Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

942 visualizaciones

Publicado el

Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches

Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.

A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.

Download the webcast slides to learn:

--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches

Publicado en: Tecnología
  • Sé el primero en comentar

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting

  1. 1. PROACTIVE THREAT HUNTING: GAME-CHANGING ENDPOINT PROTECTION BEYOND ALERTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CHRIS WITTER – SR. DIRECTOR, HUNTING OPERATIONS CON MALLON – SR. DIRECTOR, PRODUCT MARKETING
  2. 2. FALCON PLATFORM CLOUD DELIVERED API 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING THREAT INTEL ENDPOINT DETECTION AND RESPONSE IT HYGIENE NEXT-GEN ANTIVIRUS ENDPOINT PROTECTION
  3. 3. A DEEPER DIVE INTO ‘HUNTING’
  4. 4. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. EDR MATURITY MODEL LEVEL OF PROTECTION NO EDR – reliant on ‘prevention’ – but what of the 1% that slips through? LIMITED EDR – ‘dumb collection’ approach where the burden is on the user to sift & search to find meaningful detections with limited response tools SMART EDR – ‘native automation’ automatically and prioritizes alerts and can prevent for you if needed - still struggling to find resources to implement hunting on the data set MANAGED DETECTION & RESPONSE – proactive managed hunting, investigation and response activity on emerging and advanced threats - leveraging rich data using advanced analytics in the hands of proven and experienced team of threat hunters
  5. 5. WHY DO WE NEED HUNTING? THE SECURITY PROBLEM THE PEOPLE PROBLEM THE DETECTION PROBLEM REACTIVE POSTURE PROACTIVE POSTURE Judging the intent of code Alert fatigue à False negatives New IOC / TTP? Detect novel threats? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  6. 6. WHICH IS LEADING TO THIS “By 2020, 15% of midsize and enterprise organizations will be using services like MDR, up from less than 1% today.” Gartner: Market Guide for Managed Detection and Response Services – May, 2016
  7. 7. WHAT IS HUNTING? A few common use cases cause us to perform “proactive” investigation: § Retroactive discovery → New intel, pattern matching, intrusion artifacts § New artifact discovery → Analysis of telemetry to discover outliers § Detection method discovery → Pattern/IOA hypothesis testing DEFINITION HYPOTHESIS “Hunting is the discovery of malicious artifacts or detection methods not accounted for in passive monitoring capabilities.”
  8. 8. WHERE DOES HUTING FIT INTO YOUR DETECTION PROGRAM? ANOMALY BEHAVIORAL ATOMIC HUNTING REGIMENT New Artifact Discovery Detection Method Discovery Retroactive Discovery Detect the tactic you know Detect what you don’t know Detect what you know HOLISTIC DETECTION PROGRAM
  9. 9. FALCON OVERWATCH MANAGED HUNTING FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Alert prioritization –pinpoint urgent threats and avoid false positives Guided remediation – work with your team to add clarity, speed and precision to support response efforts Threat Hunting – proactive 24x7 hunting eliminating false negatives
  10. 10. FALCON OVERWATCH 2017 OBSERVATIONS • Powershell • Mixed TTPs • Advanced <-> Everyday • Twitter à Attack
  11. 11. THE OVERWATCH MODEL
  12. 12. OUR APPROACH TO PROACTIVE HUNTING HUNTING STRATEGIC SOC Retroactive discovery New artifact discovery Detection method discovery 24x7 coverage Continuous investigation Intrusion triage & scoping + FALCON OVERWATCH Hunt Investigate Advise …Stop the breach
  13. 13. PLATFORM STACK OPERATORS TRADECRAFT TOOLS CYBER ACTOR CrowdStrike FALCON MANAGED HUNTING EDR NEXT-GEN AVTechnology Processes People
  14. 14. Falcon OverWatch Strategically Focused Hunting Security Operations Regimen CrowdStrike Threat Intelligence Cloud Analytics / ML CrowdStrike Services / IR SOC INCIDENT RESPONSE HUNTING ADVANCED ANALYTICS CustomerCrowdStrike
  15. 15. FALCON OVERWATCH IN DETAIL
  16. 16. FALCON OVERWATCH DATA & PROCESS FLOW CUSTOMER ENDPOINTS CONTINUOUS ENDPOINT DATA 1 FALCON UI • Detection details • EAM investigation • Intelligence/Actors 2 OVERWATCH ANALYTICS PLATFORM • Falcon data streams • Hunting triggers • Advanced analytics • Business logic 3 • Strategic analysis • Atomic + Behavioral + Anomaly detection • Rapid intrusion triage and scoping OVERWATCH HUNTERS 4 • Notification of intrusions/breaches • Expert operators <--> Support channel 5 CROWDSTRIKE CLOUD Patented Threat Graph ™
  17. 17. OVERWATCH IN-PRODUCT ALERTING
  18. 18. INVESTIGATING THE OVERWATCH ALERTS
  19. 19. INVESTIGATING THE OVERWATCH ALERTS
  20. 20. OVERWATCH EXAMPLE -SENDING RICH NOTIFICATIONS Summary Scenario Human Analysis Actionable Information
  21. 21. TO SUMMARIZE • Proactive managed hunting is for organizations that want an additional layer of protection to make sure that nothing gets missed • Falcon OverWatch is a managed threat hunting service built on the Falcon Platform to ensure that nothing gets missed and ultimately prevent the mega breach
  22. 22. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Additional Information Join Weekly Demos crowdstrike.com/productdemos Featured Asset: Proactive Hunting Whitepaper Link in Resource List Website: crowdstrike.com Email: info@crowdstrike.com Number: 1.888.512.8902 (US)

×