SlideShare una empresa de Scribd logo
1 de 33
Descargar para leer sin conexión
1
“Co3 makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
– PC Magazine, Editor’s Choice
“Co3…defines what software
packages for privacy look like.”
– Gartner
“Platform is comprehensive,
user friendly, and very well
designed.”
– Ponemon Institute
“One of the most important
startups in security…”
– Business Insider
“One of the hottest products at RSA…”
– Network World
“...an invaluable weapon when
responding to security incidents.”
– Government Computer News
“Co3 has done better than a home-run...
it has knocked one out of the park.”
– SC Magazine
“Most Innovative Security
Startup.”
– RSA Conference
We’ll get started
in just a minute.
Today's Breach Reality, The IR
Imperative, And What You Can
Do About It
3
Agenda
Introductions
Problems We Face
The Targets
The Victims
The Motivations
Breach and Response Metrics
Key Concepts for Combating Modern Threats
The Incident Response Lifecycle
4
Introductions: Today’s Speakers
• Ted Julian, Chief Marketing Officer, Co3 Systems
• Colby Clark, Director of Incident Management, FishNet
Security
5
About Co3
Prepare
Improve Organizational
Readiness
• Appoint team members
• Fine tune response
SOPs
• Link in legacy
applications
• Run simulations (fire
drills, table tops)
Mitigate
Document Results
& Improve Performance
• Generate reports for
management, auditors,
and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
Assess
Identify and Evaluate Incidents
• Assign appropriate team
members
• Evaluate precursors and
indicators
• Track incidents, maintain logbook
• Automatically prioritize activities
based on criticality
• Log evidence
• Generate assessment
Manage
Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment
strategy
• Isolate and remediate cause
• Instruct evidence gathering and
handling
6
About FishNet
• 700+ employees dedicated to helping enterprise
customers secure every aspect of their IT environment.
96% Customer Satisfaction / Best-in-Class NPS Benchmark
• Established 1996
• 29 Offices
• 9 Training Centers
• 700+ Certifications
VITAL STATS
2013 HIGHLIGHTS
• $600M Revenue
• 3,200 Customers
• 1,500 Service Engagements
7
About FishNet
• Our experts take the time to understand your business, so
they can develop, implement and support solutions
tailored to your environment.
SECURITY
SOLUTIONS
COMBINED
CAPABILITIES
DRIVE VALUE
PROFESSIONAL SERVICES
• 31 Strategic Services (StS)
Advisors
• 300+ Consultants
• 2 Security Operations Centers
• Frontline Support
• Network & Security Training
• 250+ Certifications
• Information Security Program
Model (ISPM)
TECHNOLOGY PRODUCTS
• 55 Sales Engineers (SE) &
Enterprise Architects (EA)
• 100+ Vendor Partnerships
• Direct Access to Vendor R&D
Teams & Advisory Panels
• Cloud-Based Testing Lab
• 450+ Certifications
• ADVISER Solutions Lifecycle
8
Problems We Face
• Waves of malware attacks per industry with malware optimized for each wave
and software types
• Thousands of machines quickly infected in large environments
• Large numbers of ingress/egress points and unmanaged devices
• Polymorphism of malware per machine instead of per organization
circumventing most host and network based detection methods
• Multi-vector malware in layers creating distraction and chaos while allowing
unauthorized access, performing massive data exfiltration, and leading to
extortion and data loss:
-W32.Changeup Zeus Cryptolocker Data Loss
-Compromise of computer + phone for financial attacks
• Ransomware encrypting drives and shares
• Long term presence within organizations
• Reconnaissance for worse activity later
9
Problems We Face
• Compromise of corporate environments to gain access to CDEs
• Sophisticated malware and botnets now in point of sale environments
• Memory resident
• Utilizes jump boxes
• Moves around
• Delayed detection of cardholder data compromise
• Obfuscation of collection
• Waiting until cards are about to expire before use
• Security devices not properly configured, tuned, and/or monitored
• Circumventing network detections through SSL and DGA
• Too much reliance on antiquated security solutions
• Attack vectors often not notable (low hanging fruit)
• Incident response programs and training not adequate
10
Problems We Face
Bottom line - Security threats have evolved…
11
Problems We Face
– Nobody is immune to compliance. But it’s more than just
checking a box.
• Everyone needs to be compliant
with a policy, regulation or legal
requirement: PCI Compliance,
HIPAA, GLBA, FTC, NERC,
FERC…
• Are you secure or just compliant?
• You can be completely compliant
and totally insecure.
• Promote compliance through
security. It does not come in a can
or clip board.
12
Problems We Face
– The uncomfortable truth  Everyone is 0wn3d.
– How exposed are you to cyber criminals?
• You have been breached
whether you know it or not.
• Malware patiently waits in
nearly every environment
allowing clandestine command
and control, data harvesting,
and arbitrary code execution
• Hackers are like water in a
bucket. If there is a hole, they
will find it.
• Focus on solving the security
problem holistically.
POLL
14
Who are the Targets and Why?
• Everyone is a target
– Government
– Large Corporations
– Small Companies
– Private Individuals
• Every target is of interest
– Defacement for bragging rights
– PII, IP, and identity theft
– Credential stealing
– Confidential data leakage
– Customer information
– Supply chain attacks
– Adding to their botnet
– Use your network and devices as jump points
15
Victims
Recent Top News Clips – What Happened?
All were sued (Content Based on Public Knowledge):
• Zappos – Class action suit
• LinkedIn – $5M class action suit
• South Carolina - $12M settlement
• Global Payments – Class action suit
• Nationwide – Class action suit
• Wyndham – FTC Consent Order (really bad)
• Yahoo – Class action suit
• Target – Class action suit; DOJ
• Horizon Blue Cross – Class action suit
• Adobe – Class action suit
• Most recent large breaches – DOJ
16
Motivations
17
Motivations
18
Motivations
• Ransomware becoming increasingly common
• Now in corporate environments and affecting hard drives and shares
• Highly lucrative; attacks win either way
• Disaster recovery strategy is back-up or pay-up
19
Motivations
20
Breach and Response Metrics & Facts
Financial Metrics (from Ponemon 2013 Cost of Data Breach Study):
• Average total cost of a breach: $5.4 Million
• Average per record cost for data breach: $192 (actual costs vary per organization type)
• Average per record cost reductions
– Having a strong security posture: $34
– Having an incident response plan in place: $42
– Appointing a CISO: $23
– Hiring consultants to respond to a breach: $13
Important Facts:
• Attackers infiltrate and maintain persistence for about 1 year on average before detection
• Antivirus is around 3-5% effective at detecting new threats
• Fran Rosch, Senior Vice President of Mobility at Symantec, testifies before congress that
signature-based detection methodology is ineffective
• Pentagon claimed that Chinese 2011 military spending equaled $180 billion with
sustained investment in cyberwarfare
• Hacking has resulted in the largest transfer of wealth in human history
– As of July 2013, Chinese hackers have cost the US about $2 Trillion
– How about others? – Russia? Middle East?
21
What Does a Trillion Dollars Look Like?
22
Key Concepts for Combatting Modern Threats
Endpoint Technology
• Corporate environments
• Behavioral analysis and retrospection
• Continuous monitoring
• Least prevalence detection
• Not limited to the security perimeter
• Application restrictions to know good behavior
• Scanning for IOCs
• Enterprise forensics
• Cardholder data environments
• Application whitelisting
• Application restrictions to know good behavior
• Change detection
23
Key Concepts for Combatting Modern Threats
Network Monitoring & Restrictions
• Network traffic retrospection
• SSL decryption
• Network malware analysis
• DGA
• Tunneling
• Network traffic IOCs and anomalies
• 2 factor authentication for remote access
• Restrict egress from cardholder data environment to
processing only
24
Key Concepts for Combatting Modern Threats
• Data Security – Cloud, Endpoint, Repository…
– DLP + DRM
• Lock down documents so it does not matter if they are stolen
• Utilize the cloud with out concern
• Reduced fear of IP theft
• Program Development
– Incident response gap analysis
– Policy and procedure development
– Incident handling playbook development
• Training & Testing
– Provide hands-on training for all technology, playbook scenarios, and threats
– Provide tabletop testing for realistic scenarios involving stakeholders
– Practice communications and methodology
• Incident Response Retainer
– Subject matter experts on call
– Augment internal capabilities
– Contracts agreed upon ahead of time
– Rapid response – 24 hour service level agreement
POLL
26
The Incident Response Lifecycle
Prepare
Improve Organizational
Readiness
• Appoint team members
• Fine tune response
SOPs
• Link in legacy
applications
• Run simulations (fire
drills, table tops)
Mitigate
Document Results
& Improve Performance
• Generate reports for
management, auditors,
and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
Assess
Identify and Evaluate Incidents
• Assign appropriate team
members
• Evaluate precursors and
indicators
• Track incidents, maintain logbook
• Automatically prioritize activities
based on criticality
• Log evidence
• Generate assessment
Manage
Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment
strategy
• Isolate and remediate cause
• Instruct evidence gathering and
handling
27
Prepare
• Incident response teams often include:
– IT, Legal (internal and/or external),
Compliance, Audit, Privacy, Marketing, HR,
Senior Executive
– Pre-define roles and responsibilities
• RACI (Responsible, Accountable,
Consulted, Informed)
• SOPs can include:
– Processes to be followed by incident type
– Standardized interpretation of legal /
regulatory requirements
– 3rd party contractual requirements
• Simulations
– Can range from drills to full-scale exercises
– Communications is key
• Roles, contact info, internal and external
– Gauge organization preparedness, catalyze
improvement
Prepare
Improve Organizational
Readiness
• Appoint team members
• Fine tune response
SOPs
• Link in legacy
applications
• Run simulations (fire
drills, table tops)
28
Assess
• Prioritize efforts
– Based on value of asset, potential
for customer impact, risk of fines,
and other risks
• Leverage threat intelligence
• Incident declaration matrix
– Based on category and severity
level
– Can set SLAs for each
Assess
Identify and Evaluate
Incidents
• Assign appropriate team
members
• Evaluate precursors and
indicators
• Track incidents, maintain
logbook
• Automatically prioritize
activities based on
criticality
• Log evidence
• Generate assessment
29
Manage
• Iterate on your plan
• Communicate status
– Different mechanisms for different
constituents
• Ensure everything is tracked
Manage
Contain, Eradicate and
Recover
• Generate real-time IR
plan
• Coordinate team
response
• Choose appropriate
containment strategy
• Isolate and remediate
cause
• Instruct evidence
gathering and handling
30
Mitigate
• Conduct a post-mortem
– Validate investment or lobby for
more
– Identify areas for improvement
• Did we hit our SLAs?
– Update playbooks
• Track incident source
– pinpoint risk to drive improvement,
and/or trigger bill-back
• Update preventative and
detective controls
Mitigate
Document Results
& Improve Performance
• Generate reports for
management, auditors,
and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical
performance
• Educate the organization
QUESTIONS
32
Next Up
• BlackHat 2014
– August 5-7, Las Vegas
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for
privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
Colby Clark
Director of Incident Management
FishNet Security
Colby.clark@fishnetsecurity.com
208.553.3266

Más contenido relacionado

La actualidad más candente

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightResilient Systems
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 

La actualidad más candente (20)

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Marc Crudgington Who I Am
Marc Crudgington Who I AmMarc Crudgington Who I Am
Marc Crudgington Who I Am
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 

Destacado

โรคเบาหวาน
โรคเบาหวานโรคเบาหวาน
โรคเบาหวานweerawatkatsiri
 
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...Shreya777
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Privacy Communities: How To Build Them And Drive Awareness
Privacy Communities: How To Build Them And Drive AwarenessPrivacy Communities: How To Build Them And Drive Awareness
Privacy Communities: How To Build Them And Drive AwarenessResilient Systems
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesResilient Systems
 
20121012 de lijn sociale media
20121012 de lijn sociale media20121012 de lijn sociale media
20121012 de lijn sociale mediamarketingdag2012
 
Case Study: Pharmaceutical Track And Trace System in Turkey
Case Study: Pharmaceutical Track And Trace System in TurkeyCase Study: Pharmaceutical Track And Trace System in Turkey
Case Study: Pharmaceutical Track And Trace System in Turkeyİlaç Takip Sistemi (İTS)
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
An Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesAn Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesRed Rocket Ventures
 

Destacado (20)

โรคเบาหวาน
โรคเบาหวานโรคเบาหวาน
โรคเบาหวาน
 
Majestic auto limited
Majestic  auto limitedMajestic  auto limited
Majestic auto limited
 
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...
GIVING BIRTH WITH NO PAIN - An article published in the Bangalore Mirror abou...
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Html images
Html imagesHtml images
Html images
 
L'OREILLE EN MARCHE
L'OREILLE EN MARCHE L'OREILLE EN MARCHE
L'OREILLE EN MARCHE
 
Privacy Communities: How To Build Them And Drive Awareness
Privacy Communities: How To Build Them And Drive AwarenessPrivacy Communities: How To Build Them And Drive Awareness
Privacy Communities: How To Build Them And Drive Awareness
 
Hot tub appleton
Hot tub appletonHot tub appleton
Hot tub appleton
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure Guidelines
 
Wanted & available
Wanted & availableWanted & available
Wanted & available
 
20121012 de lijn sociale media
20121012 de lijn sociale media20121012 de lijn sociale media
20121012 de lijn sociale media
 
Presentatie bloggen #mk12
Presentatie bloggen #mk12Presentatie bloggen #mk12
Presentatie bloggen #mk12
 
Case Study: Pharmaceutical Track And Trace System in Turkey
Case Study: Pharmaceutical Track And Trace System in TurkeyCase Study: Pharmaceutical Track And Trace System in Turkey
Case Study: Pharmaceutical Track And Trace System in Turkey
 
PI Report
PI ReportPI Report
PI Report
 
Nlp ile Başarının İç Oyunu
Nlp ile Başarının İç  OyunuNlp ile Başarının İç  Oyunu
Nlp ile Başarının İç Oyunu
 
22
2222
22
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
An Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesAn Overview of Red Rocket Ventures
An Overview of Red Rocket Ventures
 
POINTS D'OUÏE !
POINTS D'OUÏE !POINTS D'OUÏE !
POINTS D'OUÏE !
 
Hot tubs milwaukee
Hot tubs milwaukeeHot tubs milwaukee
Hot tubs milwaukee
 

Similar a Today's Breach Reality, The IR Imperative, And What You Can Do About It

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber SecurityAllen Zhang
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 

Similar a Today's Breach Reality, The IR Imperative, And What You Can Do About It (20)

Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
2015 Cyber Security
2015 Cyber Security2015 Cyber Security
2015 Cyber Security
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 

Más de Resilient Systems

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Resilient Systems
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Resilient Systems
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeResilient Systems
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksResilient Systems
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The MoneyResilient Systems
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueResilient Systems
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeResilient Systems
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Resilient Systems
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special TeamsResilient Systems
 

Más de Resilient Systems (20)

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response Imperative
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their Tracks
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The Money
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance Issue
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat Landscape
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Incident Response: Security's Special Teams
Incident Response: Security's Special TeamsIncident Response: Security's Special Teams
Incident Response: Security's Special Teams
 

Último

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 

Último (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 

Today's Breach Reality, The IR Imperative, And What You Can Do About It

  • 1. 1 “Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” – PC Magazine, Editor’s Choice “Co3…defines what software packages for privacy look like.” – Gartner “Platform is comprehensive, user friendly, and very well designed.” – Ponemon Institute “One of the most important startups in security…” – Business Insider “One of the hottest products at RSA…” – Network World “...an invaluable weapon when responding to security incidents.” – Government Computer News “Co3 has done better than a home-run... it has knocked one out of the park.” – SC Magazine “Most Innovative Security Startup.” – RSA Conference We’ll get started in just a minute.
  • 2. Today's Breach Reality, The IR Imperative, And What You Can Do About It
  • 3. 3 Agenda Introductions Problems We Face The Targets The Victims The Motivations Breach and Response Metrics Key Concepts for Combating Modern Threats The Incident Response Lifecycle
  • 4. 4 Introductions: Today’s Speakers • Ted Julian, Chief Marketing Officer, Co3 Systems • Colby Clark, Director of Incident Management, FishNet Security
  • 5. 5 About Co3 Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops) Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
  • 6. 6 About FishNet • 700+ employees dedicated to helping enterprise customers secure every aspect of their IT environment. 96% Customer Satisfaction / Best-in-Class NPS Benchmark • Established 1996 • 29 Offices • 9 Training Centers • 700+ Certifications VITAL STATS 2013 HIGHLIGHTS • $600M Revenue • 3,200 Customers • 1,500 Service Engagements
  • 7. 7 About FishNet • Our experts take the time to understand your business, so they can develop, implement and support solutions tailored to your environment. SECURITY SOLUTIONS COMBINED CAPABILITIES DRIVE VALUE PROFESSIONAL SERVICES • 31 Strategic Services (StS) Advisors • 300+ Consultants • 2 Security Operations Centers • Frontline Support • Network & Security Training • 250+ Certifications • Information Security Program Model (ISPM) TECHNOLOGY PRODUCTS • 55 Sales Engineers (SE) & Enterprise Architects (EA) • 100+ Vendor Partnerships • Direct Access to Vendor R&D Teams & Advisory Panels • Cloud-Based Testing Lab • 450+ Certifications • ADVISER Solutions Lifecycle
  • 8. 8 Problems We Face • Waves of malware attacks per industry with malware optimized for each wave and software types • Thousands of machines quickly infected in large environments • Large numbers of ingress/egress points and unmanaged devices • Polymorphism of malware per machine instead of per organization circumventing most host and network based detection methods • Multi-vector malware in layers creating distraction and chaos while allowing unauthorized access, performing massive data exfiltration, and leading to extortion and data loss: -W32.Changeup Zeus Cryptolocker Data Loss -Compromise of computer + phone for financial attacks • Ransomware encrypting drives and shares • Long term presence within organizations • Reconnaissance for worse activity later
  • 9. 9 Problems We Face • Compromise of corporate environments to gain access to CDEs • Sophisticated malware and botnets now in point of sale environments • Memory resident • Utilizes jump boxes • Moves around • Delayed detection of cardholder data compromise • Obfuscation of collection • Waiting until cards are about to expire before use • Security devices not properly configured, tuned, and/or monitored • Circumventing network detections through SSL and DGA • Too much reliance on antiquated security solutions • Attack vectors often not notable (low hanging fruit) • Incident response programs and training not adequate
  • 10. 10 Problems We Face Bottom line - Security threats have evolved…
  • 11. 11 Problems We Face – Nobody is immune to compliance. But it’s more than just checking a box. • Everyone needs to be compliant with a policy, regulation or legal requirement: PCI Compliance, HIPAA, GLBA, FTC, NERC, FERC… • Are you secure or just compliant? • You can be completely compliant and totally insecure. • Promote compliance through security. It does not come in a can or clip board.
  • 12. 12 Problems We Face – The uncomfortable truth  Everyone is 0wn3d. – How exposed are you to cyber criminals? • You have been breached whether you know it or not. • Malware patiently waits in nearly every environment allowing clandestine command and control, data harvesting, and arbitrary code execution • Hackers are like water in a bucket. If there is a hole, they will find it. • Focus on solving the security problem holistically.
  • 13. POLL
  • 14. 14 Who are the Targets and Why? • Everyone is a target – Government – Large Corporations – Small Companies – Private Individuals • Every target is of interest – Defacement for bragging rights – PII, IP, and identity theft – Credential stealing – Confidential data leakage – Customer information – Supply chain attacks – Adding to their botnet – Use your network and devices as jump points
  • 15. 15 Victims Recent Top News Clips – What Happened? All were sued (Content Based on Public Knowledge): • Zappos – Class action suit • LinkedIn – $5M class action suit • South Carolina - $12M settlement • Global Payments – Class action suit • Nationwide – Class action suit • Wyndham – FTC Consent Order (really bad) • Yahoo – Class action suit • Target – Class action suit; DOJ • Horizon Blue Cross – Class action suit • Adobe – Class action suit • Most recent large breaches – DOJ
  • 18. 18 Motivations • Ransomware becoming increasingly common • Now in corporate environments and affecting hard drives and shares • Highly lucrative; attacks win either way • Disaster recovery strategy is back-up or pay-up
  • 20. 20 Breach and Response Metrics & Facts Financial Metrics (from Ponemon 2013 Cost of Data Breach Study): • Average total cost of a breach: $5.4 Million • Average per record cost for data breach: $192 (actual costs vary per organization type) • Average per record cost reductions – Having a strong security posture: $34 – Having an incident response plan in place: $42 – Appointing a CISO: $23 – Hiring consultants to respond to a breach: $13 Important Facts: • Attackers infiltrate and maintain persistence for about 1 year on average before detection • Antivirus is around 3-5% effective at detecting new threats • Fran Rosch, Senior Vice President of Mobility at Symantec, testifies before congress that signature-based detection methodology is ineffective • Pentagon claimed that Chinese 2011 military spending equaled $180 billion with sustained investment in cyberwarfare • Hacking has resulted in the largest transfer of wealth in human history – As of July 2013, Chinese hackers have cost the US about $2 Trillion – How about others? – Russia? Middle East?
  • 21. 21 What Does a Trillion Dollars Look Like?
  • 22. 22 Key Concepts for Combatting Modern Threats Endpoint Technology • Corporate environments • Behavioral analysis and retrospection • Continuous monitoring • Least prevalence detection • Not limited to the security perimeter • Application restrictions to know good behavior • Scanning for IOCs • Enterprise forensics • Cardholder data environments • Application whitelisting • Application restrictions to know good behavior • Change detection
  • 23. 23 Key Concepts for Combatting Modern Threats Network Monitoring & Restrictions • Network traffic retrospection • SSL decryption • Network malware analysis • DGA • Tunneling • Network traffic IOCs and anomalies • 2 factor authentication for remote access • Restrict egress from cardholder data environment to processing only
  • 24. 24 Key Concepts for Combatting Modern Threats • Data Security – Cloud, Endpoint, Repository… – DLP + DRM • Lock down documents so it does not matter if they are stolen • Utilize the cloud with out concern • Reduced fear of IP theft • Program Development – Incident response gap analysis – Policy and procedure development – Incident handling playbook development • Training & Testing – Provide hands-on training for all technology, playbook scenarios, and threats – Provide tabletop testing for realistic scenarios involving stakeholders – Practice communications and methodology • Incident Response Retainer – Subject matter experts on call – Augment internal capabilities – Contracts agreed upon ahead of time – Rapid response – 24 hour service level agreement
  • 25. POLL
  • 26. 26 The Incident Response Lifecycle Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops) Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
  • 27. 27 Prepare • Incident response teams often include: – IT, Legal (internal and/or external), Compliance, Audit, Privacy, Marketing, HR, Senior Executive – Pre-define roles and responsibilities • RACI (Responsible, Accountable, Consulted, Informed) • SOPs can include: – Processes to be followed by incident type – Standardized interpretation of legal / regulatory requirements – 3rd party contractual requirements • Simulations – Can range from drills to full-scale exercises – Communications is key • Roles, contact info, internal and external – Gauge organization preparedness, catalyze improvement Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops)
  • 28. 28 Assess • Prioritize efforts – Based on value of asset, potential for customer impact, risk of fines, and other risks • Leverage threat intelligence • Incident declaration matrix – Based on category and severity level – Can set SLAs for each Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment
  • 29. 29 Manage • Iterate on your plan • Communicate status – Different mechanisms for different constituents • Ensure everything is tracked Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
  • 30. 30 Mitigate • Conduct a post-mortem – Validate investment or lobby for more – Identify areas for improvement • Did we hit our SLAs? – Update playbooks • Track incident source – pinpoint risk to drive improvement, and/or trigger bill-back • Update preventative and detective controls Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization
  • 32. 32 Next Up • BlackHat 2014 – August 5-7, Las Vegas
  • 33. One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013 Colby Clark Director of Incident Management FishNet Security Colby.clark@fishnetsecurity.com 208.553.3266