SlideShare a Scribd company logo

Top Cybersecurity Threats and How SIEM Protects Against Them

DevOps.com
DevOps.com

Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected. Join cybersecurity expert Bob Erdman, Senior Security Product Manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like: Insider attacks, Alert and console fatigue, Shortage of security staff, Misconfigurations, Excessive access. By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.

Technology
1 of 24
Download to read offline
Top Cybersecurity Threats and How SIEM Protects Against Them
Today’s Presenter Bob Erdman Senior Manager, Product Management Core Security, a HelpSystems Company
Common Security Challenges Alert and Console Fatigue Malicious Insider Attacks Inadvertent Insiders Excessive Access Misconfigurations ! ! ! ! ! Brute Force Attacks !
Cybersecurity Threat: Malicious Insider Attacks
Cybersecurity Threat: Malicious Insider Threats are most concerned about malicious insider threats Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders Who are malicious insiders? Those that: § Steal information on behalf of outsiders § Steal information for personal gain
How SIEM Prevents… Malicious Insider Threats Create an event in real-time Complete forensic analysis Determine final evaluation Prompt an account freeze ! A new web administrator attempts to access confidential user data from the customer database. INSIDER THREAT EXAMPLE
Cybersecurity Threat: Inadvertent Insiders
Cybersecurity Threat: Inadvertent Insiders are most concerned about inadvertent insider threats Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders Examples of inadvertent insider threats: § Phishing § Poor passwords § Spear-phishing § Orphaned accounts
Cybersecurity Threat: Inadvertent Insiders ! A network administrator is logged in at his workstation at the headquarters and appears to be logged in remotely from a location abroad. SUSPCIOUS ACTIVITY EXAMPLE Event created with two sessions active Evaluate user behavior by workstation Determine final evaluation Prompt an account freeze
Cybersecurity Threat: Excessive Access
Cybersecurity Threat: Excessive Access Source: EMA’s Responsible User Empowerment Report reported a violation of privileged access policies had occurred in the last year Critical to monitor: § Changes to user profiles § Invalid login attempts § Intrusion detections § Changed or deleted objects
Cybersecurity Threat: Excessive Access ! A web administrator, discovers changes were made to the server by a web marketer. INSIDER THREAT EXAMPLE Alert sent Determine final evaluation Review change log
Cybersecurity Threat: Misconfigurations
Cybersecurity Threat: Misconfigurations Misconfiguration of firewall rules and policies can pose a serious security threat. Requires constant diligence in: § Patching firewalls § Monitoring configuration § Assessing the rule base of firewall breaches caused by firewall misconfiguration, not firewall flaws 95%+ https://www.ibtimes.co.uk/cyber-attacks-who-held-responsible-ciso-ceo-512308
How SIEM Prevents… Misconfigurations ! Late one evening, a rule in the firewall configuration is modified by an administrator. MISCONFIGURATION EXAMPLE Create an event in real-time Evaluate user behavior Assign case to security specialist Verify a change ticket was filed
Cybersecurity Threat: Brute Force Attacks
Cybersecurity Threat: Brute Force Attacks The best defense is: § Requiring users to create complex passwords § Limiting the number of times a user can unsuccessfully log in § Locking out users who exceed the specified number of failed login attempts Automated password crackers that can generate as many as 1B guesses per second
Cybersecurity Threat: Brute Force Attacks ! A user account has had over 100 login attempts over the past hour, even though the employee is out sick. BRUTE FORCE ATTACK EXAMPLE Repetition event created Lock account Set authentication parameters Prioritized and escalated alert
Cybersecurity Threat: Alert and Console Fatigue
Cybersecurity Threat: Alert and Console Fatigue What makes this so challenging? § The volume of events makes it impossible to uncover security events quickly—many are benign. § The data from the numerous assets is not delivered in one common language. § Security issues can easily be missed or mistaken as harmless without additional context from other sources and events. https://www.helpsystems.com/cta/2019-ema-security-megatrends-report is the average number of consoles security teams use to manage programs 10
Event Manager At-A-Glance Product Review Disparate Data Sources Real-time Cybersecurity Insight Translate Normalize Enrich Streamlined Incident Response Complete Auditing & Reporting Forensic Analysis
Event Manager At-A-Glance Key Features Normalization of Disparate Data Sources Prioritization of Critical Events Streamlined Incident Response Compliance Reporting Real-Time Threat Detection Out-of-the-Box Security
The Ultimate Goal Get security teams the most crucial information the moment it becomes available. TEST IT OUT: Event Manager Freemium or Trial https://www.coresecurity.com/event-manager
bob.erdman@helpsystems.com Thank you for joining us.

Recommended

You will be breached
You will be breachedYou will be breached
You will be breached
Mike Saunders
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
CBIZ, Inc.
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents
Resilient Systems
 

Recommended

You will be breached
You will be breachedYou will be breached
You will be breached
Mike Saunders
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
CBIZ, Inc.
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents2012 Breach Lessons Learned - 2013 Do Differents
2012 Breach Lessons Learned - 2013 Do Differents
Resilient Systems
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 Report
Fortis
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec
 
Keeping hackers out of your POS!
Keeping hackers out of your POS!Keeping hackers out of your POS!
Keeping hackers out of your POS!
AVG Technologies AU
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Kareo
 
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
IFG Network marcus evans
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz Asia Pte Ltd
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Netpluz Asia Pte Ltd
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
Andreanne Clarke
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
larry1401
 
Go Its 25 15
Go Its 25 15Go Its 25 15
Go Its 25 15
sergri
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Community IT Innovators
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
Cyber Client Alert
Cyber Client AlertCyber Client Alert
Cyber Client Alert
Graeme Cross
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
Swapnil Jagtap
 
Career benefits of cism certification in 2021
Career benefits of cism certification in 2021Career benefits of cism certification in 2021
Career benefits of cism certification in 2021
Sprintzeal
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
Armor
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Precisely
 

More Related Content

What's hot

Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Kareo
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
Symantec
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 

What's hot (20)

Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 Report
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Keeping hackers out of your POS!
Keeping hackers out of your POS!Keeping hackers out of your POS!
Keeping hackers out of your POS!
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
 
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
 
Cybersecurity a short business guide
Cybersecurity a short business guideCybersecurity a short business guide
Cybersecurity a short business guide
 
Go Its 25 15
Go Its 25 15Go Its 25 15
Go Its 25 15
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators WebinarNonprofit Cybersecurity Readiness - Community IT Innovators Webinar
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Cyber Client Alert
Cyber Client AlertCyber Client Alert
Cyber Client Alert
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Career benefits of cism certification in 2021
Career benefits of cism certification in 2021Career benefits of cism certification in 2021
Career benefits of cism certification in 2021
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 

Similar to Top Cybersecurity Threats and How SIEM Protects Against Them

Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Precisely
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
IBM Security
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
IBM Security
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
dhananjay80
 

Similar to Top Cybersecurity Threats and How SIEM Protects Against Them (20)

Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
 
securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdf
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
Cybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdfCybersecurity Interview Questions Part -2.pdf
Cybersecurity Interview Questions Part -2.pdf
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
Cyber security
Cyber securityCyber security
Cyber security
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
 
The rise of account takeover
The rise of account takeoverThe rise of account takeover
The rise of account takeover
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
DevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Top Cybersecurity Threats and How SIEM Protects Against Them

  • 1. Top Cybersecurity Threats and How SIEM Protects Against Them
  • 2. Today’s Presenter Bob Erdman Senior Manager, Product Management Core Security, a HelpSystems Company
  • 3. Common Security Challenges Alert and Console Fatigue Malicious Insider Attacks Inadvertent Insiders Excessive Access Misconfigurations ! ! ! ! ! Brute Force Attacks !
  • 5. Cybersecurity Threat: Malicious Insider Threats are most concerned about malicious insider threats Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders Who are malicious insiders? Those that: § Steal information on behalf of outsiders § Steal information for personal gain
  • 6. How SIEM Prevents… Malicious Insider Threats Create an event in real-time Complete forensic analysis Determine final evaluation Prompt an account freeze ! A new web administrator attempts to access confidential user data from the customer database. INSIDER THREAT EXAMPLE
  • 8. Cybersecurity Threat: Inadvertent Insiders are most concerned about inadvertent insider threats Source: 2019 Mid Year Insider Threat Report, Cybersecurity Insiders Examples of inadvertent insider threats: § Phishing § Poor passwords § Spear-phishing § Orphaned accounts
  • 9. Cybersecurity Threat: Inadvertent Insiders ! A network administrator is logged in at his workstation at the headquarters and appears to be logged in remotely from a location abroad. SUSPCIOUS ACTIVITY EXAMPLE Event created with two sessions active Evaluate user behavior by workstation Determine final evaluation Prompt an account freeze
  • 11. Cybersecurity Threat: Excessive Access Source: EMA’s Responsible User Empowerment Report reported a violation of privileged access policies had occurred in the last year Critical to monitor: § Changes to user profiles § Invalid login attempts § Intrusion detections § Changed or deleted objects
  • 12. Cybersecurity Threat: Excessive Access ! A web administrator, discovers changes were made to the server by a web marketer. INSIDER THREAT EXAMPLE Alert sent Determine final evaluation Review change log
  • 14. Cybersecurity Threat: Misconfigurations Misconfiguration of firewall rules and policies can pose a serious security threat. Requires constant diligence in: § Patching firewalls § Monitoring configuration § Assessing the rule base of firewall breaches caused by firewall misconfiguration, not firewall flaws 95%+ https://www.ibtimes.co.uk/cyber-attacks-who-held-responsible-ciso-ceo-512308
  • 15. How SIEM Prevents… Misconfigurations ! Late one evening, a rule in the firewall configuration is modified by an administrator. MISCONFIGURATION EXAMPLE Create an event in real-time Evaluate user behavior Assign case to security specialist Verify a change ticket was filed
  • 17. Cybersecurity Threat: Brute Force Attacks The best defense is: § Requiring users to create complex passwords § Limiting the number of times a user can unsuccessfully log in § Locking out users who exceed the specified number of failed login attempts Automated password crackers that can generate as many as 1B guesses per second
  • 18. Cybersecurity Threat: Brute Force Attacks ! A user account has had over 100 login attempts over the past hour, even though the employee is out sick. BRUTE FORCE ATTACK EXAMPLE Repetition event created Lock account Set authentication parameters Prioritized and escalated alert
  • 20. Cybersecurity Threat: Alert and Console Fatigue What makes this so challenging? § The volume of events makes it impossible to uncover security events quickly—many are benign. § The data from the numerous assets is not delivered in one common language. § Security issues can easily be missed or mistaken as harmless without additional context from other sources and events. https://www.helpsystems.com/cta/2019-ema-security-megatrends-report is the average number of consoles security teams use to manage programs 10
  • 21. Event Manager At-A-Glance Product Review Disparate Data Sources Real-time Cybersecurity Insight Translate Normalize Enrich Streamlined Incident Response Complete Auditing & Reporting Forensic Analysis
  • 22. Event Manager At-A-Glance Key Features Normalization of Disparate Data Sources Prioritization of Critical Events Streamlined Incident Response Compliance Reporting Real-Time Threat Detection Out-of-the-Box Security
  • 23. The Ultimate Goal Get security teams the most crucial information the moment it becomes available. TEST IT OUT: Event Manager Freemium or Trial https://www.coresecurity.com/event-manager