online survey of 150 Federal employees that work with their security operations team in September 2016. The report has a margin of error of ±7.97% at a 95% confidence level Job Title: Agency Type: 10% 17% 21% 13% 15% 13% 11% CISO or Deputy CISO Security Operations Director/Supervisor Security Operations Manager Security Operations Engineer Security Operations Analyst Other Security Operations employee Other security operations support* 57% Civilian agency 43% DoD or Intel agency 100% of respondents say they are familiar with their agency s cybersecurity threat intelligence and processes/capabilities, whether outsourced or done internally *Qualifying titles include: Network Specialist, Systems Engineer, and Enterprise Operations Chief 15

Thank You Sarah Masuda smasuda@meritalk.com 703-883-9000 ext. 126

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback