CHARLES DARWIN, CYBERSECURITY VISIONARY

Similar documents
Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Best Practices in Securing a Multicloud World

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Benefits of Implementing a SaaS Cybersecurity Solution Andras Cser, VP Principal Analyst

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Synchronized Security

Go mobile. Stay in control.

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

10 FOCUS AREAS FOR BREACH PREVENTION

Qualys Cloud Platform

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Identity & Access Management

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Secure access to your enterprise. Enforce risk-based conditional access in real time

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

the SWIFT Customer Security

Intelligent Edge Protection

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

SAP Security in a Hybrid World. Kiran Kola

Securing Your Cloud Introduction Presentation

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Google Identity Services for work

Crash course in Azure Active Directory

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Evolution Of Cyber Threats & Defense Approaches

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Hybrid Identity de paraplu in de cloud

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Managing Microsoft 365 Identity and Access

Device Discovery for Vulnerability Assessment: Automating the Handoff

Sophos. Allan Widell Channel Account Executive. 24. August 2017

Tracking changes in Hybrid Identity environments with both Active Directory and Azure Active Directory

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Secure wired and wireless networks with smart access control

ForeScout Extended Module for Splunk

Azure Active Directory from Zero to Hero

PrecisionAccess Trusted Access Control

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

RiskSense Attack Surface Validation for IoT Systems

Enterprise & Cloud Security

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Stopping Advanced Persistent Threats In Cloud and DataCenters

The Cognito automated threat detection and response platform

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity Roadmap: Global Healthcare Security Architecture

API MANAGEMENT WITH WEBMETHODS

Total Security Management PCI DSS Compliance Guide

How to Apply a Zero-Trust Model to Cloud, Data and Identity

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central

Transforming Security Part 2: From the Device to the Data Center

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Partner Center: Secure application model

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Cloud Customer Architecture for Securing Workloads on Cloud Services

McAfee epolicy Orchestrator

CIS Controls Measures and Metrics for Version 7

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

MODERN DESKTOP SECURITY

CIS Controls Measures and Metrics for Version 7

2017 THALES DATA THREAT REPORT

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

AT&T Endpoint Security

News and Updates June 1, 2017

The Now Platform Reference Guide

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

McAfee Advanced Threat Defense

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

CyberArk Privileged Threat Analytics

Tips for Passing an Audit or Assessment

Welcome to IBM Security Guardium Analyzer!

Segmentation for Security

Automating the Top 20 CIS Critical Security Controls

Transcription:

SESSION ID: SPO1-W12 CHARLES DARWIN, CYBERSECURITY VISIONARY Dan Schiappa SVP and GM, Products Sophos @dan_schiappa

It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change. 2 Charles Darwin (1809 1882)

Evolution 3

State of the Art Dashboard SECURITY OPERATIONS CENTER Alerts Management Response Logs Reports Significant step up Requires Analyst Resource intensive Manual analysis and response SECURITY CONTROLS Install Configure Set and Forget Firewall Web Wireless Email Server Encryption Mobile Endpoint RESOURCES AND ASSETS Users Applications Cloud Computing Instances SaaS Applications Devices Data Enterprise File Sharing

So Why Don t I Feel safer? You can t secure what you don t know is there You can t manage what you don t measure You can t fix what you don t know is broken 5

Evolution by Natural Selection Discovery Something is moving Identification Is this a predator, food, or a friend Response Fight or Flight 6 Analyze It could be predator or food depending on the situation

Evolution of Security Discovery Continuous discovery of devices, networks, apps, data, and workloads Identification Definition, collection, and organization Response Automated creation and enforcement Analyze Correlation and analysis of events, behaviors to the norm

Asset Discovery Config Benchmarking (CIS, etc.) Config Database Asset Database Compute Instance Data Libraries Applications [Containers] Operating System [Hypervisor] Physical Device Discovery Agents, APIs, passive observation, and active interrogation Classification Asset class determined by attributes and activity Evaluation Data valuation and configuration states 8

Class-based, Programmable Event Models ASSET CLASS EVENT MODEL Notebooks Servers Mobile Devices Domain Controllers IoT Devices EC2 instances Docker Containers Etc... { device": iphone X", "name": "William Brown", device_id": S3817216BA chip": A11 Bionic", storage": 128MB", osbuild : 15E218 }, { accelerometer": 37,23, ", gps": "51.6725448,- 1.2645493} } 9 Mobile Domain Controller { eventid": 4688", desc": New Process Created", account : administrator, cmdline : C:\temp\moosifer.bat }, { eventid": 4768", desc": Kerberos TGT requested", account": alexs", result": 0x12 },

Event Exchange Events Producer Events Consumer Optimization Coalesce Compress Serialize Privacy Anonymize Tokenize Encrypt Security Authentication Replay protection DoS protection. Performance Rate limiting Prioritization Queue management 10

SEAR: Sensors-Events-Analytics-Response Adaptive Response Agent Sensors Asset Event Model API (IaaS, SaaS, etc.) High Interaction Interfaces Analytics API Inferences Observations 11 Events Event Stream

Analytics Entity Models Threat Intelligence Identity Security Marketplace 12 Analytics Create mathematical models from events Continuously analyze against baseline Discover anomalies High-Interaction Interfaces Adaptively respond

Entity Modeling Entity Models Entity/Self Entity/Peers Entity/Enterprise Entity/Universe Analytics Model Construction Users, compute instances Continuously updated Modeled Data volumes URLs visited IP session partners File shares accessed Processes started Usage times and location Detections Outliers Anomalies / Impossibilities 13

Threat Intelligence Threat Intelligence Analytics Threat Intelligence Real-time and retrospective threat intelligence o o Sophos Labs 3 rd Party, supporting STIX and TAXII Vulnerability data Patch information 14

Identity and Continuous Authentication Identity SaaS Application Push Auth Confirmation Identity Provider Two Factor Analytics Authentication Federation and MFA Security attestations based on user/device health states Support for SAML, OAuth, and OpenID standards Support for push-auth Conditional authentication (and de-authentication) based on representations in Central Analytics platform 15

Security Marketplace Security Ecosystem API Everywhere Analytics External Data Access 3 rd parties can leverage data and events to develop complementary solutions (e.g. Dark Web analysis, training) Security Marketplace Data / Code Extensibility Trusted vendors could extend asset classes and event models, deliver new agents (e.g. VA, patch) 16

Darwinian View of Security Adaptive Response Agent Sensors Event Model Data Libraries Applications [Containers] Operating System [Hypervisor] Physical Device API (IaaS, SaaS, etc.) Entity Models Threat Intelligence Identity High Interaction Interfaces Analytics API Observations Events Security Marketplace Inferences Event Stream Identity Provider SaaS Application 17

Dynamic Policy Based on User Experience 1 Protection policies assigned to User Groups based on awareness 2 User awareness assessed via phishing simulations and training 4 Users get new policy based on Group membership 3 Users dynamically assigned to Groups based on behavior 18

Synchronized Security Use Case Hacker Employee Credential Compromise Command and Control Employee Data 2FA Phishing Email Enters Credentials CRM System Head of HR Applications CRM System Productivity Suite Designer Tools MFA Note Taking Collaboration Etc Install Backdoor Lateral Movement Crack Password Login and Search Set up Admin Accounts MFA Device Authentication accepted twice 1 2 3 4 5 6 Employee entering credentials on a site with no reputation Lateral movement to access Head of HR system Privilege escalation on Head of HR system Remote login to CRM system at same time as Head of HR Accept second factor authentication twice Multiple segmented downloads of employee database

Darwinian Compliance Coverage CIS TOP 20 SANS TOP 20 20

Apply What You Have Learned Today Now Next month Post Analysis In 6 Months Greatest survival benefit comes from adaptability Analyze your existing environment Do you know how many managed/unmanaged devices you have? Are you able to identify all the applications, users in your environment How much of your environment is on-prem, hosted, or shadow IT? Know thyself Define appropriate controls, changes for your environment Look for automation, not just information. You ll never be able to hire enough analysts and admins. Invest in systems which enable continuous discovery, threat scoring and adaptive response 21

Thank You! 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback