Closing the Breach Detection Gap

Slides:



Advertisements
Similar presentations
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Advertisements

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager
Microsoft Ignite /16/2017 4:54 PM
MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Marin Frankovic Datacenter TSP
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
©2012 Bit9. All Rights Reserved Peter Llorens, PERegional Sales Manager, FL, Caribbean & Latin America Julio GutierrezSales Engineer, FL, Caribbean & Latin.
Why SIEM – Why Security Intelligence??
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
An Anatomy of a Targeted Cyberattack
Proactive Incident Response
Protect your Digital Enterprise
Advanced Endpoint Security Data Connectors-Charlotte January 2016
OIT Security Operations
Today’s cyber security landscape
Cybersecurity - What’s Next? June 2017
Juniper Software-Defined Secure Network
AT&T Premises-Based Firewall Enhanced SBS Solution
Machine Learning for Enterprise Security
Apache Spot (Incubating)
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
Vikas Uberoy -Channel Director ANZ
Real-time protection for web sites and web apps against ATTACKS
Cyber Security: State of the Nation
DISA Global Operations
Introduction to a Security Intelligence Maturity Model
Active Cyber Security, OnDemand
Threat Management Gateway
Jon Peppler, Menlo Security Channels
Transfer Learning: Analyst-Sourcing Behavioral Classification
بهترین راهکار را انتخاب کنید...
Company Overview & Strategy
How to Operationalize Big Data Security Analytics
Let’s go Threat Hunting
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Shifting from “Incident” to “Continuous” Response
Four Generations of Security Devices Putting IDS in Context
The Next Generation Cyber Security in the 4th Industrial Revolution
Panda Adaptive Defense Platform and Services
Human (user) behavior patterns and analytics
Closing the Breach Detection Gap
Chapter 4: Protecting the Organization
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
Managing IT Risk in a digital Transformation AGE
Information Protection
Microsoft Data Insights Summit
STEALTHbits Technologies, Inc.
Information Protection
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
IoT in Healthcare: Life or Death
Presentation transcript:

Closing the Breach Detection Gap Delivering Enterprise Security Assurance with Behavioral Attack Detection Steve Costolo Regional Sales Director January 2017 CONFIDENTIAL

Evolving IT Security Investment Needs SIEM Damage Breach Detection Gap Stateful FW IPS / IDS Network AV Sandboxing Security Expenditure Intrusion Attempt Phase (Seconds – Minutes) Active Attack Phase (Weeks – Months) Incident Response (Weeks – Months) Now, if all defenses were 100% safe, if there were no insider threats, if you didn’t have to worry about social engineering or remote access threats, then the perimeter defenses we have today would be good enough. But history and news headlines show us that these defenses are not failsafe. Attackers do get through. Then, what do they do? Most organizations can’t answer this question because they don’t have any tools to monitor this activity—the reconnaissance and the lateral movement and the fata exfiltration which can take days or weeks or months. Lockheed Martin: Cyber Kill Chain

99% 146 days Breach Detection Gap Most Organizations Focus on Malware and External Attacks But Cannot Detect Attackers in Their Network 99% of post-intrusion attacks such as reconnaissance and lateral movement do not originate from malware. Most Organizations Cannot Find Breaches on Their Own 146 days Is the median length that attackers are present on a victim’s network before detection Long Attack dwell times & inability to detect SOURCE: 2016 LightCyber Cyber Weapons Report, M-Trends 2016 Threat Report, Verizon Data Breach Investigations Report

Current Limitations What’s Needed? Known Bad Learned Good Traditional Security Signatures, IoC’s, Packet Signatures, Domains, Sandbox Activity Block, or Miss Necessary, Not Sufficient What’s Needed Learn What is Good [Baseline] Detect What Isn’t [Anomaly] Catch What Slips Through the Cracks of Traditional Security Problems: Too Many False Alarms / False Positives Missed Variants / False Negatives Only Detect Malware-Based Attacks Agents & Signatures Benefits: Eliminates Zero-Day Exploit Dilemma Hundreds of Opportunities to Detect Applicable to All Techniques & Stages Agentless & Signature-less

Profiling, Detection, Investigation, & Remediation Behavioral Profiling - Network-Centric Endpoint and User Profiling Attack Detection - Anomalous Attack Behavior Across the Attack Lifecycle Automated Investigation - Network, User, & Process Association + Cloud Integrated Remediation - Block Attackers with NGFW, NAC, or Lock Accounts with AD

LightCyber Magna Solution MAGNAPATHFINDER IaaS Cloud Endpoints MAGNADETECTOR & MAGNAPROBE for AWS Network-to-Process Association (N2PA) HQ / DC Core Switch TAP / SPAN MAGNADETECTOR MAGNAMASTER Steve presents this slide Remote VPN Users Remote Office TAP / SPAN Switch MAGNAPROBE SIEM Remediation IAM & Policy Mgmt MAGNA UI Confidintial

Behavioral Attack Detection: Optimal Data Context

LightCyber Delivers Unbeatably Accurate Results Most IT security teams can’t keep up with the deluge of security alerts 62% ACROSS ALL ALERTS 99% ACROSS MAGNA’S AUTOMATED “CONFIRMED ATTACK” CATEGORY LIGHTCYBER ACCURACY Source: http://lightcyber.com/lower-security-alerts-metrics/

Behavioral Attack Detection About LightCyber Magna Platform Overview Network-Centric Detection Agentless & Signature-less Post-Intrusion: NTA/UEBA Operations Overview US HQ - CA EMEA HQ - Amsterdam IL HQ - Ramat Gan Customers World-Wide Behavioral Attack Detection Differentiation Most Accurate & Efficient: Proven & Measured Success Broadest Context: Network + Endpoint + User Broadest Attack Coverage with Integrated Remediation Verticals Served Finance & Insurance Public Sector Retail, Healthcare, Legal Service Providers Media, Technology, & More MAGNA LightCyber was founded by cyber warfare experts to help security analysts answer one question: would you know if an active attack was underway in your network? LightCyber was founded in 2012 and maintains offices throughout the world, including U.S. headquarters here in Los Altos, California and R&D headquarters in Ramat Gan, Israel. LightCyber Magna is part of an emerging category of products that we call Behavioral Attack Detection solutions that focus on: 1) Reducing Attack Dwell Time and the Related Damage, and do this in large part by 2) Increasing the Efficiency of IT Security Operations. We will go into that in detail during the remainder of this presentation. We serve a wide variety of verticals, including finance, healthcare, and government and LightCyber is recognized for providing attack detection alerts that are highly accurate and actionable. And we actually have published accuracy metrics to stand by those claims. NTA = Network Traffic Analytics UEBA = User & Entity Behavior Analytics

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.