Moving faster than the human

Slides:



Advertisements
Similar presentations
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Advertisements

Chapter 7 Database Auditing Models
Improving effectiveness of your tax operations 10 May 2012 CHARLOTTE RUSHTON MANAGING DIRECTOR, ASIA PACIFIC.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
1 SCIP Africa Summit | 13 – 15 October 2014 The EY Africa competitive intelligence story: key lessons learned Sejabaledi Motsepa – Analyst, EY.
Agenda Why is globalization important to the profession
Clicks, conversations and the candidate experience
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Indexed content Migrate content Create links Content for future indexing.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Incident Response November 2015 Navigating a Cybersecurity Incident.
Credit Management Services
Tom Bernard October  This presentation is provided solely for the purpose of enhancing knowledge on tax matters. It does not provide tax advice.
IBM Security Pelin Konakçı IBM Security Software Sales Leader
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Value Sharing in Queensland 21 March Page 2 Copyright © 2016 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)
GASB 77: Tax Abatement Disclosure and Required Governmental Considerations NASC Annual Conference Salt Lake City, Utah 17 March 2016 Presenter: Joe Huddleston.
Value Sharing in Queensland 21 March Page 2 Copyright © 2016 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved.
Cybersecurity as a Business Differentiator
OIT Security Operations
Hybrid Management and Security
Office 365 Security Assessment Workshop
BLOCKCHAIN APPLICATION IN CORE BANKING
Continuous Delivery- Complete Guide
Data Minimization Framework
DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.
University of Stellenbosch Business School
Understanding EU GDPR from an Office 365 perspective
Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics
SAMPLE Develop a Comprehensive Competency Framework
Intelligence Driven Defense, The Next Generation SOC
Active Cyber Security, OnDemand
ServiceNow Implementation Knowledge Management
Modernizing compliance: Moving from value protection to value creation
Reducing Fraud Risks Through Effective Information Governance in the Tech Sector September 15, 2017 The Input area of the Beam is a shape with a picture.
Turning Insights into Action
Vertex & EnterpriseOne
Securing Your Digital Transformation
Transformational technology and privacy
The New Oracle Monitoring and Advisory Service for Applications Unlimited Michael Soulier Senior Director Applications Customer Support, PeopleSoft October.
Get Ready for GDPR Compliance
Tax Cuts and Jobs Act considerations for life actuaries
National Cyber Security
Colorado University October 3, 2007
Yammer: a path to business value
Your life has changed. So should the way you do your taxes.
Coordinated Security Response
Deloitte & Touche November 2018.
AllClear ID Executive Speakers
Employee engagement Delivery guide
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Third-party risk management (TPRM)
AllClear ID Executive Speakers
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Gartner for Sales Leaders
Pitch Deck.
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
UDTSecure TM.
Fortify YOUR Defense with CyberSponse Adaptive Security
OU BATTLECARD: Oracle Identity Management Training
Changing Role Tier 1 SOC Analysts Should You Stop Hiring?
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Anatomy of a Common Cyber Attack
Presentation transcript:

Moving faster than the human Security orchestration automation and response (SOAR) for threat detection and response May 16, 2018

Case study Are we 100% sure we’ve scoped the incident properly? What percentage of the way through the incident are you? What systems or technologies failed during the intrusion? Do we need to notify regulators? To answer these questions, you need an incident response strategy and “battle-tested” incident response plans and procedures. Automation allows organizations to take their plan to the next level. SOC operations documentation Heavy use of documents to track incident response processes and workflow Manually intensive to create and/or update procedures Implemented, but inefficient incident response tracking tools due to lack of customization Time-consuming process to create metric reports Correlation of historical and threat intelligence data is not performed

Compliance with GDPR 72 hr breach notification rule3 Industry challenges The anticipated talent shortage of cybersecurity professionals by 2019 is 1.5 million1 Compliance with GDPR 72 hr breach notification rule3 The average time to detect a breach in the Americas is 99 days and the average cost is $4 million2 1 Source: (ISC)2 2 Source: Gartner 3 Source: EUGDPR

Key Issues Visibility Security confidence Long response times CISO Visibility Security confidence Long response times SOC Manager Shortage of skilled analysts Visibility into people, process and technology Lack of consistency Service level metrics SOC Analysts Alert fatigue Time consuming manual processes Disconnected tools SOC operations documentation

Security Orchestration Automation and Response Alerts Automatic/ Manual Response and Remediation Create Helpdesk Ticket App Logs SIEM Gather Forensics F/W Logs Disable Account Workflow Automation Case Management Collaboration SOAR DHCP Logs Endpoint Activity Threat data Related Logs Manually invoked enrichment Automatic enrichment Vulnerability Management Web gateway VirusTotal

Applicable areas in cybersecurity Security operations Threat detection and response Threat exposure and vulnerability management Software and product security Application inventory tracking Secure development gates Security validation and remediation Governance Security program governance Security controls tracking Digital identity and access Access fulfilment Access certification Manual access appropriateness check and automated alert notifications

Benefits Reliable Operate 365 days a year! Retention Freed up human resources for higher value-added tasks Productivity Accelerate detection and response Consistent Eliminating variations in processes ROI 20–35% savings Fast Automatically deploy security controls Audit trail Fully maintained logs for compliance Scalable Ramp up and down to match demand Visibility Single pane of glass

SOAR journey Strategy Operations Execution Implement the cyber orchestration technology Customize the API from the technology to support existing security technologies Build automations into technology Strategy Operations Build overall strategy and roadmap including business case justification Select the appropriate cyber orchestration technology Amend playbooks for orchestration Design the solution to fit into existing environment Build metrics to measure and manage improvements with respect to detection and response Monitor and remotely manage cyber orchestration environment for API changes Execution

Thank you

Speaker introductions Himanshu Anand Himanshu Anand is a senior manager in Ernst & Young LLP’s IT Risk and Assurance practice based in New Jersey, focusing on Cyber Threat Management. He has over 10 years of experience in the areas of Data management & Data analysis tools for cyber security, web infrastructure architecture and Web application performance management tools. He leads the Cyber orchestration engineering and Security Information and Event management (SIEM) teams, performing architecture and design tasks for clients including Cyber-as-a-Service (CaaS) service offering. He has experience in leading large-scale strategic IT initiatives, working directly with CISOs and is technically well versed. Renana Friedlich Renana is the North America Incident Response leader at Ernst & Young’s Advanced Security Center (ASC) and has more than thirteen years of experience in information security. Over the last eleven years, she led breach investigations for global clients, detected nation-state APT campaigns at Fortune 500 companies, developed incident response plans and facilitated cyber simulation. Renana led EY’s response to several well-known security data breaches, where she directed the work of the technical groups and provided briefings to executives and C- Suites. Prior to her current role, Renana served in an elite intelligence unit the Israeli defense forces for over seven years in various cybersecurity positions. Views of presenters are not necessarily those of Ernst & Young LLP. These slides are for educational purposes only and are not intended to be relied upon as professional advice. Please refer to your advisors for specific advice.

EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US. © 2018 Ernst & Young LLP. All Rights Reserved. 1804-2656758 ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.