SlideShare una empresa de Scribd logo

Be the Hunter

Descargar como PPTX, PDF
Rahul Neel Mani
Rahul Neel Mani

Sudeep Das, Principal Consultant, RSA

Tecnología
1 de 18
BE THE HUNTER
2 At first, there were HACKS Preventative controls filter known attack paths EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus Corporate Assets Whitespace Successful HACKS
3 At first, there were HACKS Preventative controls filter known attack paths Then, ATTACKS Despite increased investment in controls, including SIEM EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus More Logs Corporate Assets S I E M Blocked Session Blocked Session Blocked Session Alert Whitespace Successful ATTACKS
44 A new approach is needed
55 Organizations’ overall assessment of their risk / security capabilities: Cybersecurity Poverty Index Current security approaches are failing Significant Cybersecurity Risk Exposure 75% Advantaged Capabilities 5% Mature Security Strategies 20% 5
6 Shift priorities and capabilities Today’s Priorities Prevention Response Monitoring Monitoring Prevention Response Future State 6
7 Now, successful ATTACK CAMPAIGNS target any and all whitespace. Complete visibility into every process and network sessions is required to eradicate the attacker opportunity. Unified platform for advanced threat detection & investigations EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus Logs EndpointVisibility Corporate Assets Blocked Session Blocked Session Blocked Session Alert Process NetworkVisibility Network Sessions SecurityAnalytics
8 On Prem Cloud Capture, enrich and analyze data from across your network RSA Security Analytics Platform Investigation Compliance Reporting Endpoint Analysis Session Reconstruction Incident Management Capture Time Data Enrichment LIVE LOGS PACKETS ENDPOINT NETFLOW ActionAnalysisVisibility LIVE Threat Intel | Biz Context RSA LIVE Advanced Analytics ENRICH Rules | Parsers | DS Models Reports | Feeds Powered by RSA Research, Incident Response & Engineering LIVE
9 Network Threat Detection and Forensics HTTP Headers Basic Packet Capture Attachment File Fingerprints Session Size Country Src/Dst URL Hostname IP Alias Forwarded Directory File Packers Non Standard Content Type Ethernet Connection Embedded Objects Top Level Domain Access Criticality Sql Query Mac Address Alias Email Address Cookie Browser Credit Cards Protocol Fingerprints Database Name SSL CA/Subject URL in Email Referrer Language Crypto Type PDF/ Flash Version Client/Server Application User Name Port User Agent IP Src/Dst Deep Network Forensics 175+ metadata fields Protocols Ethernet Modbus DNMP3 PROFIBUS ControlNet
10 RSA ECAT Scan Techniques Live Memory Analysis Disk Inspection Network Traffic Analysis • Detect & analyze suspicious traffic • Full system inventory • Executables, DLLs, Drivers, etc. • Find files on disk & inspect • Validate integrity of system & files • Identify hidden processes, modifications & tampering Compare & Flag Anomalies
11 Evolved Security Requirements EFFICIENT RESPONSE Incident response, investigations and systems management need to be integrated and Easy to Use ENDPOINT TO CLOUD VISIBILITY Fuse together network, endpoint and system data & threat intelligence for Complete Visibility RAPID INVESTIGATIONS Leverage Visibility to Investigate Incidents rapidly and completely such that Prioritized Actions can be taken to mitigate Incidents ADVANCED THREAT DETECTION Utilize intelligence, context and Advanced Analytics to highlight potential incidents from normal activity
12 Prioritized Action LIVE Alerts Investigation Workflow GRC On Prem Cloud LOGS PACKETS ENDPOINT NETFLOW
13 DomainRSASecOps Framework & Alignment People Process Technology Incident Response Breach Response SOC Program Management RSA SECURITY OPERATIONS MANAGEMENT
14 Thank You Sudeep.das@rsa.com
15 LOS ANGELES WORLD AIRPORTS Achieving Control & Visibility with RSA Security Analytics, RSA SecOps & RSA ECAT Challenges • Los Angeles World Airports needs to track everything that happens within its environment • Working frequently with the FBI and the Secret Service, it has to be accountable for its cyber security • Its goal is to have real-time detection of security events in order to ensure public safety • Its SIEM did not give the IR team deep visibility into endpoint devices when responding to malware or APTs Results • RSA Security Analytics has enabled LAWA to greatly improve the speed of its response to immediate threats • The solution enables deep-dive into payloads before and after a security event and delivers more information about each device than was previously possible • The RSA Archer solution has also helped shorten incident response time as analysts can see all the information the need in one place, rather than spending time searching for it “My favorite thing about Security Analytics is the great forensics capability, that it can deep dive into payloads before and after a security event. In addition, you get more information from the same device. For example, if you receive firewall logging information, you actually get more from Security Analytics than any other SIEM that I have.” - BOB CHEONG, CISO, LOS ANGELES WORLD AIRPORTS
16 KMD Boosting Attack Defenses and Cutting Response Times with RSA Challenges • As the IT service provider to the Danish government, KMD handles personal data about almost all Danish citizens. It is imperative that it protects this information. • A growth in rate, volume and complexity of cyber attacks has increased in recent years, KMD needed a more in depth approach to monitoring and combating threats. Results • A combination of RSA Security Analytics, ECAT and Security Operations Management enable the KMD team to identify and address potential breaches rapidly. • RSA Archer collates all alerts and feeds to provide clear visibility of the organization’s security posture. “With RSA… we don't have any missing pieces anymore. We can detect advanced malware and security incidents on the perimeter, and use RSA Archer to register and handle them all. It's the backbone of our security analytics center.” - RASMUS THEEDE, CORPORATE VP GROUP SECURITY, KMD
17 PARTNERS HEALTHCARE Boosting Visibility and Insights with RSA Security Analytics Challenges • Partners HealthCare holds patient data, intellectual property and employee personal information, all of which must be protected • Security is an increasingly important priority for the board, so clear visibility and reporting on security status is essential • The organization needed to boost automation and standardize processes to enhance its security posture and compliance Results • RSA Security Analytics provides clear visibility across all network traffic, allowing the team to identiy correlations across the business • RSA Archer provides enterprise-wide GRC support, integrating input from SOC and other feeds, an enabling the team to create standard processes and workflows “Analytics are critical. [RSA Security Analytics] can help us determine standard behavior, and what’s one standard deviation away, or two standard deviations away, so that we have better visibility into what potential attackers are doing.” - JIGAR KADAKIA, CHIEF INFORMATION SECURITY AND PRIVACY OFFICER, PARTNERS HEALTHCARE
18 ADP Keeping personal Data Private with RSA Security Analytics Challenges • As a global provider of HR and payroll services, ADP handles more social security data than any other company. It is imperative that it protects this information. • ADP needed to understand cyberthreats and fraud attempts, inside and outside its environment. Results • RSA Security Analytics enables the ADP team to see attacks across the entire infrastructure. • RSA Archer® collates all security information and business processes to provide clear visibility of the organization’s security posture. “RSA Security Analytics is used to defend ADP every single day. It gives us the ability to see attacks across our entire infrastructure.” - ROLAND CLOUTIER, GLOBAL CHIEF SECURITY OFFICER, ADP

Recomendados

Building Cyber Resilience at the Speed of Business
Building Cyber Resilience at the Speed of BusinessBuilding Cyber Resilience at the Speed of Business
Building Cyber Resilience at the Speed of BusinessRahul Neel Mani
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 

Recomendados

Building Cyber Resilience at the Speed of Business
Building Cyber Resilience at the Speed of BusinessBuilding Cyber Resilience at the Speed of Business
Building Cyber Resilience at the Speed of BusinessRahul Neel Mani
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
INFINITY Presentation
INFINITY PresentationINFINITY Presentation
INFINITY PresentationCristian Garcia G.
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Understanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyUnderstanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyPriyanka Aash
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10MarketingArrowECS_CZ
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudSymantec
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 

Más contenido relacionado

La actualidad más candente

Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Understanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyUnderstanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyPriyanka Aash
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10MarketingArrowECS_CZ
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecuritySymantec
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsBitglass
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudSymantec
 

La actualidad más candente (20)

INFINITY Presentation
INFINITY PresentationINFINITY Presentation
INFINITY Presentation
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Understanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyUnderstanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security Strategy
 
Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10Check Point Infinity powered by R80.10
Check Point Infinity powered by R80.10
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud SecurityGet Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Mitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security ThreatsMitigating the Top 5 Cloud Security Threats
Mitigating the Top 5 Cloud Security Threats
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the CloudINFOGRAPHIC▶ Protecting Corporate Information In the Cloud
INFOGRAPHIC▶ Protecting Corporate Information In the Cloud
 

Similar a Be the Hunter

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptxAgusNursidik
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS Cristian Garcia G.
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAlgoSec
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 

Similar a Be the Hunter (20)

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Prezentare_RSA.pptx
Prezentare_RSA.pptxPrezentare_RSA.pptx
Prezentare_RSA.pptx
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Adaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven ApproachAdaptive Security and Incident Response - A Business-Driven Approach
Adaptive Security and Incident Response - A Business-Driven Approach
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
CCA study group
CCA study groupCCA study group
CCA study group
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 

Más de Rahul Neel Mani

7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 ReportRahul Neel Mani
 
TweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeTweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeRahul Neel Mani
 
Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Rahul Neel Mani
 
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, MumbaiRahul Neel Mani
 
CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 Rahul Neel Mani
 
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Rahul Neel Mani
 
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Rahul Neel Mani
 
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Rahul Neel Mani
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Rahul Neel Mani
 
CIO Productivity Conclave 2016
CIO Productivity Conclave 2016CIO Productivity Conclave 2016
CIO Productivity Conclave 2016Rahul Neel Mani
 
Take Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarTake Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarRahul Neel Mani
 

Más de Rahul Neel Mani (20)

7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
 
TweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeTweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital Initiative
 
Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017
 
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
 
CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 CIO Productivity Conclave 2017
CIO Productivity Conclave 2017
 
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
 
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
 
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 
Cyber Crime Management
Cyber Crime ManagementCyber Crime Management
Cyber Crime Management
 
ABC of Infosec
ABC of InfosecABC of Infosec
ABC of Infosec
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
CIO Productivity Conclave 2016
CIO Productivity Conclave 2016CIO Productivity Conclave 2016
CIO Productivity Conclave 2016
 
Take Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarTake Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva Kumar
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Be the Hunter

  • 2. 2 At first, there were HACKS Preventative controls filter known attack paths EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus Corporate Assets Whitespace Successful HACKS
  • 3. 3 At first, there were HACKS Preventative controls filter known attack paths Then, ATTACKS Despite increased investment in controls, including SIEM EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus More Logs Corporate Assets S I E M Blocked Session Blocked Session Blocked Session Alert Whitespace Successful ATTACKS
  • 4. 44 A new approach is needed
  • 5. 55 Organizations’ overall assessment of their risk / security capabilities: Cybersecurity Poverty Index Current security approaches are failing Significant Cybersecurity Risk Exposure 75% Advantaged Capabilities 5% Mature Security Strategies 20% 5
  • 6. 6 Shift priorities and capabilities Today’s Priorities Prevention Response Monitoring Monitoring Prevention Response Future State 6
  • 7. 7 Now, successful ATTACK CAMPAIGNS target any and all whitespace. Complete visibility into every process and network sessions is required to eradicate the attacker opportunity. Unified platform for advanced threat detection & investigations EVOLUTION OF THREAT ACTORS & DETECTION IMPLICATIONS Malicious Traffic Firewall Threat Actors IDS/IPS AntiVirus Logs EndpointVisibility Corporate Assets Blocked Session Blocked Session Blocked Session Alert Process NetworkVisibility Network Sessions SecurityAnalytics
  • 8. 8 On Prem Cloud Capture, enrich and analyze data from across your network RSA Security Analytics Platform Investigation Compliance Reporting Endpoint Analysis Session Reconstruction Incident Management Capture Time Data Enrichment LIVE LOGS PACKETS ENDPOINT NETFLOW ActionAnalysisVisibility LIVE Threat Intel | Biz Context RSA LIVE Advanced Analytics ENRICH Rules | Parsers | DS Models Reports | Feeds Powered by RSA Research, Incident Response & Engineering LIVE
  • 9. 9 Network Threat Detection and Forensics HTTP Headers Basic Packet Capture Attachment File Fingerprints Session Size Country Src/Dst URL Hostname IP Alias Forwarded Directory File Packers Non Standard Content Type Ethernet Connection Embedded Objects Top Level Domain Access Criticality Sql Query Mac Address Alias Email Address Cookie Browser Credit Cards Protocol Fingerprints Database Name SSL CA/Subject URL in Email Referrer Language Crypto Type PDF/ Flash Version Client/Server Application User Name Port User Agent IP Src/Dst Deep Network Forensics 175+ metadata fields Protocols Ethernet Modbus DNMP3 PROFIBUS ControlNet
  • 10. 10 RSA ECAT Scan Techniques Live Memory Analysis Disk Inspection Network Traffic Analysis • Detect & analyze suspicious traffic • Full system inventory • Executables, DLLs, Drivers, etc. • Find files on disk & inspect • Validate integrity of system & files • Identify hidden processes, modifications & tampering Compare & Flag Anomalies
  • 11. 11 Evolved Security Requirements EFFICIENT RESPONSE Incident response, investigations and systems management need to be integrated and Easy to Use ENDPOINT TO CLOUD VISIBILITY Fuse together network, endpoint and system data & threat intelligence for Complete Visibility RAPID INVESTIGATIONS Leverage Visibility to Investigate Incidents rapidly and completely such that Prioritized Actions can be taken to mitigate Incidents ADVANCED THREAT DETECTION Utilize intelligence, context and Advanced Analytics to highlight potential incidents from normal activity
  • 15. 15 LOS ANGELES WORLD AIRPORTS Achieving Control & Visibility with RSA Security Analytics, RSA SecOps & RSA ECAT Challenges • Los Angeles World Airports needs to track everything that happens within its environment • Working frequently with the FBI and the Secret Service, it has to be accountable for its cyber security • Its goal is to have real-time detection of security events in order to ensure public safety • Its SIEM did not give the IR team deep visibility into endpoint devices when responding to malware or APTs Results • RSA Security Analytics has enabled LAWA to greatly improve the speed of its response to immediate threats • The solution enables deep-dive into payloads before and after a security event and delivers more information about each device than was previously possible • The RSA Archer solution has also helped shorten incident response time as analysts can see all the information the need in one place, rather than spending time searching for it “My favorite thing about Security Analytics is the great forensics capability, that it can deep dive into payloads before and after a security event. In addition, you get more information from the same device. For example, if you receive firewall logging information, you actually get more from Security Analytics than any other SIEM that I have.” - BOB CHEONG, CISO, LOS ANGELES WORLD AIRPORTS
  • 16. 16 KMD Boosting Attack Defenses and Cutting Response Times with RSA Challenges • As the IT service provider to the Danish government, KMD handles personal data about almost all Danish citizens. It is imperative that it protects this information. • A growth in rate, volume and complexity of cyber attacks has increased in recent years, KMD needed a more in depth approach to monitoring and combating threats. Results • A combination of RSA Security Analytics, ECAT and Security Operations Management enable the KMD team to identify and address potential breaches rapidly. • RSA Archer collates all alerts and feeds to provide clear visibility of the organization’s security posture. “With RSA… we don't have any missing pieces anymore. We can detect advanced malware and security incidents on the perimeter, and use RSA Archer to register and handle them all. It's the backbone of our security analytics center.” - RASMUS THEEDE, CORPORATE VP GROUP SECURITY, KMD
  • 17. 17 PARTNERS HEALTHCARE Boosting Visibility and Insights with RSA Security Analytics Challenges • Partners HealthCare holds patient data, intellectual property and employee personal information, all of which must be protected • Security is an increasingly important priority for the board, so clear visibility and reporting on security status is essential • The organization needed to boost automation and standardize processes to enhance its security posture and compliance Results • RSA Security Analytics provides clear visibility across all network traffic, allowing the team to identiy correlations across the business • RSA Archer provides enterprise-wide GRC support, integrating input from SOC and other feeds, an enabling the team to create standard processes and workflows “Analytics are critical. [RSA Security Analytics] can help us determine standard behavior, and what’s one standard deviation away, or two standard deviations away, so that we have better visibility into what potential attackers are doing.” - JIGAR KADAKIA, CHIEF INFORMATION SECURITY AND PRIVACY OFFICER, PARTNERS HEALTHCARE
  • 18. 18 ADP Keeping personal Data Private with RSA Security Analytics Challenges • As a global provider of HR and payroll services, ADP handles more social security data than any other company. It is imperative that it protects this information. • ADP needed to understand cyberthreats and fraud attempts, inside and outside its environment. Results • RSA Security Analytics enables the ADP team to see attacks across the entire infrastructure. • RSA Archer® collates all security information and business processes to provide clear visibility of the organization’s security posture. “RSA Security Analytics is used to defend ADP every single day. It gives us the ability to see attacks across our entire infrastructure.” - ROLAND CLOUTIER, GLOBAL CHIEF SECURITY OFFICER, ADP

Notas del editor

  1. Let’s take a deeper look at the evolution of threat actors and they way we have tried to defend against them. At first, there were hacks. These were not that advanced or targeted, perhaps a young script kiddie looking for a quick smash and grab of data for bragging rights. We in turn introduced firewalls, intrusion protection and detection systems and anti-virus. These perventative controls were effective at blocking some attacks because there were utilizing known attack vectors. Of course, we were still seeing successful hacks occur, because, by definition – organizations need to let traffic flow through their preventative controls to remain is business. That traffic that flows through is whitespace – or opportunity – for hackers to exploit.
  2. We then started to see more sophisticated attacks that were bypassing each layer of preventative controls that were put into place because the attacks often used valid user credentials, trusted access paths, and new exploits. This is where we saw the rise of SIEM – which did a good job of ingesting logs from preventative controls across an organization. The good news was that we were blocking more attacks, but the bad news was that despite this investment, reported breaches continued to increase year over year. Why? Because logs only report on preventative controls – which are good for known attack vectors – but not the new attack patterns introduced at this time. And, attackers easily hide themselves by simply deleting the logs they trigger.
  3. In 2015, in the opening keynote of the RSA Conference, we made a bold statement: the Security industry is failing. Mid-year, we conducted a survey of more than 500 companies world-wide. We asked them to self-assess against the NIST Cybersecurity Framework, a set of baseline best practices required of critical infrastructure operators in the US which is gaining popularity world-wide. We summarized the results in what we call the RSA Cybersecurity Poverty Index. Overall, we found that 3 out 4 organizations reported significant cybersecurity risk exposure. And of the remainder, only 5% have truly “advantaged” capabilities that make them resilient to cyber risk and threats. This is what a failed approach looks like.
  4. Despite many organizations acknowledging the need to change or improve, they continue to pursue the same failed strategies. Organizations must radically shift priorities, technologies, and resources. The vast majority of the spend is still preventative and perimeter-based. RSA research indicates that 80% of security staff and budgets, activity and tools, today are focused on prevention. Monitoring and response lag, and even the monitoring spend is today heavily weighted toward ineffective, incomplete approaches. Going forward, there needs to be a much more even split of resources across prevention, monitoring, and response. Without rebalancing these resources, it will become increasingly difficult to have the ability to detect a breach in a timely fashion and have the capability to respond fast enough to avoid loss.
  5. Today, there are attack campaigns. These are the targeted, well resourced and advanced attacks that target the whitespace that preventative controls and SIEM leave open for attackers. We believe that only with a unified platform designed for advanced threat detection and investigations – with complete visibility – from endpoint and across the entire network will shut out the opportunity the white space offers today’s attackers. Preventative controls, and the logs collected from them are not enough.
  6. RSA has unparalleled data collection capabilities that provide the ability to capture data from across your network and enrich it live with intelligence metadata that speeds analysis. And that feeds into both real-time and historic analytics platform. Our real-time analysis is able to detect and alert on attacks and compromises. Historic analytics in the Pivotal Hadoop-based security warehouse enable us to deliver ongoing detection of covert channels. And finally, we provide cost-effective compliance archiving. All of which gives you the end-to-end, enterprise visibility you need to detect and take action against the attackers in your network. API flexibility allows RSA Security Analytics to form heart of security ecosystem Integrates with other security tools such as SIEM, IDS/IPS, firewalls, Splunk, FireEye, etc. Integrate asset criticality and business context data from RSA Archer; data discover from RSA DLP, endpoint visibility from RSA ECAT Open interface for access and transformation of collected data
  7. Gain an x-ray view of what’s happening on the endpoint with unique scan techniques Go deep into the inner workings of the endpoint to thoroughly check the integrity of the system, provide a complete view of what’s happening, and identify anomalous activity. Through per-process live memory analysis, direct physical disk inspection, and network traffic analysis, RSA ECAT identifies suspicious activity and flags it for further review. Automatically download  a copy of unknown files to the server for further analysis Inventory & profile endpoints in a matter of minutes to efficiently confirm infections RSA ECAT collects a full inventory of everything running on the endpoint and provides all of the information needed to analyze and confirm infections. Endpoint scans complete in a matter of minutes, which means analysts receive all of the data they need quickly, making them more productive. Process Drivers DLLs Services Autoruns Scheduled tasks Net cnx. Hosts file ..Visible and hidden
  8. In order to evolve from a purely preventative approach , we believe there are requirements that must be fulfilled. An organization needs complete visibility across their entire network – with capabilities for advanced threat direction via advanced analytics. They then need to be able to perform rapid investigations to take prioritized action for an efficient and effective response.
  9. Now, with advanced analytics taking your visibility and providing detection, you need to drive the correct response to respond to the treat. By combining alerts into incidents, you can provide analysts with a prioritized queue and drive the right action efficiently . Whether that action is further investigation to identify the true scope of an incident; or an out of the box workflow to respond to a specific threat or potential breach; or to report out compliance to your GRC platform. Efficient and effective reaction is key to response for any security team.
  10. Key Takeway: The RSA Security Operations Management (SecOps) solution orchestrates and manages a SOC. Its core functions include incident management, breach management and SOC program management. When all functions of the SecOps solution are implemented, the overall SOC deployment will be a consistent and predictable business process. RSA offers technologies such as SecOps (for SOC orchestration & management) and services such as Advanced Cyber Defense (ACD) consulting and Education Services (training) to give organizations the process and tools they need to operate with an incredible level of precision. Unlike any other vendor. None can compete with our breadth and depth of technology, knowledge, and services offered to get the most out of their SOC. Unlike SIEM vendors (like HP, McAfee) that include some basic workflow capabilities for issues detected by the SIEM but can’t help manage the broader SOC processes or alerts raised by other security tools (i.e. breach response, persona-based workflows, comprehensive reporting) Unlike Splunk, which is a multi-purpose tool with very few “off-the shelf” capabilities to use the product in a security context Most other competitors only sell classes and professional to deploy and operate their tools and do not provide broader analyst and SOC best practice trainings THIS MEANS that SOC teams can leverage best practices to get the most out of their people and process, and not just throw more technology at the problem. It also gives SOC managers the ability to get more value out of the tools they have already purchased by using them to the best of their ability.
  11. BEFORE Visibility limited to logs and NetFlow Relied on prevention tools to block and alert malware activity IR team lacked endpoint visibility which impacted response Unable to see where malware resided AFTER Detect both external and insider threats Correlate logs with egress traffic and threat intelligence Deep dive into payloads for analysis before & after events Analyze device master file table and perform memory dumps Search other devices to see if malware spread Immediate access to vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform Greatly improved incident handling and response process About the Customer LAX International Airport, Ontario International Airport and Van Nuys Airport. LAX International Airport is the world busiest airport in terms of origin and destination of travel. Van Nuys Airport is the world busiest airport in terms of small planes. Considered critical infrastructure by DHS.  Describe your “before” scenario. What challenge(s) was your company facing that compelled you to consider an RSA solution? Describe in details the RSA solution you used to resolve these challenges? Before the RSA Security Analytics solution, our SIEM relied on logging events to find any threats. But there are not many security related events from most of these logs. We relied on our malware tracking system to block and alert on any C&C callback. As we get these alerts, we are not sure whether the same malicious code exists in other devices. As our SIEM's logging events correlate with NetFlow information, it was difficult to build the use cases to extract security events from this combination alone.   With this challenge, I have selected the RSA Security Analytics solution  to correlate logging events with egress traffic and match it with the security intelligence feeds. This is a powerful correlation  to detect both external and insider threats. RSA Security Analytics has a great forensic capability that allows us to do a deep dive into the actual payloads for analysis before and after a security event. For example, we investigated a recent spear phishing attack on several of our executives and found that there were several variations of the same attack using Security Analytics. . Security Analytics has greatly improved our security detection capability.   Another challenge we faced was that our IR team did not have visibility down to the endpoint device whenever they respond to a malware or APT threat. We don't know whether the same malicious code exists in other devices in my network. To gain this visibility, I selected the ECAT solution because it has a combination of BIT-9, Yara Rules Engine and the OPSWAT Metascan. It allows us to view the device master file table or perform a memory dump for further analysis. Once we determine a malicious process in the device memory, we can search other devices for the same malicious code. We are using the Archer Security Operations module in conjunction with Security Analytics. SECOPS allows your incident handler to have immediate access to your vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform. Security Analytics will send its alerts to Archer SECOPS and automatically generate an incident ticket for the SOC personnel to work on. With this workflow, it has greatly improved our incident handling and response process. In addition, the SECOPS Manager can use this information to quality check his incident handler approach to each incident and refine the response process.
  12. BEFORE Visibility limited to logs and NetFlow Relied on prevention tools to block and alert malware activity IR team lacked endpoint visibility which impacted response Unable to see where malware resided AFTER Detect both external and insider threats Correlate logs with egress traffic and threat intelligence Deep dive into payloads for analysis before & after events Analyze device master file table and perform memory dumps Search other devices to see if malware spread Immediate access to vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform Greatly improved incident handling and response process About the Customer LAX International Airport, Ontario International Airport and Van Nuys Airport. LAX International Airport is the world busiest airport in terms of origin and destination of travel. Van Nuys Airport is the world busiest airport in terms of small planes. Considered critical infrastructure by DHS.  Describe your “before” scenario. What challenge(s) was your company facing that compelled you to consider an RSA solution? Describe in details the RSA solution you used to resolve these challenges? Before the RSA Security Analytics solution, our SIEM relied on logging events to find any threats. But there are not many security related events from most of these logs. We relied on our malware tracking system to block and alert on any C&C callback. As we get these alerts, we are not sure whether the same malicious code exists in other devices. As our SIEM's logging events correlate with NetFlow information, it was difficult to build the use cases to extract security events from this combination alone.   With this challenge, I have selected the RSA Security Analytics solution  to correlate logging events with egress traffic and match it with the security intelligence feeds. This is a powerful correlation  to detect both external and insider threats. RSA Security Analytics has a great forensic capability that allows us to do a deep dive into the actual payloads for analysis before and after a security event. For example, we investigated a recent spear phishing attack on several of our executives and found that there were several variations of the same attack using Security Analytics. . Security Analytics has greatly improved our security detection capability.   Another challenge we faced was that our IR team did not have visibility down to the endpoint device whenever they respond to a malware or APT threat. We don't know whether the same malicious code exists in other devices in my network. To gain this visibility, I selected the ECAT solution because it has a combination of BIT-9, Yara Rules Engine and the OPSWAT Metascan. It allows us to view the device master file table or perform a memory dump for further analysis. Once we determine a malicious process in the device memory, we can search other devices for the same malicious code. We are using the Archer Security Operations module in conjunction with Security Analytics. SECOPS allows your incident handler to have immediate access to your vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform. Security Analytics will send its alerts to Archer SECOPS and automatically generate an incident ticket for the SOC personnel to work on. With this workflow, it has greatly improved our incident handling and response process. In addition, the SECOPS Manager can use this information to quality check his incident handler approach to each incident and refine the response process.
  13. BEFORE Visibility limited to logs and NetFlow Relied on prevention tools to block and alert malware activity IR team lacked endpoint visibility which impacted response Unable to see where malware resided AFTER Detect both external and insider threats Correlate logs with egress traffic and threat intelligence Deep dive into payloads for analysis before & after events Analyze device master file table and perform memory dumps Search other devices to see if malware spread Immediate access to vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform Greatly improved incident handling and response process About the Customer LAX International Airport, Ontario International Airport and Van Nuys Airport. LAX International Airport is the world busiest airport in terms of origin and destination of travel. Van Nuys Airport is the world busiest airport in terms of small planes. Considered critical infrastructure by DHS.  Describe your “before” scenario. What challenge(s) was your company facing that compelled you to consider an RSA solution? Describe in details the RSA solution you used to resolve these challenges? Before the RSA Security Analytics solution, our SIEM relied on logging events to find any threats. But there are not many security related events from most of these logs. We relied on our malware tracking system to block and alert on any C&C callback. As we get these alerts, we are not sure whether the same malicious code exists in other devices. As our SIEM's logging events correlate with NetFlow information, it was difficult to build the use cases to extract security events from this combination alone.   With this challenge, I have selected the RSA Security Analytics solution  to correlate logging events with egress traffic and match it with the security intelligence feeds. This is a powerful correlation  to detect both external and insider threats. RSA Security Analytics has a great forensic capability that allows us to do a deep dive into the actual payloads for analysis before and after a security event. For example, we investigated a recent spear phishing attack on several of our executives and found that there were several variations of the same attack using Security Analytics. . Security Analytics has greatly improved our security detection capability.   Another challenge we faced was that our IR team did not have visibility down to the endpoint device whenever they respond to a malware or APT threat. We don't know whether the same malicious code exists in other devices in my network. To gain this visibility, I selected the ECAT solution because it has a combination of BIT-9, Yara Rules Engine and the OPSWAT Metascan. It allows us to view the device master file table or perform a memory dump for further analysis. Once we determine a malicious process in the device memory, we can search other devices for the same malicious code. We are using the Archer Security Operations module in conjunction with Security Analytics. SECOPS allows your incident handler to have immediate access to your vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform. Security Analytics will send its alerts to Archer SECOPS and automatically generate an incident ticket for the SOC personnel to work on. With this workflow, it has greatly improved our incident handling and response process. In addition, the SECOPS Manager can use this information to quality check his incident handler approach to each incident and refine the response process.
  14. BEFORE Visibility limited to logs and NetFlow Relied on prevention tools to block and alert malware activity IR team lacked endpoint visibility which impacted response Unable to see where malware resided AFTER Detect both external and insider threats Correlate logs with egress traffic and threat intelligence Deep dive into payloads for analysis before & after events Analyze device master file table and perform memory dumps Search other devices to see if malware spread Immediate access to vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform Greatly improved incident handling and response process About the Customer LAX International Airport, Ontario International Airport and Van Nuys Airport. LAX International Airport is the world busiest airport in terms of origin and destination of travel. Van Nuys Airport is the world busiest airport in terms of small planes. Considered critical infrastructure by DHS.  Describe your “before” scenario. What challenge(s) was your company facing that compelled you to consider an RSA solution? Describe in details the RSA solution you used to resolve these challenges? Before the RSA Security Analytics solution, our SIEM relied on logging events to find any threats. But there are not many security related events from most of these logs. We relied on our malware tracking system to block and alert on any C&C callback. As we get these alerts, we are not sure whether the same malicious code exists in other devices. As our SIEM's logging events correlate with NetFlow information, it was difficult to build the use cases to extract security events from this combination alone.   With this challenge, I have selected the RSA Security Analytics solution  to correlate logging events with egress traffic and match it with the security intelligence feeds. This is a powerful correlation  to detect both external and insider threats. RSA Security Analytics has a great forensic capability that allows us to do a deep dive into the actual payloads for analysis before and after a security event. For example, we investigated a recent spear phishing attack on several of our executives and found that there were several variations of the same attack using Security Analytics. . Security Analytics has greatly improved our security detection capability.   Another challenge we faced was that our IR team did not have visibility down to the endpoint device whenever they respond to a malware or APT threat. We don't know whether the same malicious code exists in other devices in my network. To gain this visibility, I selected the ECAT solution because it has a combination of BIT-9, Yara Rules Engine and the OPSWAT Metascan. It allows us to view the device master file table or perform a memory dump for further analysis. Once we determine a malicious process in the device memory, we can search other devices for the same malicious code. We are using the Archer Security Operations module in conjunction with Security Analytics. SECOPS allows your incident handler to have immediate access to your vulnerability data, risk info, threat info, policy management, and business continuity information all from the same platform. Security Analytics will send its alerts to Archer SECOPS and automatically generate an incident ticket for the SOC personnel to work on. With this workflow, it has greatly improved our incident handling and response process. In addition, the SECOPS Manager can use this information to quality check his incident handler approach to each incident and refine the response process.