Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

Similar documents
NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Help Your Security Team Sleep at Night

Novetta Cyber Analytics

RSA NetWitness Suite Respond in Minutes, Not Months

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Industrial Defender ASM. for Automation Systems Management

CloudSOC and Security.cloud for Microsoft Office 365

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Compare Security Analytics Solutions

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Imperva Incapsula Website Security

May the (IBM) X-Force Be With You

locuz.com SOC Services

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The threat landscape is constantly

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Security

Ransomware A case study of the impact, recovery and remediation events

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Secure Access & SWIFT Customer Security Controls Framework

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

ProCurve Network Immunity

Cisco Security Monitoring, Analysis and Response System 4.2

Enhanced Threat Detection, Investigation, and Response

Dynamic Datacenter Security Solidex, November 2009

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Reinvent Your 2013 Security Management Strategy

McAfee Endpoint Threat Defense and Response Family

Incident Response Agility: Leverage the Past and Present into the Future

Security Terminology Related to a SOC

Computer Network Vulnerabilities

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

ForeScout ControlFabric TM Architecture

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Combating Cyber Risk in the Supply Chain

Cisco Intrusion Prevention Solutions

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Best Practices in Securing a Multicloud World

ICS Security Monitoring

Securing CS-MARS C H A P T E R

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

SecureVue. SecureVue

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Privileged Account Security: A Balanced Approach to Securing Unix Environments

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

Comprehensive datacenter protection

Cisco Cyber Threat Defense Solution 1.0

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

BETTER Mobile Threat Defense (BMTD)

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

A Risk Management Platform

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Seceon s Open Threat Management software

SONICWALL SECURITY HEALTH CHECK SERVICE

IBM Security Network Protection Solutions

HOSTED SECURITY SERVICES

NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Proactive Approach to Cyber Security

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

CyberArk Privileged Threat Analytics

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Cyber Security For Business

SONICWALL SECURITY HEALTH CHECK PSO 2017

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

SIEMLESS THREAT MANAGEMENT

ASA/PIX Security Appliance

Un SOC avanzato per una efficace risposta al cybercrime

Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

the SWIFT Customer Security

Transcription:

Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed

Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went Undetected for Months 18 16 14 12 10 8 6 4 2 0 146 days Average duration it takes to discover 8 attackers are present on a network 5 5 2 0.5 Target JPMorgan Neiman Marcus Home Depot Michaels Goodwill 2018 Riverbed Technology, Inc. All rights reserved. 2

59% of Organizations are notified about their breach by an external entity. 2018 Riverbed Technology, Inc. All rights reserved. 3

In just one industry/vertical there were 72 total breaches reported (2016), over 56 Million records exposed 205 days on average threats were present before detection Estimated loss for those 72 breaches was over $8.85 billion What could you do with $8,850,000,000.00? 2018 Riverbed Technology, Inc. All rights reserved. 4

In 2017 it grew to 191 days on average threats were present before detection 1339 Identity theft breaches, over 174 Million records exposed Estimated 2017 loss for identity record breaches cost ~$24.6 billion $33,440,756,448.00...network security forensics is an important technology. Without a proper post-breach forensic investigation, the ability to remediate damages from the current threat, as well as to the ability to properly mitigate future threats remains very much in doubt. 2018 Riverbed Technology, Inc. All rights reserved. 5

2018 Riverbed Technology, Inc. All rights reserved. 6

Russia s 5th-Dimension Cyber Army Hezbollah China 2018 Riverbed Technology, Inc. All rights reserved. 7

2018 Riverbed Technology, Inc. All rights reserved. 8

This is Cyber Warfare! 2018 Riverbed Technology, Inc. All rights reserved. 9

10 2017 Riverbed Technology. All rights reserved. @Riverbed

Riverbed provides visibility on the cyber battlefield like a drone or satellite provides generals with real-time physical battlefield info 2018 Riverbed Technology, Inc. All rights reserved. 11

Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend After Scope Contain Remediate 2018 Riverbed Technology, Inc. All rights reserved. 12

Understand the Surface Area 13 2017 Riverbed Technology. All rights reserved. @Riverbed

Total Enterprise Visibility Is Critical Attacks can come from anywhere, anytime, anyone Visibility is the glue that empowers both the business and the IT teams with the insight they need to make effective resourcing decisions and to resolve problems faster If you can t see it, you can t protect it! Servers Services Ports Applications Protocols End-Users Network Behavior Operating Systems 2018 Riverbed Technology, Inc. All rights reserved. 14

Visibility Driving Security Value Once you know what you have, you can properly secure it Identify Everything All the moving parts of an application (what is in scope) All hosts/paths/ports/protocols that need to be monitored Paths of attack that may have gone overlooked Clear text protocols that may be a means of eavesdropping Un-related systems that need to be treated at the same trust level due to proximity 2018 Riverbed Technology, Inc. All rights reserved. 15

Visibility Driving Security Value 2018 Riverbed Technology, Inc. All rights reserved. 16

Identify Lateral Movement & Network Behavior Anomaly Detection Track lateral movement, governance violations and other challenges such as P2P, tunneling, and SPAM activity Analysis of network behavior can identify suspect activity including; scans, suspicious connections, new hosts, worms, and more 2018 Riverbed Technology, Inc. All rights reserved. 17

Assess Application Usage and Combat Shadow IT 1. Discover every local, cloud, and mobile application, to combat Shadow IT 2. Immediately assess the breadth, surface area of Shadow IT 1 3 2 2 3. Consider mainstreaming popular Shadow IT apps 2018 Riverbed Technology, Inc. All rights reserved. 18

Configuration, Network, and Service Hardening 19 2017 Riverbed Technology. All rights reserved. @Riverbed

Hackers are Always Looking for the Weak Link to Gain Entry What are your weak links? Where are they? 2018 Riverbed Technology, Inc. All rights reserved. 20

Before Harden Infrastructure patching and configuration Potential Exposures NPCM Security Workflow 3 Validations Metrics Checks all collected network devices for known OS vulnerabilities Check for any instance of OS vulnerability Advisory ID: cisco-sa-20140924-nat 440 OS vulnerabilities 30% devices with vulnerabilities 25 vulnerabilities remediated Rules Engine Edge routers block incoming ICMP, telnet, FTP sessions No redundant ACL statements No overlapping NAT translation addresses 2018 Riverbed Technology, Inc. All rights reserved. 21

Automated Compliance Reporting Manage Security Audits Effectively Automated Topology Diagramming Automate generation of auditquality diagrams Out-of-the box templates for regulatory & industry standards STIG, CCRI, NIST 800-53 Validate against a golden configuration Automatic & periodic security advisory updates Analyze ACLs, firewall policies, and other security controls Analyze device administrative control Leverage best practices from Cisco, AAA, NSA security guidelines, and more Trend audit results over time Automatically generate high-definition network diagrams using configuration and operational data Provide detailed insight into physical, logical and virtual components Generate professional quality HTML or Visio diagrams Customizable diagram layout and annotations 2018 Riverbed Technology, Inc. All rights reserved. 22

Change Control See changes, route propagations, survivability/redundancy testing Visualize BGP Route Propagation 2018 Riverbed Technology, Inc. All rights reserved. 23

Understand Movement NSEW Go Threat Hunting 24 2017 Riverbed Technology. All rights reserved. @Riverbed

We can take a proactive approach to searching for those intruders rather than a reactive approach that focuses on known incidents government has to start searching for the unknown. Jeff Wagner, (OPM Director of Security Operations) 2018 Riverbed Technology, Inc. All rights reserved. 25

Find Every Sensitive device & Who it Talks with in 30 seconds 1 2 3 2018 Riverbed Technology, Inc. All rights reserved. 26

Leverage Reporting To Track Activity Discover and remediate Run on-demand or scheduled Progressive SSH/RDP burrowing across the network SMTP requests not on TCP/25 DNS requests not on UDP/53 CIFS to/from the Internet Weekly foreign country business reports Tunneled traffic Access to production network not during change windows Servers not within the data center subnets East/West traffic where none is expected North/South traffic where none is expected 2018 Riverbed Technology, Inc. All rights reserved. 27

Assess Impact of Code/SQL Injection Using your Phone! TRANSACTIONS FROM INJECTION ATTACK GENUINE TRANSACTIONS 2018 Riverbed Technology, Inc. All rights reserved. 28

Identify Scope of Intrusion 2018 Riverbed Technology, Inc. All rights reserved. 29

Extend Visibility into Attack Surface Go Beyond Attack Points of Entry URL http://www.xxxx.com/yyy/zzz.aspx?cm_re=${@print(md5(acunetix_wvs_security_test))} Using Typical Security Tools Injection Detection occurs ONLY at Points of Entry Discover Entire Surface Area of Attack For every SINGLE transactions No Transaction Sampling Would it acceptable to have visibility into just 1 of 10,000 intrusions? 2018 Riverbed Technology, Inc. All rights reserved. 30

Alarm On Violations 31 2017 Riverbed Technology. All rights reserved. @Riverbed

New Host Analytic Alert on new hosts in secured areas of the network New Host Policy workflow: New host appears on VLAN supporting PCI-compliant ERP servers Alert via SNMP trap or email with context-sensitive drill-down to details Complete visibility into offending host, with conversational details, packets for deep-dive analysis, and MAC address/switch port info Optional vulnerability scanning Detect changes in sensitive parts of the network to improve security posture and help with regulatory compliance 2018 Riverbed Technology, Inc. All rights reserved. 32

Malware Analytics Details of worm propagation Drill-down for event details, including start/end time, duration, list of scanned traffic, etc. Graphical view of the threat propagation including patient zero Multiple host infections are recognized as a single event Improve your security posture, detect worms and malware that don t rely on signatures 2018 Riverbed Technology, Inc. All rights reserved. 33

Alarm on Anything/Any Place Your creativity is the limit here Anyone trying or succeeding in accessing routers Log or alert on anyone who tries to connect to an IP x.x.x.1 Non-encrypted connections to/from regulated servers Log or alert on anyone NOT using SSH or SSL Connections to/from restricted network segments Find tunneling Port 80!= HTTP Port 443!= HTTPS Port 53!= DNS 2018 Riverbed Technology, Inc. All rights reserved. 34

Address Real Problems 35 2017 Riverbed Technology. All rights reserved. @Riverbed

SIEM integration Instantly Add Context Scope & Triage 1. Report events to your SIEM or enable your SIEM to extract contextual information from NetProfiler A. SIEM identifies a problem B. Right-click the node IP 2. Get context information. All of the detailed information that NetProfiler collects is delivered through the SIEM console 1 2 2018 Riverbed Technology, Inc. All rights reserved. 36

Packet level integration Instantly drill down Scope & Triage REST call to NetShark 2018 Riverbed Technology, Inc. All rights reserved. 37

Programmability/3 rd -party Integration REST API Automate Expert Workflows Script common or tedious tasks React to IT events faster Benefit from custom features created by the community Scripting Library Custom Apps Threat Visualization Server Fail Over 2018 Riverbed Technology, Inc. All rights reserved. 38

DECISION SUPPORT Maneuver CYBER to affect our adversaries Discrete Event Simulation to support decisions Understand where and who Mitigate an immediate attack (Opportunity to insert Mis-information) Monitor trace the path (Attack Vectors) adversary used Packets see the data the adversary took 2018 Riverbed Technology, Inc. All rights reserved. 39

Thank You 2018 Riverbed Technology, Inc. All rights reserved. 40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback