2. Earlier this month, we had over 150 people join us in Toronto and
Vancouver as our technical team demonstrated some of the best
security defence technologies on the market today. We focused on
defence in three key areas:
ENDPOINT APPLICATION NETWORK
4. Believe they are winning the Cyber Security war
Suffered a breach leading to loss or disclosure of
sensitive data
Average annual number of attacks
Average cost to address a security breach
41%
46%
34
$200,000
10. Prioritize Focus
The key security
threat channels are
Web and Email.
The key threat
vectors are web-
links and
downloaded files.
Your security posture
is significantly
improved by negating
the key security issues
of users clicking
malicious web-links
and opening infected
attachments.
&
11. Endpoint Isolation Technology
Untrusted user tasks and any malware
are isolated in a super-efficient micro-VM.
All micro-VMs destroyed, eliminating
all traces of malware with them.
15. • Integrates into your development process
• Directly connects to source code repository
• Designed for Agile
• Your code stays onsite
• Verified vulnerabilities avoid false positives
• Assesses partial code, as often as needed
SAST – “Sentinel Source” Static Testing
16. • Assesses both iOS and Android applications
• Tests native mobile code and server-side APIs
• Identifies critical vulnerabilities including OWASP Mobile Top 10
• Verified findings:
• Zero false positives reduce overhead for developers
• Results prioritized by risk
• Covers traffic analysis between client and server-side
Sentinel Mobile – Secure Mobile Devices
17. •Non-intrusive, non-disruptive, 24x7 coverage
•Meets and exceeds PCI 6.5/6.6 requirements
•Full service and support included in all offerings
•Unlimited retests, integration support, and
remediation guidance at no additional charge
•Persistent, consistent testing and results
DAST – Dynamic Application Testing
19. Continuous Testing
• Full SDLC coverage: training, development, QA, and production
• Stop using Tiger teams!
Expert hands-on guidance from the Threat Research Center
• 100% verified vulnerabilities, 0 false positives
• 150+ security engineers available by phone/email/WebEx
Retest, Retest, Retest
• Trending of vulnerabilities across time and continuous assessment
of deployment
How to Remediate Vulnerabilities
20. Baseline Edition (Static Webpages)
• Unauthenticated, Verified Results
Standard Edition (Directed/Opportunistic)
• Custom configured logins and multi-step sequences
• Comprehensive coverage for technical vulnerabilities
Sentinel PE (Fully Targeted / High Risk)
• Ideal for high impact sites with sensitive user and financial information
• Technical and business logic vulnerabilities, complete WASC v2
How Deep to Test?
21. • Web & PDF Based
• Bi-Directional XML API
• Integration with popular technologies like Jira, Archer, F5 & Imperva
Flexible Reporting
24. WHY LOGRHYTHM?
Global leader in security intelligence
and analytics empowering
organizations to rapidly detect,
respond, and neutralize cyber threats.
25. Retail Cyber Crime Module
• New processes
• New authentications
• New FIM access events
• Any FIM modification event
• Any DLD activity
• New common event
• New network activity
Use Case: Detect compromised back office systems
Details: Identify suspicious changes on back office systems and the
network activity they generate
AIE Rules look for:
26. Data Classification
LogRhythm not only structures incoming data, but adds contextual
information such as:
• Classification
• Common Event
• Risk Score
Reduces time required for analysis and ensure query results are complete
Provides deep intelligence on more than 600 different systems, devices,
apps, databases, etc…
• 20-30 added each quarter
27. Scenario Building Blocks
Log Observed
Log Not Observed
Log Not Observed Scheduled
Threshold Observed
Threshold Not Observed
Threshold Not Observed
Scheduled
Unique Value Observed
Unique Value
Not Observed
Unique Value Not Observed
Scheduled
Whitelist
Trend
Statistical
29. Privileged User Monitoring
• New admin activity
• Mass object deletion
• Users added to privileged group
• Recently disabled privileged
account activity
Use Case: Detect a rogue administrator account
Details: Identify when a privileged user is abusing authority,
indicating either insider threat activity or compromised credentials
AIE Rules look for:
30. Analytics Modules
• Industry experts
• Machine data intelligence
• Security compliance
• Advanced Threat Research
Rapid-Time
to-Value
Knowledge
• Embedded expertise
• Ready-to-use content
• Frequent, automatic
updates
• Knowledge aligned to
organizational goals
• Quick benefit recognition
• Ongoing additional value