Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving faster than the human

Published byPhilip Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Moving faster than the human"— Presentation transcript:

1 Moving faster than the human
Security orchestration automation and response (SOAR) for threat detection and response May 16, 2018

2 Case study Are we 100% sure we’ve scoped the incident properly?
What percentage of the way through the incident are you? What systems or technologies failed during the intrusion? Do we need to notify regulators? To answer these questions, you need an incident response strategy and “battle-tested” incident response plans and procedures. Automation allows organizations to take their plan to the next level. SOC operations documentation Heavy use of documents to track incident response processes and workflow Manually intensive to create and/or update procedures Implemented, but inefficient incident response tracking tools due to lack of customization Time-consuming process to create metric reports Correlation of historical and threat intelligence data is not performed

3 Compliance with GDPR 72 hr breach notification rule3
Industry challenges The anticipated talent shortage of cybersecurity professionals by is 1.5 million1 Compliance with GDPR 72 hr breach notification rule3 The average time to detect a breach in the Americas is 99 days and the average cost is $4 million2 1 Source: (ISC)2 2 Source: Gartner 3 Source: EUGDPR

4 Key Issues Visibility Security confidence Long response times
CISO Visibility Security confidence Long response times SOC Manager Shortage of skilled analysts Visibility into people, process and technology Lack of consistency Service level metrics SOC Analysts Alert fatigue Time consuming manual processes Disconnected tools SOC operations documentation

5 Security Orchestration Automation and Response
Alerts Automatic/ Manual Response and Remediation Create Helpdesk Ticket App Logs SIEM Gather Forensics F/W Logs Disable Account Workflow Automation Case Management Collaboration SOAR DHCP Logs Endpoint Activity Threat data Related Logs Manually invoked enrichment Automatic enrichment Vulnerability Management Web gateway VirusTotal

6 Applicable areas in cybersecurity
Security operations Threat detection and response Threat exposure and vulnerability management Software and product security Application inventory tracking Secure development gates Security validation and remediation Governance Security program governance Security controls tracking Digital identity and access Access fulfilment Access certification Manual access appropriateness check and automated alert notifications

7 Benefits Reliable Operate 365 days a year! Retention
Freed up human resources for higher value-added tasks Productivity Accelerate detection and response Consistent Eliminating variations in processes ROI 20–35% savings Fast Automatically deploy security controls Audit trail Fully maintained logs for compliance Scalable Ramp up and down to match demand Visibility Single pane of glass

8 SOAR journey Strategy Operations Execution
Implement the cyber orchestration technology Customize the API from the technology to support existing security technologies Build automations into technology Strategy Operations Build overall strategy and roadmap including business case justification Select the appropriate cyber orchestration technology Amend playbooks for orchestration Design the solution to fit into existing environment Build metrics to measure and manage improvements with respect to detection and response Monitor and remotely manage cyber orchestration environment for API changes Execution

9 Thank you

10 Speaker introductions
Himanshu Anand Himanshu Anand is a senior manager in Ernst & Young LLP’s IT Risk and Assurance practice based in New Jersey, focusing on Cyber Threat Management. He has over 10 years of experience in the areas of Data management & Data analysis tools for cyber security, web infrastructure architecture and Web application performance management tools. He leads the Cyber orchestration engineering and Security Information and Event management (SIEM) teams, performing architecture and design tasks for clients including Cyber-as-a-Service (CaaS) service offering. He has experience in leading large-scale strategic IT initiatives, working directly with CISOs and is technically well versed. Renana Friedlich Renana is the North America Incident Response leader at Ernst & Young’s Advanced Security Center (ASC) and has more than thirteen years of experience in information security. Over the last eleven years, she led breach investigations for global clients, detected nation-state APT campaigns at Fortune 500 companies, developed incident response plans and facilitated cyber simulation. Renana led EY’s response to several well-known security data breaches, where she directed the work of the technical groups and provided briefings to executives and C- Suites. Prior to her current role, Renana served in an elite intelligence unit the Israeli defense forces for over seven years in various cybersecurity positions. Views of presenters are not necessarily those of Ernst & Young LLP. These slides are for educational purposes only and are not intended to be relied upon as professional advice. Please refer to your advisors for specific advice.

11 EY | Assurance | Tax | Transactions | Advisory
About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US. © 2018 Ernst & Young LLP. All Rights Reserved. ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

Download ppt "Moving faster than the human"

Similar presentations

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Improving effectiveness of your tax operations 10 May 2012 CHARLOTTE RUSHTON MANAGING DIRECTOR, ASIA PACIFIC.

Improving effectiveness of your tax operations 10 May 2012 CHARLOTTE RUSHTON MANAGING DIRECTOR, ASIA PACIFIC.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
1 SCIP Africa Summit | 13 – 15 October 2014 The EY Africa competitive intelligence story: key lessons learned Sejabaledi Motsepa – Analyst, EY.

1 SCIP Africa Summit | 13 – 15 October 2014 The EY Africa competitive intelligence story: key lessons learned Sejabaledi Motsepa – Analyst, EY.
Agenda Why is globalization important to the profession

Agenda Why is globalization important to the profession
Clicks, conversations and the candidate experience

Clicks, conversations and the candidate experience
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Indexed content Migrate content Create links Content for future indexing.

Indexed content Migrate content Create links Content for future indexing.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Incident Response November 2015 Navigating a Cybersecurity Incident.

Incident Response November 2015 Navigating a Cybersecurity Incident.
Credit Management Services

Credit Management Services
Tom Bernard October 2015.  This presentation is provided solely for the purpose of enhancing knowledge on tax matters. It does not provide tax advice.

Tom Bernard October  This presentation is provided solely for the purpose of enhancing knowledge on tax matters. It does not provide tax advice.
IBM Security Pelin Konakçı IBM Security Software Sales Leader

IBM Security Pelin Konakçı IBM Security Software Sales Leader
Chapter 8 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Value Sharing in Queensland 21 March 2016. Page 2 Copyright © 2016 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved.

Value Sharing in Queensland 21 March Page 2 Copyright © 2016 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)

1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)

Similar presentations

Ads by Google