Presentation is loading. Please wait.

Presentation is loading. Please wait.

Closing the Breach Detection Gap

Published byEmma Feld Modified over 6 years ago

Similar presentations

Presentation on theme: "Closing the Breach Detection Gap"— Presentation transcript:

1 Closing the Breach Detection Gap
Delivering Enterprise Security Assurance with Behavioral Attack Detection Steve Costolo Regional Sales Director January 2017 CONFIDENTIAL

2 Evolving IT Security Investment Needs
SIEM Damage Breach Detection Gap Stateful FW IPS / IDS Network AV Sandboxing Security Expenditure Intrusion Attempt Phase (Seconds – Minutes) Active Attack Phase (Weeks – Months) Incident Response (Weeks – Months) Now, if all defenses were 100% safe, if there were no insider threats, if you didn’t have to worry about social engineering or remote access threats, then the perimeter defenses we have today would be good enough. But history and news headlines show us that these defenses are not failsafe. Attackers do get through. Then, what do they do? Most organizations can’t answer this question because they don’t have any tools to monitor this activity—the reconnaissance and the lateral movement and the fata exfiltration which can take days or weeks or months. Lockheed Martin: Cyber Kill Chain

3 99% 146 days Breach Detection Gap
Most Organizations Focus on Malware and External Attacks But Cannot Detect Attackers in Their Network 99% of post-intrusion attacks such as reconnaissance and lateral movement do not originate from malware. Most Organizations Cannot Find Breaches on Their Own 146 days Is the median length that attackers are present on a victim’s network before detection Long Attack dwell times & inability to detect SOURCE: 2016 LightCyber Cyber Weapons Report, M-Trends 2016 Threat Report, Verizon Data Breach Investigations Report

4 Current Limitations What’s Needed?
Known Bad Learned Good Traditional Security Signatures, IoC’s, Packet Signatures, Domains, Sandbox Activity Block, or Miss Necessary, Not Sufficient What’s Needed Learn What is Good [Baseline] Detect What Isn’t [Anomaly] Catch What Slips Through the Cracks of Traditional Security Problems: Too Many False Alarms / False Positives Missed Variants / False Negatives Only Detect Malware-Based Attacks Agents & Signatures Benefits: Eliminates Zero-Day Exploit Dilemma Hundreds of Opportunities to Detect Applicable to All Techniques & Stages Agentless & Signature-less

5 Profiling, Detection, Investigation, & Remediation
Behavioral Profiling - Network-Centric Endpoint and User Profiling Attack Detection - Anomalous Attack Behavior Across the Attack Lifecycle Automated Investigation - Network, User, & Process Association + Cloud Integrated Remediation - Block Attackers with NGFW, NAC, or Lock Accounts with AD

6 LightCyber Magna Solution
MAGNAPATHFINDER IaaS Cloud Endpoints MAGNADETECTOR & MAGNAPROBE for AWS Network-to-Process Association (N2PA) HQ / DC Core Switch TAP / SPAN MAGNADETECTOR MAGNAMASTER Steve presents this slide Remote VPN Users Remote Office TAP / SPAN Switch MAGNAPROBE SIEM Remediation IAM & Policy Mgmt MAGNA UI Confidintial

7 Behavioral Attack Detection: Optimal Data Context

8 LightCyber Delivers Unbeatably Accurate Results
Most IT security teams can’t keep up with the deluge of security alerts 62% ACROSS ALL ALERTS 99% ACROSS MAGNA’S AUTOMATED “CONFIRMED ATTACK” CATEGORY LIGHTCYBER ACCURACY Source:

9 Behavioral Attack Detection
About LightCyber Magna Platform Overview Network-Centric Detection Agentless & Signature-less Post-Intrusion: NTA/UEBA Operations Overview US HQ - CA EMEA HQ - Amsterdam IL HQ - Ramat Gan Customers World-Wide Behavioral Attack Detection Differentiation Most Accurate & Efficient: Proven & Measured Success Broadest Context: Network + Endpoint + User Broadest Attack Coverage with Integrated Remediation Verticals Served Finance & Insurance Public Sector Retail, Healthcare, Legal Service Providers Media, Technology, & More MAGNA LightCyber was founded by cyber warfare experts to help security analysts answer one question: would you know if an active attack was underway in your network? LightCyber was founded in 2012 and maintains offices throughout the world, including U.S. headquarters here in Los Altos, California and R&D headquarters in Ramat Gan, Israel. LightCyber Magna is part of an emerging category of products that we call Behavioral Attack Detection solutions that focus on: 1) Reducing Attack Dwell Time and the Related Damage, and do this in large part by 2) Increasing the Efficiency of IT Security Operations. We will go into that in detail during the remainder of this presentation. We serve a wide variety of verticals, including finance, healthcare, and government and LightCyber is recognized for providing attack detection alerts that are highly accurate and actionable. And we actually have published accuracy metrics to stand by those claims. NTA = Network Traffic Analytics UEBA = User & Entity Behavior Analytics

Download ppt "Closing the Breach Detection Gap"

Similar presentations

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Marin Frankovic Datacenter TSP

Marin Frankovic Datacenter TSP
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google