Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

You Can't Stop The Breach Without Prevention And Detection

763 views

Published on

Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint

CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise.

In this CrowdCast, Forrester and CrowdStrike will present:
- Forrester’s Targeted-Attack Hierarchy of Needs
- The six core requirements to a successful endpoint security strategy
- Preparing for and responding to targeted intrusions and attacks
- How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework

Published in: Technology
  • Check the source ⇒ www.HelpWriting.net ⇐ This site is really helped me out gave me relief from headaches. Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Writing a good research paper isn't easy and it's the fruit of hard work. For help you can check writing expert. Check out, please ⇒ www.WritePaper.info ⇐ I think they are the best
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

You Can't Stop The Breach Without Prevention And Detection

  1. 1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. YOU CAN’T STOP THE BREACH WITHOUT PREVENTION AND DETECTION CHRIS SHERMAN, SENIOR ANALYST, FORRESTER ROD MURCHISON, VP, PRODUCT MANAGEMENT, CROWDSTRIKE
  2. 2. Mastering the Endpoint: Leverage Forrester’s Targeted Attack Hierarchy Of Needs Chris Sherman, Senior Analyst October 20th, 2016
  3. 3. © 2016 Forrester Research, Inc. Reproduction Prohibited 3 The 90’s called, they want their endpoint security strategy back Despite… Anti-Virus Application patching 80% 63% 48% 42% of breaches involved a software exploit over the past year a 19% increase in costs associated with cyberattacks Y-Y Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2015 …Many organizations still rely heavily on antivirus. A New Approach Is Needed! 48% Application control 55% 53% Endpoint Visibility & Control
  4. 4. © 2016 Forrester Research, Inc. Reproduction Prohibited 4 Organizations Must Refocus Their Endpoint Security Strategies
  5. 5. © 2016 Forrester Research, Inc. Reproduction Prohibited 5 The Targeted-Attack Hierarchy Of Needs
  6. 6. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy
  7. 7. © 2016 Forrester Research, Inc. Reproduction Prohibited 7 Expense in Depth
  8. 8. © 2016 Forrester Research, Inc. Reproduction Prohibited 8 Return on Expense in Depth?
  9. 9. © 2016 Forrester Research, Inc. Reproduction Prohibited 9 Components of a sound strategy › Adopt principals of the Zero Trust model › Data driven security not alert driven security › Data driven security is really business driven security which is supported by executives
  10. 10. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff
  11. 11. © 2016 Forrester Research, Inc. Reproduction Prohibited 11 Double down on higher education › There is intense competition between the emerging cyber programs › Make them more competitive; join advisory board drive curriculum that produces capable graduates
  12. 12. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals
  13. 13. © 2016 Forrester Research, Inc. Reproduction Prohibited 13 A Focus On The Fundamentals
  14. 14. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 4: An Integrated Portfolio That Enables Orchestration
  15. 15. © 2016 Forrester Research, Inc. Reproduction Prohibited 15 Friction? › “Create friction for the attacker. Slow them down and make their job more difficult.” › What about all the friction we create for ourselves? › Most orgs don’t have the resources to automate their InfoSec processes.
  16. 16. © 2016 Forrester Research, Inc. Reproduction Prohibited 16 What can you do? › Invest in software development staff › Prioritize vendors that integrate and automate between the endpoint and network layers › Pay attention to vendors who see the need and are developing solutions.
  17. 17. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 5: Prevention
  18. 18. © 2016 Forrester Research, Inc. Reproduction Prohibited 18 Prevention is shifting › Traditional approaches to prevention will continue › If you can prevent an action, why not? › Prevention with threat intelligence • Command and Control indicators should be used to prevent communications
  19. 19. © 2016 Forrester Research, Inc. Reproduction Prohibited 19 Prevention begins and ends with attack surface reduction Photo credit: Jan Stromme, Bloomberg Business
  20. 20. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 6: Detection & Response
  21. 21. © 2016 Forrester Research, Inc. Reproduction Prohibited 21 Detection › Detection is the only option when dealing with higher tier adversaries › No single control is your breach detection system › Your aggregate controls and your people are your breach detection system
  22. 22. © 2016 Forrester Research, Inc. Reproduction Prohibited 22 Response › Once you have identified malicious activity, how do you respond? › Is your remediation a reimage? › Time to containment and remediation will never improve without automated response
  23. 23. © 2016 Forrester Research, Inc. Reproduction Prohibited 23 To be successful, an endpoint security strategy must balance prevention with detection
  24. 24. © 2016 Forrester Research, Inc. Reproduction Prohibited 24 Prevention Detection Control / Remediation Endpoint Security Requires A Balanced Approach
  25. 25. © 2016 Forrester Research, Inc. Reproduction Prohibited 25 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates Endpoint Security Requires A Balanced Approach
  26. 26. © 2016 Forrester Research, Inc. Reproduction Prohibited 26 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required Endpoint Security Requires A Balanced Approach
  27. 27. © 2016 Forrester Research, Inc. Reproduction Prohibited 27 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required • Automated/assisted remediation reduces friction • Ensures policy compliance • Operationalizes threat intelligence Endpoint Security Requires A Balanced Approach
  28. 28. © 2016 Forrester Research, Inc. Reproduction Prohibited 28 Recommendations › Choose prevention technologies based on your risk appetite and impact to user experience. › Look to expand your detection capabilities beyond malicious process identification and IOC identification › Reduce your attack surface through a balance of prevention, detection, and remediation proficiency.
  29. 29. THE YING & YANG OF ENDPOINT PROTECTION § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along PREVENTIONDETECTION
  30. 30. Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  31. 31. PREVENTIONBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impact—Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  32. 32. CLASSIC EDR JUSTIFICATION: THERE IS NO SUCH THING AS 100% PREVENTION § Attacks will always get through § Even with 99% efficacy you still need something to deal with the 1% § So, you need EDR to deal with this and solve the ‘silent failure’ problem 1% missed 99% stopped 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  33. 33. WHAT 99% CAN MEAN… 33 Chanceofatleastonesuccess foradversary Number of attempts 1% >99% 500 Bottom line: change the binary 500 times and with 99% detection efficacy - you will get one file thru
  34. 34. PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DETECTION AND RESPONSE
  35. 35. FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the “Mega” Breach 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING
  36. 36. SO YOU GOT DETECTION AND PREVENTION, WHY ARE YOU STILL DISAPPOINTED? § You can’t just slam two things together - detection & prevention § You can’t just tick a list of features where you check-off features § This is tough stuff, you need to be thoughtful and considered in how you architect a prevention and detection solution § You can’t see prevention and EDR as two separate things 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  37. 37. SO, WHERE DOES PREVENTION END & DETECTION START? 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PREVENTIONDETECTION
  38. 38. OVERVIEW OF WHAT’S REQUIRED TO PROPERLY UNIFY NEXT-GEN AV AND EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Complete and accurate visibility Analysis capacity 1 2 3 Ability to turn data into information and insight
  39. 39. COMPLETE AND ACCURATE VISIBILITY § Data: Need lot’s of it § Scalability: In the Cloud § Power: Storage, throughput and compute power § Integrity: High fidelity § Usefulness: Insightful § Flexible Capture: distributed/mobile/ BYOD and or on/off network 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  40. 40. ANALYSIS CAPACITY § Organize and analyze big data § You need to analyze this at massive scale § You need to ‘glue’ all this data together § That’s why a ‘Graph’ is the answer 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  41. 41. ABILITY TO TURN DATA INTO INFORMATION AND INSIGHT § Piecing data together and establishing the relationships between drives ‘Context’ - the more data you have the ‘richer the context’ § Understanding context let’s you understand behavior and that allows you to get to IOA THREAT GRAPH Indicators of Attack EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  42. 42. WHICH IN TURN MAKES BOTH PREVENTION AND EDR BETTER § IOA’s = better ‘prevention’ § IOA’s = defeat attackers who are ‘living of the land’ § Traditional malware and security approaches inadequate § IOA’s = better EDR and better EDR = better IOA’s
  43. 43. SUMMARY § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along
  44. 44. NEW FORRESTER WAVE The Forrester Wave™: Endpoint Security, Q4 2016 The 15 Providers That Matter Most And How They Stack Up § CrowdStrike will be sending a copy to ALL webcast registrants 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  45. 45. Q&A 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. crowdcasts@crowdstrike.com

×