Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing.

Published byIvan Chrisley Modified over 9 years ago

Similar presentations

Presentation on theme: "Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing."— Presentation transcript:

1 Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing

2 Today’s Security Dilemma Modern attacks increase the risk gap Click Security Confidential 2 Risk Gap Current Approach Point Products More People Big Data Increasing Threat Attack surface Attacker Motivation Attacker Skills/Tools Risk Time Verizon Data Breach Report 2012

3 We Have Big Data. We Don’t Understand It. Click Security Confidential 3 One firewall = 1 billion events per day Indicators of compromise are in the data Analysts can’t piece them together fast enough One firewall = 1 billion events per day Indicators of compromise are in the data Analysts can’t piece them together fast enough Firewall Anti-Virus Web Proxy Advanced Malware Protection

4 Click Vision Click Security Confidential 4 Automation Interactive visualizations Speed Full context Timeframe selectable Automation Interactive visualizations Speed Full context Timeframe selectable New analytics discovery Info sharing Best practice exchange Threat intel exchange New analytics discovery Info sharing Best practice exchange Threat intel exchange Analytics drive the data source Multiple methods Evergreen Policy customized Leverage investment Analytics drive the data source Multiple methods Evergreen Policy customized Leverage investment Analytics Human Need Community Next Generation Security Platform

5 Kill Chain Real-time Security Analytics (RtSA) Click Security Confidential 5 Early Stage Mid Stage Late Stage TypeExample Analytics Statistical Heuristic Machine Learning Rule-based Rare Event (Profiling) Periodic Comms IIS OWA Spam HTTP Redirect Catcher Actor Health Monitor Suspicious File D/loads Authentication Anomalies Vuln Sys Attack Policy Violations Early Indicators RtSA Converts Big Security Data into Real-time Kill Chain Detection

6 RtSA Solution Overview Click Security Confidential 6 User Device –Layers of analytics –Associate to entities (actors) –Prioritized view Traffic Files … –Who's system is it? –What data is there? –How far reaching is it? –Over what timeframe? –Update FW Rule –Wipe Machine –Notify HR 30% 20% 10% Actor X 20% Data View Fanout View Actor Drill down Capture & Contextualize Automated Interaction Directed Response Drill Down View Help Desk Action IT Security Action HR Action 30% 25% 50%

7 Example Real-time Security Analytic Click Security Confidential 7 Internet Threats Enterprise Security Events Security Policy Flow Activity User Activity Vulnerability Assessment Application Activity “Flow to a blacklisted IP address” “User tied to an unusual device” “Access from a strange location” “User coming into a critical server from an Android device in Uganda that also has a connection to a blacklisted IP address in China, and this same user logged in from Dallas 30 minute ago…” Auth Activity Real-time Stream Processing Engine Real-time Security Analytic Real-time Security Analytic Big Security Data

8 Click Analytics RtSA Solution Technology Click Security Confidential 8 LogsPackets Real-time feature extraction and optimization Transform input data into a set of features Can be rapidly modified based upon analytic needs Real-time Stream Processing Actor state Auto-contextualizes each incremental event Long window of persistence Real-time telemetry collection Web proxy, IPS, Windows Auth, Bro, P0F, Snort, etc. Miners Interpreters Stream Processing Engine Real-time Security Analytics Machine Learning, Rule-based, Statistical, File Inspection, etc. Continuous stream of new/modified analytics Real-time Analyst Interaction Actor Context Graph (ACG) Interaction Alerts, Reports, Visualizations, etc. … Click Labs Analytics Service (CLAS) Optional Monitoring, Alerting, Reporting Service Continuous R&D of new analytics CLAS Applications Platform

9 Key Solution Features Analytics Scalability Purpose-built stream processing runs greatest # layered analytics Layered analytics interact with one another No limit to depth or breadth of analytic types Analytics Scalability Purpose-built stream processing runs greatest # layered analytics Layered analytics interact with one another No limit to depth or breadth of analytic types Click Security Confidential 9 Analyst Empowerment Designed for dynamic human interaction with analytics Dynamic Contextual Analysis / Augmentation Visualization Ease and Speed Analyst Empowerment Designed for dynamic human interaction with analytics Dynamic Contextual Analysis / Augmentation Visualization Ease and Speed Rapid Adaptability Continuous insertion of new analytics Dynamically drive data requirements - not the other way around Rapid Adaptability Continuous insertion of new analytics Dynamically drive data requirements - not the other way around Continuous Automation Each finding can be automated, enabling your analysts to move up-stack Continuous Automation Each finding can be automated, enabling your analysts to move up-stack Expert Assistance We can augment your staff with CLAS Expert Assistance We can augment your staff with CLAS Investment Protection Leverage existing infrastructure Investment Protection Leverage existing infrastructure Analytics Scalability Analyst Empowerment Rapid Adaptability Continuous Automation Expert Assistance Investment Leverage

10 Solution Value Click Security Confidential 10 Find and Stop Attack Activity – Early in the Kill Chain Actor and File Analytics contextualize big data into prioritized, in-depth security visibility - automatically Speed & Simplify Analysis / Incident Response Process Real-time visualization, interactive data analysis, and results encoding Security Analyst Reduce Time to Detect Reduce Time to Understand Reduce Time to Respond

11 Deployment Click Security Confidential 11 or Smart Miner(s) Log-based Sources Packet-based Sources Smart Miner(s) …… RtSA Tracker Portal Premise-CentricCloud-Centric Click Cloud Click Labs MPU Cluster … … Click Cloud Click Labs ArtifactR Cluster … RtSA Tracker Portal Public or Private Multi- location Dynamically updated Data needs modified per analytic needs Files Log-based Sources Packet-based Sources Files

12 Complementary But Differentiated Click Security Confidential 12 Log retention Compliance Simple alerting Vanilla OOB Performance bound Fixed analytics, fixed data sources SIEM Malicious.exe’s Command/Control Often missing key contextual analysis Limited analytics flexibility Advanced Malware Advanced Malware Forensic “Network VCR” focused Deep “after the fact” analysis Batch processing design Not designed for real-time (early indicator) analytics performance Forensics Good at ad hoc queries of known questions Distributed map reduced tech beats SIEMs at log queries Not designed for real-time performance or analytic flexibility Fast Search Purpose-built stream processing engine Real-time contextualization and alerting Large # concurrent, multi-factor analytics Real-time analyst visualization / interaction Not optimized for LT data retention / compliance reporting Purpose-built stream processing engine Real-time contextualization and alerting Large # concurrent, multi-factor analytics Real-time analyst visualization / interaction Not optimized for LT data retention / compliance reporting Real-time Security Analytics

13 Click Security Confidential 13 R EAL- T IME S ECURITY A NALYTICS A UTOMATE T HE A NALYSIS.

Download ppt "Real-time Security Analytics: Automating the Discovery, Understanding, and Action Against Advanced Security Threats Neal Hartsell, Vice President Marketing."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Real-time Security Analytics: Visibility, Alerting or Forensic Digging - Which is it? Neal Hartsell Vice President Marketing.

Real-time Security Analytics: Visibility, Alerting or Forensic Digging - Which is it? Neal Hartsell Vice President Marketing.
Real-time Security Analytics: Visibility, Alerting or Forensic Digging - Which is it? Steven Urban Click Security.

Real-time Security Analytics: Visibility, Alerting or Forensic Digging - Which is it? Steven Urban Click Security.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Unify and Simplify: Security Management

Unify and Simplify: Security Management

Similar presentations

Ads by Google