Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why SIEM – Why Security Intelligence??

Published byPhilip Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "Why SIEM – Why Security Intelligence??"— Presentation transcript:

1 Why SIEM – Why Security Intelligence??
Presented by: Curtis Johnson LogRhythm Sales Engineer Sponsored by:

2 The Expanding Cyber Threat Motive
Political Ideological Criminal Examples Political: Allegedly, North Korea is responsible for the mass data theft of Sony Entertainment as a pay back for releasing the movie, “The Interview” Ideological: The Syrian Electronic Army is responsible for a number of website defacements, including in Jan 2015 SEA hackers managed to infiltrate LeMonde’s publishing tool before launching a denial of service Criminal: A cyberattack exposed 11 million Premera Blue Cross members data to sell the IDs on the blackmarket and enable identity thefts

3 Damaging Data Breaches
80 Million Accounts Stolen 56 Million Credit Cards Stolen 83 Million Accounts Exposed 145 Million Accounts Compromised 40 Million Credit Cards Stolen Examples: Anthem: Criminals accessed names, birthdays, addresses, SS#s, addresses, and employment data (including income). This is highly valuable data that can be sold on the black market to enable identity theft. Home Depot: Credit/Debit cards and addresses that can be sold on the black market for credit card abuse JP Morgan: Theft of addresses, home addresses, and phone numbers which can be sold on the black market to enable fraud Ebay: Theft of names, addresses, home addresses, phone numbers and date of birth Target: Credit card data to be sold on the black market

4 Most Companies Compromised
“71% of organizations were compromised by a successful cyber attack in 2014.” 2015 Cyberthreat Defense Report from CyberEdge Group as reported by SC Magazine 3/12/2015 IT’s WHEN, NOT IF…! Notes: Most companies have had some form of a compromise in the past year – it’s not just big companies. Almost 3 out of 4 companies were compromised by a successful compromise. Some avoided data breach by detecting the compromise – but some didn’t.

5 Prevention is Futile “Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.” “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.” Neil MacDonald

6 Faster Detection & Response Reduces Risk
229 median number of days that threat groups were present on a victim’s network before detection Mandiant 2014 Threat Report 2,287 Days was the longest time to detection observed. Mandiant 2014 Threat Report IN 60% OF CASES, ATTACKERS ARE ABLE TO COMPROMISE AN ORGANIZATION WITHIN MINUTES. 2015 Verizon Data Breach Report As organizations improve their ability to quickly detect and respond to threats, the risk of experiencing a high impact breach is greatly reduced. RISK & IMPACT OF BREACH

7 Ever Increasing Cyber Risk
ADVANCED THREAT / APT DETECTION DATA EXFILTRATION COMPROMISED HOSTS INAPPROPRIATE NETWORK USE FRAUD INSIDER THREATS COMPROMISED ACCOUNTS COMPROMISED HOSTS COMPROMISED CREDENTIALS NETWORK MISUSE COMPLIANCE VIOLATIONS STATE-SPONSORED ATTACKS Source: PwC, The Global State of Information Security Survey 2015

8 Today’s Threat Environment
Only Advanced Analytics can detect these threats Threats conclusively recognized at run-time, prevented at the endpoint and perimeter Detecting a class of threats only a Big Data approach can realize Effectively prioritizing threats, separating the signal from the noise Providing the intelligence required to deliver optimally orchestrated and enabled incident response However, many threats: Require a broader view to recognize Will only emerge over time Get lost in the noise

9 A Security Intelligence Driven Approach is Required
The cost of mitigating a threat, and risk to the business, rise exponentially across the lifecycle of a threat from inception to mission attainment. • Exfiltration • Corruption • Disruption Attack Reconnaissance Initial Compromise Command & Control Lateral Movement Target Attainment Organizations that desire to reduce their risk of experiencing a high impact cyber breach or incident must kill the threat early in it’s lifecycle, across the holistic attack surface.

10 Holistic Attack Surface
Network Endpoint Network User User Network User User Endpoint Endpoint Network User Endpoint User Holistic Attack Surface User User Network Network User Endpoint Endpoint User User Endpoint Network User Network User Network

11 Threat Lifecycle Management™: End-to-End Detection & Response Workflow
UNIFIED SECURITY INTELLIGENCE PLATFORM TIME TO DETECT TIME TO RESPOND FORENSIC DATA Security Event Data Captured Log & Machine Data Generated Forensic Sensor Data DISCOVER User Analytics Machine Analytics QUALIFY Assess threat and determine if it may pose risk and whether a full investigation is required. INVESTIGATE Fully analyze the threat and associated risk, determine if an incident has or is occurring. MITIGATE Implement countermeasures and controls that mitigate risk presented by the threat. RECOVER Eradicate Cleanup Report Review Adapt

12 Creating A Security Eco System
Businesses have been buying these Solutions For Years….. SIEM -Makes These Pieces Work As A Single Security Eco System… SIEM Security Firewall IPS Malware WAF End Point Network Routers Switches Wireless Directory Services Active Directory Users Groups Data Management Data Loss Data in Motion Data at Rest Spam Phishing Physical Alarms Surveillance Access Control

13 LogRhythm Security Intelligence Maturity Model Progression
Level Description BLIND No Visibility 1 MINIMALLY COMPLIANT Check Box 2 SECURELY COMPLIANT Holistic View Breaking log Silos Machine Analytics 3 VIGILANT Host data collection 3rd party feeds Packet captures Automated response 4 RESILIENT Forward looking 24x7 SOC LEVEL 0 LEVEL 1 LEVEL 2 LEVEL 3 LEVEL 4

14 Thank You! Any questions?
Download the Security Intelligence Maturity Model whitepapers at: Sponsored by:

Download ppt "Why SIEM – Why Security Intelligence??"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.

Similar presentations

Ads by Google