Are we breached? Deloitte's Cyber Threat Hunting

Similar documents
CYBER RESILIENCE & INCIDENT RESPONSE

Cyber Security Incident Response Fighting Fire with Fire

Cyber Espionage A proactive approach to cyber security

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cyber Security is it a boardroom issue?

Vulnerability Management. June Risk Advisory

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Emerging Technologies The risks they pose to your organisations

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

External Supplier Control Obligations. Cyber Security

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

Cyber Threat Landscape April 2013

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Risk Advisory Academy Training Brochure

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Real estate predictions 2017 What changes lie ahead?

RSA NetWitness Suite Respond in Minutes, Not Months

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

SIEM Solutions from McAfee

locuz.com SOC Services

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Continuous protection to reduce risk and maintain production availability

Building Resilience in a Digital Enterprise

The New Healthcare Economy is rising up

to Enhance Your Cyber Security Needs

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

CYBER SOLUTIONS & THREAT INTELLIGENCE

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

MITIGATE CYBER ATTACK RISK

Gujarat Forensic Sciences University

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Anticipating the wider business impact of a cyber breach in the health care industry

Multi-factor authentication enrollment guide for Deloitte client or business partner user

THE ACCENTURE CYBER DEFENSE SOLUTION

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Vulnerability Assessments and Penetration Testing

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

CYBER INSURANCE: MANAGING THE RISK

Incident Response Services

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Sage Data Security Services Directory

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Best Practices in Securing a Multicloud World

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cyber Risk Services Secure. Vigilant. Resilient. Deloitte Malta, Cyber

May the (IBM) X-Force Be With You

TRUE SECURITY-AS-A-SERVICE

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Security Awareness Training Courses

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Building and Testing an Effective Incident Response Plan

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Achieving effective risk management and continuous compliance with Deloitte and SAP

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The New Era of Cognitive Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Cybersecurity in Government

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

BHConsulting. Your trusted cybersecurity partner

align security instill confidence

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Managed Endpoint Defense

Automating the Top 20 CIS Critical Security Controls

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Cybersecurity The Evolving Landscape

How to be cyber secure A practical guide for Australia s mid-size business

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

CloudSOC and Security.cloud for Microsoft Office 365

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Fabrizio Patriarca. Come creare valore dalla GDPR

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Carbon Black PCI Compliance Mapping Checklist

Cyber Security: Are digital doors still open?

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Cyber crisis management: Readiness, response, and recovery

with Advanced Protection

RSA ADVANCED SOC SERVICES

Transcription:

Are we breached? Deloitte's Cyber Threat Hunting

Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the risk to our organization and our customers? 02

Brochure / report title goes here Section title goes here Deloitte s Cyber Threat Hunting will proactively detect if your organization has been compromised and whether the attacker is still in your environment, helping you contain the size of the impact sooner rather than later. 03

Brochure / report title goes here Section title goes here 04

Are we breached? Deloitte s Cyber Threat Hunting The adversary: Advanced Persistent Threats ( APTs ) Initiated by nation states and organized crime networks Target government and organizations with high-value, high-worth information APT groups steal information, disrupt marketplace, damage brand and reputation APTs are low and slow, penetrating without detection and impossible to identify with traditional methods Did you know? Most organizations are completely unaware that APTs are presently embedded within their infrastructure and have been for months or years, exfiltrating critical information without detection 05

Are we breached? Deloitte s Cyber Threat Hunting 01 Understanding an Advanced Persistent Threat A typical attack progression Pre-compromise Initial compromise Further compromise Exfiltrate and Hide The ATP group establishes an entry point through which to begin compromising, a single system on the network at first The ATP group identifies an organization based on specific objective and attempts to gain initial access through a targeted attack (e.g. spear-phishing) Using the initial compromise, the attack will move laterally across the internal network, gathering more intelligence to further its attack Once further penetration is established, the APT group can acquire and exfiltrate data from the network without being detected. (e.g., administrative controls) Then the ATP group will cover its track and persist within the network for future exploits. APT groups need only find one vulnerability to exploit in order to compromise a system and persist on a network hidden out of view. Deloitte s Cyber Threat Hunting helps organizations hunt the APT group and stop further compromise from happening. Most organizations have to defend against many vulnerabilities. This means organizations are struggling to defend against such APTs with their current security program 06

Are we breached? Deloitte s Cyber Threat Hunting 02 Using Intelligence to Unlock the impact of an APT Deloitte s Threat Intelligence and Analytics (TIA) service Critical to detecting and responding to APTs is leveraging the latest intelligence to understand the anatomy of the APT group, the extent of the compromise and the overall impact to your organization and organizations like yours. Intelligence is a key factor not only in identifying the APT but also in building an appropriate remediation plan. Our intelligence driven solution helps your organization proactively detect threats, improve your security posture and reduce the risk to your organization. Deloitte s Threat Intelligence and Analytics (TIA) service provides critical information for our Cyber Threat Hunting team. TIA provides information Identify Threats Cyber Threat Hunting Team is able to identify the type of threat actors that may be targeting your industry and companies like yours, the zero-day vulnerabilities APT groups are exploiting, and the indicators of compromise (IOCs) associated with APT groups. The intelligence gathered from Cyber Threat Hunting also feeds into our TIA service to help us with the on-going monitoring and management of cyber threats. Manage & Monitor 07

Are we breached? Deloitte s Cyber Threat Hunting 03 How Cyber Threat Hunting helps you The constantly evolving APT landscape shows us that no organization, regardless of size or industry may be immune to an attack. And when an attack happens, most organizations take far too long to identify the breach and avoid costly remediation activities. Cyber Threat Hunting is a proactive means to improve an organization s security posture and protect its reputation. Deloitte s goal is to find the APT before the attacker can syphon critical information from your organization. Deloitte will help you minimize the impact of the attack and identify how best to reduce future compromise. Deloitte's Cyber Threat Huntings is the proactive approach that enables you to address incidents sooner, when incidents are less costly to remediate. Deloitte provides a clear, executive-level report outlining your exposure. This helps your management team understand the organization s gaps and prioritize investment for improved cyber defenses. 08

Are we breached? Deloitte s Cyber Threat Hunting 04 Our Approach to Cyber Threat Hunting 3-phase Minimal Burden Engagement Once our technology is deployed, Deloitte remotely managesthe solution to conduct both a host-based and network review. During the host-based review, Deloitte will search for potential IoCs that would point to an intrusion. These IoCs are used for identifying compromises, anomalies, malware, vulnerabilities or other conditions that would expose a threat. During the network review, Deloitte searches for malicious communication and potential command and control activity from attackers, using network sensors we place at each major Internet egresspoint. Deploy Technology deployment Analyze Endpoint and network assessment Report Deloitte will provide the endpoint appliance, endpoint agents and network appliances that are to be deployed at the client s data centre. The client will be responsible for the physical deployment of the equipment and the software deployment of the agent. Once all technology is deployed, Deloitte requires remote access to the infrastructure to access the equipment. During the 2-week deployment, Deloitte will provide up to 40 hours of remote monitoring. Deloitte will utilize the endpoint technology to perform sweeps of all systems that have an agent deployed. Leveraging the latest threat intelligence and indicators of compromise (IoCs), we will perform sweeps across the network with an agreed-upon schedule to limit the impact to IT operations. At the same time of our endpoint assessment, Deloitte will analyze all Internet bound network traffic for IoCs that may indicate a compromise. If any malicious traffic is detected, we will capture this traffic for further analysis. Upon completion of the assessment, Deloitte will provide a report and executive briefing to present our findings and recommendations. 09

Are we breached? Deloitte s Cyber Threat Hunting You ve been breached, now what? 05 Deloitte s Cyber Incidence Response Deloitte has extensive experience helping organizations understand the implications of an APT and develop remediation plans. Where our clients do not have an incident response capability, Deloitte s Cyber Incident Response team can help you manage the incident effectively and resume normal operations as soon as possible. Incidence Response Our service offers clients the ability to call upon specialist support should they experience a cyber incident. This support can be provided remotely or on client site as required and helps the client understand and mitigate the cyber incident. Where the incident involves personal information, we can assist with notification, credit monitoring and protection services, and standing up a call centre or social media platform to communicate with affected individuals. We have partnerships with Public Relations and Communications firms, law firms, credit unions, call centres, fulfillment houses to quickly communicate with the public, customers, shareholders, and regulators and to manage brand and reputation Monitoring Service Once an incident has been remediated, organizations need to take a long-term view to managing cyber risk. Deloitte s Managed APT service provides a 24/7 hunting solution. Leveraging the endpoint and network visibility Deloitte established through your initial Cyber Threat Hunting engagement, Deloitte s Cyber Intelligence Centre will monitor your environment and enable you to proactively detect threat actors from compromising your network. 10

Brochure / report title goes here Section title goes here 06 The Deloitte Difference Deloitte s Cyber Threat Hunting is one component in a suite of services Deloitte offers to help your company become Secure, Vigilant and Resilient in the face of ever evolving cyber threats. Cyber Govern Cyber Monitor Cyber Protect Align and evolve the Cyber Security Program with your business continuity objectives. Advanced analytics monitoring, sensory, and analysis solutions to provide the threat analysis. Breach detection, advanced threat protection, secure code development services to provide focused managed threat solutions. Cyber Respond Cyber Manage Cyber Sense Cyber Check Threat response, containment, and eradication including cyber take-down, recovery, and forensics. Manage cyber readiness and preparation processes at all levels of the organization. Intelligence, surveillance, and brand monitoring capabilities to reduce exposure and threat profiles. Life-cycle based validation of security and threat posture from both an enterprise and threat actor perspective. 11

Contact Santiago Gutierrez +52 (55) 5080 6533 sangutierrez@deloittemx.com Fernando Bojorges +52 (55) 5080 7065 fbojorges@deloittemx.com Ivan Campos +52 (55) 5080 6828 icampos@deloittemx.com Ricardo Zarazua +52 (55) 5080 7679 rizarazua@deloittemx.com Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ mx/aboutus for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and advisory to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 225,000 professionals are committed to making an impact that matters. As used in this document, Deloitte means Galaz, Yamazaki, Ruiz Urquiza, S.C., which has the exclusive legal right to engage in, and limit its business to, providing auditing, tax consultancy, financial advisory, and other professional services in Mexico, under the name Deloitte. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person or entity who relies on this publication. 2016 Galaz, Yamazaki, Ruiz Urquiza, S.C.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback