Why Teams call analytics are critical to your entire business
Protect & Defend Your Critical Infrastructure
1. Protect & Defend Your Critical InfrastructureSCADA, Smart Grid, and Compliance Tom Turner – VP Marketing and Channels, Q1 Labs Alex Tatistcheff – Senior Security Instructor, Sourcefire Douglas Hurd – Director, Technology Alliances
2. Introductions and Overviews Partnership Background Compliance Requirements Total Security Intelligence for Energy & Utilities Q&A Outline
3. Sourcefire Overview To be the leading provider of intelligent cybersecurity solutions for the enterprise. Mission: Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE
13. 72% of organizations are not getting the intelligence they need Only 39% of organizations are currently using a SIEM solution On average, it takes 22 days to detect unauthorized changes or malicious activity 69% of organizations feel a data breach is likely to occur in the next 12 months 76% of organizations have suffered one or more data breaches over the course of the last 12 months. Energy & Utilities – Security Challenges Source: April 2011 Ponemon Research survey
14. Top IT Security priority is to protect and secure SCADA networks QRadar monitors and correlates data from many sources including SCADA Smart Networks Source: April 2011 Ponemon Research survey
16. Security Intelligence: SIEM with Behavior Anomaly Detection and Broadest Context Suspected Incidents Detect Threats Others Miss Manage Risk Consolidate Silos Content capture and user activity monitoring enabled fraud detection prior to exploit completion Discovered 500 hosts with “Here You Have” virus, which all other security products missed 2 Billion log and events per day reduced to 25 high priority offenses
17. Smart meter devices and systems Detects Snort alerts from SCADA networks Intrusion events and packet data Real-time user and network events Compliance and white list events QRadar Collects Sourcefire Event Data
18. Compliance Validation and Information Overload QRadar’s integrated security management supports specific NERC-CIP requirements, with out of the box NERC-CIP reporting, such as: CIP-005. Electronic Security Perimeter(s)
21. Questions? Alex Tatistcheff alex.tatistcheff@sourcefire.com Tom Turner tom.turner@q1labs.com Doug Hurd dhurd@sourcefire.com Thank You for your time!