A Practical Guide to Efficient Security Response

Similar documents
SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

INTELLIGENCE DRIVEN GRC FOR SECURITY

ForeScout Extended Module for Splunk

A Forrester Total Economic Impact Study Commissioned by ServiceNow January 2018

Skybox Security Vulnerability Management Survey 2012

with Advanced Protection

Automated, Real-Time Risk Analysis & Remediation

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Threat Centric Vulnerability Management

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Quick Start An Overview of ITIL Service Design

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

RSA NetWitness Suite Respond in Minutes, Not Months

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Automating the Top 20 CIS Critical Security Controls

Cyber Resilience - Protecting your Business 1

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

locuz.com SOC Services

Resolving Security s Biggest Productivity Killer

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

NEXT GENERATION SECURITY OPERATIONS CENTER

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Research Insights Paper

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Security Automation Best Practices

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Symantec Security Monitoring Services

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

SIEM: Five Requirements that Solve the Bigger Business Issues

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

The Cognito automated threat detection and response platform

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

SIEM Solutions from McAfee

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

The Resilient Incident Response Platform

Securing Your Digital Transformation

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Managed Endpoint Defense

Help Your Security Team Sleep at Night

Power of the Threat Detection Trinity

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Cyber Security Incident Response Fighting Fire with Fire

McAfee Endpoint Threat Defense and Response Family

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Simplify, Streamline and Empower Security with ISecOps

MITIGATE CYBER ATTACK RISK

RSA IT Security Risk Management

Managed Security Services - Endpoint Managed Security on Cloud

CYBER RESILIENCE & INCIDENT RESPONSE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

White Paper. How to Write an MSSP RFP

Database Discovery: Identifying Hidden Risks and Sensitive Data

2012 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Lync, Outlook, SharePoint, Silverlight, SQL Server, Windows,

ALIENVAULT USM FOR AWS SOLUTION GUIDE

The McGill University Health Centre (MUHC)

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Combating Cyber Risk in the Supply Chain

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Shavlik Protect: Simplifying Patch, Threat, and Power Management Date: October 2013 Author: Mike Leone, ESG Lab Analyst

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Business Context: Key for Successful Risk Management

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE REAL ROOT CAUSES OF BREACHES. Security and IT Pros at Odds Over AppSec

Information Security Is a Business

What is Penetration Testing?

FOR FINANCIAL SERVICES ORGANIZATIONS

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE TRIPWIRE NERC SOLUTION SUITE

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

A company built on security

Modern Database Architectures Demand Modern Data Security Measures

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

RiskSense Attack Surface Validation for IoT Systems

CERT Development EFFECTIVE RESPONSE

Transcription:

A Practical Guide to Efficient Security Response The Essential Checklist Start

The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues to grow: In 2016, the total number of identities exposed via data breaches increased 95%, to 1.1 billion. 1 Time-to-compromise is now measured in minutes, and data exfiltration happens in days. 2 Worse still, detecting a breach can take months, with a median of 191 days to discovery. 3 Unable to quickly respond, organizations risk exposing valuable data and confidential information. The recovery process can be incredibly expensive and the damage to the business reputation incalculable. Why does it take so long to identify and respond to threats? Security and IT professionals point to one primary culprit: the disconnect between security and IT tools. Traditional approaches hamper efficient incident-response coordination across organizations: Beyond inefficiency, the manual processes associated with traditional security responses trigger other issues. Spreadsheets quickly become out-of-date, and emails frequently end up in the wrong inboxes. In both scenarios, defining and tracking performance metrics can be extremely difficult. And all too often, these ITSM BLUEPRINT manual processes force highly trained employees to focus on low-level tasks, resulting in high turnover. Coordinating incident reponse across the organization is the biggest challenge for most enterprises. 4 Numerous, disjointed tools cumulatively generate thousands of unprioritized alerts Lack of automation leads to hours wasted on manual processes Organizational opacity means the right contacts are hard to track down Multiple, unsecured data sets and security runbooks make it impossible to ensure everyone is on the same page 1 Symantec Internet Security Threat Report, 2017 2 2016 Verizon Data Breach Investigations Report 3 Ponemon Institute, 2017 Cost of a Data Breach Study 4 ESG, Status Quo Creates Security Risk: The State of Incident Response 2

The Essential Security Operations Solution Checklist How would you rate your organization s ability to respond to security threats and vulnerabilities? Use this short checklist to evaluate how the right security operations solution could support your enterprise. Did you know the right solution could allow your security team to: Rely on a single source of truth across security and IT? All responders need access to the latest data. A shared system allows security and IT teams to coordinate responses. Prioritize all security incidents and vulnerabilities? The best way to handle an overload of alerts is to automatically prioritize them based on their potential impact to your organization. Analysts need to know exactly which systems are affected and any subsequent consequences for related systems. Automate basic security tasks? All vulnerability and incident data is pulled into a single system. By correlating threat intelligence data with security incidents, analysts have all the information they need to protect your business. Integrate with the configuration management database (CMDB)? With CMDB integration, analysts can quickly identify affected systems, their locations, and how vulnerable they are to multiple attacks. Ensure your security runbook is followed? Workflows are critical for ensuring adherence to your security runbook. Pre-defined processes enable Tier 1 personnel to perform actual security work, while more experienced security professionals focus on hunting down complex threats. Quickly identify authorized approvers and subject matter experts? It must be easy to identify authorized approvers and experts, and quickly escalate issues if service level agreements (SLAs) aren t met while ensuring the security of need to know data. Collect detailed metrics to track SLAs, drive post-incident reviews, and enable process improvements? You need to be able to track SLAs and collect data for reviews. Metrics captured in dashboards, reports, or post-incident reviews provide trend data to support improvements. In short, the right solution enables efficient response to incidents and connects security and IT teams. It also lets you clearly visualize your security posture. For the CISO and security team, it s an integrated response platform that answers the question, Are we secure? 3

Comparing Security Response Approaches: Traditional Versus New When a high-profile vulnerability arises, there are several ways an enterprise can react. Compare the response of an organization using a traditional, disjointed approach with one using an integrated response platform. Traditional Approach: Once a threat is uncovered, the security team scrambles to address it. The CISO hears about it and wants to know if the organization is affected. The team races to assess systems and determine who needs to approve any emergency patching. Many processes are manual, so analysts struggle to quickly gather the information required to provide the CISO with an accurate assessment of the impact. Critical systems may be vulnerable, putting the business at risk of a data breach. 4

Comparing Security Response Approaches: Traditional Versus New A New Approach: In comparison, the organization using an enterprise security response platform can immediately respond to the vulnerability. It quickly kicks off the following steps: First, scan data is automatically pulled into the security operations system from their vulnerability management system. This is correlated with external sources such as the National Vulnerability Database and their internal CMDB to prioritize vulnerabilities by both the potential risk of the vulnerability itself and the impact to the organization s business services. Then a pre-built workflow notifies the security team of a critical vulnerability impacting high-priority assets. Analysts can review information about the vulnerability and the items at risk in a single console. In parallel, a workflow starts the response process. The system automatically triggers requests to approve emergency patches for critical vulnerable items. An additional scan verifies the fixes before the vulnerability can be marked closed. Once the critical items have been patched, security and IT can create a plan to address the remaining vulnerable items using a single response platform. Automated workflows help security analysts route change requests to the right people within IT, eliminating the need to memorize the organizational structure. The common platform ensures they share information on a secure need to know basis. An innovative security operations solution is essential for responding to the increasing number and sophistication of today s threats and vulnerabilities. With complete visibility into disruptive issues, security and IT teams can easily coordinate with all stakeholders to investigate and remediate issues. Now, the CISO is briefed, and the security operations solution automatically generates a postincident review with accurate metrics. The CISO is happy, and the organization is secure. 5

What s Next? Efficient response to security incidents and vulnerabilities are among the biggest challenges for Information Security Leaders. That s why choosing an enterprise security response platform is so important. ServiceNow Security Operations is the most innovative enterprise security response solution. It provides a single platform for responding to incidents and vulnerabilities across security and IT, and it can augment your enterprise s incident response capabilities with additional threat intelligence. With a great security operations solution in place, your team can make threat and vulnerability identification, remediation, and coordination efforts more efficient. Automation permits responders to focus on more complex problems instead of on manual tasks. And you have accurate data at your disposal to continuously assess your organization s security posture. Learn more about transforming your security operations. < BACK 6

About ServiceNow ServiceNow is changing the way people work. We help the modern enterprise operate at lightspeed and be more scalable than ever before. Customers use our platform to define, structure and automate the flow of work, removing dependencies on email, spreadsheets and other manual processes to transform the delivery of service to the enterprise. With ServiceNow Security Operations, customers can bring incident data from their security tools into a structured enterprise security response engine that uses intelligent workflows, automation, and a deep connection with IT to prioritize and resolve threats based on the impact they pose to your organization. Learn more about transforming your security operations. Follow us on Twitter or visit www.servicenow.com. 2017 ServiceNow, Inc. All rights reserved. ServiceNow believes information in this publication is accurate as of its publication date. This publication could include technical inaccuracies or typographical errors. The information is subject to change without notice. Changes are periodically added to the information herein; these changes will be incorporated in new editions of the publication. ServiceNow may make improvements and/ or changes in the product(s) and/or the program(s) described in this publication at any time. Reproduction of this publication without prior written permission is forbidden. The information in this publication is provided as is. ServiceNow makes no representations or warranties of any kind, with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. ServiceNow and the ServiceNow logo are registered trademarks of ServiceNow. All other brands and product names are trademarks or registered trademarks of their respective holders. SN-EB-SecOpsGuide-082017 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback