Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Similar documents
Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

CloudSOC and Security.cloud for Microsoft Office 365

SYMANTEC DATA CENTER SECURITY

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Traditional Security Solutions Have Reached Their Limit

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

THE ACCENTURE CYBER DEFENSE SOLUTION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA NetWitness Suite Respond in Minutes, Not Months

2018 Cyber Security Predictions

Integrated, Intelligence driven Cyber Threat Hunting

Best Practices in Securing a Multicloud World

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

locuz.com SOC Services

Automated Threat Management - in Real Time. Vectra Networks

The New Era of Cognitive Security

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

CYBER SOLUTIONS & THREAT INTELLIGENCE

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

From Managed Security Services to the next evolution of CyberSoc Services

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Symantec Advanced Threat Protection: Endpoint

GDPR COMPLIANCE REPORT

SIEM Solutions from McAfee

May the (IBM) X-Force Be With You

Securing Digital Transformation

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

with Advanced Protection

How to Prepare a Response to Cyber Attack for a Multinational Company.

ForeScout ControlFabric TM Architecture

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Are we breached? Deloitte's Cyber Threat Hunting

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

RSA INCIDENT RESPONSE SERVICES

Run the business. Not the risks.

Cybersecurity Auditing in an Unsecure World

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Transforming IT: From Silos To Services

RSA INCIDENT RESPONSE SERVICES

Microsoft Security Management

CipherCloud CASB+ Connector for ServiceNow

Symantec Security Monitoring Services

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Noam Ikar R&DVP. Complex Event Processing and Situational Awareness in the Digital Age

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Internet of Things Toolkit for Small and Medium Businesses

GDPR: The Day After. Pierre-Luc REFALO

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Cybersecurity The Evolving Landscape

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Robert Potter Vice President Americas Symantec. Copyright 2016, Symantec Corporation

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Stopping Advanced Persistent Threats In Cloud and DataCenters

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Cylance Axiom Alliances Program

The Cloud Identity Crisis

SECURING THE CONNECTED ENTERPRISE.

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cybersecurity Roadmap: Global Healthcare Security Architecture

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Cyber Security Technologies

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cybersecurity Session IIA Conference 2018

Building a Resilient Security Posture for Effective Breach Prevention

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

ForeScout Extended Module for Splunk

Power of the Threat Detection Trinity

Compare Security Analytics Solutions

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Securing Your Digital Transformation

Device Discovery for Vulnerability Assessment: Automating the Handoff

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Building an Integrated Security Platform for the Future

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Security Challenges and

Qualys Cloud Platform

Transcription:

Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

The Race To Digitize Automotive Telematics In-vehicle entertainment Navigation Safety services Concierge services Remote diagnostics Personalized insurance Manufacturing Supply chain management Geo-fencing Machine diagnostics Inventory control Industrial automation control Equipment monitoring Retail & Finance Smart payments, cards Point of sale terminals ATM Vending machine monitoring Digital signage and electronic billboards Healthcare Home healthcare and hospital patient monitoring Remote telemedicine & physician consultation Body sensor monitoring Utilities Meter reading Industrial controls Pro-active alerts Smart Grid applications Remote temperature control Consumer Services Smart home appliances Connected home Video feed monitoring Copyright 2016 Symantec Corporation 2

Your Data casts a Digital Shadow that grows with every online interaction! Copyright 2016 Symantec Corporation 3

Our Growing CYBER-DEPENDENCE 3D PRINTING DRONES ROBOTS AUGMENTED HUMANS BIG DATA INTERNET OF THINGS SMART CITIES SOCIAL NETWORKS CRICTICAL INFRASTRUCTURE CYBER-CHAOS REGULATIONS MOBILITY CLOUDS LOSS OF TRUST INFORMATION EXPLOSION DIGITAL WILDFIRE HYPER-CONNECTIVITY DEEP WEB DARK CLOUDS PERVASIVE IT E-SABOTAGE CYBER-CONFLICTS MASSIVE DATA LOSS CYBER-ESPIONAGE IDENTITY THEFT DIGITAL EXTORTION TARGETED ATTACKS VULNERABILITIES SOCIAL ENGINEERING CYBER-CRIME Copyright 2016 Symantec Corporation

Already Compromised http://www.csoonline.com/article/2835080/data-breach/15-of-the-scariest-things-hacked.html

Changing Business Environment Common Challenges EXPANDED ATTACK SURFACE LARGE, COMPLEX ENVIRONMENTS ADVANCED ADVERSARIES BROAD-BASED IMPACTS Cloud Infrastructures Multiple Products Well-funded Targeted Attacks Mobile Protection Thousands of Servers Country Sponsored Internet of Everything Internet of Everything (IoT) BYOD Multiple Endpoints Lack of Talent Nation States Underground Market More Data at Risk Disguised Attacks Copyright 2016 Symantec Corporation 6

A MAJOR SKILLS GAP IS EMERGING I HAVE LOTS OF DATA.. BUT NO INFORMATION DATA SCIENCE IS UNDER-INVESTED, NOT WELL DEFINED AND UNDER-SKILLED

Threat Intelligence Framework A LIFE-CYCLE Threat Intelligence Capability Data Classification Confirm and prioritize Risk Automated Response Build Critical Capabilities Incident Response Indicators of Compromise (IoC)

Build Critical Capabilities USING INDICATORS OF COMPROMISE Suspect Indicator Deploy, Collaborate & Share Big Data Enabled Indicator Search Build Protection Strategies Big Data Enabled Attack Attribute Analysis Indicator of Compromise (IOC) or Breach Big Data Enabled Intelligence Aggregation Big Data Enabled Victim & Adversary Analysis Big Data Enabled Campaign Analysis Actionable Security Intelligence & Cyber Protection Copyright 2016 Symantec Corporation

Threat Intelligence Framework A LIFE-CYCLE Threat Intelligence Capability Data Classification Confirm and prioritize Risk Automated Response Analyst Diversity Build Critical Capabilities Incident Response Indicators of Compromise (IoC) Career Advancement Development Program Cyber Simulations Develop Analyst Skills 10

Copyright 2016 Symantec Corporation 11

Cyber Security Exercise Continuous skills development for Security Teams Fully managed SaaS and Platform-as-a- Service offering with global coverage Comprehensive scoring and reporting functionality Over 600 hours of live system challenge scenarios, covering different industry verticals Over 7,000+ participants in 30+ countries Scenarios designed for different levels of difficulty Exercises can be run 1 day monthly, quarterly or yearly Copyright 2016 Symantec Corporation 12

Threat Intelligence Framework A LIFE-CYCLE Commercial & OSINT Sources Establish Sources Internal Sources Government Sources Industry Sources Threat Intelligence Capability Data Classification Confirm and prioritize Risk Automated Response Analyst Diversity Development Program Cyber Simulations Incident Response Career Advancement Build Critical Capabilities Indicators of Compromise (IoC) Develop Analyst Skills 13

Establish Sources RICH TELEMETRY Internal Sources Crowdsourcing Employee Security Awareness Internal Forums / Distribution Lists Log and network data (SIEM, FW, etc) Industry Sources Supply Chain Partners Informal Industry Relationships (1-on-1) Formal Industry Organizations (ENISA, etc.) Open & Commercial Sources Vendor Threat feeds Security Intelligence Providers Public Threat Feeds (Zeus, SpyEye, etc.) Counter Intelligence & HUMINT capability Software-as-a-service (SaaS) threat alerting Government Sources Law Enforcement National Security Organizations Computer Emergency Readiness Teams (CERT) 14

Threat Intelligence Framework A LIFE-CYCLE Operationalize Intelligence Threat Analytics Commercial Sources Establish Sources Proactive Defense Threat Dissemination Internal Sources Government Sources Cyber Kill Chain OSINT & HUMINT Sources Threat Intelligence Capability Data Classification Confirm and prioritize Risk Automated Response Analyst Diversity Development Program Cyber Simulations Incident Response Career Advancement Build Critical Capabilities Indicators of Compromise (IoC) Develop Analyst Skills 15

Operationalize Intelligence THREAT ANALYTICS The ability to gather & query both external insight and internal visibility, essentially generating security intelligence, needs to be at the heart of any (big data) security analytics platforms Vulnerability Analysis IP Reputation DataFeeds & Lookups Providing better protection by: Predictive Analysis & Adversary Intelligence Earlier Event Detection & Prioritization Faster Incident Response & Better Risk Management Phishing Analysis URL Reputation DataFeeds & Lookups Email/Web Analysis Campaign & Incident Analysis and Lookups Malware Analysis & Lookups Strategic Analysis Threat Actor Profiles File Reputation Lookups Brand Protection TT&P Analysis Copyright 2016 Symantec Corporation

Symantec is the leader in cyber security big data analytics for many years. 1 billion+ systems 200M+ Norton & SEP users (the biggest source of telemetry) 9 security ops centers globally; 1000+ expert analysts 4 trillion rows of security telemetry 100 billion more/month Blocked 182 million threats last year Copyright 2016 Symantec Corporation 17

SOC Architecture Integration of Intelligence Cyber Intelligence Team Security Intelligence Feeds Security Analytics Log Collection & Archiving Threat Detection Team Log Analysis & Passive Discovery Cyber Intelligence Asset Discovery Real-time Monitoring Threat Prevention Team Threat & Vulnerability Management Intelligence Correlations Management of Security Devices / Operations Policy Testing & Risk Assessment Integrate 3 rd Party Solutions Reporting and Quality Assurance Network & Host Forensics Incident Response & Remediation Applied Intelligence Analysis & Reporting Threat Response Team Forensic Analysis & Visualization Controlled readiness Testing 360 o Contextual View Security Simulation Compliance & Audit Reports

Symantec Enterprise Security Strategy Integrated Solutions, Now with Bluecoat Common Cloud Console Management SaaS/IaaS Threat Protection Information Protection Analytics & SOC Management & Compliance PUBLIC CLOUD PRIVATE CLOUD ATP Endpoint Web Proxy DC Security Email Security DLP CASB VIP 2FA Managed PKI Encryption (SSL) Unified Analytics Platform and Apps Cyber Security Services (CSS) EPM Control Compliance Suite (CCS) SELF SERVICE On-Premise DATA CENTER Common Platform and Cloud Services (Integration, Analytics, Orchestration, Provisioning, Usage, Metering, Licensing, Identity Management) Common Cloud Infrastructure (IaaS): Public or Private Cloud 3S PARTNER RE-SELL DIRECT SELL 19

Thank you! haider_pasha@symantec.com Copyright 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback