SlideShare una empresa de Scribd logo

You can't detect what you can't see illuminating the entire kill chain

Fidelis Cybersecurity
Fidelis Cybersecurity

Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions. We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.

Tecnología
1 de 25
Descargar para leer sin conexión
You Can’t Detect What You Can’t See: Illuminating the Entire Kill Chain
© Fidelis Cybersecurity Today’s Speakers Dr. Chenxi Wang Founder, Rain Capital @chenxiwang Tim Roddy VP Cybersecurity Product Strategy Fidelis Cybersecurity 2
© Fidelis Cybersecurity Today’s IT Environment Is Complex Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 3
© Fidelis Cybersecurity Sensitive Data is Everywhere 4 Enterprise Servers
© Fidelis Cybersecurity Office 365 Adoption 5 Source: https://blog.barracuda.com/2017/10/12/office-365-active-usage-soars-some-still-unclear-on-security/
© Fidelis Cybersecurity AWS Is The Fifth Largest Software Business 6
© Fidelis Cybersecurity Your Visibility Is Fragmented Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 7 CASB Web/Email Gateways EDR/AV ? ? ? ?
© Fidelis Cybersecurity Doesn’t SIEM Handle This? Intelligence? 8 Analysis SIEM
© Fidelis Cybersecurity See patterns in network activity Security Analyst’s Day-to-Day Reality What’s the Solution? Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats 9
© Fidelis Cybersecurity Illuminate the Kill Chain - Follow These Steps Build Core competency 1. Get visibility into network, cloud apps, and endpoints 2. Deploy EDR to endpoints and servers 3. Integrate endpoint and network data to increase SOC efficiency 4. Ensure you have historical visibility … what happened in the past matters 5. Utilize Deception wherever meaningful Don’t forget these 1. Shine a light on IoT and other assets where you can’t deploy an agent 2. Don’t go at it alone - look at MDR to augment your capacity 10
© Fidelis Cybersecurity Look In (All of) the Right Places Existing breach detection and data loss prevention solutions don’t dig deep. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols 11
© Fidelis Cybersecurity Look In (All of) the Right Places Existing detection solutions don’t dig as deep as attackers hide. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols Most Security Solutions Only Look HERE But Attackers Live Here 12
© Fidelis Cybersecurity Unpeel the Content Onion What You Want to SeeWhat FW’s, IPS’s & Network Forensics Systems See 13 Same Information in Motion on the Network
© Fidelis Cybersecurity See Embedded Network Content (Inbound and Outbound) PDF DeflateText Malware ExcelText ZIP PPT MIME HTTP Text Gmail Malicious Inbound Content Classified Sensitive Outbound Content 14
© Fidelis Cybersecurity Gain Greater Endpoint Visibility and Insights to Ensure Faster Response 1 INCREASE visibility to see all endpoint activity and detect threats 2 REDUCE time to respond to threats 3 AUTOMATE Endpoint Response 4 ENHANCE your endpoint protection - in one agent 15
© Fidelis Cybersecurity The Value of Integrating Network and Endpoint Data VISIBILITY Trigger intelligent actions from dynamic analysis; close security lifecycle loop Instantly validate alerts by correlating network/ endpoint data with threat correlation engine Monitor endpoint activity; find compromised systems DETECTION RESPONSE Decrease Theft of Assets & IP Lower Overall Cost of Response Minimize Disruption to Business Mitigate Damage to Reputation/Integrity 16
© Fidelis Cybersecurity Look into the Past as Well as the Present via Rich Metadata Application & Protocol-Level Metadata Collected by Fidelis Content-Level Metadata Collected by Fidelis Web Applications Social Media Email Encrypted Web Access Internal File Share Other Attributes Documents Executable Files Archives (zip, rar, tar, gzip, etc.) Certificates Embedded Objects Other Attributes 17
© Fidelis Cybersecurity See Attackers’ Lateral Movements • Phish/Email • Drive-by Attack • Social Engineer • Open Exploit Human attackers lured to decoys by unstructured data (files, email, docs) Malware lured to decoys with structured data (apps, browsers) Attacks rarely land on desired asset, lateral movement is next step. * - breadcrumb Active Directory * * Automation discovers, creates, deploys and maintains ‘realistic’ deception layers. Active response with automated workflow and investigation. Decoys with interaction services and applications to engage attacks. 18
© Fidelis Cybersecurity Shine a Light on Blind Spots Where You Can’t DeployAgents 19 Gain insight into your resources Passive identification, profiling and classification Assets – Devices (servers, endpoint, IoT, legacy systems) Data – OS, Applications, Ports Communication Channels and Network Server Usage Shadow-IT tools, Home-grown appliances, App servers, Tools Servers: FTP, SSH, DNS, Proxy Discover Automatic processes vs. Human browsing sessions Internal and External activities Visualization graphs of asset connectivity
© Fidelis Cybersecurity Illuminate the SSL Blindspot 20 https proxy ICAP Malware and DLP scanning https 80% of Network traffic is now SSL and 50% of organizations don’t decrypt
© Fidelis Cybersecurity Augment your Staff with 24x7 Managed Detection and Response (MDR) Outsource Your Threat Hunting and Data Leakage Mitigation to Experts Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards 21
© Fidelis Cybersecurity Key Security Capabilities For Your Networks, Endpoints, Cloud and IoT Environments Visibility + Intelligence Visibility: Network Activity and Content; Endpoint Activity; Asset and Data Classification; Decoys Intelligence: From experienced IR and security operations analysts, sandboxing, machine learning, IOC feeds, and research Automated Detection and Response Automated Detection: Applies world-class intelligence to full visibility for contextual perspective Automated Response: Comes from understanding every detection and knowing what an experienced analyst would do next = 22
© Fidelis Cybersecurity Monitor theAttack Lifecycle and Data Exfiltration Identify activity on devices Breadcrumbs lure attackers & malicious insiders into decoys Distract attacker and defend Identify exfiltration Decoys activation & interaction Adversary Tool Usage Identify Exfiltration TTPs Network Network Inside your network DeceptionEndpoint Observe all traffic 23
© Fidelis Cybersecurity Leader inAutomated Detection & Response PROVEN SECURITY EXPERTISE • Established 2002, HQ in Washington, DC • Fortune 100 & DoD enterprise proven • 12 of the Fortune 50 • 24 of the Fortune 100 • Backed by Marlin Equity Partners • Experts in Incident Response and Security Assessments PATENTED INNOVATION • Fidelis Elevate Platform • Network Detection and Response • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Deception • Discovery and Classification of Data and Assets • Gartner Cool Vendor 2017 for Deception • Gartner Visionary 2017 for DLP 24
© Fidelis Cybersecurity Questions and Next Steps 25 Read the Datasheet www.fidelissecurity.com/resources/fidelis-elevate-overview Request a Personalized Demonstration www.fidelissecurity.com/products/security-operations-platform/demo See an On-Demand Fidelis Elevate Demo www.fidelissecurity.com/products/security-operations-platform/demo/video

Recomendados

Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
Fidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 

Recomendados

Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
Fidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
Fidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Fidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
IceQUICK
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Shah Sheikh
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Core Security
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 

Más contenido relacionado

La actualidad más candente

Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
Fidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
Dragos, Inc.
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Core Security
 

La actualidad más candente (20)

Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 

Similar a You can't detect what you can't see illuminating the entire kill chain

Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
Michael Noel
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 

Similar a You can't detect what you can't see illuminating the entire kill chain (20)

Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
Information Security
Information SecurityInformation Security
Information Security
 
Secure remote work
Secure remote workSecure remote work
Secure remote work
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

You can't detect what you can't see illuminating the entire kill chain

  • 1. You Can’t Detect What You Can’t See: Illuminating the Entire Kill Chain
  • 2. © Fidelis Cybersecurity Today’s Speakers Dr. Chenxi Wang Founder, Rain Capital @chenxiwang Tim Roddy VP Cybersecurity Product Strategy Fidelis Cybersecurity 2
  • 3. © Fidelis Cybersecurity Today’s IT Environment Is Complex Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 3
  • 4. © Fidelis Cybersecurity Sensitive Data is Everywhere 4 Enterprise Servers
  • 5. © Fidelis Cybersecurity Office 365 Adoption 5 Source: https://blog.barracuda.com/2017/10/12/office-365-active-usage-soars-some-still-unclear-on-security/
  • 6. © Fidelis Cybersecurity AWS Is The Fifth Largest Software Business 6
  • 7. © Fidelis Cybersecurity Your Visibility Is Fragmented Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 7 CASB Web/Email Gateways EDR/AV ? ? ? ?
  • 8. © Fidelis Cybersecurity Doesn’t SIEM Handle This? Intelligence? 8 Analysis SIEM
  • 9. © Fidelis Cybersecurity See patterns in network activity Security Analyst’s Day-to-Day Reality What’s the Solution? Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats 9
  • 10. © Fidelis Cybersecurity Illuminate the Kill Chain - Follow These Steps Build Core competency 1. Get visibility into network, cloud apps, and endpoints 2. Deploy EDR to endpoints and servers 3. Integrate endpoint and network data to increase SOC efficiency 4. Ensure you have historical visibility … what happened in the past matters 5. Utilize Deception wherever meaningful Don’t forget these 1. Shine a light on IoT and other assets where you can’t deploy an agent 2. Don’t go at it alone - look at MDR to augment your capacity 10
  • 11. © Fidelis Cybersecurity Look In (All of) the Right Places Existing breach detection and data loss prevention solutions don’t dig deep. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols 11
  • 12. © Fidelis Cybersecurity Look In (All of) the Right Places Existing detection solutions don’t dig as deep as attackers hide. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols Most Security Solutions Only Look HERE But Attackers Live Here 12
  • 13. © Fidelis Cybersecurity Unpeel the Content Onion What You Want to SeeWhat FW’s, IPS’s & Network Forensics Systems See 13 Same Information in Motion on the Network
  • 14. © Fidelis Cybersecurity See Embedded Network Content (Inbound and Outbound) PDF DeflateText Malware ExcelText ZIP PPT MIME HTTP Text Gmail Malicious Inbound Content Classified Sensitive Outbound Content 14
  • 15. © Fidelis Cybersecurity Gain Greater Endpoint Visibility and Insights to Ensure Faster Response 1 INCREASE visibility to see all endpoint activity and detect threats 2 REDUCE time to respond to threats 3 AUTOMATE Endpoint Response 4 ENHANCE your endpoint protection - in one agent 15
  • 16. © Fidelis Cybersecurity The Value of Integrating Network and Endpoint Data VISIBILITY Trigger intelligent actions from dynamic analysis; close security lifecycle loop Instantly validate alerts by correlating network/ endpoint data with threat correlation engine Monitor endpoint activity; find compromised systems DETECTION RESPONSE Decrease Theft of Assets & IP Lower Overall Cost of Response Minimize Disruption to Business Mitigate Damage to Reputation/Integrity 16
  • 17. © Fidelis Cybersecurity Look into the Past as Well as the Present via Rich Metadata Application & Protocol-Level Metadata Collected by Fidelis Content-Level Metadata Collected by Fidelis Web Applications Social Media Email Encrypted Web Access Internal File Share Other Attributes Documents Executable Files Archives (zip, rar, tar, gzip, etc.) Certificates Embedded Objects Other Attributes 17
  • 18. © Fidelis Cybersecurity See Attackers’ Lateral Movements • Phish/Email • Drive-by Attack • Social Engineer • Open Exploit Human attackers lured to decoys by unstructured data (files, email, docs) Malware lured to decoys with structured data (apps, browsers) Attacks rarely land on desired asset, lateral movement is next step. * - breadcrumb Active Directory * * Automation discovers, creates, deploys and maintains ‘realistic’ deception layers. Active response with automated workflow and investigation. Decoys with interaction services and applications to engage attacks. 18
  • 19. © Fidelis Cybersecurity Shine a Light on Blind Spots Where You Can’t DeployAgents 19 Gain insight into your resources Passive identification, profiling and classification Assets – Devices (servers, endpoint, IoT, legacy systems) Data – OS, Applications, Ports Communication Channels and Network Server Usage Shadow-IT tools, Home-grown appliances, App servers, Tools Servers: FTP, SSH, DNS, Proxy Discover Automatic processes vs. Human browsing sessions Internal and External activities Visualization graphs of asset connectivity
  • 20. © Fidelis Cybersecurity Illuminate the SSL Blindspot 20 https proxy ICAP Malware and DLP scanning https 80% of Network traffic is now SSL and 50% of organizations don’t decrypt
  • 21. © Fidelis Cybersecurity Augment your Staff with 24x7 Managed Detection and Response (MDR) Outsource Your Threat Hunting and Data Leakage Mitigation to Experts Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards 21
  • 22. © Fidelis Cybersecurity Key Security Capabilities For Your Networks, Endpoints, Cloud and IoT Environments Visibility + Intelligence Visibility: Network Activity and Content; Endpoint Activity; Asset and Data Classification; Decoys Intelligence: From experienced IR and security operations analysts, sandboxing, machine learning, IOC feeds, and research Automated Detection and Response Automated Detection: Applies world-class intelligence to full visibility for contextual perspective Automated Response: Comes from understanding every detection and knowing what an experienced analyst would do next = 22
  • 23. © Fidelis Cybersecurity Monitor theAttack Lifecycle and Data Exfiltration Identify activity on devices Breadcrumbs lure attackers & malicious insiders into decoys Distract attacker and defend Identify exfiltration Decoys activation & interaction Adversary Tool Usage Identify Exfiltration TTPs Network Network Inside your network DeceptionEndpoint Observe all traffic 23
  • 24. © Fidelis Cybersecurity Leader inAutomated Detection & Response PROVEN SECURITY EXPERTISE • Established 2002, HQ in Washington, DC • Fortune 100 & DoD enterprise proven • 12 of the Fortune 50 • 24 of the Fortune 100 • Backed by Marlin Equity Partners • Experts in Incident Response and Security Assessments PATENTED INNOVATION • Fidelis Elevate Platform • Network Detection and Response • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Deception • Discovery and Classification of Data and Assets • Gartner Cool Vendor 2017 for Deception • Gartner Visionary 2017 for DLP 24
  • 25. © Fidelis Cybersecurity Questions and Next Steps 25 Read the Datasheet www.fidelissecurity.com/resources/fidelis-elevate-overview Request a Personalized Demonstration www.fidelissecurity.com/products/security-operations-platform/demo See an On-Demand Fidelis Elevate Demo www.fidelissecurity.com/products/security-operations-platform/demo/video