OPIsrael And The Value Of Next Generation SOCs

Slides:

Advertisements

Similar presentations

Chapter 1 Business Driven Technology

Advertisements

The Most Analytical and Comprehensive Defense Network in a Box.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

Microsoft Ignite /16/2017 4:54 PM

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.

California Common Operating Picture (Cal COP) for Public Safety

Correlations, Alarms and Policies

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Digital Automata Unit 7-1 Managing the Digital Enterprise By Professor Michael Rappa.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

Distribution & Sales Systems 14 th January Distribution & Online Marketing Tools.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

How to Make Cyber Threat Intelligence Actionable

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Protect your Digital Enterprise

SIEM Rotem Mesika System security engineering

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Internal Security Threats

Comprehensive Security and Compliance at an Affordable Price.

The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.

Microsoft Operations Management Suite Insight and Analytics

Real-time protection for web sites and web apps against ATTACKS

Intelligence Driven Defense, The Next Generation SOC

Active Cyber Security, OnDemand

Technology & Analytics

Navision Business Analytics

Identity Driven Security

Speaker’s Name, SAP Month 00, 2017

Office 365 Enterprise Value

SECURITY INFORMATION AND EVENT MANAGEMENT

Cyber Threat Intelligence Sharing Standards-based Repository

Cybersecurity Insider Threat Analytics

Cyber Issues Facing Medical Practice Managers

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

AKAMAI INTELLIGENT PLATFORM™

Database Applications – Microsoft Access

Is your deployment in pants-down mode?

Shifting from “Incident” to “Continuous” Response

Skybox Cyber Security Best Practices

CRITICAL INFRASTRUCTURE CYBERSECURITY

Panda Adaptive Defense Platform and Services

Automating Security Operations using Phantom

Using the Cloud App Marketplace Monitoring cloud app migrations

Business Intelligence

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

Protect Your Ecommerce Site From Hacking and Fraud

Cyber security and Computer Misuse

Strategic threat assessment

Cybersecurity EXERCISE (CE) ATD Scenario questions

Marcial Quinones-Cardona

STEALTHbits Technologies, Inc.

MSSP Security Orchestration Shopping List

Fortify YOUR Defense with CyberSponse Adaptive Security

CyberSecurity Strategy For Defendable ROI

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

10 Signs You Should Invest In Security Automation

What You Should Know About Driving Down MTTD and MTTR

Presentation transcript:

OPIsrael And The Value Of Next Generation SOCs

Introduction Today is an excellent opportunity to see how next generation SOC platforms are changing enterprise security. One of the biggest organized cyber attacks against Israeli organizations, #OPIsrael, is scheduled for today. It’s the kind of scenario that can overwhelm conventional security operation centers (SOCs) and one that brings out the value of the Siemplify platform. The Nature of the Threat The majority of attackers participating in #OPIsrael are hacktivist groups, like Anonymous. They will primarily be looking to launch distributed denial-of- service (DDOS) attacks against Israeli-related sites and publishing personal information (mainly credit card details):

DDoS Attacks & DDoS Tools “With regard to the attack vectors, we assume the attackers will attempt to carry out DDoS attacks or leak the databases of small Israeli websites (based on past experience, most of the data leakage will be recycled from previous campaigns). We also believe they will use familiar or self-developed DDoS tools, as well as malware based on njRAT, which is very popular among Arabic-speaking hacktivists.” It is also possible that there will be attempts to infect Israeli endpoints with Ransomware via s with malicious files during this campaign. Moreover, attackers sometimes spoof an internal address to alleviate the concerns of potential victims. – SenseCy, a threat intelligence company

So Many Attacks, So Little Information With conventional security operations, attacks like #OPIsrael can be overwhelming. The attacks often originate from multiple regions and involve multiple actors, making detection more difficult for the typical tier-1 security analyst.

OPIsrael Effort Threat intelligence service providers have been monitoring the #OPIsrael effort and their reports could be a significant asset in fighting such cyber threats. Practically, though, threat intelligence reports are consumed by threat intelligence investigators in conventional SOCs not the tier-1 security analysts triaging incoming security alerts. And DDOS triggers an enormous number of alerts. The alerts appear to the security analyst as rows-upon-rows of independent entries in the spreadsheet-like interfaces of their SIEMs. Analysts are left having to sift through those entries, researching and analyzing each one. They struggle with understanding the strategic picture, the connection between the alerts and the importance to the business.

Stop Working From Alerts Always at risk is the possibility that they will miss the few truly critical alerts, amongst the thousands of others, indicating the bigger threats — data exfiltration attempts or critical system penetrations. Stop Working From Alerts Instead of triaging thousands of security alerts, tier-1 security analysts in next generation SOC work from a prioritized list of “cases.” Cases are visual representations of the attack chain, synthesizing information from many sources including: ●The significant alerts from the SIEM ●Threat intelligence reports ●Active Directory information, and business intelligence information

DDOS Attack & Security Analysts Alone, shifting from alerts to cases is a paradigm shift. Siemplify customers see the workload of their tier-1 security analysts decrease significantly, more than 90 percent in at least one instance. The tier-1 analyst in a next generation SOC can also investigate many of those cases, a function usually reserved for more senior analysts. The Siemplify platform lays out the entire attack chain as a visual storyline. Analysts investigate a threat simply by clicking on an icon and pivoting off of the object. Gathering information from data stores is also simpler than in conventional SOCs. Analysts retrieve data by filling in forms not by writing complex queries.

Siemplify Platform Building accurate and reliable cases requires a robust backend. With Siemplify, advanced data science algorithms analyze the enormous amount of networking- and security-related information that may be relevant to the alert. A graph database helps understand the relationships between users, applications and networking objects. Together, the two automatically identify the significant security events.

Cases Aggregate Related Alerts

Think Strategically By taking a strategic view, security teams become more efficient. They focus on what matters, first. They analyze threats faster and respond quicker. With DDOS, for example, analysts can remediate an attack by blocking a pattern of attacks emanating from a region at the click of a button.

References