A Risk Management Platform

Similar documents
THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Securing Your Digital Transformation

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Best Practices in Securing a Multicloud World

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Business Context: Key for Successful Risk Management

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

MITIGATE CYBER ATTACK RISK

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

locuz.com SOC Services

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

THE ACCENTURE CYBER DEFENSE SOLUTION

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Designing and Building a Cybersecurity Program

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Deception: Deceiving the Attackers Step by Step

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

White Paper. How to Write an MSSP RFP

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Cybersecurity for Service Providers

deep (i) the most advanced solution for managed security services

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

SIEMLESS THREAT DETECTION FOR AWS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

SIEMLESS THREAT MANAGEMENT

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Cyber Security Technologies

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Certified Information Security Manager (CISM) Course Overview

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

CloudSOC and Security.cloud for Microsoft Office 365

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Cloud Security Strategy - Adapt to Changes with Security Automation -

Are we breached? Deloitte's Cyber Threat Hunting

ALIENVAULT USM FOR AWS SOLUTION GUIDE

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

Device Discovery for Vulnerability Assessment: Automating the Handoff

Microsoft Security Management

ForeScout Extended Module for Splunk

8 Must Have. Features for Risk-Based Vulnerability Management and More

Introducing Cyber Observer

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

How to Write an MSSP RFP. White Paper

Security. Made Smarter.

GDPR: An Opportunity to Transform Your Security Operations

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Micro Focus Security Fortify Audit Assistant

Incident Response Agility: Leverage the Past and Present into the Future

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Put an end to cyberthreats

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

RSA NetWitness Suite Respond in Minutes, Not Months

Building and Instrumenting the Next- Generation Security Operations Center. Sponsored by

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

CLOUD WORKLOAD SECURITY

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Agile Security Solutions

Unlocking the Power of the Cloud

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

FOR FINANCIAL SERVICES ORGANIZATIONS

Fabrizio Patriarca. Come creare valore dalla GDPR

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

ForeScout ControlFabric TM Architecture

External Supplier Control Obligations. Cyber Security

SIEM: Five Requirements that Solve the Bigger Business Issues

RSA IT Security Risk Management

Building Resilience in a Digital Enterprise

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SECURITY-AS-A-SERVICE BUILT FOR AWS

Managed Endpoint Defense

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Cybersecurity Roadmap: Global Healthcare Security Architecture

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Cybersecurity Auditing in an Unsecure World

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Think Like an Attacker

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

CSP 2017 Network Virtualisation and Security Scott McKinnon

NEXT GENERATION SECURITY OPERATIONS CENTER

Modern Database Architectures Demand Modern Data Security Measures

Transcription:

A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer

Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention Detection Correction Detection NEW MODEL: Risk-Based Security Correction Data & Analytics Prevention By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches. - Gartner: Shift Cybersecurity Investment to Detection, dated 7 January 2016

Every Day Problem

How Good Is HONG KONG? In 2016, Rapid7 Labs launched the National Exposure Index in order to get a measurable, quantitative answer to a fairly fundamental question: What is the nature of internet exposure services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet. Which service in your company is exposing to the Internet is not/weak encrypted?

Risk Platform Structure

Deployment In-house Or Cloud In-house Cloud Data Kept in-house On the cloud Deployment HW, Storage, SIEM, Charged by volume, asset number, collector/scanner number Man Power A specific SOC team Typical IT security team Workload After Deployment - Maintain data flow - Feed threat intelligence - Tuning, building policy, data mining - Query required information - Follow incident Cost High Low - Maintain data flow - Query required information - Follow incident

COLLECT Deploy an organizational network to collect data from end point to cloud and also 3 rd party data ANALYSIS Cultivate your army to convert the data into answer automatically and keep improving. Answer Information is classified and prioritized. Everyone can get the information to make decision and remediation handily.

Consideration COLLECT 1. What to collect? E.g. Asset data, system log, threat intelligence 2. How to collect? E.g. Scanner, syslog, agent, external party 3. Who to collect? E.g. IT security team, asset owner 4. When to collect? Schedule, manual, event trigger, blackout What Question Is Answered

COLLECT 1. Deploy an infrastructure to collect from end point to cloud 2. Feed with external threat intelligence (exploit database) 3. Asset ownership grouping 4. Integration with other system (e.g. for authentication) 5. Testing data (in-house penetration test, 3 rd social engineering test) 6. Activity baseline

Architecture Network Events Remote Site Remote Endpoints Real-Time Endpoint Events Intruder Traps On-Premise Deployment SSL SSL Insight Attacker Analytics Platform Security Team Applications User Behavior Analytics Machine Learning Fully Searchable Data Set Existing Security Solutions, Alerts, and Events Enterprise Cloud Apps Mobile Devices

Consideration ANALYSIS 1. What is log, event (e.g. a virus detected) and alert (take action)? 2. Who to analyze? In-house team, outsourced, 3. How to analyze? Package software, self learning, manual built IF-THEN rule. Ready for Any Question

Convert Data To Action Raw Events Relevant Activity Enriched, Attributed Events User & Asset Status Notable Event Take Action Alert Intelligence Correlation Collect

ANALYSIS 1. Build a team (security data science expert) 2. Automation 3. Ability to correlate data and information recursively 4. Continuous improvement (self learning, reduce false +ve/-ve)

Consideration ANSWER 1. When the answer is ready? (Ad hoc, schedule) 2. Who will raise the question? (Asset owner, CSO) 3. What the question will be? 4. How to remediate? Give the Right Answer

Answer To Anyone At Anytime Prevention Detection Response Remediation Cleanup Lessons Learned Risk Platform

ANSWER 1. Agility to any question from all parties 2. Prioritized event and action 3. Feed to system for tuning (minimize the false +ve/-ve) 4. Minimize effort to get the answer and take remediation 5. Integration with other system (e.g. for automation, sharing with other)

Key Areas Maturity How It Goes 1. Can everyone get the required information? 2. What is the workload to have the information? 3. How accurate is the information? 4. How can you response to a risk or breach? 5. Can you predict where the hacker will get in? Build confidence through preparation Automate known threat prevention Detect unknown threats Respond with purpose Remediate the threat to minimize impact Prioritize cleanup Constant improvement through lessons learned Innovating Intelligence Driven Behavior Driven Regulation Driven Ad-Hoc Many SIEM/SOC deployed but do not know how good it is.

INCIDENT READINESS ASSESSMENT Threat detection and incident response evaluation. Increases response efficiency and effectiveness. For example, playbook for following a critical vulnerability announcement (e.g. WannaCry) or APT. Detection Ability (Identify risk or breach) Documentation (playbook, reporting) Follow Up Procedures (remediation, scoping)

TABLETOP EXERCISES Threat simulation exercise, aimed at evaluating the ability to effectively detect and respond to incidents. To ensure that the READINESS is working. Initiate Prepare Deliver Recommend

BREACH RESPONSE Usually employ 3 rd party to raise a PT and audit the risk platform. Will not notify anyone about the maneuver unless required. Incident Management Detection and Analysis Scoping Communications Remediation and Cleanup

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback