Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Similar documents
Integrated, Intelligence driven Cyber Threat Hunting

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Prescriptive Security Operations Centers (SOC) Opinion Paper

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

RSA NetWitness Suite Respond in Minutes, Not Months

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Security Information & Event Management (SIEM)

The New Era of Cognitive Security

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Security. Made Smarter.

An Aflac Case Study: Moving a Security Program from Defense to Offense

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Securing Digital Transformation

Cyber Security Technologies

SIEM Solutions from McAfee

Deception: Deceiving the Attackers Step by Step

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

locuz.com SOC Services

empow s Security Platform The SIEM that Gives SIEM a Good Name

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

AKAMAI CLOUD SECURITY SOLUTIONS

Building Resilience in a Digital Enterprise

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

NEXT GENERATION SECURITY OPERATIONS CENTER

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

The Cognito automated threat detection and response platform

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Building a Resilient Security Posture for Effective Breach Prevention

The Oracle Trust Fabric Securing the Cloud Journey

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

CloudSOC and Security.cloud for Microsoft Office 365

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Building Successful Threat Intelligence Programs

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

An Aflac Case Study: Moving a Security Program from Defense to Offense

Securing Your Digital Transformation

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

with Advanced Protection

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Jens Thonke, EVP, Cyber Security Services Jyrki Rosenberg, EVP, Corporate Cyber Security CORPORATE SECURITY

Combating Cyber Risk in the Supply Chain

Cyber Threat Landscape April 2013

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

THE ACCENTURE CYBER DEFENSE SOLUTION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

HOSTED SECURITY SERVICES

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

May the (IBM) X-Force Be With You

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Traditional Security Solutions Have Reached Their Limit

Cyber Threat XChange: A New Approach to Managing Security

How Vectra Cognito enables the implementation of an adaptive security architecture

Automated Threat Management - in Real Time. Vectra Networks

What matters in Cyber Security

FOR FINANCIAL SERVICES ORGANIZATIONS

Securing Office 365 with SecureCloud

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

PT Unified Application Security Enforcement. ptsecurity.com

Strategies for a Successful Security and Digital Transformation

Cylance Axiom Alliances Program

Artificial Intelligence Drives the next Generation of Internet Security

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SOLUTION BRIEF DFLabs IncMan SOAR - The Security Orchestration, Automation and Response Platform for SOCs.

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Detect & Respond to IoT Botnets AS AN ISP. Christoph Giese Telekom Security; Cyber DefenSe Center

Managed Endpoint Defense

ForeScout Extended Module for Splunk

ForeScout ControlFabric TM Architecture

Angela McKay Director, Government Security Policy and Strategy Microsoft

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Gujarat Forensic Sciences University

RSA INCIDENT RESPONSE SERVICES

Cyber Defense Operations Center

Compare Security Analytics Solutions

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Sustainable Security Operations

RSA Security Analytics

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Transcription:

Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC

Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet & Generated Largest DDoS attack in history 3.1 B Reported Leaked records Ransomware is the new DDOS 752% increase $1 billion in losses 985 Major reported data breaches 1 B User Credentials compromised Largest breach in history Editors investing in SECaaS up 25% from 2015 Business Impact Decrease of M&A offer to by 110% CASB Telco SOC 2

Cyber Security Labor shortage epidemic 62% of organizations are currently understaffed* Majority of positions take 3 6 months to fill, and 10% are never filled* 2 million shortfall of qualified professionals by 2020** Not enough gray-matter for a manual solution 3

Atos Prescriptive SOC helps with all the below We need to manage Technology strategically We need to unite and partner We need to build Agile solutions & Operations Make security a differentiator in the new digital era? 4

Prescriptive SOC Principles You cannot find anything where you are not looking Logs Audits Events Alerts Intelligence feeds IoT Data Full packet & DNS captures Detailed audit trails Social Media Fraud information Identity context Darknet Deep & Dark web Use Big Data to find threats then to aggregate and transform into actionable intelligence 5

Gartner Prescriptive SOC model Analytics Human Input Descriptive What happened? Diagnostic Why did it happen? Data Predictive What will happen? Decision Action Prescriptive What should I do? Decision Support Decision Automation Source: Gartner, #G00254653 (September 2013) 6

Prescriptive SOC to step backwards in the attack chain Cyber Kill Chain: Attack Stages Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Action on objective Blindspot Dwell Time Dwell Time ( Discovery Time) still high as cyberattacks become more pervasive and are difficult to detect Average Time to discovery of in 2017: 191 days * Response Time Response Time increasing as investigating, neutralizing & recovering from advanced cyberattacks requires specialized CERT teams Average Time to contain cyberattack in 2017: 66 days * 7

Prescriptive SOC to step backwards in the attack chain Cyber Kill Chain: Attack Stages Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Action on objective Blindspot Blindspot Dwell Time Response Time Automate Aggregation Detect weak signals Automate Incident Containment Orchestrate Response Automate Hunting Feed result to machine learning 8

Prescriptive Security Analytics Diagnosis Dashboard OT IT IoT Data Lake Appliance Bulk of Data flow Consolidated results & Decisions & Actions Extended Contextual Data Data Sets large & complex acquired over time Linked Data to enrich the context Long trends Short trends Models Data Visualization Aggregation Behavioral Analytics hunting Triage & Orchestration Action Intelligence 9

Technical Architecture Atos Prescriptive Security Operations Centers Data Visualization Routine outputs Context, enrichment Enterprise Security Manager Logs, packets IPS Endpoints Servers DXL Subscribers vips Web Gateway TI MISP Data Lake Analytics Logs, packets Logs, packets Routine outputs Partner UBA Active response Endpoint Policy Orchestrator Advanced Detection DXL Intelligence Exchange Atos Security Operations Analytics Platform Architecture 10

Atos your trusted provider of Prescriptive SOC Information Security Control Tower Operations Centralized location for IT security assessment, processing and response Behavioral Analysis Security Incident response Investigation & Forensics Risk scoring Prescriptive Analysis Hunting Services Cyber defense Cyberwarfare Incident response Offensive security Compliance monitoring Information analysis reports Digital forensics Data leak prevention Select and generate data sets Development of new models Model governance Model performance management Data visualizations Collaboration with analysts Research and develop tools Learn and automate pattern recognition Analysis Cyber Data Science Vulnerability Analysis Data Modeling Visualization Infrastructure Support R&D Modeling Information IT / OT logs Network raw data Intelligence Access control VOIP DB SCADA Vulnerability assessment Antivirus GRC CCTV 11

Codex for Security: Intelligence Platform Digital Surveillance Use Case Atos Digital Surveillance provides information to the customer about threat actors activity targeting the customer environment gathered from Clear, Dark, Deep webs or Social Media Networks. Some threats detected are data leaks, brand abuse or hacktivism and measurement of public sentiment is provided too. Business Value Digital Surveillance supports the customer to trigger a proper and faster response when evidence of a breach becomes recognized This can be Brand Misuse, Fake News on enterprises, Dispraise on employees or Executives, IPR and company secrets Use Case A crawler recognizes accounts and passwords being sold in the darknet, IP-Adresses of a botnet, documents with construction or design documentation. The information is correlated with all the information available in the SOC from Cloud or on premise log files SOC-Analysis is immediately initiated. Automated response is triggered. (Block critical infrastructures, application, accounts. Change access mode to data, apps.) 12

Thanks For more information please contact: T+43 (664) 88551355 guenter.koinegg@atos.net

DataLake & Analytics Architecture DataViz Hadoop ecosystem Indexation Collector Twitter connector IaaS & Déploiement Hardware 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback