Cloud and Cyber Security Expo 2019

Similar documents
Readiness, Response & Resilence:

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

RSA ADVANCED SOC SERVICES

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Getting Security Operations Right with TTP0

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

Incident Response Agility: Leverage the Past and Present into the Future

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

BUILDING AND MAINTAINING SOC

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

NEXT GENERATION SECURITY OPERATIONS CENTER

Building Resilience in a Digital Enterprise

Reducing the Cost of Incident Response

Make IR Effective with Risk Evaluation and Reporting

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Integrated, Intelligence driven Cyber Threat Hunting

locuz.com SOC Services

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Managed Endpoint Defense

Building and Testing an Effective Incident Response Plan

Cyber Resilience. Think18. Felicity March IBM Corporation

How to Write an MSSP RFP. White Paper

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Security Operations 2018: What is Working? What is Not.

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Are we breached? Deloitte's Cyber Threat Hunting

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

RSA NetWitness Suite Respond in Minutes, Not Months

esendpoint Next-gen endpoint threat detection and response

One Hospital s Cybersecurity Journey

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Securing Your Digital Transformation

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

4/13/2018. Certified Analyst Program Infosheet

CYBER RESILIENCE & INCIDENT RESPONSE

RiskSense Attack Surface Validation for IoT Systems

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Nebraska CERT Conference

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

SIEMLESS THREAT DETECTION FOR AWS

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Cyber Threat Intelligence Standards - A high-level overview

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

SECURITY OPERATION CENTER - Models, Strategies and development - By Ali Mohammadi Desember 12,13, 2017

Certified Information Security Manager (CISM) Course Overview

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

TRUE SECURITY-AS-A-SERVICE

Designing and Building a Cybersecurity Program

Cyber Resilience - Protecting your Business 1

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

THE ACCENTURE CYBER DEFENSE SOLUTION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Building a Threat-Based Cyber Team

A Risk Management Platform

Security Operations & Analytics Services

RSA IT Security Risk Management

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Seven Steps to Ease the Pain of Managing a SOC

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Symantec Ransomware Protection

The Rise of the Purple Team

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Reinvent Your 2013 Security Management Strategy

From Managed Security Services to the next evolution of CyberSoc Services

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

RUAG Cyber Security Understand Cyber. Protect Values.

The Resilient Incident Response Platform

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

CERT Development EFFECTIVE RESPONSE

Incident Response Services

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

CIRCULAR. CIR/MRD/CSC/148/2018 December 07, 2018

The New Era of Cognitive Security

Click to edit Master title style. DIY vs. Managed SIEM

Think Like an Attacker

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

MITIGATE CYBER ATTACK RISK

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

White Paper. How to Write an MSSP RFP

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Operationalizing the Three Principles of Advanced Threat Detection

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

deep (i) the most advanced solution for managed security services

Unlocking the Power of the Cloud

Transcription:

Cloud and Cyber Security Expo 2019 The Terrain to Actionable Intelligence Azeem Aleem, VP Consulting, NTT Security

Actionable Intelligence Actionable intelligence through Cyber Intelligence Embedding intelligence driven security into your environment Where to use Predictive Analytics Creating and applying security metrics to drive performance

We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard John F. Kennedy President John F. Kennedy's speech in 1963 in Washington D.C Image source: http://time.com/4711687/john-f-kennedy-diary-hitler/ Keystone-France Gamma-Keystone/Getty Images

Making success a reality Cognitive Intelligence

5 Man on the Moon Image source: https://www.nationalgeographic.com/science/space/space-exploration/moon-exploration/

Good intelligence isn t just found it s hunted 180,000 160,000 140,000 120,000 100,000 80,000 60,000 40,000 20,000 0 2000 2012 2013 2014 2015 2016 2017 2018

Actionable intelligence What adversaries are attacking me? What could we have done better? How did they achieve it? What information was taken?

Reality intelligence-driven SOC 1) Define dwell time From point of trigger to eyes on (analyst assigned) 2) Separation of duties Analytics (CIRT Tier 1) Adv. Tools and tactics SOC/CDC Cyber Threat Intelligence Advanced Analysis 3) Threat intelligence Integrated investigation Visible to analyst Content Analytics

Intelligence driven security framework Tier 1 analyst Tier 2 analyst Threat intelligence analyst Analysis & tools support analyst SOC manager Readiness Establish state of preparation and ability to handle actionable intelligence Response Design and implement a solution that positioned to handle cyber security incident response and remediation in alignment to business objectives and risk Resiliency Develop the ability to predict and respond to cyber incidents while operating and sustaining an optimized intelligent security operation capability

Business & risk alignment What is the mission, scope, and authority to mitigate the risk? Visibility Define the visibility required to achieve mission readiness Readiness Content Build enablement for detection (use cases, situational awareness, and baseline) Security Operations How do I respond, contain, and hunt to achieve the mission identifying known and unknown threats? Applied intelligence & analytics How do I analyze, attribute, and predict the threat and refocus the mission?

L2 Analyst L1 Analyst Threat Intel Analyst Reactive to predictive Initial Alert/ Notification Incident Tracking and Logging Incident Categorization / Assign Priority Triage and Investigate within SLA Escalation to L2 No Remediation / Recovery recommendations Communicate and Report Activities Yes Readiness Investigate Incident Analyze Findings Engaged Content Management No Engage Adv. Analytics No Remediation / Recovery recommendations Communicate and Report Activities Incident Closure YES YES Incident Review/QA/ Lessons Learnt Intel Content Engineering Advanced Analysis Unique Intel Findings Analyze Request of Malware or Forensics Adjust Controls Predictive Document Findings Tune Content within Security Tools Import Indicators to Trending/Analysis Research Threats Report Findings Threat Database Communicate and Report Activities Communicate and Report Activities Generate Incident Metrics

Value of predictive analytics improved resiliency Reconnaissance Weaponize Delivery Exploitation Installation C2 Action Earlier detection of threats

Value of visibility and metrics Before After resource investment Reconnaissance Weaponize Delivery Exploitation Installation C2 Action

Resiliency success factor SOC Mission Monitoring Team Vulnerability Management Incident Response Threat Intelligence Security Engineering Critical Success Factor Critical Success Factor Critical Success Factor Critical Success Factor Critical Success Factor

Getting the cyber swing

Azeem Aleem VP Consulting, NTT Security Follow me on Twitter:@azeem_aleem Come and see us at Stand S4333

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback