Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

Similar documents
User and Entity Behavior Analytics

Intelligent Edge Protection

Produkt Update: Aruba 360 Secure Fabric ClearPass 6.7 neues Lizenzmodell & IntroSpect. Reinhard Lichte, Consulting Systems Engineer

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

ARUBA 360 SECURE FABRIC

Go mobile. Stay in control.

Behavioral Analytics A Closer Look

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Compare Security Analytics Solutions

Cisco Firepower NGFW. Anticipate, block, and respond to threats

HPE Aruba Focus Areas

Cybersecurity Roadmap: Global Healthcare Security Architecture

The Cognito automated threat detection and response platform

MEETING ISO STANDARDS

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Imperva CounterBreach

Artificial Intelligence Drives the next Generation of Internet Security

McAfee Skyhigh Security Cloud for Amazon Web Services

CyberArk Privileged Threat Analytics

Evolution Of Cyber Threats & Defense Approaches

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Novetta Cyber Analytics

Preventing Data Breaches without Constraining Business Beograd 2016

Security and Compliance for Office 365

how dtex fights insider threats

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

ARUBA CLEARPASS NETWORK ACCESS CONTROL

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Best Practices for Scoping Infections and Disrupting Breaches

Securing the Evolving Enterprise Network Inside and Out

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

PrecisionAccess Trusted Access Control

A quick-reference guide to secure your organization s data and reduce cybersecurity attacks

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

WHY ARMIS. 1. Comprehensive Asset Discovery and Inventory. 2. Agentless. Top 10 Reasons To Consider Armis

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Speed Up Incident Response with Actionable Forensic Analytics

Managing Microsoft 365 Identity and Access

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

SIEM Solutions from McAfee

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Automated Threat Management - in Real Time. Vectra Networks

MITIGATE CYBER ATTACK RISK

Microsoft Security Management

Enhanced Threat Detection, Investigation, and Response

Power of the Threat Detection Trinity

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

The Art and Science of Deception Empowering Response Actions and Threat Intelligence

AT&T Endpoint Security

White Paper. Complying with SOX Regulations Using the Exabeam Security Intelligence Platform

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Incident Response Agility: Leverage the Past and Present into the Future

CIS Controls Measures and Metrics for Version 7

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

CIS Controls Measures and Metrics for Version 7

Machine Learning and Advanced Analytics to Address Today s Security Challenges

RSA ECAT DETECT, ANALYZE, RESPOND!

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Data Lakes & Leaks Erno Doorenspleet. IBM Security

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Built-in functionality of CYBERQUEST

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Secure wired and wireless networks with smart access control

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Unlocking the Power of the Cloud

An Aflac Case Study: Moving a Security Program from Defense to Offense

CloudSOC and Security.cloud for Microsoft Office 365

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Introduction to Threat Deception for Modern Cyber Warfare

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

ARUBA CLEARPASS NETWORK ACCESS CONTROL

Part 2: How to Detect Insider Threats

RSA Security Analytics

CHECK POINT CLOUDGUARD SAAS SUPERIOR THREAT PREVENTION FOR SAAS APPLICATIONS

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Data Privacy and Protection GDPR Compliance for Databases

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

A Security Admin's Survival Guide to the GDPR.

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

White Paper IMPLEMENTING PCI DSS CONTROLS WITH EXABEAM

68 Insider Threat Red Flags

Simplifying the Branch Network

2018 Edition. Security and Compliance for Office 365

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

CAN MICROSOFT HELP MEET THE GDPR

Infoblox as Part of the Ecosystem

McAfee MVISION Cloud. Data Security for the Cloud Era

Transcription:

Intro to Niara no compromise behavioral analytics Tomas Muliuolis HPE Aruba Baltics Lead

THE SECURITY GAP SECURITY SPEND DATA BREACHES 146 days median time from compromise to discovery PREVENTION & DETECTION (US $B) # BREACHES % DISCOVERED INTERNALLY SOURCES Mandiant M-Trends 2016, Verizon Data Breach Investigations 2016, IDC 2016 2

PROBLEM CAUSE OF THE GAP ATTACKERS ARE QUICKLY INNOVATING & ADAPTING BATTLEFIELD WITH IOT AND CLOUD, SECURITY IS BORDERLESS 3

PROBLEM ADDRESSING THE CAUSE ATTACKERS ARE QUICKLY INNOVATING & ADAPTING SECURITY ANALYTICS SOLUTIONS MUST BE RESPONSIVE TO CHANGES 4

Attacks utilizing Legitimate credentials COMPROMISED 40 million credit cards were stolen from Target s severs STOLEN CREDENTIALS MALICIOUS Edward Snowden stole more than 1.7 million classified documents INTENDED TO LEAK INFORMATION NEGLIGENT DDoS attack from 10M+ hacked home devices took down major websites ALL USED THE SAME PASSWORD 5

Why Niara? ClearPass Great Visibility and Context Wired and Wi-Fi Policies Real-time Network Enforcement Niara User and Entity Security Continuous Behavior Analytics Early Attack Detection 6

ClearPass as a Security Brand ClearPass Policy Manager ClearPass Universal Profiler Niara Pre-Authentication Post-Authentication 7

USER AND ENTITY BEHAVIOR ANALYTICS

NIARA OVERVIEW Founded 2013 Focused on solving two key problems Detecting attacks that have co-opted legitimate credentials Reducing the time and effort required to understand and respond to attacks Enabling technologies Big Data: Spark/Hadoop Artificial Intelligence: Machine Learning 9

AUTOMATED DETECTION OF THREATS INSIDE THE ORGANIZATION Compromised Users & Hosts Negligent Employees ATTACKS AND RISKY BEHAVIORS on the inside Malicious Insiders 10

THE START: USER VIEW OF EVENTS IP Address 11

CHARACTERIZING BEHAVIOR Time of Access Location Typical Activity Device Duration Frequency of Access 12

BASICS OF BEHAVIORAL ANALYTICS MACHINE LEARNING UNSUPERVISED Behavioral Analytics BASELINES HISTORICAL + PEER GROUP ABNORMAL INTERNAL RESOURCE ACCESS 13

BASICS OF BEHAVIORAL ANALYTICS MACHINE LEARNING UNSUPERVISED Behavioral Analytics BASELINES HISTORICAL + PEER GROUP ABNORMAL INTERNAL RESOURCE ACCESS 14

PEER BASELINES ACROSS MULTIPLE DIMENSIONS 15

MODEL CONFIDENCE AND BUSINESS IMPACT Business Impact Model Confidence 16

FINDING THE MALICIOUS IN THE ANOMALOUS Behavioral Analytics MACHINE LEARNING SUPERVISED THIRD PARTY ALERTS DLP Sandbox Firewalls STIX Rules Etc. 17

FORCE MULTIPLIER FOR SECURITY ANALYSTS Consolidated Data Access Rapid Decision-Making and Action Have I seen this before? BREAKTHROUGH ROI for Incident Investigation and Threat Hunting 18

ACCELERATED INVESTIGATION AND RESPONSE Behavioral Analytics 19

ENTITY 360 SECURITY DOSSIER 20

UNUSUAL INTERNAL ACTIVITY 21

LOG DETAILS 22

NETWORK CONVERSATIONS DRILL DOWN 23

SOLUTION AT A GLANCE IDENTITY NAC, AD, DHCP INFASTRUCTURE Logs DNS, Firewall, Proxy, VPN, Email, DLP Console / Workflow SaaS Box, Office360 ANALYZER ENTITY360 laas AWS, Azure ANALYTICS DATA FUSION FORENSICS BIG DATA ALERTS Endpoint, Network, STIX Spark/Hadoop 24

SOLUTION AT A GLANCE IDENTITY NAC, AD, DHCP INFASTRUCTURE Logs DNS, Firewall, Proxy, VPN, Email, DLP Console / Workflow SIEM/LOGGING SaaS Box, Office360 ANALYZER ENTITY360 laas AWS, Azure ANALYTICS DATA FUSION FORENSICS BIG DATA ALERTS Endpoint, Network, STIX Spark/Hadoop 25

SOLUTION AT A GLANCE IDENTITY NAC, AD, DHCP INFASTRUCTURE Logs DNS, Firewall, Proxy, VPN, Email, DLP Console / Workflow SIEM/LOGGING SaaS Box, Office360 laas ANALYZER ANALYTICS ENTITY360 FORENSICS PACKET BROKER NETWORK TRAFFIC PACKETS FLOWS AWS, Azure DATA FUSION BIG DATA ALERTS Endpoint, Network, STIX Spark/Hadoop 26

SOLUTION AT A GLANCE IDENTITY NAC, AD, DHCP INFASTRUCTURE Logs DNS, Firewall, Proxy, VPN, Email, DLP Console / Workflow SIEM/LOGGING SaaS Box, Office360 laas ANALYZER ANALYTICS ENTITY360 FORENSICS PACKET BROKER NETWORK TRAFFIC PACKETS FLOWS AWS, Azure DATA FUSION BIG DATA ALERTS Endpoint, Network, STIX Spark/Hadoop 27

Aruba ClearPass - Niara Integration Workflow Automated Network and Security Controls 1 Wired/Wireless Device Auth 3 User/Device Context Shared 2 Devices Profiled ClearPass Policy Manager www.arubanetworks.com/clearpass www.niara.com 28

Aruba ClearPass - Niara Integration Workflow Automated Network and Security Controls 1 Wired/Wireless Device Auth 3 User/Device Context Shared Niara UEBA ANALYZER 4 Network and Log-based Machine Learning Packets ENTITY360 2 Devices Profiled ClearPass Policy Manager 5 Actionable Alerts Initiated ANALYTICS DATA FUSION FORENSICS BIG DATA Flows Logs Alerts Entity360 Profile with Risk Scoring www.arubanetworks.com/clearpass www.niara.com 29

Aruba ClearPass - Niara Integration Workflow Automated Network and Security Controls 1 Wired/Wireless Device Auth 3 User/Device Context Shared Niara UEBA ANALYZER 4 Network and Log-based Machine Learning Packets ENTITY360 2 Devices Profiled ClearPass Policy Manager 5 Actionable Alerts Initiated ANALYTICS DATA FUSION FORENSICS BIG DATA Flows 6 ClearPass Performs Real-time Policy-based Actions Logs Real-time quarantine, re-authentication Bandwidth Control Blacklist Role-change Entity360 Profile with Risk Scoring Alerts www.arubanetworks.com/clearpass www.niara.com 30

UEBA INCIDENT RESPONSE ROI 31

THANK YOU!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback