An Aflac Case Study: Moving a Security Program from Defense to Offense

Similar documents
An Aflac Case Study: Moving a Security Program from Defense to Offense

Designing and Building a Cybersecurity Program

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

Best Practices in Securing a Multicloud World

Building Resilience in a Digital Enterprise

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

AKAMAI CLOUD SECURITY SOLUTIONS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

with Advanced Protection

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

SIEM Solutions from McAfee

Building a Threat-Based Cyber Team

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Your network is your business lifeline. Protect it. LEVEL 3 ADAPTIVE NETWORK SECURITY

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Security Diagnostics for IAM

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Which Side Are You On?

Checklist for Evaluating Deception Platforms

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

CounterACT Check Point Threat Prevention Module

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Building a Resilient Security Posture for Effective Breach Prevention

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Integrated Access Management Solutions. Access Televentures

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

SIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona

CYBER SOLUTIONS & THREAT INTELLIGENCE

RSA NetWitness Suite Respond in Minutes, Not Months

ACHIEVING FIFTH GENERATION CYBER SECURITY

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Organizational Readiness for Digital Transformation

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Cisco Self Defending Network

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Human factor in CyberSecurity

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

May the (IBM) X-Force Be With You

Security Automation Best Practices

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

STRATEGIC PLAN

THE RISE OF GLOBAL THREAT INTELLIGENCE

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Security and Compliance for Office 365

Strategies for a Successful Security and Digital Transformation

Cyber Defense Operations Center

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Your Challenge. Our Priority.

Virtualizing Networks:

2018 Edition. Security and Compliance for Office 365

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CA Host-Based Intrusion Prevention System r8

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

TestBraindump. Latest test braindump, braindump actual test

Cisco Firepower NGFW. Anticipate, block, and respond to threats

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

THE POWER OF TECH-SAVVY BOARDS:

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

THE ACCENTURE CYBER DEFENSE SOLUTION

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

ISE North America Leadership Summit and Awards

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Transforming IT: From Silos To Services

Cybersecurity Session IIA Conference 2018

SECURITY SERVICES SECURITY

One Hospital s Cybersecurity Journey

What It Takes to be a CISO in 2017

Imperva Incapsula Website Security

Defensible and Beyond

Think Vulnerability Management Has Been Commoditized? You're using the wrong vendor.

The Value of Automated Penetration Testing White Paper

Security-as-a-Service: The Future of Security Management

Unlocking the Power of the Cloud

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

SecOps : Security Operations. Saurav Sinha Head of Presales India

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Transcription:

SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac

Threat Landscape Security risks are growing at a faster pace than the industry can react or adapt to Selected losses > 30,000 records (updated Jan 2017) Source: www.informationisbeautiful.net

How To Build a Good Offense Intelligence Leverage several types of sources Analytics Find a solution that best applies to your environment Fight Far Build more layers in between assets and threats Staff Find and build the right talent 3

Intelligence Internal Analyze network traffic, log files, security appliances and even employee behavior External Open sources, organization memberships, vendors, government programs (DHS)) Dark Web Monitoring the dark web helps companies see planned attacks against them or see stolen credentials 4

Analytics Information/Data Threat Intelligence Platform Op Intelligence Platform Output High Confidence Action Corporate Infrastructure Security Infrastructure Network Infrastructure Systems and Applications Big Data Analysis Confidence Rating Visualization 5 Automated Alerts Low Confidence Action Enrichment into other alerts

Confidence Scores High Confidence Score Domain that is well-known to be malicious Low Confidence Score Logging in to network incorrectly multiple times Higher confidence scores set off automated event alerts Lower confidence scores go through an enrichment process and other alerts 6

Analytics Tool Results 2,042,000 Connections have been blocked with fewer than 12 false positives >5M Average number of IoC s maintained 7 90 Average number of threat actor campaigns maintained 5 Member team effectively managed 5M pieces of threat intel data

Capabilities DNS Firewall: Performing automated checks against aggregated list of dangerous domains to sinkhole or block the connection attempts associated with malware. Blackholing: A technique in which an internet service provider (ISP) dumps packets coming from a certain domain or address. DDoS Service: Prevention of attacks that attempt to exhaust the resources available to a network, application or service so genuine users cannot gain access. 8

Incorporate Security into SDLC Iterative Security is added in througout the process vs. waiting for end product in waterfall Identify Early Integrating security in an iterative manner helps identify vulnerabilities early Smaller Scope Smaller scope allows us to fix defects easier which is less impact vs the waterfall method Partnership Agile approach creates a closer partnership with business, IT and Security which is key to security success

Build Partnership with Teams Be a Good Partner Vision: Communicate clearly how security aligns with business strategic objectives; WINFM. Education: Offer education opportunities to development team; train on secure coding practices. Remediation Support: Have readily available support for security issues that arise.

Build in Automation & Streamlined Processes Provide project teams as much work upfront as possible 1 Offer standard build kits to project teams to check against authentication, platform, and application security standards upfront. 2 Build security test cases and security validation into sprints. 3 Offer security scanning tools such as Integrated Development Environment (IDE) plugin for coding or system provisioning when implementing a new application.

Application Development IDE Plug In Source code is uploaded and scanned for vulnerabilities on vendor portal Vendor provides consultant services to developers for vulnerabilities solutions Implementing capability to scan code as it is written

Internet Edge Router 5 Outer Firewall Fight Far It is more difficult for an enemy to defeat a complex and multilayered defense system than to penetrate a single barrier. 9Inner Firewall Company Assets 4 Blackholing 3 Cloud Web App Firewall 2 Cloud Email Filtering 6 DMZ DNS Firewall 7 Web Proxies 10 IPS 11 LAN Sandboxing 12 Deception 13 HIDS 1 DDoS Prevention Service 8 Anti Virus 13 Quarantine

Staffing Challenges Solutions 14 Threats and vulnerabilities are constantly changing Gartner predicts 25 billion devices connected to IoT by 2020 each of which brings new security challenges 1. The cybersecurity gap is real and unlikely to change predicted that 1.5 million jobs will be unfulfilled by 2020 2. 1. Gartner-25 billion connected devices press release. 2. 2015 Global Information Security Workforce Study, Frost & Sullivan. Seek unconventional perspectives in military veterans and data scientists; such roles require aptitude, focus, and analytical skills. Invest in your own IT staff; experience in organizational systems and operations can be groomed into a security professional. Partner with local technical and vocational programs, establish internships, and participate in capstone opportunities.

Applying Offense Intelligence Review, add and diversify your intelligence sources Analytics Find a solution that not only produces intelligence but takes action with the intelligence Fight Far Review your current security capabilities and build in additional layers to create distance Staff Think outside the box by changing your hiring strategies and invest in local schools/programs 15

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback