LA RELEVANCIA DEL ANALISIS POST- BRECHA

Similar documents
Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

align security instill confidence

Automated Threat Management - in Real Time. Vectra Networks

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Agile Security Solutions

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

RSA NetWitness Suite Respond in Minutes, Not Months

How Vectra Cognito enables the implementation of an adaptive security architecture

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

The Cognito automated threat detection and response platform

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

THE ACCENTURE CYBER DEFENSE SOLUTION

Teradata and Protegrity High-Value Protection for High-Value Data

Synchronized Security

Incident Response Agility: Leverage the Past and Present into the Future

AKAMAI CLOUD SECURITY SOLUTIONS

An Investment Checklist

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Improved C&C Traffic Detection Using Multidimensional Model and Network Timeline Analysis

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Speed Up Incident Response with Actionable Forensic Analytics

CyberArk Privileged Threat Analytics

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

External Supplier Control Obligations. Cyber Security

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

SentinelOne Technical Brief

Juniper Sky Advanced Threat Prevention

Office 365 Buyers Guide: Best Practices for Securing Office 365

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Cisco Advanced Malware Protection for Endpoints

Cisco ASA 5500-X NGFW

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

Beyond Firewalls: The Future Of Network Security

Combating Cyber Risk in the Supply Chain

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

CloudSOC and Security.cloud for Microsoft Office 365

Rethinking Security: The Need For A Security Delivery Platform

RSA INCIDENT RESPONSE SERVICES

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

RSA INCIDENT RESPONSE SERVICES

Advanced Endpoint Protection

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

McAfee Endpoint Threat Defense and Response Family

Compare Security Analytics Solutions

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

JUNIPER SKY ADVANCED THREAT PREVENTION

Agenda: Insurance Academy Event

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cisco Advanced Malware Protection. May 2016

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Intelligent Protection

Symantec Endpoint Protection Family Feature Comparison

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Firewall nové generace na platformě SF, přístupové politiky, analýza souborů, FireAMP a trajektorie útoků

Building Resilience in a Digital Enterprise

RiskSense Attack Surface Validation for IoT Systems

Software-Defined Secure Networks. Sergei Gotchev April 2016

Transforming Security Part 2: From the Device to the Data Center

CompTIA Cybersecurity Analyst+

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

SentinelOne Technical Brief

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

BETTER Mobile Threat Defense (BMTD)

Deception: Deceiving the Attackers Step by Step

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

WHITE PAPER. Achieve PCI Compliance and Protect Against Data Breaches with LightCyber

Deep Instinct v2.1 Extension for QRadar

Traditional Security Solutions Have Reached Their Limit

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Table of Content Security Trend

SYMANTEC DATA CENTER SECURITY

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Paloalto Networks PCNSA EXAM

Cyber Threat Landscape April 2013

HELP ME NETWORK VISIBILITY AND AI; YOU RE OUR ONLY HOPE

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

Defense in Depth Security in the Enterprise

Threat Hunting in Modern Networks. David Biser

Privileged Account Security: A Balanced Approach to Securing Unix Environments

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Identity-Based Cyber Defense. March 2017

Reducing the Cost of Incident Response

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

RSA Security Analytics

Transcription:

LA RELEVANCIA DEL ANALISIS POST- BRECHA Hillstone Networks Diego Amauri Orjuela Santamaria Director General ART2SEC 1 www.

Data Breaches 2 $3.79M average cost of a data breach in 2015 23% increase since 2013 $154 average cost per lost or stolen record 60% of attackers compromise the network within minutes 256 days is the average time to discover a breach 2 Ponemon & IBM, 2015; Verizon, 2016

Initial Breach Reconnaissance & Extend Foothold Data Exfiltration 3 Perimeter Security > Endpoint Security > Breach Detection... "The Last Line of Defense" mins hours days weeks months DAMAGE 66% of breaches remain undetected for months 87% of breaches are discovered by external parties 3

Data Breaches 4 4

Data Breaches 5 5

Adding Intelligence to Security 6 6

Abnormal Behavior Detection Behavior Learning & Modeling Abnormal behavior Analysis Threat & Risk Identification 7 Host/server behavior modeling by adaptive machine learning Layer 4-7, hundreds of behavior dimensions Real time Behavior Model and rules Identify abnormal dimensions by behavior partnering Quantitate risk severity and certainty by correlation analysis Threat forensics including suspicious and relevant PCAP Hillstone Intelligent Next-Generation Firewall 7

Advanced Threat Detection 8 Sample Parameter 1 Malware Behavior set 1 Sample Parameter 2 Malware Behavior set 2 Known malware Samples Machine Learning Sample Parameter 3 Clustering Modeling Malware Behavior set 3 Hillstone Intelligent Next-Generation Firewall Unknown Malware Malware Behavior Learning Unknown Malware Behavior Patterns Identify Malware Variants 8

Comprehensive Internal Network Risk and Threat Visibility Host/critical assets # by severity level (critical/high/medium/low) threat distribution by types (Malware/DoS/Scan/Phishing/S pam/other) and severity Total Threat # 9 Attackers geographic distribution by country Customized My Threat widget Top 10 attacks ranked in order of the # of performed attacks. 9

Real-time risk/threat monitoring for internal network critical assets and hosts 10 Threat information to a critical asset with risk certainty The critical assets distribution by severity Source of the threat to the selected critical assets Critical Assets defined by admin, including critical server, network device/storage, i-2850 support 32 critical assets and 10,000 risky hosts 10

Full life cycle threat visibility and insight through the cyber kill chain Name/IP/OS/Status/Zone of a selected critical asset/host, support 10+ OS including Linux, Mac, Widows, Android etc. Risk level and certainty of a selected critical asset/host 11 Map relevant threat events of a select critical asset to each step of the cyber kill chain 11

Complete application/traffic/connection monitoring 12 Statistical information of all the application/traffic/connection in and out of the server in a certain time period In Jan.7 th, the traffic in/out of the server is extremely higher than normal time, why? 12

Dedicated Internal Threat/Attack Monitoring 13 Host/address/application information related to the server from all internal IPs The application statistic to the server during the last 30 days 13

Rich Forensic Information for Threat Events 14 Threat analysis/kb/history information of a threat Name/Status and admin analysis option for a threat event View or download PCAP for forensic information Source/destination IP, period, profile, ID and URL of a detected threat 14

Kill Chain Mapping 15 Monetization Initial Exploit Delivery Command & Control Internal Reconnaissance Lateral Movement Exfiltration Map threat events into kill chain stages Show threat target IP Trace the threat over time through its lifecycle 15

Complete Threat/Risk Visibility 16 Network Risk Index Host Risk Correlation Analysis Host Host Host Threat Correlation Analysis Threat Threat Threat Threat Threat 16

Hillstone s Value Proposition 18 Shorten time between compromise and detection multiple detection and protection mechanisms and cloud ecosystem Comprehensive visibility Security correlation Analytics and Kill Chain Determine root cause of an attack Rich Forensic and Analysis Mitigate damage Policy Enforcement & Mitigation Templates 18

NSS Labs Recommended! Hillstone Networks NGFW Excellent Overall Value PRICE/PERFORMANCE 19 STATIC TEST RATE LIVE TEST RATE 19

Gracias Gracias 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback