Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to a Security Intelligence Maturity Model

Published byLaurence Eaton Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to a Security Intelligence Maturity Model"— Presentation transcript:

1 Introduction to a Security Intelligence Maturity Model

2 Damaging Data Breaches
80 Million Accounts Stolen 56 Million Credit Cards Stolen 83 Million Accounts Exposed 145 Million Accounts Compromised 40 Million Credit Cards Stolen Talking Points - Examples: Anthem: Criminals accessed names, birthdays, addresses, SS#s, addresses, and employment data (including income). This is highly valuable data that can be sold on the black market to enable identity theft. Home Depot: Credit/Debit cards and addresses that can be sold on the black market for credit card abuse JP Morgan: Theft of addresses, home addresses, and phone numbers which can be sold on the black market to enable fraud Ebay: Theft of names, addresses, home addresses, phone numbers and date of birth Target: Credit card data to be sold on the black market

3 Prevention-centric is Obsolete
“Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.” “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.” - Neil MacDonald, Talking Points The industry is shifting from a focus on prevention to a more rounded approach including ability to detect and respond Assumption is that hackers will get in – must be able to recognize early compromises and take action

4 Today’s Threat Environment
! Threats conclusively recognized at run-time, prevented at the endpoint and perimeter. Only Analytics can detect these threats However, many threats: ! Detecting a class of threats only a Big Data approach can realize Effectively prioritizing threats, separating the signal from the noise Providing the intelligence required to deliver optimally orchestrated and enabled incident response 2 Require a broader view to recognize 1 Get lost in the noise ! 3 Will only emerge over time !

5 A Security Intelligence Driven Approach is Required
The cost of mitigating a threat, and risk to the business, rise exponentially across the lifecycle of a threat from inception to mission attainment. “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2013.” Reconnaissance Initial Compromise Command & Control Lateral Movement Target Attainment Exfiltration / Corruption / Disruption User Endpoint Network Organizations that desire to reduce their risk of experiencing a high impact cyber breach or incident must kill the threat early in it’s lifecycle, across the holistic attack surface. Key Talking Points: “Holistic attack surface” Mission realization Kill the threat easily Previous breaches would’ve been avoided if detected early. ----- Notes: Goes further on our solution to show that damaging breaches can be avoided because the threat lifecycle takes time. The lifecycle of a threat begins with reconnaissance. Find their way in by manipulating users, dropping USB keys in parking lot, compromising physical environment, etc. At some point, they will begin to engage with the environment and eventually compromise the system. If that compromise isn’t detected, they will take increasing control over the environment and move laterally toward their target, taking over accounts and systems until they attain their target, where the biggest damage is done: exfiltration, corruption, disruption, etc. This is how threats work. If we can stop the attacker after the initial compromise, we can prevent the damaging breach.

6 Security Intelligence Defined
Security Intelligence is the ability to capture, correlate, visualize, and analyze forensic data in order to develop actionable insight to detect and mitigate threats that pose real harm to the organization, and to build a more proactive defense for the future. Greater levels of Security Intelligence will enable adopters to shorten their Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR), extend the value of current security tools, and discover previously unseen threats through advanced machine analytics

7 Security Intelligence Measured
Key Talking Points: “Mean-time-to-detect” and “Mean-time-to-response” Reduce risk of damaging cyber incident or data breach ----- Notes: What’s the solution? Faster detection and faster response. We’ve developed a model to assess your current maturity and ability to detect and respond to threats. Help customers measure their overall security posture. Many studies show that MTTD and MTTR are measured in weeks and months, and companies that want to improve need the types of solutions we provide.

8 Market Drivers for a Maturity Model
There is an increasing rate and growing sophistication of cyber threats This is leading to an increased awareness of the severity of cyber threats A fundamental shift is beginning to take place in terms of the overall approach enterprises now have toward delivering cyber security to the organization Security Monitoring and Security Intelligence are still not well defined A clear definition and maturity model provides organizations with a road map of how to orchestrate this shift to achieve organizational security goals

9 Organizational Risk Characteristics

10 Security Intelligence Investments & Capabilities

11 Level 0 Details

12 Level 1 Details

13 Level 2 Details

14 Level 3 Details

15 Level 4 Details

16 Maturity Level Progression
LogRhythm’s Security Intelligence Maturity Model provides the framework for organizations to assess and evolve their Security Intelligence capabilities Key Talking Points: Cybersecurity is a journey, not a destination Maturity model provides roadmap LogRhythm is your partner for long-term success. ----- Notes: What is your security intelligence posture? This slide introduces our SIEM model. Drive consultative conversation. Tell about the model. It is designed to provide a roadmap to help customers improve their security over time. Our comprehensive platform approach and services can you help you mature your capabilities over time. We are their partners on this journey.

17 Key Takeaways Today’s threat landscape transcends yesterday’s defense-in-depth framework It’s When, not If a breach will occur Improved detection and response capabilities are essential Understand “normal” across multiple dimensions and monitor for “abnormal” Employ advanced security analytics to optimize breach detection & response and reduce risk

18

Download ppt "Introduction to a Security Intelligence Maturity Model"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Www.infotech.com Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.

Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.
Friday 22nd April 2016 DS Chris Greatorex SEROCU

Friday 22nd April 2016 DS Chris Greatorex SEROCU
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer

1 | Company Confidential The Modern Cyber Threat Pandemic Nate Traiser Mtn Region Ent Sales Engineer
Why SIEM – Why Security Intelligence??

Why SIEM – Why Security Intelligence??
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm.

1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm.
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.

Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$

Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$
Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Feb 2017 Single User PDF: US$

Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Feb 2017 Single User PDF: US$

Similar presentations

Ads by Google