SlideShare a Scribd company logo

Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from Network Traffic with Real-Time Analysis

Enterprise Management Associates
Enterprise Management Associates

View these webinar slides - featuring David Monahan, research director of security and risk management at leading IT analyst firm Enterprise Management Associates (EMA) - to learn how to get faster visibility and richer context into breaches as they occur.

Technology
1 of 22
Download to read offline
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Where There Is Smoke, There is Fire Extracting Actionable Intelligence From Network Traffic with Real-time Analysis David Monahan Research Director Security & Risk Management Enterprise Management Associates (EMA) @SecurityMonahan
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc.2 Today’s Speaker David Monahan Research Director, Risk & Security Management, EMA David has over 20 years of IT security experience and has organized and managed both physical and information security programs, including Security and Network Operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies.
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Visibility Challenges • Security personnel are overwhelmed • Security personnel are inexperienced • Attacks are varied and multifaceted • Attacks are stealthy • Attacks exploit user identity • New zero-day attacks appearing regularly • Getting the right data in a timely manner! 3 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Top 3 Security Challenges… 4 © 2017 Enterprise Management Associates, Inc. 58% 38% 37% 34% 31% 4% LACK OF ANALYSIS CAPABILITIES IN THE SOLUTIONS LACK OF DASHBOARDS LACK OF REPORTING CAPABILITIES LACK OF VENDOR SUPPLIED INTEGRATION LACK OF OPEN APIS OTHER Need to combine network capabilities or data with endpoint security capabilities or data
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. More Context • 92% of organizations receive as many as 500 overall alerts per day • 88% or organizations receive as many as 500 severe/critical alerts/day MEANING: Most incidents are being classified as severe/critical CAUSE: A lack of context [data] to properly prioritize the events Result: Attacks cannot be properly prioritized • 67% of organizations can only investigate <=10 severe/critical events/day • 88% of organizations can only investigate <=25 severe/critical events/day. MEANING: Most incidents are not being investigated CAUSE: A lack of context [data] to properly prioritize the events. Result: Attacks are going unidentified/uninvestgated 5
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Inexperience and a Lack of Skills 6 © 2017 Enterprise Management Associates, Inc. 72% 15% 7% 5% I DON'T KNOW ENDPOINT LOGS PACKET CAPTURE PERFORMANCE LOGS What type of data is best for early breach detection Affected by Staffing Shortage, 76% Affected by Staffing Shortage, 68% Not Affected by Staffing Shortage, 24% Not Affected by Staffing Shortage, 32% 20162015 Security Teams affected by staffing
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Detecting breaches 7 © 2017 Enterprise Management Associates, Inc. 25% 47% 24% 4% 1% VERY STRONG STRONG COMPETENT UNDERDEVELOPED NETWORK SECURITY DETECTION IS NOT A SIGNIFICANT FOCUS OF OUR SECURITY PROGRAM
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Incident response 8 © 2017 Enterprise Management Associates, Inc. 25% 41% 25% 8% 2% VERY STRONG STRONG COMPETENT UNDERDEVELOPED NETWORK SECURITY INCIDENT RESPONSE IS NOT A SIGNIFICANT FOCUS OF OUR SECURITY PROGRAM
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Maintaining Environmental Baseline 9 © 2017 Enterprise Management Associates, Inc. 58% 35% 7% YES NO, BUT I BELIEVE IT IS IMPORTANT NO, AND I DON'T FEEL THAT IT IS NECESSARY
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Used for Investigation 10 © 2017 Enterprise Management Associates, Inc. 54% 50% 46% 38% FULL PACKET DATA LOG DATA FLOW DATA PACKET HEADERS ONLY
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Packet Data Use In Investigations 11 © 2017 Enterprise Management Associates, Inc. 14% 38% 30% 3% 16% YES, FOR ALL INVESTIGATIONS YES, BUT ONLY FOR CRITICAL INVESTIGATIONS NO, BUT WE WOULD LIKE TO/PLAN TO NO, AND WE HAVE NO PARTICULAR NEED/INTEREST I DON'T KNOW
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Teams Need Automation to be Effective 12 © 2017 Enterprise Management Associates, Inc. 51% 35% 13% 0% 1% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL Automation for Detection 49% 35% 15% 1% 1% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL Automation for Incident Response
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Centralized Operations Interface is Key 13 © 2017 Enterprise Management Associates, Inc. 38% 43% 15% 3% 2% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Metadata is Key to Success 14 © 2017 Enterprise Management Associates, Inc. 15% 69% 15% INVALUABLE VERY VALUABLE MODERATELY INVALUABLE
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Why Packets
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. It’s How the Attacks Arrive • >99% of cyber attacks traverse the network in some way • Email/Web • Reconnaissance • Command and control • Data collection… • Only insider attacks collecting local system data and posting it to removable media do not 16
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Accelerating Detection and Response • Address Increased Advanced and Stealthy Threats – Threats hiding in normal application traffic, web, email, file transfers – Constantly morphing to avoid signatures, low and slow exfiltration methods – Abuse of DNS and HTTP traffic to co-ordinate and avoid detection • Reduce Attacker Dwell Time: Still too Long – Need More Telemetry faster – Increase Analyst Context – Lateral Movement not Detected Soon Enough – Endpoints don’t have all the info – Better Data to “Connect the Dots” From Events – Quickly relate data correlations – Accelerate Investigations with Comprehensive Forensics Data – Connect the Who, When, and How of a Breach – Look deep inside files and content to distinguish between normal and suspect activity 17
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. QNI- Proactive Breach Detection versus Reactive Forensics • QNI Value: – On-the-fly data stream analysis – Real –time correlation with other logged data – Vast metadata creation for case data enrichment – Better breach prevention – Earlier detection especially against low and slow or complex attacks – Reduced false positives (Alert/no-Alert) – Better alert classification (Critical, High, Med, Low, Info) – Accelerated incident response – Reduced loss/damage of breach 18
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2015 Enterprise Management Associates, Inc. Where to Use QNI • Leverage at any SOC Function! • Tier 1 (Incident receipt and processing) – Reduce incident volume = Reduced alert fatigue – Faster access to critical data = Faster Response – Better incident prioritization = Better incident handling – Force multiplier = Reduced hand offs to Tier 2 and Tier 3 • Tier 2 and Tier 3 (SecOps Troubleshooting/Investigations) – Better context = Faster resolution • Tier 4 (Hunters) – Better visibility = Reduced attacker dwell time – Better analysis = Faster detection of related incidents – Reduced dwell time = Reduced incident impact/cost 19
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Not All SIEM Packet Analysis Created Equal • Some only through 3rd-party partnerships • Processing overhead causes delays for data access – Several minutes to hours based on volume and collection method • Most integrated packet capture is only started on demand • Accessing data often not intuitive • Little/No advanced data analysis up front – Most return data is limited by queries or correlation rules – Analysis of data returns left to operator 20
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. QNI Benefits • Enriching data with: – DNS and other host detail – URLs, redirects – File data, file hashes, file entropy (image and audio files especially) – Application Awareness: Detected PII and confidential data – Usernames and Email addresses – Embedded scripts detection • Customizable suspect content feeds 21
IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Get Free Research from EMA analysts • http://www.enterprisemanagement.com/freeResearch 22

Recommended

Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral AnalyticsInterset
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionEnterprise Management Associates
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Building securable infrastructures
Building securable infrastructures Building securable infrastructures
Building securable infrastructures Steven Aiello
 

Recommended

Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral AnalyticsInterset
 
Top 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionTop 10 Tips for Selecting a Threat and Vulnerability Management Solution
Top 10 Tips for Selecting a Threat and Vulnerability Management SolutionEnterprise Management Associates
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
Building securable infrastructures
Building securable infrastructures Building securable infrastructures
Building securable infrastructures Steven Aiello
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
MT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in CybersecurityMT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in CybersecurityDell EMC World
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Fujitsu Middle East
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEnterprise Management Associates
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
Transformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs PigTransformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs PigLester Martin
 
Dabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- ChawanprashDabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- ChawanprashNiraj Kumar
 

More Related Content

What's hot

Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
MT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in CybersecurityMT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in CybersecurityDell EMC World
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsDoug Landoll
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Fujitsu Middle East
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 

What's hot (20)

Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIs
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. Compliance
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
MT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in CybersecurityMT118 Risk Intelligence - Making the Right Choices in Cybersecurity
MT118 Risk Intelligence - Making the Right Choices in Cybersecurity
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
SolarWinds Federal Cybersecurity Survey 2017: Government Regulations, IT Mode...
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown Jewels
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 

Viewers also liked

Transformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs PigTransformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs PigLester Martin
 
Dabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- ChawanprashDabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- ChawanprashNiraj Kumar
 
Manage services presentation
Manage services presentationManage services presentation
Manage services presentationLen Moncrieffe
 
Managed Services is not a product, it's a business model!
Managed Services is not a product, it's a business model!Managed Services is not a product, it's a business model!
Managed Services is not a product, it's a business model!Stuart Selbst Consulting
 
Hadoop and Spark for the SAS Developer
Hadoop and Spark for the SAS DeveloperHadoop and Spark for the SAS Developer
Hadoop and Spark for the SAS DeveloperDataWorks Summit
 
Stream Processing using Apache Spark and Apache Kafka
Stream Processing using Apache Spark and Apache KafkaStream Processing using Apache Spark and Apache Kafka
Stream Processing using Apache Spark and Apache KafkaAbhinav Singh
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningJames Ward
 
Why your Spark job is failing
Why your Spark job is failingWhy your Spark job is failing
Why your Spark job is failingSandy Ryza
 
Machine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionMachine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionTe-Yen Liu
 
Spark shuffle introduction
Spark shuffle introductionSpark shuffle introduction
Spark shuffle introductioncolorant
 
Boosting spark performance: An Overview of Techniques
Boosting spark performance: An Overview of TechniquesBoosting spark performance: An Overview of Techniques
Boosting spark performance: An Overview of TechniquesAhsan Javed Awan
 
A Starter Guide to IT Managed Services
A Starter Guide to IT Managed ServicesA Starter Guide to IT Managed Services
A Starter Guide to IT Managed ServicesDavid Castro
 
Simplifying Big Data Analytics with Apache Spark
Simplifying Big Data Analytics with Apache SparkSimplifying Big Data Analytics with Apache Spark
Simplifying Big Data Analytics with Apache SparkDatabricks
 
Machine Learning by Example - Apache Spark
Machine Learning by Example - Apache SparkMachine Learning by Example - Apache Spark
Machine Learning by Example - Apache SparkMeeraj Kunnumpurath
 
Apache Spark & Hadoop : Train-the-trainer
Apache Spark & Hadoop : Train-the-trainerApache Spark & Hadoop : Train-the-trainer
Apache Spark & Hadoop : Train-the-trainerIMC Institute
 
Deep learning and Apache Spark
Deep learning and Apache SparkDeep learning and Apache Spark
Deep learning and Apache SparkQuantUniversity
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingCloudera, Inc.
 
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...Databricks
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services PresentationScott Gombar
 

Viewers also liked (20)

Transformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs PigTransformation Processing Smackdown; Spark vs Hive vs Pig
Transformation Processing Smackdown; Spark vs Hive vs Pig
 
Dabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- ChawanprashDabur - Brand Presentation- Chawanprash
Dabur - Brand Presentation- Chawanprash
 
Manage services presentation
Manage services presentationManage services presentation
Manage services presentation
 
Managed Services is not a product, it's a business model!
Managed Services is not a product, it's a business model!Managed Services is not a product, it's a business model!
Managed Services is not a product, it's a business model!
 
Hadoop and Spark for the SAS Developer
Hadoop and Spark for the SAS DeveloperHadoop and Spark for the SAS Developer
Hadoop and Spark for the SAS Developer
 
Stream Processing using Apache Spark and Apache Kafka
Stream Processing using Apache Spark and Apache KafkaStream Processing using Apache Spark and Apache Kafka
Stream Processing using Apache Spark and Apache Kafka
 
Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 
Why your Spark job is failing
Why your Spark job is failingWhy your Spark job is failing
Why your Spark job is failing
 
Machine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionMachine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis Introduction
 
Spark shuffle introduction
Spark shuffle introductionSpark shuffle introduction
Spark shuffle introduction
 
Deep learning - Part I
Deep learning - Part IDeep learning - Part I
Deep learning - Part I
 
Boosting spark performance: An Overview of Techniques
Boosting spark performance: An Overview of TechniquesBoosting spark performance: An Overview of Techniques
Boosting spark performance: An Overview of Techniques
 
A Starter Guide to IT Managed Services
A Starter Guide to IT Managed ServicesA Starter Guide to IT Managed Services
A Starter Guide to IT Managed Services
 
Simplifying Big Data Analytics with Apache Spark
Simplifying Big Data Analytics with Apache SparkSimplifying Big Data Analytics with Apache Spark
Simplifying Big Data Analytics with Apache Spark
 
Machine Learning by Example - Apache Spark
Machine Learning by Example - Apache SparkMachine Learning by Example - Apache Spark
Machine Learning by Example - Apache Spark
 
Apache Spark & Hadoop : Train-the-trainer
Apache Spark & Hadoop : Train-the-trainerApache Spark & Hadoop : Train-the-trainer
Apache Spark & Hadoop : Train-the-trainer
 
Deep learning and Apache Spark
Deep learning and Apache SparkDeep learning and Apache Spark
Deep learning and Apache Spark
 
Introduction to Apache Spark Developer Training
Introduction to Apache Spark Developer TrainingIntroduction to Apache Spark Developer Training
Introduction to Apache Spark Developer Training
 
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...
Everyday I'm Shuffling - Tips for Writing Better Spark Programs, Strata San J...
 
Managed Services Presentation
Managed Services PresentationManaged Services Presentation
Managed Services Presentation
 

Similar to Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from Network Traffic with Real-Time Analysis

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsEnterprise Management Associates
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationEnterprise Management Associates
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Enterprise Management Associates
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataEnterprise Management Associates
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh Shanmughanathan20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh ShanmughanathanSharath Kumar
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapEnterprise Management Associates
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the Trees
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the TreesTunnel Vision Is Hurting Your Security: Time to See the Forest for the Trees
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the TreesEnterprise Management Associates
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Advanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldAdvanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldEnterprise Management Associates
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 

Similar to Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from Network Traffic with Real-Time Analysis (20)

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Accelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident InvestigationAccelerating Enhanced Threat Identification and Incident Investigation
Accelerating Enhanced Threat Identification and Incident Investigation
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint DataAchieving Hi-Fidelity Security by Combining Packet and Endpoint Data
Achieving Hi-Fidelity Security by Combining Packet and Endpoint Data
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh Shanmughanathan20th March Session Five by Ramesh Shanmughanathan
20th March Session Five by Ramesh Shanmughanathan
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception Technology
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the Trees
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the TreesTunnel Vision Is Hurting Your Security: Time to See the Forest for the Trees
Tunnel Vision Is Hurting Your Security: Time to See the Forest for the Trees
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Advanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real WorldAdvanced IT Analytics: A Look at Real Adoptions in the Real World
Advanced IT Analytics: A Look at Real Adoptions in the Real World
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 

More from Enterprise Management Associates

Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryEnterprise Management Associates
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...Enterprise Management Associates
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsEnterprise Management Associates
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Enterprise Management Associates
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Enterprise Management Associates
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Enterprise Management Associates
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityEnterprise Management Associates
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesEnterprise Management Associates
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...Enterprise Management Associates
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Enterprise Management Associates
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Enterprise Management Associates
 
Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Enterprise Management Associates
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessEnterprise Management Associates
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...Enterprise Management Associates
 
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...Enterprise Management Associates
 

More from Enterprise Management Associates (20)

Real-world incident response, management, and prevention
Real-world incident response, management, and preventionReal-world incident response, management, and prevention
Real-world incident response, management, and prevention
 
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetryObservability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
Observability: Challenges, Priorities, Solutions, and the Role of OpenTelemetry
 
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
NetSecOps: Examining How Network and Security Teams Collaborate for a Better ...
 
Modern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizationsModern ITSM—the untapped game-changer for midsize organizations
Modern ITSM—the untapped game-changer for midsize organizations
 
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
Unveiling Strategic Trends in Global Finance, Banking, and Insurance - IT Ex...
 
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
Unlocking Master Data Management (MDM) Success: Real-World Insights and Strat...
 
Transcending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in AuthenticationTranscending Passwords: Emerging Trends in Authentication
Transcending Passwords: Emerging Trends in Authentication
 
Modernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network MonitoringModernize NetOps with Business-Aware Network Monitoring
Modernize NetOps with Business-Aware Network Monitoring
 
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
Navigating the Complexity of Distributed Microservices across AWS, Azure, and...
 
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. RealityNavigating Today’s Threat Landscape: Discussing Hype vs. Reality
Navigating Today’s Threat Landscape: Discussing Hype vs. Reality
 
Kubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and OpportunitiesKubernetes Unveiled: Trends, Challenges, and Opportunities
Kubernetes Unveiled: Trends, Challenges, and Opportunities
 
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-...
 
Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...Challenges and Best Practices for Securing Modern Operational Technology Netw...
Challenges and Best Practices for Securing Modern Operational Technology Netw...
 
CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery CMDB in Cloud Times: Myths, Mistakes, and Mastery
CMDB in Cloud Times: Myths, Mistakes, and Mastery
 
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
Modernizing Network Engineering and Operations in the Era of Hybrid and Remot...
 
Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?Why Should Organizations Consider Extended Detection and Response (XDR)?
Why Should Organizations Consider Extended Detection and Response (XDR)?
 
Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023Five Managed SD-WAN Trends to Watch in 2023
Five Managed SD-WAN Trends to Watch in 2023
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network AccessMoving Beyond Remote Access: Discover the Power of Zero Trust Network Access
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
 
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
[Analyst Research Slides] Build vs. Buy: Finding the Best Path to Network Aut...
 
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...The Critical Role of Workload Automation in Achieving Successful Digital Tran...
The Critical Role of Workload Automation in Achieving Successful Digital Tran...
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from Network Traffic with Real-Time Analysis

  • 1. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Where There Is Smoke, There is Fire Extracting Actionable Intelligence From Network Traffic with Real-time Analysis David Monahan Research Director Security & Risk Management Enterprise Management Associates (EMA) @SecurityMonahan
  • 2. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc.2 Today’s Speaker David Monahan Research Director, Risk & Security Management, EMA David has over 20 years of IT security experience and has organized and managed both physical and information security programs, including Security and Network Operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies.
  • 3. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Visibility Challenges • Security personnel are overwhelmed • Security personnel are inexperienced • Attacks are varied and multifaceted • Attacks are stealthy • Attacks exploit user identity • New zero-day attacks appearing regularly • Getting the right data in a timely manner! 3 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING
  • 4. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Top 3 Security Challenges… 4 © 2017 Enterprise Management Associates, Inc. 58% 38% 37% 34% 31% 4% LACK OF ANALYSIS CAPABILITIES IN THE SOLUTIONS LACK OF DASHBOARDS LACK OF REPORTING CAPABILITIES LACK OF VENDOR SUPPLIED INTEGRATION LACK OF OPEN APIS OTHER Need to combine network capabilities or data with endpoint security capabilities or data
  • 5. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. More Context • 92% of organizations receive as many as 500 overall alerts per day • 88% or organizations receive as many as 500 severe/critical alerts/day MEANING: Most incidents are being classified as severe/critical CAUSE: A lack of context [data] to properly prioritize the events Result: Attacks cannot be properly prioritized • 67% of organizations can only investigate <=10 severe/critical events/day • 88% of organizations can only investigate <=25 severe/critical events/day. MEANING: Most incidents are not being investigated CAUSE: A lack of context [data] to properly prioritize the events. Result: Attacks are going unidentified/uninvestgated 5
  • 6. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Inexperience and a Lack of Skills 6 © 2017 Enterprise Management Associates, Inc. 72% 15% 7% 5% I DON'T KNOW ENDPOINT LOGS PACKET CAPTURE PERFORMANCE LOGS What type of data is best for early breach detection Affected by Staffing Shortage, 76% Affected by Staffing Shortage, 68% Not Affected by Staffing Shortage, 24% Not Affected by Staffing Shortage, 32% 20162015 Security Teams affected by staffing
  • 7. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Detecting breaches 7 © 2017 Enterprise Management Associates, Inc. 25% 47% 24% 4% 1% VERY STRONG STRONG COMPETENT UNDERDEVELOPED NETWORK SECURITY DETECTION IS NOT A SIGNIFICANT FOCUS OF OUR SECURITY PROGRAM
  • 8. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Incident response 8 © 2017 Enterprise Management Associates, Inc. 25% 41% 25% 8% 2% VERY STRONG STRONG COMPETENT UNDERDEVELOPED NETWORK SECURITY INCIDENT RESPONSE IS NOT A SIGNIFICANT FOCUS OF OUR SECURITY PROGRAM
  • 9. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Team Bravado – Maintaining Environmental Baseline 9 © 2017 Enterprise Management Associates, Inc. 58% 35% 7% YES NO, BUT I BELIEVE IT IS IMPORTANT NO, AND I DON'T FEEL THAT IT IS NECESSARY
  • 10. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Data Used for Investigation 10 © 2017 Enterprise Management Associates, Inc. 54% 50% 46% 38% FULL PACKET DATA LOG DATA FLOW DATA PACKET HEADERS ONLY
  • 11. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Packet Data Use In Investigations 11 © 2017 Enterprise Management Associates, Inc. 14% 38% 30% 3% 16% YES, FOR ALL INVESTIGATIONS YES, BUT ONLY FOR CRITICAL INVESTIGATIONS NO, BUT WE WOULD LIKE TO/PLAN TO NO, AND WE HAVE NO PARTICULAR NEED/INTEREST I DON'T KNOW
  • 12. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Teams Need Automation to be Effective 12 © 2017 Enterprise Management Associates, Inc. 51% 35% 13% 0% 1% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL Automation for Detection 49% 35% 15% 1% 1% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL Automation for Incident Response
  • 13. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Centralized Operations Interface is Key 13 © 2017 Enterprise Management Associates, Inc. 38% 43% 15% 3% 2% VERY IMPORTANT IMPORTANT SOMEWHAT IMPORTANT SOMEWHAT UNIMPORTANT NOT IMPORTANT AT ALL
  • 14. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Metadata is Key to Success 14 © 2017 Enterprise Management Associates, Inc. 15% 69% 15% INVALUABLE VERY VALUABLE MODERATELY INVALUABLE
  • 15. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Why Packets
  • 16. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. It’s How the Attacks Arrive • >99% of cyber attacks traverse the network in some way • Email/Web • Reconnaissance • Command and control • Data collection… • Only insider attacks collecting local system data and posting it to removable media do not 16
  • 17. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Accelerating Detection and Response • Address Increased Advanced and Stealthy Threats – Threats hiding in normal application traffic, web, email, file transfers – Constantly morphing to avoid signatures, low and slow exfiltration methods – Abuse of DNS and HTTP traffic to co-ordinate and avoid detection • Reduce Attacker Dwell Time: Still too Long – Need More Telemetry faster – Increase Analyst Context – Lateral Movement not Detected Soon Enough – Endpoints don’t have all the info – Better Data to “Connect the Dots” From Events – Quickly relate data correlations – Accelerate Investigations with Comprehensive Forensics Data – Connect the Who, When, and How of a Breach – Look deep inside files and content to distinguish between normal and suspect activity 17
  • 18. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. QNI- Proactive Breach Detection versus Reactive Forensics • QNI Value: – On-the-fly data stream analysis – Real –time correlation with other logged data – Vast metadata creation for case data enrichment – Better breach prevention – Earlier detection especially against low and slow or complex attacks – Reduced false positives (Alert/no-Alert) – Better alert classification (Critical, High, Med, Low, Info) – Accelerated incident response – Reduced loss/damage of breach 18
  • 19. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2015 Enterprise Management Associates, Inc. Where to Use QNI • Leverage at any SOC Function! • Tier 1 (Incident receipt and processing) – Reduce incident volume = Reduced alert fatigue – Faster access to critical data = Faster Response – Better incident prioritization = Better incident handling – Force multiplier = Reduced hand offs to Tier 2 and Tier 3 • Tier 2 and Tier 3 (SecOps Troubleshooting/Investigations) – Better context = Faster resolution • Tier 4 (Hunters) – Better visibility = Reduced attacker dwell time – Better analysis = Faster detection of related incidents – Reduced dwell time = Reduced incident impact/cost 19
  • 20. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Not All SIEM Packet Analysis Created Equal • Some only through 3rd-party partnerships • Processing overhead causes delays for data access – Several minutes to hours based on volume and collection method • Most integrated packet capture is only started on demand • Accessing data often not intuitive • Little/No advanced data analysis up front – Most return data is limited by queries or correlation rules – Analysis of data returns left to operator 20
  • 21. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. QNI Benefits • Enriching data with: – DNS and other host detail – URLs, redirects – File data, file hashes, file entropy (image and audio files especially) – Application Awareness: Detected PII and confidential data – Usernames and Email addresses – Embedded scripts detection • Customizable suspect content feeds 21
  • 22. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING© 2017 Enterprise Management Associates, Inc. Get Free Research from EMA analysts • http://www.enterprisemanagement.com/freeResearch 22