NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Similar documents
SIEMLESS THREAT MANAGEMENT

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

SIEMLESS THREAT DETECTION FOR AWS

SECURITY-AS-A-SERVICE

locuz.com SOC Services

SECURITY-AS-A-SERVICE BUILT FOR AWS

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Automating the Top 20 CIS Critical Security Controls

Unlocking the Power of the Cloud

SECURITY-AS-A-SERVICE BUILT FOR MICROSOFT AZURE

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Security Operations & Analytics Services

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

RiskSense Attack Surface Validation for IoT Systems

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

TRUE SECURITY-AS-A-SERVICE

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Business Context: Key for Successful Risk Management

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

A Risk Management Platform

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Reinvent Your 2013 Security Management Strategy

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Best Practices in Securing a Multicloud World

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Netwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Operationalizing the Three Principles of Advanced Threat Detection

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

GDPR: An Opportunity to Transform Your Security Operations

align security instill confidence

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

A Comprehensive Guide to Remote Managed IT Security for Higher Education

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

RiskSense Attack Surface Validation for Web Applications

McAfee Public Cloud Server Security Suite

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

One Hospital s Cybersecurity Journey

empow s Security Platform The SIEM that Gives SIEM a Good Name

Vulnerability Management

UNIFICATION OF TECHNOLOGIES

Securing Your Amazon Web Services Virtual Networks

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Welcome ControlCase Conference. Kishor Vaswani, CEO

Security

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Security Configuration Assessment (SCA)

MANAGED DETECTION AND RESPONSE

Managing Microsoft 365 Identity and Access

White Paper. How to Write an MSSP RFP

Imperva Incapsula Website Security

Carbon Black PCI Compliance Mapping Checklist

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

SYMANTEC DATA CENTER SECURITY

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Compliance Audit Readiness. Bob Kral Tenable Network Security

Cyber Security For Business

Integrated, Intelligence driven Cyber Threat Hunting

Securing Your Microsoft Azure Virtual Networks

The Convergence of Security and Compliance

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

90% of data breaches are caused by software vulnerabilities.

Qualys Cloud Platform

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ALERT LOGIC LOG MANAGER & LOG REVIEW

Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions

RSA NetWitness Suite Respond in Minutes, Not Months

Think Like an Attacker

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

The Top 6 WAF Essentials to Achieve Application Security Efficacy

RSA INCIDENT RESPONSE SERVICES

Introducing Cyber Observer

Industrial Defender ASM. for Automation Systems Management

in PCI Regulated Environments

PROFESSIONAL SERVICES (Solution Brief)

to Enhance Your Cyber Security Needs

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Chapter 5: Vulnerability Analysis

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Symantec Security Monitoring Services

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Cloud Customer Architecture for Securing Workloads on Cloud Services

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

NIST Special Publication

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Stopping Advanced Persistent Threats In Cloud and DataCenters

Transcription:

NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect

Cybersecurity is harder than it should be 2

SIEM can be harder than it should be If you think this is expensive, look twice, because it really is so. Product is starting to show its age. Not keeping up with current requirements. So many options, that it can be bewildering. Great out of the box for meeting compliance requirements, but does not scale well. Implementation tedious, support often overlooks known bugs, interface clunky, non-intuitive. Needs technical training to take advantage of its capabilities and reporting. 3

Common Pitfalls Failure to Perform Detailed Planning Before Buying 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 4

Common Pitfalls Failure to Define Scope 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 5

Common Pitfalls Overly Simplistic Scoping 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 6

Common Pitfalls Monitoring Noise 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 7

Common Pitfalls Lack of Sufficient Context 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 8

Common Pitfalls Insufficient Resources 1 Overcoming Common Causes for SIEM Solution Deployment Failures, G00328573, 30 May 2017 9

Industry and size no predictor of risk Web applications still top target Attack automation and spray and pray 10

Attack Surface Penetration IDENTIFY & RECON Manage exposures Ensure coding best practices INITIAL ATTACK Coding best practices Application monitoring Network monitoring COMMAND & CONTROL DISCOVER & SPREAD EXTRACT & EXFILTRATE Vulnerability management Least privilege access Vulnerability management User lifecycle management Application response monitoring Network monitoring Role-based Access Network monitoring Network monitoring Log correlation Least privilege access Role-based access Log correlation File integrity monitoring 11

Introducing a Better Way 12

A Solution That SIEMlessly Works Across Environments ASSESS VULNERABILITY SCANNING Software CVEs Network Config Remediation workloads AUDITING AWS Configuration exposures Auto-discovery, topology DEFEND ACTIVE DEFENSE In-Line Web Application Firewall (WAF) DETECT DATA INSPECTION Web (HTTP) requests & responses System logs (Agent) Network packets (IDS) Connected Devices ActiveWatch ANALYTICS Signatures & rules Anomaly detection Machine learning COMPLY LIVE EXPERTS 24/7 monitoring Validation & enrichment Remediation advise Incident Reports Priority Alerts 15 minute SLA App Owners Dev/Ops Cloud PCI-DSS, GDPR, HIPAA, SOX, SOC2, ISO, NIST, and COBIT Attestation reporting Log review & archiving Alerts Security

A Better Way for Your Peace of Mind: SIEMLess Threat Management We SIEMlessly Connect Platform Intelligence Experts Providing you The Right Coverage for the Right Resources Asset discovery Vulnerability scanning Cloud configuration checks Compliance Threat Risk Index Remediation guidance Prioritization and next steps Comprehensive vulnerability library 24/7 email and phone support PCI Scanning and ASV support Service health monitoring Threat monitoring and visibility Intrusion detection Security analytics Log collection and monitoring Extensive log search capabilities to support investigations Event insights and analysis Threat frequency, severity, and status intelligence Attack prevention capabilities ActiveWatch Professional 24/7 SOC with incident management, escalation, and response support Always-on WAF defense against web attacks (e.g. OWASP Top 10, emerging threats, zero-day vulnerabilities) Protection from SQL Injection, DoS attacks, URL tampering, cross-site scripting attacks and more Verified testing against more than 2.1 million web application attacks Advanced detection capabilities to spot and block malicious activity ActiveWatch Enterprise Security Posture Review Incident response assistance Threat hunting Help with tuning strategies, customized policies, and best practices SIEMless by Design Lower Total Cost Always Advancing ON-PREMISES PUBLIC CLOUD PRIVATE CLOUD Across Any Environment 14

SIEMless Threat Management in Action: Headline Risk Avoidance 1. THREAT INTEL In 2013 research of Apache Struts vulnerability, development of signature 2. SECURITY PLATFORM Addition of signature (blocking) starting 2013 3. EXPERT DEFENDERS Able to alert and raise incidents for customers 4. THREAT INTEL Research of new variants, new defenses developed 5. SECURITY PLATFORM Hardened defenses deployed in March 2017 6. EXPERT DEFENDERS March 6 Alert Logic proactively notifies customers ALERT LOGIC CUSTOMERS ALREADY PROTECTED! In May 2017 a major credit rating agency discovers breach. In September 2017 the major credit rating agency publicly discloses breach 2013 Apache Struts vulnerability 2013 Apache Struts vulnerability Breach discovered Breach disclosure Total cost is $439M Alert Logic attack blocking in place Alert Logic hardens defenses proactively notifies customers Alert Logic customers protected 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback