Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014
Upcoming SlideShare
Loading in...5
×
 

Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014

on

  • 829 views

Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat ...

Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which mid-market enterprises should be benefiting from.

Statistics

Views

Total Views
829
Views on SlideShare
820
Embed Views
9

Actions

Likes
2
Downloads
11
Comments
0

2 Embeds 9

https://twitter.com 7
http://www.slideee.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014 Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014 Presentation Transcript

  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. OperationalizingSecurity IntelligencefortheMid- Market Rafal M. Los Principal, Strategic Security Services HP Enterprise Security Services RSAConference-2014
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatis“securityintelligence”?
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “collective set of activities, and artifacts to make intelligence- driven decisions”
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detect,respond,resolvemore effectivelyintheattacklifecycle
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Whenyouthinkof “SecurityIntelligence”…
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “somethingbigenterprisesdo”
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whynotyou?
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thistalkisaframeworkforyou
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ..togetyouthinking,motivated
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirements
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. highqualityinternal&external data+telemetry
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. internalprocesses+workstreams
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. qualifiedpersonnel
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. intelligent,optimizedtechnology
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. let’sbreakthatdown…
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. internalinformation/data– knowyourenterpriseattacksurface
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • internal business plans • internal IT technology stack • known vulnerabilities • known, accepted risks • strict change management • configuration awareness • unauthorized change detection • employee activities, habits
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. externalinformation/data- besituationallyaware
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • sentiment against your brand/organization • threat climate of your business vertical • attacks against similar organizations, vertical • specific threats against your staff/resources • geopolitical issues pertaining to your enterprise • 3rd party reported vulnerabilities • 3rd party reported exploits • weaknesses in your external technologies • reported abused enterprise assets
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. internalprocesses+workstreams
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. convertinformationintoaction
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • handling of inbound, external data sources • formats: csv, pdf, dashboards and text • distilling data for relevance • collating and categorizing with internal data • prioritizing alerts based on prescribed formulas • alerting appropriate internal & external entities • creating actionable items from trusted data • triage of event(s) • incident management and handling • incident response, dfir
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. qualifiedpersonnel
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. difficultto“addon”responsibility
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SOCanalyst SecurityIntelligenceanalyst..no
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. highlyspecializedskillset
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • ability to quickly parse different log types • ability to quickly make sense of disparate data • ability to collate and correlate unstructured data • ability to write code on-the-fly (script) • proficient in many different security technologies • able to perform collaborative tasks effectively • ability to triage incidents quickly, effectively • proficiency with forensics tools • strong decision-making capabilities
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. intelligent,optimizedtechnology
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. techthatworkstogether
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. preferintegratedoverdisparate
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. techthatmakesanalysismore efficient,addscertainty
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. wemayknowalittlesomethingaboutthis…
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. quickrecap
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “SecurityIntelligence”is.. the capability to detect, respond, and resolveyour security incidents though an information-driven approach.
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Youcandothis. Youneedtodothis.
  • © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Knowmore. Defendsmarter.