SlideShare a Scribd company logo

Surviving a Security Breach with Preparation and Process

AlienVault
AlienVault

How to keep your head (and your job) when the worse case scenario happens. Due to the increasing frequency of security breaches, defining an action plan is critical for every security practitioner. Getting breached doesn’t determine whether or not you’ve got a good security program in place – but how you respond to one does. Join security expert Conrad Constantine of AlienVault, for an in-depth discussion on things you and your team should do today to prepare for information security breaches. You’ll get practical, lessons learned advice on: - The inevitability of security breaches - Preparing to survive security breaches - Threat identification and containment - Handling the aftermath so it’s not worse than the breach itself

Technology
1 of 26
Preparing for a Security Breach A guide to surviving the Infosec worst case scenario. Conrad Constantine Community Manager @AlienVault Sandy Hawke VP, Product Marketing @AlienVault
Introductions Meet today’s presenters Sandy Hawke, CISSP “I used to be an infosec guy” VP, Product Marketing AlienVault @sandybeachSF Conrad Constantine “I’m just some infosec guy” Community Manager, Head Geek AlienVault @cpconstantine 2
“Everyone has a plan until they get punched in the face.” --Mike Tyson Image source: http://www.onpath.com/blog-0/bid/74760/Everybody-has-a-plan-until-they-get-punched-in-the-face 3
Image source: http://richardultra.blogspot.com/2012/07/preparation.html 4
Death, Taxes, and now Breaches NO longer a question of if… …but when. *sigh* Image source: http://datalossdb.org/ 5
Why the Black Hats Always Win* *With credit to Val Smith for the title Defenders have to always be right, attackers only have to be right once. Image source: http://dizzyet.wordpress.com/category/the-dark-knight/ 6
Tales from the Trenches… Worked in Infosec since the mid-90’s Been a sysadmin, a pen-tester and an incident responder. I’ve worked on breaches ranging from mom and pop mail servers to the 2011 RSA Breach. I’ve never worked for one of those companies you pay to come in and handle your breach for you. It’s always been personal. 7
What You Don’t Know Will Hurt You “The Diversionary Attack you are ignoring, is actually the Main Assault” – Murphy’s Laws of Combat Image source: http://casablancapa.blogspot.com/2010/07/hiding-in-plain-sight.html 8
Separate the foxes from the dogs Monitor & Automate What’s / who’s online? What’s normal vs. abnormal? Are our controls working? What are the latest threats? Can I detect and defend against them? Image source: http://casablancapa.blogspot.com/2010/07/hiding-in-plain-sight.html 9
The Best Attacker, Is a Lazy Attacker Image source: http://www.heromachine.com/2009/07/04/random-panel-next-week-on-lazy-criminal-minds/ Not all of the attacks need to be “advanced” / APTs to be successful. In fact, most aren’t. 10
Rule #1 – Don’t Panic! I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain” Litany Against Fear – Frank Herbert – “DUNE” Image source: Hitchhiker’s Guide to the Galaxy 11
Keeping it Under Control Remain calm. Your intruders… Possess no psychic powers Are not space aliens with access to technology far beyond ours. Probably didn’t need vast amounts of insider information They were successful in breaking in so now you have to discover HOW Image source: The X-Files 12
An Ounce of Preparation… Discover when, where and how the event happened – what was taken, when, where Communicate this to your Executive Team. Your ability to deliver this information is entirely dependent upon what you have available to monitor today. “86% of victims had evidence of the breach in their log files” Verizon Data Breach Report - 2010 13
Extend Your “Team”: Collaboration is Key A breach will introduce you to a LOT of new people around the company (HR, Legal, Exec, etc.) Connect and collaborate with them now, before hair is on fire. Goals: Arrive at a common language, agree on priorities, communication channels, and chain of command Image source: http://www.idiomsbykids.com/ 14
Containing The Fire Leave No Stone Unturned. There are no absolutes. Burn out their access. Be prepared to prove the unprovable (as in, they’re now GONE) Logs are your friend. Make sure you can search them. 15
Kicking the Barbarians out of the Castle A good attacker will “blend in” Privileged access is their friend. Pivot, expand, pivot, expand. Capture network baselines Identify suspicious stuff Netflow analysis Service availability monitoring 16
Establishing a timeline Image source: http://www.n2growth.com/blog/the-facts-maam-just-the-facts/ 17
Importance of Logs: “Hiding In Plain Hind- sight” “The Diversionary Attack you are Ignoring, is actually the Main Assault” – Murphy’s Laws of Combat Operations 18
Importance of Shared Threat Intelligence Remember the lazy attacker? He’s using (and reusing) the same exploits against others (and you). Sharing (and receiving) collaborative threat intelligence makes us all more secure. 19
Need to Prioritize? Get Threat Intelligence! Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 20
The Technical Checklist  Automated asset discovery and inventory – what’s on my network and what software is running on it?  Behavioral monitoring / netflow analysis – what’s “normal” activity for my servers and my network?  Network, host-based IDS – what threats are active in my network now?  Log management / log search – “long, deep and wide”  Dynamic threat intelligence – threats are constantly changing, so should my defenses 21
The Process Checklist  Set expectations ahead of time:  Document for non-techs – explain what is involved in a security investigation (will save you time later!)  Agree on who will be doing what, when (NOW, not LATER)  Checklists for standard investigative procedures - user activity audits, system configuration changes, cross references to change control, etc.  Templates, tools, for recording long chains of evidence 22
Practice Makes Perfect The only that prepares you for a fight is… getting into a fight. Practice defense during pen-tests. Structured walk-throughs, Red Team exercises… all good. Image source: http://blog.lib.umn.edu/graz0029/ponderingpsychology/2012/04/practice-makes-perfector-does-it.html 23
Never walk into a fight armed with only “a plan”… Image source: http://www.15rounds.com/garcia-stops-remillard-in-ten-032611/ 24
Summary During a breach… it’s all about process and personalities. What can you do now? Implement essential monitoring and detection technologies. Build strong relationships – they will be tested during crisis time! Develop established communication channels, and document them. Run through your checklists and practice sessions 25
Next Steps / Q&A Request an AlienVault USM demo at: www.alienvault.com/schedule-demo.html Request a free trial of AlienVault USM: http://www.alienvault.com/free-trial Not quite ready for all that? Test drive our open source project - OSSIM here: communities.alienvault.com/ Need more info to get started? Try our knowledge base here: alienvault.bloomfire.com These resources are also in the Attachments section Join the conversation! @alienvault #AlienIntel 26

Recommended

Defender economics
Defender economicsDefender economics
Defender economicsaddelindh
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 

Recommended

Defender economics
Defender economicsDefender economics
Defender economicsaddelindh
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Three Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response ProgramThree Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response ProgramMorphick
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Lateral Movement by Default
Lateral Movement by DefaultLateral Movement by Default
Lateral Movement by DefaultInnoTech
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Advanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The HypeAdvanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The HypeSymantec
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 

More Related Content

What's hot

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Three Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response ProgramThree Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response ProgramMorphick
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneNebula
 
BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziNCCOMMS
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Lateral Movement by Default
Lateral Movement by DefaultLateral Movement by Default
Lateral Movement by DefaultInnoTech
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTcentralohioissa
 
Advanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The HypeAdvanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The HypeSymantec
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 

What's hot (20)

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
Three Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response ProgramThree Considerations To Amplify Your Detection and Response Program
Three Considerations To Amplify Your Detection and Response Program
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. PayneBeyond the Hype: Understanding Cloud Security by Bryan D. Payne
Beyond the Hype: Understanding Cloud Security by Bryan D. Payne
 
BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven Defense
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Lateral Movement by Default
Lateral Movement by DefaultLateral Movement by Default
Lateral Movement by Default
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
Jerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINTJerod Brennen - What You Need to Know About OSINT
Jerod Brennen - What You Need to Know About OSINT
 
Advanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The HypeAdvanced Persistent Threats Cutting Through The Hype
Advanced Persistent Threats Cutting Through The Hype
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 

Viewers also liked

How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 
When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?Edge Pereira
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack PresentationCreditCardFinder
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 

Viewers also liked (11)

How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breach
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threats
 
Security Breach Laws
Security Breach LawsSecurity Breach Laws
Security Breach Laws
 
When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Vlvj corp ppt
Vlvj corp pptVlvj corp ppt
Vlvj corp ppt
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 

Similar to Surviving a Security Breach with Preparation and Process

huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdfCecilSu
 
Huntpedia
HuntpediaHuntpedia
HuntpediaJc Sv
 
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)Vale Security Conference
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tpinkflawd
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of SpartaLancope, Inc.
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Fantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themFantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themVlad Styran
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill ChainEMC
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys? SITA
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillThe Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillFrode Hommedal
 
31 c0n2017 final
31 c0n2017 final31 c0n2017 final
31 c0n2017 finalBryan Fite
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemCyphort
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksAlienVault
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 

Similar to Surviving a Security Breach with Preparation and Process (20)

huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdf
 
Huntpedia
HuntpediaHuntpedia
Huntpedia
 
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
La Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren'tLa Quadrature Du Cercle - The APTs That Weren't
La Quadrature Du Cercle - The APTs That Weren't
 
Security
SecuritySecurity
Security
 
The Library of Sparta
The Library of SpartaThe Library of Sparta
The Library of Sparta
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Fantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themFantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from them
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill Chain
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillThe Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
 
31 c0n2017 final
31 c0n2017 final31 c0n2017 final
31 c0n2017 final
 
Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
 
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber AttacksThe Lazy Attacker: Defending Against Broad-based Cyber Attacks
The Lazy Attacker: Defending Against Broad-based Cyber Attacks
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?AlienVault
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICAlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
 
How Malware Works
How Malware WorksHow Malware Works
How Malware WorksAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Surviving a Security Breach with Preparation and Process

  • 1. Preparing for a Security Breach A guide to surviving the Infosec worst case scenario. Conrad Constantine Community Manager @AlienVault Sandy Hawke VP, Product Marketing @AlienVault
  • 2. Introductions Meet today’s presenters Sandy Hawke, CISSP “I used to be an infosec guy” VP, Product Marketing AlienVault @sandybeachSF Conrad Constantine “I’m just some infosec guy” Community Manager, Head Geek AlienVault @cpconstantine 2
  • 3. “Everyone has a plan until they get punched in the face.” --Mike Tyson Image source: http://www.onpath.com/blog-0/bid/74760/Everybody-has-a-plan-until-they-get-punched-in-the-face 3
  • 5. Death, Taxes, and now Breaches NO longer a question of if… …but when. *sigh* Image source: http://datalossdb.org/ 5
  • 6. Why the Black Hats Always Win* *With credit to Val Smith for the title Defenders have to always be right, attackers only have to be right once. Image source: http://dizzyet.wordpress.com/category/the-dark-knight/ 6
  • 7. Tales from the Trenches… Worked in Infosec since the mid-90’s Been a sysadmin, a pen-tester and an incident responder. I’ve worked on breaches ranging from mom and pop mail servers to the 2011 RSA Breach. I’ve never worked for one of those companies you pay to come in and handle your breach for you. It’s always been personal. 7
  • 8. What You Don’t Know Will Hurt You “The Diversionary Attack you are ignoring, is actually the Main Assault” – Murphy’s Laws of Combat Image source: http://casablancapa.blogspot.com/2010/07/hiding-in-plain-sight.html 8
  • 9. Separate the foxes from the dogs Monitor & Automate What’s / who’s online? What’s normal vs. abnormal? Are our controls working? What are the latest threats? Can I detect and defend against them? Image source: http://casablancapa.blogspot.com/2010/07/hiding-in-plain-sight.html 9
  • 10. The Best Attacker, Is a Lazy Attacker Image source: http://www.heromachine.com/2009/07/04/random-panel-next-week-on-lazy-criminal-minds/ Not all of the attacks need to be “advanced” / APTs to be successful. In fact, most aren’t. 10
  • 11. Rule #1 – Don’t Panic! I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain” Litany Against Fear – Frank Herbert – “DUNE” Image source: Hitchhiker’s Guide to the Galaxy 11
  • 12. Keeping it Under Control Remain calm. Your intruders… Possess no psychic powers Are not space aliens with access to technology far beyond ours. Probably didn’t need vast amounts of insider information They were successful in breaking in so now you have to discover HOW Image source: The X-Files 12
  • 13. An Ounce of Preparation… Discover when, where and how the event happened – what was taken, when, where Communicate this to your Executive Team. Your ability to deliver this information is entirely dependent upon what you have available to monitor today. “86% of victims had evidence of the breach in their log files” Verizon Data Breach Report - 2010 13
  • 14. Extend Your “Team”: Collaboration is Key A breach will introduce you to a LOT of new people around the company (HR, Legal, Exec, etc.) Connect and collaborate with them now, before hair is on fire. Goals: Arrive at a common language, agree on priorities, communication channels, and chain of command Image source: http://www.idiomsbykids.com/ 14
  • 15. Containing The Fire Leave No Stone Unturned. There are no absolutes. Burn out their access. Be prepared to prove the unprovable (as in, they’re now GONE) Logs are your friend. Make sure you can search them. 15
  • 16. Kicking the Barbarians out of the Castle A good attacker will “blend in” Privileged access is their friend. Pivot, expand, pivot, expand. Capture network baselines Identify suspicious stuff Netflow analysis Service availability monitoring 16
  • 17. Establishing a timeline Image source: http://www.n2growth.com/blog/the-facts-maam-just-the-facts/ 17
  • 18. Importance of Logs: “Hiding In Plain Hind- sight” “The Diversionary Attack you are Ignoring, is actually the Main Assault” – Murphy’s Laws of Combat Operations 18
  • 19. Importance of Shared Threat Intelligence Remember the lazy attacker? He’s using (and reusing) the same exploits against others (and you). Sharing (and receiving) collaborative threat intelligence makes us all more secure. 19
  • 20. Need to Prioritize? Get Threat Intelligence! Network and host-based IDS signatures – detects the latest threats in your environment Asset discovery signatures – identifies the latest OS’es, applications, and device types Vulnerability assessment signatures – dual database coverage to find the latest vulnerabilities on all your systems Correlation rules – translates raw events into actionable remediation tasks Reporting modules – provides new ways of viewing data about your environment Dynamic incident response templates – delivers customized guidance on how to respond to each alert Newly supported data source plug-ins – expands your monitoring footprint 20
  • 21. The Technical Checklist  Automated asset discovery and inventory – what’s on my network and what software is running on it?  Behavioral monitoring / netflow analysis – what’s “normal” activity for my servers and my network?  Network, host-based IDS – what threats are active in my network now?  Log management / log search – “long, deep and wide”  Dynamic threat intelligence – threats are constantly changing, so should my defenses 21
  • 22. The Process Checklist  Set expectations ahead of time:  Document for non-techs – explain what is involved in a security investigation (will save you time later!)  Agree on who will be doing what, when (NOW, not LATER)  Checklists for standard investigative procedures - user activity audits, system configuration changes, cross references to change control, etc.  Templates, tools, for recording long chains of evidence 22
  • 23. Practice Makes Perfect The only that prepares you for a fight is… getting into a fight. Practice defense during pen-tests. Structured walk-throughs, Red Team exercises… all good. Image source: http://blog.lib.umn.edu/graz0029/ponderingpsychology/2012/04/practice-makes-perfector-does-it.html 23
  • 24. Never walk into a fight armed with only “a plan”… Image source: http://www.15rounds.com/garcia-stops-remillard-in-ten-032611/ 24
  • 25. Summary During a breach… it’s all about process and personalities. What can you do now? Implement essential monitoring and detection technologies. Build strong relationships – they will be tested during crisis time! Develop established communication channels, and document them. Run through your checklists and practice sessions 25
  • 26. Next Steps / Q&A Request an AlienVault USM demo at: www.alienvault.com/schedule-demo.html Request a free trial of AlienVault USM: http://www.alienvault.com/free-trial Not quite ready for all that? Test drive our open source project - OSSIM here: communities.alienvault.com/ Need more info to get started? Try our knowledge base here: alienvault.bloomfire.com These resources are also in the Attachments section Join the conversation! @alienvault #AlienIntel 26