SlideShare a Scribd company logo

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data

Enterprise Management Associates
Enterprise Management Associates

This document summarizes a presentation on achieving high-fidelity security by combining packet and endpoint data. It discusses research findings that many organizations' security programs have overconfidence in prevention and detection capabilities. The research also found that organizations focus on the wrong data sources and lack tools and automation to integrate and analyze network and endpoint data. Combining both data sources can help overcome individual gaps but organizations currently analyze these data silos separately. The presentation argues that integrating packet and endpoint data through automated analysis can help improve security effectiveness.

Technology
1 of 35
Download to read offline
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING David Monahan Enterprise Management Associates Research Director, Security and Risk Management Twitter: @SecurityMonahan Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Featured Speaker David Monahan Research Director, Risk and Security David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. Slide 2 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Logistics for Today’s Webinar Slide 3 © 2016 Enterprise Management Associates, Inc. • An archived version of the event recording will be available at www.enterprisemanagement.com • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event > QUESTIONS > EVENT RECORDING
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING David Monahan Enterprise Management Associates Research Director, Security and Risk Management Twitter: @SecurityMonahan Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sponsors Slide 5 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Report Demographics • 225 Respondents • Industries  Education  Finance/Banking  Health care/ Pharma  High Tech  Retail  Manufacturing Slide 6 © 2016 Enterprise Management Associates, Inc. 25% 30% 45% SMB (<1K) MidMarket (1K- <5K) Enterprise (5K+)
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 7 © 2016 Enterprise Management Associates, Inc. Top Challenges Driving Combining Data 59% 38% 37% 34% 31% 4% Lack of analysis capabilities in the solutions Lack of dashboards Lack of reporting capabilities Lack of vendor supplied integration Lack of open APIs Other
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 8 © 2016 Enterprise Management Associates, Inc. Most Important Business Need for Data Integration 25% 20% 16% 14% 13% 6% 6% Prevent breaches Respond to breaches Analyze attacks Confirm indicators of breach Predict attacks Forensic analysis Reporting/monitoring state of security
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Least Confidence in Security Control Slide 9 © 2016 Enterprise Management Associates, Inc. 22% 17% 16% 15% 10% 7% 7% 6% Endpoint Prevention Endpoint Detection Concerned equally with more than one Confident in all four areas Perimeter Prevention Perimeter Detection Incident response (breach investigation capabilities) Protection (configuration management,…
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Which Type of Data is Best to Identify Attacks? Slide 10 © 2016 Enterprise Management Associates, Inc. 41% 39% 20% It really depends upon the type of attack Network data Endpoint data
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Program Maturity Definitions Very Strong At least 99% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates very few, if any, false positives. The system prevents/detects (as applicable) 99% or greater of the endpoint attacks, including those classified as APT, ATA, or zero-day.) Strong At least 85% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates only a few false positives. The system prevents/detects (as applicable) 95% or greater of the endpoint attacks, some of which would be those classified as APT, ATA, or zero-day. Competent At least 75% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates some but not excessive false positives. The system prevents/detects (as applicable) 90% or greater of the endpoint attacks, some of which could be those classified as APT, ATA, or zero-day. Slide 11 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Network Program Maturity Definitions Very Strong At least 99% of the network segments have active prevention and are actively monitored and managed. AND The system generates very few, if any, false positives. The system prevents/detects (as applicable) 99% or greater of the network-based attacks. Strong At least 85% of the network segments have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates only a few false positives. The system prevents/detects (as applicable) 95% or greater of the network-based attacks. Competent At least 75% of network segments have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates some but not excessive false positives. The system prevents/detects (as applicable) 90% or greater of the network-based attacks. Underdeveloped Less than 75% of network segments have active prevention/detection (as applicable) and are not necessarily actively monitored and managed. OR The system generates an excessive number of false positives. The system prevents/detects (as applicable) no more than 90% of the network-based attacks. Slide 12 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint & Network Security Detection Program Maturity Slide 13 © 2016 Enterprise Management Associates, Inc. 20% 47% 26% 5% 2% 25% 46% 24% 4% 1% Very Strong Strong Competent Underdeveloped Endpoint security detection is not a significant focus of our security program Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint & Network Security Prevention Program Maturity Slide 14 © 2016 Enterprise Management Associates, Inc. 21% 42% 28% 7% 2% 19% 47% 27% 6% 1% Very Strong Strong Competent Underdeveloped Endpoint security prevention is not a significant focus of our security program Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 15 © 2016 Enterprise Management Associates, Inc. Endpoint & Network Security Detection Program Maturity 20% 47% 26% 5% 2% 25% 46% 24% 4% 1% Very Strong Strong Competent Underdeveloped Endpoint security detection is not a significant focus of our security program Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Effectiveness of Endpoint and Network Protection Tools Slide 16 © 2016 Enterprise Management Associates, Inc. 67% 21% 11% 63% 20% 17% Effective Ineffective I don't know Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Importance of Automation for Prevention Slide 17 © 2016 Enterprise Management Associates, Inc. 41% 44% 12% 1% 2% 46% 39% 13% 1% 1% Very Important Important Somewhat Important Somewhat Unimportant Not Important at All Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Importance of Automation for Detection Slide 18 © 2016 Enterprise Management Associates, Inc. 50% 35% 12% 1% 2% 51% 35% 13% 0% 1% Very Important Important Somewhat Important Somewhat Unimportant Not Important at All Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Maintaining Historical Data for Behavioral Analysis and Anomaly Detection Slide 19 © 2016 Enterprise Management Associates, Inc. 45% 40% 2% 13% 58% 35% 7% We maintain historical Data We do not, but we believe it is important We do not and do not believe it is necessary I don't know Endpoint Network
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Summary: Best Data for Early Detection Slide 20 © 2016 Enterprise Management Associates, Inc. 22% 21% 17% 16% 13% 7% 4% Access logs Network Security Logs (Firewall, IDS, DNS, etc.) Systems Log Monitoring (Application, Server, User chg, etc) Network Data (Packets, Flows, etc.) Endpoint Change Data Performance Logs Other
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Sources Used for Network Security Slide 21 © 2016 Enterprise Management Associates, Inc. 42% 36% 35% 29% 28% 2% 18% Network flows (Netflow, IPFIX, etc.) Deep packet inspection (DPI) Cloud based API for reporting Transaction metrics Time series data/device metrics (SNMP, WMI, etc.) Other I don't know
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Data Used for Security Slide 22 © 2016 Enterprise Management Associates, Inc. 79% 52% 49% 41% 38% 36% 33% 27% 26% File system changes (new files, permission changes, movement, etc) Successful or Failed logins Newly installed applications Registry changes Unidentified/new processes Local application logs Process to network connection mapping New local users Disk usage changes
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Tools Used to Correlate Network and Endpoint Data Slide 23 © 2016 Enterprise Management Associates, Inc. 46% 36% 33% 32% 32% 11% 4% Log management with custom scripts Security incident and event management (SIEM ) Single-vendor solution with both endpoint and network prevention or detection capabilities Vendor-provided APIs to integrate other monitoring/management tools Security analytics (UBA, anomaly detection, or predictive analytics) We currently do not have the capability and evaluate these data silos separately I don’t know
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Using Network Data for Security Slide 24 © 2016 Enterprise Management Associates, Inc. 37% 30% 14% 3% 16% Yes, but only for critical investigations No, but we would like to/plan to Yes, for all investigations No, and we have no particular need/interest I don't know
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Integration Approaches in Used in Security Slide 25 © 2016 Enterprise Management Associates, Inc. 48% 37% 37% 36% 23% 2% Vendor-driven technology partnerships/integrations Vendor-created open APIs Third-party integration tools In-house created custom integrations Third party analysis of data Other
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Metadata: Creation and Value Slide 26 © 2016 Enterprise Management Associates, Inc. 79% 15% 69% 15% Collection systems create metadata Invaluable Very valuable Moderately invaluable
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Full-Time Equivalent Working Security Slide 27 © 2016 Enterprise Management Associates, Inc. 30% 32% 19% 19% <5 FTE 6 to 10 FTE 11 to 20 FTE >20 FTE
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 28 © 2016 Enterprise Management Associates, Inc. FTE Applied to Event Investigation per Day 34% 24% 30% 9% 2% 1% 1-4 (> 1 FTE) 5-8 (approximately 1 FTE) 9-24 (1-3 FTE) 25-40 (>3- <=5 FTE) 41-80 (>5- <=10 FTE) 81+ (more than 10 FTE)
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 29 © 2016 Enterprise Management Associates, Inc. Alert Volume per Day 60% 40% <100 Alerts / Day >=100 Alerts / Day
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sever/Critical Alert Volume per Day Slide 30 © 2016 Enterprise Management Associates, Inc. 50% 23% 15% 7% 5% 0% <=25 26-99 100-499 250-499 500-999 >=1,000
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Severe/Critical Alerts Investigated per Day Slide 31 © 2016 Enterprise Management Associates, Inc. 67% 21% 6% 6% 10 or fewer 11-25 More than 25 We don't generally investigate security alerts
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Network Strengths and Weaknesses: • Strengths • Early warning of a network-based attack • Attack telemetry • Payload dissection/determination • Identification of lateral movement (if placed where they can monitor the traffic) • Weaknesses • Limited deployment at perimeter hampers internal visibility. • They provide no warning of attacks that start on endpoint. (e.g. removable media) • Cannot provide insight if packets are encrypted. • Dormant or “triggered” attacks may not be detected by network sandboxes. • May provide “indeterminate” attack success when used alone. Slide 32 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Strengths and Weaknesses: • Strengths • Provides detailed data:  Application installation and process changes  Registry/configuration changes, file changes, and data moves  User additions, removals, and permission changes  Process association with network connections • Weaknesses • Data can be very compartmentalized so trends may be missed. • Missing or failing agents cause visibility gaps. • Gaps in scanning or polling cause visibility gaps. Slide 33 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Summary: • Over Confidence in Prevention • Over Confidence in the Security Programs • Focusing on the Wrong Data • Lack of Tools (and people) • Task and Analysis Automation are Key for Success • Too many alerts to manually investigate • Both Sets of Data are Valuable but Have Gaps • Need to get out of Data Silos • Need better analysis capability using combined data Slide 34 © 2016 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Questions? Get the Full Report: http://bit.ly/1mKekfd Slide 35 © 2016 Enterprise Management Associates, Inc.

Recommended

Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEnterprise Management Associates
 
IT Alert Management Survey Results - February 2013
IT Alert Management Survey Results - February 2013IT Alert Management Survey Results - February 2013
IT Alert Management Survey Results - February 2013SolarWinds
 
Unlocking High Fidelity Security
Unlocking High Fidelity SecurityUnlocking High Fidelity Security
Unlocking High Fidelity SecurityEnterprise Management Associates
 
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportWhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportJeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionEnterprise Management Associates
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 

Recommended

Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEnterprise Management Associates
 
IT Alert Management Survey Results - February 2013
IT Alert Management Survey Results - February 2013IT Alert Management Survey Results - February 2013
IT Alert Management Survey Results - February 2013SolarWinds
 
Unlocking High Fidelity Security
Unlocking High Fidelity SecurityUnlocking High Fidelity Security
Unlocking High Fidelity SecurityEnterprise Management Associates
 
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportWhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics ReportJeremiah Grossman
 
Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionEnterprise Management Associates
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 
Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSolarWinds
 
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know Enterprise Management Associates
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSolarWinds
 
SolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyEnterprise Management Associates
 
Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow Enterprise Management Associates
 
Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationEnterprise Management Associates
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceCondition Zebra (CONZebra)
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTawnia Beckwith
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlationfrantzyv
 
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0Gregg Jackson
 
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and VeracityThe Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and VeracityTechWell
 
Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?Thibaut Bourgon
 

More Related Content

What's hot

Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSolarWinds
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSolarWinds
 
SolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationEnterprise Management Associates
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceCondition Zebra (CONZebra)
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTawnia Beckwith
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlationfrantzyv
 
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0Gregg Jackson
 

What's hot (20)

Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT Infrastructures
 
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
 
SolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring SurveySolarWinds State of Government IT Management and Monitoring Survey
SolarWinds State of Government IT Management and Monitoring Survey
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception Technology
 
Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow
 
Transform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and OrchestrationTransform Your Security Operations with Security Automation and Orchestration
Transform Your Security Operations with Security Automation and Orchestration
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to Cyberattacks
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Weathering the Storm of IT Security Compliance
Weathering the Storm of IT Security ComplianceWeathering the Storm of IT Security Compliance
Weathering the Storm of IT Security Compliance
 
Top 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management ProviderTop 10 Questions to Ask Your Vulnerability Management Provider
Top 10 Questions to Ask Your Vulnerability Management Provider
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
081014 Vulnerability Management - VM Framework Procedural Guidelines 1.0
 

Viewers also liked

The Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and VeracityThe Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and VeracityTechWell
 
Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?Thibaut Bourgon
 
Digital Heritage Documentation Via TLS And Photogrammetry Case Study
Digital Heritage Documentation Via TLS And Photogrammetry Case StudyDigital Heritage Documentation Via TLS And Photogrammetry Case Study
Digital Heritage Documentation Via TLS And Photogrammetry Case Studytheijes
 
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...New Analytical Technique For The Determination Of Mercury (II) By Synergistic...
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...inventionjournals
 
Influence of Environmental Factors on the Production of Violacein Synthesized...
Influence of Environmental Factors on the Production of Violacein Synthesized...Influence of Environmental Factors on the Production of Violacein Synthesized...
Influence of Environmental Factors on the Production of Violacein Synthesized...theijes
 
1pre_engineered_building_system
1pre_engineered_building_system1pre_engineered_building_system
1pre_engineered_building_systemManju natha
 
நல்ல போர்ச்சேவகன்
நல்ல போர்ச்சேவகன்நல்ல போர்ச்சேவகன்
நல்ல போர்ச்சேவகன்jesussoldierindia
 
Sulphonamides: A Pharmaceutical Review
Sulphonamides: A Pharmaceutical ReviewSulphonamides: A Pharmaceutical Review
Sulphonamides: A Pharmaceutical Reviewinventionjournals
 
Selling Your House Winter 2017
Selling Your House Winter 2017Selling Your House Winter 2017
Selling Your House Winter 2017JESSICA EVE MORGAN
 
Gain Control over Fast-Paced IT with Enterprise Class Workload Automation
Gain Control over Fast-Paced IT with Enterprise Class Workload AutomationGain Control over Fast-Paced IT with Enterprise Class Workload Automation
Gain Control over Fast-Paced IT with Enterprise Class Workload AutomationEnterprise Management Associates
 
Los misterios del rosario
Los misterios del rosarioLos misterios del rosario
Los misterios del rosarioPablo Apellidos
 

Viewers also liked (19)

The Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and VeracityThe Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
The Four V’s of Big Data Testing: Variety, Volume, Velocity, and Veracity
 
Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?Comment augmenter son volume d'admission dans les écoles privés ?
Comment augmenter son volume d'admission dans les écoles privés ?
 
Imagenes fijas
Imagenes fijasImagenes fijas
Imagenes fijas
 
Fiesta de Amely
Fiesta de AmelyFiesta de Amely
Fiesta de Amely
 
Vanguardia
VanguardiaVanguardia
Vanguardia
 
Digital Heritage Documentation Via TLS And Photogrammetry Case Study
Digital Heritage Documentation Via TLS And Photogrammetry Case StudyDigital Heritage Documentation Via TLS And Photogrammetry Case Study
Digital Heritage Documentation Via TLS And Photogrammetry Case Study
 
Verdadero como la vida misma
Verdadero como la vida mismaVerdadero como la vida misma
Verdadero como la vida misma
 
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...New Analytical Technique For The Determination Of Mercury (II) By Synergistic...
New Analytical Technique For The Determination Of Mercury (II) By Synergistic...
 
Influence of Environmental Factors on the Production of Violacein Synthesized...
Influence of Environmental Factors on the Production of Violacein Synthesized...Influence of Environmental Factors on the Production of Violacein Synthesized...
Influence of Environmental Factors on the Production of Violacein Synthesized...
 
1pre_engineered_building_system
1pre_engineered_building_system1pre_engineered_building_system
1pre_engineered_building_system
 
நல்ல போர்ச்சேவகன்
நல்ல போர்ச்சேவகன்நல்ல போர்ச்சேவகன்
நல்ல போர்ச்சேவகன்
 
Sulphonamides: A Pharmaceutical Review
Sulphonamides: A Pharmaceutical ReviewSulphonamides: A Pharmaceutical Review
Sulphonamides: A Pharmaceutical Review
 
Medikonda_CRM_PM
Medikonda_CRM_PMMedikonda_CRM_PM
Medikonda_CRM_PM
 
Selling Your House Winter 2017
Selling Your House Winter 2017Selling Your House Winter 2017
Selling Your House Winter 2017
 
Gain Control over Fast-Paced IT with Enterprise Class Workload Automation
Gain Control over Fast-Paced IT with Enterprise Class Workload AutomationGain Control over Fast-Paced IT with Enterprise Class Workload Automation
Gain Control over Fast-Paced IT with Enterprise Class Workload Automation
 
Secreto a voces de la Estética 2015
Secreto a voces de la Estética 2015Secreto a voces de la Estética 2015
Secreto a voces de la Estética 2015
 
Polimerizacion por emulsion 1
Polimerizacion por emulsion 1Polimerizacion por emulsion 1
Polimerizacion por emulsion 1
 
Los misterios del rosario
Los misterios del rosarioLos misterios del rosario
Los misterios del rosario
 
EMA Analyst Slides: 2013 Big Data Research Results
EMA Analyst Slides: 2013 Big Data Research ResultsEMA Analyst Slides: 2013 Big Data Research Results
EMA Analyst Slides: 2013 Big Data Research Results
 

Similar to Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data

EMA Network Security Survey Findings (SEP 2016)
EMA Network Security Survey Findings (SEP 2016)EMA Network Security Survey Findings (SEP 2016)
EMA Network Security Survey Findings (SEP 2016)Lora O'Haver
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapEnterprise Management Associates
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySurfWatch Labs
 
The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...Enterprise Management Associates
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Enterprise Management Associates
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...Enterprise Management Associates
 
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...Enterprise Management Associates
 
Advanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldAdvanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldEnterprise Management Associates
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Bitglass
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationEnterprise Management Associates
 
Tame Complex IT Environments with Data-Driven IT Automation
Tame Complex IT Environments with Data-Driven IT AutomationTame Complex IT Environments with Data-Driven IT Automation
Tame Complex IT Environments with Data-Driven IT AutomationEnterprise Management Associates
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...Tunde Ogunkoya
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Enterprise Management Associates
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksThe Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksEnterprise Management Associates
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk
 

Similar to Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data (20)

EMA Network Security Survey Findings (SEP 2016)
EMA Network Security Survey Findings (SEP 2016)EMA Network Security Survey Findings (SEP 2016)
EMA Network Security Survey Findings (SEP 2016)
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems Today
 
The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...The Value of Using Security Policy Orchestration and Automation for Improving...
The Value of Using Security Policy Orchestration and Automation for Improving...
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
 
Democratizing IT Automation in a Multi-Cloud World
Democratizing IT Automation in a Multi-Cloud WorldDemocratizing IT Automation in a Multi-Cloud World
Democratizing IT Automation in a Multi-Cloud World
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
Stress Testing for the Digital Economy: Are YOU Ready to Deliver High Perform...
 
SaaS Data Protection
SaaS Data ProtectionSaaS Data Protection
SaaS Data Protection
 
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...
Network Management Megatrends 2016: Hybrid Cloud, Network Analytics and the I...
 
Advanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldAdvanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real World
 
Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)Security and Accountability in the Cloud (in partnership with SANS)
Security and Accountability in the Cloud (in partnership with SANS)
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident Investigation
 
Tame Complex IT Environments with Data-Driven IT Automation
Tame Complex IT Environments with Data-Driven IT AutomationTame Complex IT Environments with Data-Driven IT Automation
Tame Complex IT Environments with Data-Driven IT Automation
 
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
ISACA 2016 Annual Conference SA_State of Risk_Tunde Ogunkoya_DeltaGRiC_Consul...
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksThe Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
 

More from Enterprise Management Associates

Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...
Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...
Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...Enterprise Management Associates
 
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryEnterprise Management Associates
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...Enterprise Management Associates
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsEnterprise Management Associates
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Enterprise Management Associates
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Enterprise Management Associates
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Enterprise Management Associates
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesEnterprise Management Associates
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...Enterprise Management Associates
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Enterprise Management Associates
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Enterprise Management Associates
 
Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Enterprise Management Associates
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessEnterprise Management Associates
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...Enterprise Management Associates
 

More from Enterprise Management Associates (20)

Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...
Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...
Highlights from the EMA Radar™ Report for Workload Automation and Orchestrati...
 
Real-world incident response, management, and prevention
Real-world incident response, management, and preventionReal-world incident response, management, and prevention
Real-world incident response, management, and prevention
 
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizations
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
 
Transcending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in AuthenticationTranscending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in Authentication
 
Modernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network MonitoringModernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network Monitoring
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and Opportunities
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...
 
CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
 
Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?
 
Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data

  • 1. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING David Monahan Enterprise Management Associates Research Director, Security and Risk Management Twitter: @SecurityMonahan Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
  • 2. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Featured Speaker David Monahan Research Director, Risk and Security David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. Slide 2 © 2016 Enterprise Management Associates, Inc.
  • 3. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Logistics for Today’s Webinar Slide 3 © 2016 Enterprise Management Associates, Inc. • An archived version of the event recording will be available at www.enterprisemanagement.com • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event > QUESTIONS > EVENT RECORDING
  • 4. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING David Monahan Enterprise Management Associates Research Director, Security and Risk Management Twitter: @SecurityMonahan Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
  • 5. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sponsors Slide 5 © 2016 Enterprise Management Associates, Inc.
  • 6. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Report Demographics • 225 Respondents • Industries  Education  Finance/Banking  Health care/ Pharma  High Tech  Retail  Manufacturing Slide 6 © 2016 Enterprise Management Associates, Inc. 25% 30% 45% SMB (<1K) MidMarket (1K- <5K) Enterprise (5K+)
  • 7. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 7 © 2016 Enterprise Management Associates, Inc. Top Challenges Driving Combining Data 59% 38% 37% 34% 31% 4% Lack of analysis capabilities in the solutions Lack of dashboards Lack of reporting capabilities Lack of vendor supplied integration Lack of open APIs Other
  • 8. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 8 © 2016 Enterprise Management Associates, Inc. Most Important Business Need for Data Integration 25% 20% 16% 14% 13% 6% 6% Prevent breaches Respond to breaches Analyze attacks Confirm indicators of breach Predict attacks Forensic analysis Reporting/monitoring state of security
  • 9. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Least Confidence in Security Control Slide 9 © 2016 Enterprise Management Associates, Inc. 22% 17% 16% 15% 10% 7% 7% 6% Endpoint Prevention Endpoint Detection Concerned equally with more than one Confident in all four areas Perimeter Prevention Perimeter Detection Incident response (breach investigation capabilities) Protection (configuration management,…
  • 10. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Which Type of Data is Best to Identify Attacks? Slide 10 © 2016 Enterprise Management Associates, Inc. 41% 39% 20% It really depends upon the type of attack Network data Endpoint data
  • 11. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Program Maturity Definitions Very Strong At least 99% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates very few, if any, false positives. The system prevents/detects (as applicable) 99% or greater of the endpoint attacks, including those classified as APT, ATA, or zero-day.) Strong At least 85% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates only a few false positives. The system prevents/detects (as applicable) 95% or greater of the endpoint attacks, some of which would be those classified as APT, ATA, or zero-day. Competent At least 75% of endpoints have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates some but not excessive false positives. The system prevents/detects (as applicable) 90% or greater of the endpoint attacks, some of which could be those classified as APT, ATA, or zero-day. Slide 11 © 2016 Enterprise Management Associates, Inc.
  • 12. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Network Program Maturity Definitions Very Strong At least 99% of the network segments have active prevention and are actively monitored and managed. AND The system generates very few, if any, false positives. The system prevents/detects (as applicable) 99% or greater of the network-based attacks. Strong At least 85% of the network segments have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates only a few false positives. The system prevents/detects (as applicable) 95% or greater of the network-based attacks. Competent At least 75% of network segments have active prevention/detection (as applicable) and are actively monitored and managed. AND The system generates some but not excessive false positives. The system prevents/detects (as applicable) 90% or greater of the network-based attacks. Underdeveloped Less than 75% of network segments have active prevention/detection (as applicable) and are not necessarily actively monitored and managed. OR The system generates an excessive number of false positives. The system prevents/detects (as applicable) no more than 90% of the network-based attacks. Slide 12 © 2016 Enterprise Management Associates, Inc.
  • 13. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint & Network Security Detection Program Maturity Slide 13 © 2016 Enterprise Management Associates, Inc. 20% 47% 26% 5% 2% 25% 46% 24% 4% 1% Very Strong Strong Competent Underdeveloped Endpoint security detection is not a significant focus of our security program Endpoint Network
  • 14. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint & Network Security Prevention Program Maturity Slide 14 © 2016 Enterprise Management Associates, Inc. 21% 42% 28% 7% 2% 19% 47% 27% 6% 1% Very Strong Strong Competent Underdeveloped Endpoint security prevention is not a significant focus of our security program Endpoint Network
  • 15. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 15 © 2016 Enterprise Management Associates, Inc. Endpoint & Network Security Detection Program Maturity 20% 47% 26% 5% 2% 25% 46% 24% 4% 1% Very Strong Strong Competent Underdeveloped Endpoint security detection is not a significant focus of our security program Endpoint Network
  • 16. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Effectiveness of Endpoint and Network Protection Tools Slide 16 © 2016 Enterprise Management Associates, Inc. 67% 21% 11% 63% 20% 17% Effective Ineffective I don't know Endpoint Network
  • 17. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Importance of Automation for Prevention Slide 17 © 2016 Enterprise Management Associates, Inc. 41% 44% 12% 1% 2% 46% 39% 13% 1% 1% Very Important Important Somewhat Important Somewhat Unimportant Not Important at All Endpoint Network
  • 18. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Importance of Automation for Detection Slide 18 © 2016 Enterprise Management Associates, Inc. 50% 35% 12% 1% 2% 51% 35% 13% 0% 1% Very Important Important Somewhat Important Somewhat Unimportant Not Important at All Endpoint Network
  • 19. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Maintaining Historical Data for Behavioral Analysis and Anomaly Detection Slide 19 © 2016 Enterprise Management Associates, Inc. 45% 40% 2% 13% 58% 35% 7% We maintain historical Data We do not, but we believe it is important We do not and do not believe it is necessary I don't know Endpoint Network
  • 20. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Summary: Best Data for Early Detection Slide 20 © 2016 Enterprise Management Associates, Inc. 22% 21% 17% 16% 13% 7% 4% Access logs Network Security Logs (Firewall, IDS, DNS, etc.) Systems Log Monitoring (Application, Server, User chg, etc) Network Data (Packets, Flows, etc.) Endpoint Change Data Performance Logs Other
  • 21. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Sources Used for Network Security Slide 21 © 2016 Enterprise Management Associates, Inc. 42% 36% 35% 29% 28% 2% 18% Network flows (Netflow, IPFIX, etc.) Deep packet inspection (DPI) Cloud based API for reporting Transaction metrics Time series data/device metrics (SNMP, WMI, etc.) Other I don't know
  • 22. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Data Used for Security Slide 22 © 2016 Enterprise Management Associates, Inc. 79% 52% 49% 41% 38% 36% 33% 27% 26% File system changes (new files, permission changes, movement, etc) Successful or Failed logins Newly installed applications Registry changes Unidentified/new processes Local application logs Process to network connection mapping New local users Disk usage changes
  • 23. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Tools Used to Correlate Network and Endpoint Data Slide 23 © 2016 Enterprise Management Associates, Inc. 46% 36% 33% 32% 32% 11% 4% Log management with custom scripts Security incident and event management (SIEM ) Single-vendor solution with both endpoint and network prevention or detection capabilities Vendor-provided APIs to integrate other monitoring/management tools Security analytics (UBA, anomaly detection, or predictive analytics) We currently do not have the capability and evaluate these data silos separately I don’t know
  • 24. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Using Network Data for Security Slide 24 © 2016 Enterprise Management Associates, Inc. 37% 30% 14% 3% 16% Yes, but only for critical investigations No, but we would like to/plan to Yes, for all investigations No, and we have no particular need/interest I don't know
  • 25. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Integration Approaches in Used in Security Slide 25 © 2016 Enterprise Management Associates, Inc. 48% 37% 37% 36% 23% 2% Vendor-driven technology partnerships/integrations Vendor-created open APIs Third-party integration tools In-house created custom integrations Third party analysis of data Other
  • 26. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Metadata: Creation and Value Slide 26 © 2016 Enterprise Management Associates, Inc. 79% 15% 69% 15% Collection systems create metadata Invaluable Very valuable Moderately invaluable
  • 27. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Full-Time Equivalent Working Security Slide 27 © 2016 Enterprise Management Associates, Inc. 30% 32% 19% 19% <5 FTE 6 to 10 FTE 11 to 20 FTE >20 FTE
  • 28. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 28 © 2016 Enterprise Management Associates, Inc. FTE Applied to Event Investigation per Day 34% 24% 30% 9% 2% 1% 1-4 (> 1 FTE) 5-8 (approximately 1 FTE) 9-24 (1-3 FTE) 25-40 (>3- <=5 FTE) 41-80 (>5- <=10 FTE) 81+ (more than 10 FTE)
  • 29. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTINGSlide 29 © 2016 Enterprise Management Associates, Inc. Alert Volume per Day 60% 40% <100 Alerts / Day >=100 Alerts / Day
  • 30. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Sever/Critical Alert Volume per Day Slide 30 © 2016 Enterprise Management Associates, Inc. 50% 23% 15% 7% 5% 0% <=25 26-99 100-499 250-499 500-999 >=1,000
  • 31. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Severe/Critical Alerts Investigated per Day Slide 31 © 2016 Enterprise Management Associates, Inc. 67% 21% 6% 6% 10 or fewer 11-25 More than 25 We don't generally investigate security alerts
  • 32. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Network Strengths and Weaknesses: • Strengths • Early warning of a network-based attack • Attack telemetry • Payload dissection/determination • Identification of lateral movement (if placed where they can monitor the traffic) • Weaknesses • Limited deployment at perimeter hampers internal visibility. • They provide no warning of attacks that start on endpoint. (e.g. removable media) • Cannot provide insight if packets are encrypted. • Dormant or “triggered” attacks may not be detected by network sandboxes. • May provide “indeterminate” attack success when used alone. Slide 32 © 2016 Enterprise Management Associates, Inc.
  • 33. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Strengths and Weaknesses: • Strengths • Provides detailed data:  Application installation and process changes  Registry/configuration changes, file changes, and data moves  User additions, removals, and permission changes  Process association with network connections • Weaknesses • Data can be very compartmentalized so trends may be missed. • Missing or failing agents cause visibility gaps. • Gaps in scanning or polling cause visibility gaps. Slide 33 © 2016 Enterprise Management Associates, Inc.
  • 34. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Summary: • Over Confidence in Prevention • Over Confidence in the Security Programs • Focusing on the Wrong Data • Lack of Tools (and people) • Task and Analysis Automation are Key for Success • Too many alerts to manually investigate • Both Sets of Data are Valuable but Have Gaps • Need to get out of Data Silos • Need better analysis capability using combined data Slide 34 © 2016 Enterprise Management Associates, Inc.
  • 35. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Questions? Get the Full Report: http://bit.ly/1mKekfd Slide 35 © 2016 Enterprise Management Associates, Inc.