Think Like an Attacker

Similar documents
Think Like an Attacker

Reinvent Your 2013 Security Management Strategy

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Department of Management Services REQUEST FOR INFORMATION

Threat Centric Vulnerability Management

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

See What You ve Been Missing

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Building Resilience in a Digital Enterprise

RSA IT Security Risk Management

Symantec Security Monitoring Services

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Trustwave Managed Security Testing

locuz.com SOC Services

Transforming Security from Defense in Depth to Comprehensive Security Assurance

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Background FAST FACTS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Vulnerability Assessments and Penetration Testing

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

ForeScout Extended Module for Splunk

Integrated, Intelligence driven Cyber Threat Hunting

RSA NetWitness Suite Respond in Minutes, Not Months

Automating the Top 20 CIS Critical Security Controls

Device Discovery for Vulnerability Assessment: Automating the Handoff

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SIEMLESS THREAT DETECTION FOR AWS

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISE North America Leadership Summit and Awards

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

BUILDING AND MAINTAINING SOC

Unlocking the Power of the Cloud

White Paper. How to Write an MSSP RFP

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

TRUE SECURITY-AS-A-SERVICE

INTELLIGENCE DRIVEN GRC FOR SECURITY

Traditional Security Solutions Have Reached Their Limit

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Think Vulnerability Management Has Been Commoditized? You're using the wrong vendor.

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

McAfee epolicy Orchestrator

ForeScout ControlFabric TM Architecture

Un SOC avanzato per una efficace risposta al cybercrime

Total Protection for Compliance: Unified IT Policy Auditing

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Business Context: Key for Successful Risk Management

The McGill University Health Centre (MUHC)

NEXT GENERATION SECURITY OPERATIONS CENTER

A Risk Management Platform

Advanced Security Centers. Enabling threat and vulnerability services in a borderless world

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

Cyber Resilience. Think18. Felicity March IBM Corporation

Chapter 5: Vulnerability Analysis

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Symantec Advanced Threat Protection: Endpoint

CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR

Vulnerability Management. June Risk Advisory

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

A Practical Guide to Efficient Security Response

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Machine-Based Penetration Testing

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Best Practices in Securing a Multicloud World

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

An All-Source Approach to Threat Intelligence Using Recorded Future

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

Intelligent Security Management. Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure

Introducing Cyber Observer

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Qualys Cloud Platform

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

8 Must Have. Features for Risk-Based Vulnerability Management and More

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

align security instill confidence

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

BETTER Mobile Threat Defense (BMTD)

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Transcription:

Think Like an Attacker The Core Security Attack Intelligence Platform

Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An Alumni of SANS, Jackie has been very active with ISSA, serving as VP and Program Manager for over 5 years in Orange County. To increase attendance at ISSA meetings, she launched a recurring series of CISO Panels in Orange County and worked to improve meeting content to bring relevance and support membership drives. Jackie recently served as Program Manager for ISSA in San Diego to help increase attendance in that Chapter, bringing her concept of the CISO/Executive Panel format with her drive to drive attendance. Most recently, Jackie has worked with ISSA International in contributing her ideas for increasing attendance, putting on conferences and working with vendors.. As part of her current role at Core Security, Jackie hosts a series of thought leadership events including regular executive dinners to connect executives with their peers and provide them with opportunities to exchange ideas. 2

About CORE Security Leading provider of predictive security intelligence solutions Established: 1996, first commercial product: Core Impact 2001 Headquartered in Boston; engineering in Boston, Buenos Aires and India 1,600 customers, ~200 employees Segment leadership recognized by analysts, test labs Consistent award recognition from industry groups and media Diverse, experienced organization Experienced leadership Sophos, CA, Symantec, Seagate, IBM Active Customer Advisory Board and Core Customer Community Groundbreaking research & product development Leading edge consulting services brings field experience CoreLabs vulnerability research team world renowned High profile research community involvement Professional product and exploit development organization 6 patents approved / 7 pending Publish more than 200 exploits a year 3

CORE Security The Leading Provider of Predictive Security Intelligence Enterprise Class Security Intelligence Platform Identifies vulnerabilities and quantifies risk to critical assets on a continuous basis Commercial grade Penetration Testing Platform In depth, exploit based testing across web apps, network systems, end users & Wi Fi/mobile networks Premiere Support & Professional Services Organization Professional and consulting services, implementation, training and technical support Awards and Recognition 4

Assuring Effective Missions Objective: Utilize tools and techniques that enable efficient models of blue, grey, and red behavior (cyber and kinetic) to determine the correct course of action in the cyber domain Validate critical vulnerabilities to expedite remediation (reduce operational expenses by 50%+) Increase efficiency by pinpointing critical threats from amongst disparate data feeds Gain actionable information on the level of risk (helps CISO demonstrate business value) Demonstrate how security is enabling the organization to reach business goals Test security controls (only way to know if they are working is to test them) Determine if security investments are warranted by measuring their efficacy Scale security assessments via continuous monitoring (traditional testing does not scale) Expand scope, reach & frequency of testing without adding headcount or consulting Assess and analyze application vulnerabilities (improve SDLC processes) Reduce risk & save development $ by revealing web app. exposures before go live Test end users and endpoints (phish your end users, test security awareness program) Proactively address lapses in security awareness & reduce organizational threat surface Achieve comprehensive asset visibility (find and protect all critical assets) Reveal and track previously unknown systems and attack targets Understand your risk to prioritize remediation

Current State of Information Security Focused on detection and response Desire to reduce detection to response time through analytics Detect Analyze Respond 6

Proactive Security Mitigates Risk Lower Risk Profile Predict Remediate Proactive Detect Respond Reactive Mitigated Risk Higher Risk Profile 7

Are Your Critical Assets at Risk? Collect Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Mountains of Data Thousands of Vulnerabilities No Relevance to Business The traditional solution is to try and patch everything. epo GRC SIEM Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 8

Are Your Critical Assets at Risk? Collect Analyze Remediate Nessus MVM IP360 Qualys Nexpose Etc. DATA Attack Intelligence Platform Consolidate security data Simulate attack paths Actionable Information epo GRC SIEM Prioritize business risk Validate vulnerabilities Remediation IT/Network Ops Trustwave NTO App Scan Qualys Web Inspect Etc. 9

Think Like an Attacker Identify attack paths to key business assets Protect against the most likely threats Simulate the behavior of an actual attacker Prioritize remediation (compensating controls, system patching, firewall, etc) Greater knowledge of the attacker Attacker behavior Spend less time reacting to incidents Predict Attack Intelligence Remediate 10

2 Attack Paths to Your Critical Assets Attack Point Web Application Server Vulnerable Database Pivot Point Print Server Critical Business Asset (Ex. credit card database) Further test and validate vulnerable systems on attack paths 11

Slide 11 2 Add text explaining how all systems are vulnerable here, but only the ones along the attack path matter. Todd Harris, 3/17/2014

Extensible Attack Intelligence Platform Information Gathering Network Discovery Vulnerability Scanning Phishing Risk Analysis Attack Simulation Threat Modeling Exploit Correlation Exploit Validation Attack Path Testing Penetration Testing Compliance & Reports Risk Reports Role based Reports Business Reports Compliance Reports Attack Paths Correlation Rules Critical Asset Risk Attack Intelligence Platform Integration Framework Service Desk Remediation Vulnerability data Asset data Event alerts VM GRC SIEM 12

Core Security Attack Intelligence Attack Intelligence Core Insight Extensible platform to identify attack paths to critical business assets Protect against the most likely threats based on what an attacker would do Core Impact Pro Commercial grade penetration testing solution In depth, exploit based testing across web apps, network systems, end users & Wi Fi/mobile networks Core Security Consulting Services Specialized security services Advanced penetration testing, PCI compliance testing, application security testing Core Security Attack Intelligence Platform 13

About Core Security Leading provider of Attack Intelligence solutions Established: 1996, first commercial product: Core Impact 2001 Headquartered in Boston; engineering in Boston and Buenos Aires 1,600 customers, ~200 employees 15 years of accumulated experience 12,000+ Exploits Attack Planner research since 2003 Groundbreaking research & product development Advanced security consulting services Core Labs vulnerability research team world renowned Professional product and exploit development organization 8 patents approved / 4 pending 14

Convergence of Markets Security Analytics Security & Vulnerability Management Network Security Management Security Analytics CORE Network & Firewall Configuration Management 15 Attack Intelligence

Be More Proactive with Attack Intelligence Fewer Incidents, Lower Risk Proactive Pre breach Reactive Post breach Threat Vulnerability Incident Lower Risk Profile Higher Risk Profile 16

Attack Intelligence Will Tell You Attackers figure out a complete attack path through the layers of security stitching together multiple weaknesses into a complete path to the sensitive data or app. Multi vector (net, web, user/client) Goals: What are most important processes/assets are the jewels of your business? Payments? Ability to deliver services? Prioritization: Knowledge of attack paths allows apply patch or compensating security controls at the best spot. 17

Thank You Jackie Kalter Core Security jkalter@coresecurity.com 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback