Security Operations Without Going Blind

Slides:



Advertisements
Similar presentations
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Advertisements

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Guidelines and Management
2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,
Correlations, Alarms and Policies
Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.
Security Information Management.  Thesis  Managing security event information is a difficult task  Most successful deployments start with a clear understanding.
Supporting UChicago’s Global Presence CSG Fall Workshop 2012.
The Most Analytical and Comprehensive Defense Network in a Box.
Web Application Security A Project X Course Date: Nov 1 th – 2 nd, 2010 Confidential Material.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
Web Application Firewall (WAF) RSA ® Conference 2013.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
“There is nothing more important than our customers” Jak zabezpečit sítě proti útokům zevnitř a přitom maximálně využít stávající infrastrukturu Michal.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
Role Of Network IDS in Network Perimeter Defense.
Assure Analytics data analytics and visualisation Robert Ghanea-Hercock, Alex Healing, Ben Azvine, Karl Smith.
Dr. Hussein Al-Bahadili Faculty of Information Technology Petra University Week #5 1/10 Securing E-Transaction - SIEM.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.
CSN52: Realizing the Value-Add:
SIEM Rotem Mesika System security engineering
OIT Security Operations
The Impact of Digital Labour on Outsourcing
Centralized Security Event Management
Proventia Network Intrusion Prevention System
C IBM Security QRadar SIEM V7.2.6 Associate Analyst
Machine Learning for Enterprise Security
Use Azure Security Center to prevent, detect, and respond to threats
Rules of Thumb to Mathematical Rule- A Cyber Security Journey
Assessing Targeted Attacks in Incident Response Threat Correlation
Cisco OMD Feature Update
VCE Practice Test Questions Answers
Software Architecture in Practice
SECURITY INFORMATION AND EVENT MANAGEMENT
Ali Dehghantanha; Myths and Truths: Cyber Threat Hunting and Intelligence in IoT Environments Ali Dehghantanha;
Securing Your Digital Transformation
THE NEXT GENERATION MSSP
Security Operations Without Going Blind
Detecting and Mitigating Threats: The Evolving Threat Landscape in the GCC
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chapter 4: Protecting the Organization
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
Enhanced alerting and collaborative incident management
CIPSEC architecture CIPSEC workshop Frankfurt 16/10/2018
CIPSEC Framework components: XL-SIEM
Network hardening Chapter 14.
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Data Security and Privacy Techniques for Modern Databases
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Cybriant Partner Partner Program White Label Materials
Presentation transcript:

Security Operations Without Going Blind Greg Taylor-Broun, Product Strategist

Challenge #1 Majority of analysts don’t enjoy continuous security monitoring nor do they rate is as particularly valuable to their primary objective Voice of the Analyst Survey, Cyentia Institute

Challenge #2 Hiring and retaining analysts

Challenge #3 We’ll never be able to look at everything with human analysis Telemetry IDS/IPS, AV, Web Proxy, EDR Pattern-matching Log Platform Collectors, Forwarders and DB Aggregation, Filtering & Storage Rules, Queries & ML SIEM, UEBA, ML Correlation & Anomalies Consoles & Dashboards Human Analytics Human Security Monitoring

Security Analyst role Investigate Threat Prioritize & Escalate Receive feedback & improve Operational Duties Scope & Build Case Environmental Awareness Foundational Knowledge Security Expertise

You’re the Analyst How would you analyze this Network IPS event? 192.168.0.1:60036 -> 192.168.4.10:443, SQL Injection, 6Aug16, 20:08:03, Exploitation, Permit, Medium

You’re the Analyst How would you analyze this Network IPS event? Source Port Ephemeral? Destination Port Server Port? Attack Category Which attack stage? Severity How severe? 192.168.0.1:60036 -> 192.168.4.10:443, SQL Injection, 6Aug16, 20:08:03, Exploitation, Permit, Medium Source IP Ext or Int? Tor Exit Node? Public VPN? Country of Origin? Is an IOC? Destination IP Vulnerable? Port open? Change ticket? Critical Asset? Signature Modern? Recently updated? Seen in an incident? False positive? Date and Time Suspicious Pattern? False positive pattern? Device Action Blocked? Allowed? Now do this 170 times an hour in a 10-12 hour shift!!

Modeling Human Decision Making Expert system and Bayesian Network

Rule Logic vs. Probabilistic Reasoning Probability theory is nothing but common sense reduced to calculation. Pierre-Simon Laplace

Security Operations Center Respond Software AI Expert System Strategy & Approach We’re moving to a new model for security monitoring and analysis Security Operations Center Business Focused Analytics 8x5 Operations Incident Response Hunting & Investigation Business Focused Use Cases & Respond Software AI Expert System 24/7 Monitoring, Scoping & Escalation Complete Visibility of Core Use Cases Business Context Local and Global Learning Elevate your analysts

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.