CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Similar documents
ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Building a Resilient Security Posture for Effective Breach Prevention

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

MEETING ISO STANDARDS

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Critical Hygiene for Preventing Major Breaches

External Supplier Control Obligations. Cyber Security

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Cyber Resilience. Think18. Felicity March IBM Corporation

ForeScout Extended Module for Splunk

locuz.com SOC Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Designing and Building a Cybersecurity Program

K12 Cybersecurity Roadmap

A Risk Management Platform

align security instill confidence

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

RiskSense Attack Surface Validation for IoT Systems

the SWIFT Customer Security

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Cyber Resilience - Protecting your Business 1

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cybersecurity Today Avoid Becoming a News Headline

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Onapsis: The CISO Imperative Taking Control of SAP

Securing Digital Transformation

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Un SOC avanzato per una efficace risposta al cybercrime

SECURITY SERVICES SECURITY

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Transforming Security Part 2: From the Device to the Data Center

Cylance Axiom Alliances Program

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Cyber Security For Business

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Security Diagnostics for IAM

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

RSA NetWitness Suite Respond in Minutes, Not Months

Automating the Top 20 CIS Critical Security Controls

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Integrated, Intelligence driven Cyber Threat Hunting

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

esendpoint Next-gen endpoint threat detection and response

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Navigate IT Security with a Framework as Your Guide

MITIGATE CYBER ATTACK RISK

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

From Managed Security Services to the next evolution of CyberSoc Services

Network Visibility and Segmentation

Tripwire State of Cyber Hygiene Report

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Gujarat Forensic Sciences University

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

RSA INCIDENT RESPONSE SERVICES

RULES VERSUS MODELS IN YOUR SIEM

Building Resilience in a Digital Enterprise

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

Security. Made Smarter.

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

RSA INCIDENT RESPONSE SERVICES

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

THE EVOLUTION OF SIEM

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

CYBERSECURITY MATURITY ASSESSMENT

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

CyberArk Privileged Threat Analytics

Operationalizing the Three Principles of Advanced Threat Detection

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

IoT & SCADA Cyber Security Services

Introducing Cyber Observer

Cybersecurity Auditing in an Unsecure World

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Transcription:

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS MULTI-CLOUD, MULTI-SERVICE ENVIRONMENTS LEGACY TOOLS ARE STATIC, VERTICAL & SILOED SERVICES ON BARE METAL, VIRTUAL, CONTAINER, SERVER-LESS M I S A L I G N E D BUSINESS AUTHORITY WITHOUT UNDERSTANDING BUSINESS FUNCTIONS TO MANAGE THREATS WITHOUT CONTEXT BREACHES, & THEIR COST, INCREASING REGULATIONS, & THEIR CONSEQUENCES, INCREASING BUSINESS RISK INCREASING

BUSINESS RISK INTELLIGENCE? Security has to connect to the business as it is a business risk. Bringing anomalous business practices into governance brings control. If we can define normal, and reduce the noise', we can operate an effective security service and inform the business of risk that relates to them. Gaining accountability in the business for their behaviours. Embed operational security into IT operations, forming control frameworks that don t inhibit the business.

THE PROBLEM Which business function is generating the most RISK? What are my risks? EVIDENCE is needed to validate risk. How do we (IT) engage with the business? What is my SOC missing, why is it so reactive? 1 3 5 7 2 4 6 Are all these threats RELEVANT? Too much tech; not enough budget for one of everything! SECURITY is not just about BAD; how do I know what WRONG is?

CLEAR FRAMEWORK TO CATEGORISE AND COMMUNICATE RISK Determine priorities for remediation. Engage with the business to govern risk. Define appropriate response playbook s and SLA s with the business. Inform stage of attack. Identify gaps in visibility and control. Operate a security service that informs business risk.

INCIDENT TIMELINE AGAINST KILL CHAIN Data Movement RISK CATEGORIES / KILL CHAIN STAGES User Privilege Brute force attack begins on SERVER-01. Network Communications Software Configurations PC Hunter and SQL installed and run on multiple hosts. BIOS account adds other accounts to various privileged groups. Ransomware Distributed and Executed. Cylance Uninstalled. Account enumeration conducted by SERVICE account. Type 10 and 12 connections from external (Russian and British) IP s. Build SERVER-01 and SERVER-02 exposed to the internet.

SMART APPLICATION & CYBER RISK AUDIT GAINING CONTROL - APPROACH

NEAR INCIDENT RESPONSE (NIR) I. Continuous improvement. II. III. IV. System Admin priorities. Alerting framework to catch misuse. Benchmarking business functions by risk. V. Reduction of operational risk. VI. VII. Reduction of attack surface. Policy, Controls and Procedures. SECURE BY DESIGN = OPERATIONALLY SECURE If we can help people get control of hygiene, posture and operational risk through the CRA process, we can embed security within IT operations rather than as an overlay.

Kill Chain / Risk Categories AUDIT APPROACH - CYBER MATURITY JOURNEY NIST 800 / ISO 27002 IDENTIFY PREVENT DEFEND RESPOND RECOVER DATA Tools Movement Access Investigate Restore USER Rights Abuse Credentials Limit ACL NETWORK Anomalies Communications Services Restrict Provision SERVICE RAT Creation Use Control Baseline BUILD Vulnerabilities Exploitation Change Patch Rebuild AUDIT INTERPRET CONTROL REMEDIATE POLICY

CRA OUTPUT SMART ANALYTICS The results are delivered through SMART, our interactive analytics tool that packages your data by user, host, business unit, operating system, software versions, risk category etc. to provide valuable insight into current posture and IT Hygiene.

CYBER RISK AUDIT CRA ENDPOINT CRA NETWORK CRA LIVE SCOPE Endpoint (Workstation & Server) AD Objects (Computer, User & Groups) Anti-Virus Logs Communications (Firewall, IDS, ADDS, DHCP, VPN) AD Authentication Communications External Intelligence CASB Logs OUTPUT Hosts of Interest (HOI) HOI Remediation Posture & Hygiene Remediation Work Packages Policy Remediation & Augmentation Asset Inventory Alerting with context for SIEM/SOC Validation of Current Investments versus Priorities for Security Strategy Behaviours Policy Violations 3 rd Party Risk Anomalies Insider / Misuse Live Data and Analyses Hygiene Work Packages

CONTINUOUS IMPROVEMENT & ASSURANCE AUGMENT SOC/SIEM RED TEAM EXERCISES Validation of progress & controls. Security Operations AUDIT to identify risk, determine posture & compromise. REMEDIAL ACTIONS HOI investigation, hygiene & posture activities and good practice. Re-Audit User, Network, Data Movement, Policy Violation. Optional enrichment to monitor behaviour. ALERTING FRAMEWORK to inform on reoccurrence.

WIN A FREE CYBER RISK AUDIT Drop your business card at the front for a chance to win

ANY QUESTIONS?

WHAT IS THE SMART APPLICATION? THE SMART APPLICATION PROVIDES INSIGHT INTO COMPLIANCE POSTURE ASSURANCE STANDARDS HYGIENE

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback