Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA NetWitness Suite Respond in Minutes, Not Months

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Deep Instinct v2.1 Extension for QRadar

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

4/13/2018. Certified Analyst Program Infosheet

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

CONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

THE ACCENTURE CYBER DEFENSE SOLUTION

RSA INCIDENT RESPONSE SERVICES

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

McAfee Public Cloud Server Security Suite

Reducing the Cost of Incident Response

esendpoint Next-gen endpoint threat detection and response

Advanced Endpoint Protection

Transforming Security from Defense in Depth to Comprehensive Security Assurance

align security instill confidence

Traditional Security Solutions Have Reached Their Limit

Building Resilience in a Digital Enterprise

The Evolution of : Continuous Advanced Threat Protection

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

May the (IBM) X-Force Be With You

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

RSA INCIDENT RESPONSE SERVICES

Managed Endpoint Defense

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

AKAMAI CLOUD SECURITY SOLUTIONS

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Incident Response Services

Symantec Ransomware Protection

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Proactive Approach to Cyber Security

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Cloud and Cyber Security Expo 2019

CERT Development EFFECTIVE RESPONSE

TRUE SECURITY-AS-A-SERVICE

McAfee Endpoint Threat Defense and Response Family

Mastering The Endpoint

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Protecting organisations from the ever evolving Cyber Threat

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Security Operations 2018: What is Working? What is Not.

SIEM Solutions from McAfee

8 Must Have. Features for Risk-Based Vulnerability Management and More

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

The New Era of Cognitive Security

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

A Risk Management Platform

Comprehensive datacenter protection

BUILDING AND MAINTAINING SOC

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

SentinelOne Technical Brief

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Pieter Wigleven Windows Technical Specialist

Are we breached? Deloitte's Cyber Threat Hunting

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Gujarat Forensic Sciences University

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

ABB Ability Cyber Security Services Protection against cyber threats takes ability

INFINIT Y TOTAL PROTECTION

Resolving Security s Biggest Productivity Killer

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cybowall Solution Overview

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

ADVANCED THREAT HUNTING

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cylance Axiom Alliances Program

Carbon Black PCI Compliance Mapping Checklist

INTRODUCING SOPHOS INTERCEPT X

Readiness, Response & Resilence:

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Cyber Defense Operations Center

The Oracle Trust Fabric Securing the Cloud Journey

Transcription:

Designing an Adaptive Defense Security Architecture George Chiorescu FireEye

Designing an Adaptive Security Architecture Key Challanges Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers. Most organizations continue to overly invest in prevention-only strategies. Limited visibility in advanced attacks. Because enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to "incident response" is the wrong mindset. Source: Gartner s Report, Designing an Adaptive Security Architecture. Available at https://www2.fireeye.com/gtm_adv_rpt_gartner-designing-an-adaptive-security-architecture.html

Designing an Adaptive Security Architecture Recommandations Shift from Incident response to Continuous response. Adopt an adaptive security architecture. Spend less on prevention; invest in detection, response and predictive capabilities. Develop a security operations center that supports continuous monitoring. Source: Gartner s Report, Designing an Adaptive Security Architecture. Available at https://www2.fireeye.com/gtm_adv_rpt_gartner-designing-an-adaptive-security-architecture.html

UNRESTANDING THE ATTACK ATTACKERS UTILIZE MULTIPLE VECTORS AND MULTIPLE FLOWS TO COMPLETE THEIR MISSION DETECTING THE EXPLOIT IS KEY SINCE EVERY PHASE AFTER THAT CAN BE ENCRYPTED BY THE ATTACKER

ABOUT THE ADVERSARY ATTACKERS UTILIZE MULTIPLE VECTORS AND MULTIPLE FLOWS TO COMPLETE THEIR MISSION DETECTING THE EXPLOIT IS KEY SINCE EVERY PHASE AFTER THAT CAN BE ENCRYPTED BY THE ATTACKER

THE IMPACT OF THE TRADITIONAL MODEL 229 DAYS MEDIAN NUMBER OF DAYS BEFORE DETECTION 32 DAYS TO RESPOND TO A BREACH 67% OF COMPANIES LEARNED THEY WERE BREACHED FROM AN EXTERNAL ENTITY 100% OF VICTIMS HAD FIREWALLS OR UP- TO-DATE ANTI-VIRUS SIGNATURES S O U R C E : M A N D I A N T M - T R E N D S R E P O R T, P O N E M O N C O S T O F D A T A B R E A C H S T U D Y

THE IMPACT OF THE TRADITIONAL MODEL

THE IMPACT OF THE TRADITIONAL MODEL

THE IMPACT OF THE TRADITIONAL MODEL

Today s Malware is Highly Targeted 208,184 Malware Download 124,289 Unique Malware 75% of all the unique malware detected was seen ONCE 93,755 Malware Seen ONCE

The Adaptive Defense Security Model DETECT SIGNATURE-LESS AND MULTI FLOW VIRTUAL MACHINE BASED APPROACH THAT LEVERAGES SUPERIOR THREAT INTELLIGENCE PREVENT MULTI-VECTOR INLINE KNOWN AND UNKNOWN THREAT PREVENTION RESOLVE REMEDIATION SUPPORT AND THREAT INTELLIGENCE TO RECOVER AND IMPROVE RISK POSTURE CONTAINMENT, FORENSICS INVESTIGATION AND KILL CHAIN RECONSTRUCTION ANALYZE

The Adaptive Defense Security Model

The Adaptive Defense Security Model DETECTION AND PREVENTION TECHNOLOGY WITHIN VMs ACROSS VMs CROSS ENTERPRISE

The Adaptive Defense Security Model ENDPOINT SECURITY ARCHITECTURE MUST BE AGILE, FLEXIBLE, AND DEEPLY INTEGRATED. ADAPTIVE DEFENSE DETECT AND PREVENT Advanced Threat Detection (Signature- Less, Tamper resistant) Threat Prevention Across All Endpoints ANALYZE AND RESPOND Threat Intel (Network, Cloud) Endpoint Live Response (Validate, Contain, Search, Sweep) NEXT GENERATION ENDPOINT SOLUTION REQUIREMENTS DETECTION TO RESPONSE: detection, validation, containment, and remediation PROACTIVE AND ADAPTIVE: searching, sweeping, and advanced detection of unknown threats COMPREHENSIVE ENDPOINTS: on premise, remote and Mobile endpoints REAL-TIME INTELLIGENCE: real-time intelligence feeds from cloud and network alerts

The Adaptive Defense Security Model

The Adaptive Defense Security Model DETECT SIGNATURE-LESS AND MULTI FLOW VIRTUAL MACHINE BASED APPROACH THAT LEVERAGES SUPERIOR THREAT INTELLIGENCE TECHNOLOGY IDENTIFIES KNOWN, UNKNOWN, AND NON MALWARE BASED THREATS PREVENT INTEGRATED MULTI-VECTOR TO PROTECT INLINE ACROSS KNOWN ALL MAJOR AND ATTACK VECTORS UNKNOWN THREAT PREVENTION PATENTED VIRTUAL MACHINE TECHNOLOGY INTELLIGENCE DISCOVERED 16 OF THE LAST 25 ZERO-DAYS FRONT LINE INTEL FROM INCIDENT RESPONSE MILLIONS OF NETWORK & ENDPOINT SENSORS HUNDREDS OF INTEL AND MALWARE EXPERTS HUNDREDS OF THREAT ACTOR PROFILES RESOLVE REMEDIATION SUPPORT AND THREAT INTELLIGENCE TO RECOVER AND IMPROVE RISK POSTURE GO-TO RESPONDERS FOR SECURITY EXPERTISE ANALYZE INCIDENTS CONTAINMENT, FORENSICS HUNDREDS INVESTIGATION OF CONSULTANTS AND KILL AND CHAIN ANALYSTS RECONSTRUCTION UNMATCHED EXPERIENCE WITH ADVANCED ATTACKERS

Děkujeme za pozornost. George Chiorescu FireEye George.Chiorescu@FireEye.com 16. února 2011

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback