Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer

Published byAndra Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer"— Presentation transcript:

1 1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer Nate.Traiser@LogRhythm.com

2 2 | Company Confidential When Times Were Simpler

3 3 | Company Confidential Fast forward to

4 4 | Company Confidential The Economist, November 2015 “Attackers will still get in (too much badly designed hardware and software is out there, and seemingly innocent websites can be doctored to infect computers that visit them). The only safe assumption is that your network is breached, and to make sure that you deal with intruders promptly—not after the 200-odd days which it typically takes. “ - Edward Lucas

5 5 | Company Confidential The Economist, November 2015 “Many networks have no means of detecting a breach at all. And old-style cyber-security generates too many alerts: “false positives”, in the jargon. When a burglar alarm rings constantly, people ignore it. Now the combination of cleverer algorithms, better data collection, cheaper storage and greater processing power makes it easier to automate the detection of anomalous behaviour, and to work out who is up to what.“ - Edward Lucas

6 6 | Company Confidential The Expanding Cyber Threat Motive PoliticalIdeologicalCriminal

7 7 | Company Confidential Damaging Data Breaches

8 8 | Company Confidential Common Security Challenges Connections Moving to Encrypted Channels Increased Load = poor performance Difficult to Deploy Potential lost visibility "Social Attack" – Employees will mix Personal with Professional social tactics being used in around 20% of confirmed data breaches 30% over larger time frame the top three, phishing (72%), pretexting (16%), and bribery/solicitation (10%), represent the vast majority of social actions in the real world. 80% of data breaches involve exploitation of stolen, weak, default or easily guessable passwords "Many data breach victims believe they are in isolation, dealing with sophisticated tactics and zero-day malware never seen before—we see otherwise. To us, few breaches are unique. In fact, our VERIS research indicates that at any given point in time, a small number of breach scenarios comprise the vast majority of incidents we investigate. There is tremendous commonality in real-world cyber-attacks. In fact, according to our RISK Team incident data set over the previous three years, just 12 scenarios represent over 60% of our investigations." http://media.scmagazine.com/documents/214/verizon_data_breach_ digest_53373.pdf

9 9 | Company Confidential Common Attack Scenario Weaponization Delivery Reconnaissance Command & Control Actions on Objective Exploitation Installation

10 Prevention-Centric Approaches Firewalls Intrusion Prevention Systems Anti-Virus/Malware Sandboxing 205 Median number of days that companies were compromised before detection of threat - Mandiant M-Trends 2015 205 Median number of days that companies were compromised before detection of threat - Mandiant M-Trends 2015 Preventable Threats Previously Seen Signature-Based Static One-Dimensional Prevention-Centric Approaches are Insufficient Modern Cyber Threats Advanced Stealthy Persistent Dynamic Multi-Dimensional

11 11 | Company Confidential Prevention-Centric is Obsolete “Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.” “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.” - Neil MacDonald,

12 12 | Company Confidential Prevention-Centric is Obsolete “For many enterprises there is a disconnect between the products they are buying and their effectiveness. "Many people are putting firewall, IPS, and antivirus in place thinking that intelligence is actually going to help them," Chenette said...” “"Hope is not a strategy," said Chenette, so in order for companies to improve their security strategy, they need to realize that technology can fail. "Controls fail over time, and the worst outcome is that there is a breach because they had a control in place that should’ve detected," Chenette said.” - Stephan Chenette, CEO, AttackIQ

13 13 | Company Confidential “Traditional Security” Creates Silos Security FirewallIPSMalwareWAFEnd Point Network RoutersSwitchesWireless Directory Services Active Directory UsersGroups Data Management Data Loss Data in Motion Data at Rest Email SpamMalwarePhishing Physical AlarmsSurveillance Access Control Partners Have Engaged Their Customers With These Solutions For Years….. LogRhythm Makes These Pieces Work As A Single Security Eco System…

14 14 | Company Confidential Bringing it all into one place

15 15 | Company Confidential Big Data Analytics can best detect these threats An Excellent Security Intelligence Platform Delivers: Big Data analytics to identify advanced threats Qualified and prioritized detection, reducing noise Incident response workflow orchestration and automation Capabilities to prevent high- impact breaches & damaging cyber incidents However, advanced threats: Require a broader view to recognize Only emerge over time Get lost in the noise Prevention-centric approaches can stop common threats A New Security Approach is Required

16 16 | Company Confidential Data Exfiltration Can Be Avoided Advanced threats take their time and leverage the holistic attack surface Early neutralization = no damaging cyber incident or data breach Initial Compromise Command & Control Lateral Movement Target Attainment Exfiltration Corruption Disruption Reconnaissance ATTACK

17 17 | Company Confidential Security Intelligence Platform TIME TO DETECT TIME TO RESPOND Recover Cleanup Report Review Adapt Neutralize Implement countermeasures to mitigate threat and associated risk Investigate Analyze threat to determine nature and extent of the incident Threat Lifecycle Management: End-to-End Detection & Response Workflow Qualify Assess threat to determine risk and whether full investigation is necessary Detect & Prioritize User Analytics Machine Analytics Collect & Generate Forensic Sensor Data Security Event Data Example Sources Log & Machine Data Example Sources

18 18 | Company Confidential Faster Detection & Response Reduces Risk High VulnerabilityLow Vulnerability Months Days Hours Minutes Weeks MTTD & MTTR MEAN-TIME-TO-DETECT (MTTD) The average time it takes to recognize a threat requiring further analysis and response efforts MEAN-TIME-TO-RESPOND (MTTR) The average time it takes to respond and ultimately resolve the incident As organizations improve their ability to quickly detect and respond to threats, the risk of experiencing a damaging breach is greatly reduced Exposed to ThreatsResilient to Threats

19 19 | Company Confidential Steps to take to the road of Resiliency… Develop and Maintain an Incident Response Plan Make sure Management is onboard with the Plan Review on a yearly basis Take Control of the Knowns… Identify all critical company assets and who has access to them Identify company approved applications and develop Application White Lists Effectively Manage your Domain Users and Groups Effectively apply and manage ACLs for network access Review all asset logging levels and Perform system configuration deltas on an approved schedule days/time Perform with limited known accounts Eliminate mysteries around time and users associated with change Review Your Logs and Alarms – they are your friends.

20 20 | Company Confidential Market Leadership Certifications & Validations Industry Awards Company Awards Company of the Year Industry Analysts

21 21 | Company Confidential Nate.Traiser@logrhythm.com Twitter @1832PRO THANK YOU

Download ppt "1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Network security policy: best practices

Network security policy: best practices
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Similar presentations

Ads by Google