SlideShare a Scribd company logo

Can Security and Automation Work Together

Download as PPTX, PDF
T
Trish McGinity, CCSK

Security and Automation: Can they work together? Can we survive if they don't?

Technology
1 of 25
© 2015 ServiceNow All Rights Reserved Security and Automation: Can they work together? Can we survive if they don’t? Rob Randell, CISSP Director, Security and Risk Solutions Consulting
© 2016 ServiceNow All Rights Reserved The Problem Reference: http://ir.finjan.com/all-sec-filings/content/0001628280-15-006727/ex992finjanirpresentatio.htm??TB_iframe=true&height=auto&width=auto&preload=false
© 2016 ServiceNow All Rights Reserved Business Impact: Time to Containment is Key to Reducing Impact and Cost of Breach Source: Ponemon Institute 2016 On average, it took respondents 229 days to spot a breach caused by malicious agents, and 82 days to contain it.
© 2016 ServiceNow All Rights Reserved Why are Defenses Failing? Disparate and Siloes Security Tools SIEMS, Malware, Threat Network Protection Endpoint Solutions Access & Identity Solutions
© 2016 ServiceNow All Rights Reserved Security Teams Are Overwhelmed Manual Tools Too Many Alerts & No Context Siloed from IT Security IT
© 2016 ServiceNow All Rights Reserved Its 1999 Operations Management all over again!!!!! Thousands of events per day… people can’t scale to meet the volume SIEM Firewall/IPS/IDS Identity & Access Threat/Intel Vulnerability Detection Network Security Security Endpoint Detection Security & IT Teams What do we do with all of this?! What do we do with all of this? • Consolidate to a Single System • Understand Business Criticality • Execute Consistent Workflow • Manage Service Levels • Auto Remediate • Capture Metrics • Enable IT, Security, & BU Collaboration • Meet Audit and Regulatory Requirements
© 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Identify/Detect Too many systems and tools Too many events / too much information Not enough context Security Analyst Tier 1 Tier 2 Tier 3
© 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Contain Lack knowledge for containment and resolution steps Too long to respond Proactive response Security Analyst Multiple Round-trips Poor cross-team response times Response Automation
© 2016 ServiceNow All Rights Reserved Sample Response Workflow IDS Alert Generates Incident Analyst needs to prioritize, assign and categorize incident Analyst needs to identify and extract IPs, hashes and indicators Analyst needs to run reputational lookups via threat intel on indicators Analyst needs to get network connections off target machine Analyst needs to run hashes on all running processes Analyst needs to run threat intel lookups on all processes and network connections Analyst needs to confirm threat Analyst needs to get running processes off target machine Analyst starts remediation and containment *Note: Blue boxes indicate data enrichment activities
© 2016 ServiceNow All Rights Reserved Enterprise Security Response The Need: Enterprise Security Response! Security Incident Response Vulnerability Response Threat Intelligence Workflow & Automation Deep IT Integration
© 2016 ServiceNow All Rights Reserved Getting started with automation Objectives – Automation, how and where to begin What you will learn – Some of the definition(s) of Automation – Learn about automating Enterprise Security Response – Crawl, walk, run
© 2016 ServiceNow All Rights Reserved One in ~32 million definitions
© 2016 ServiceNow All Rights Reserved Automation vs Orchestration: What’s the Difference? • Orchestration vs. automation – a lot of people use the terms interchangeably • Automation – Execution of a simple task or action by a machine • Orchestration – Optimization and automated execution of an end-to-end workflow or complex series of processes, tasks and actions Orchestration Automation
© 2016 ServiceNow All Rights Reserved Is it risky? “Automate and/or die” – Anton Chuvakin Yes! But you are probably doing it today
© 2016 ServiceNow All Rights Reserved Most widely known automation • The most common automation story is quarantining an infected system • The auto-blocking tools vendors warn that if you don’t automate you will make the cover of the NY Times • Most folks remember the heydays when IPS was taking down production business applications every Friday at beer o’clock – That of course is when the IPS appliance CPU wasn’t at 100% • Many of these were poorly designed automation tools built with the of best intentions
© 2016 ServiceNow All Rights Reserved Crawl, walk, run, robot
© 2016 ServiceNow All Rights Reserved Security Operations Maturity Levels 1 – Basic Operations Security Operations Maturity 2 – Visibility and Performance 3 - Context and Enrichment 4 - Automated Remediation Value-based Prioritization, Visibility and Reporting Enhanced data enrichment tied to incidents Context-driven detection Automated Response Actions for Proactive Measures and Countermeasures Integrated Change Request and History Circles of Trust for Peer Intel Sharing Dynamic Workflow to Educate and Enable SOC Teams Basic Incident Ticketing, Incident Response Definition Prioritization by Impact KPIs, Reporting and SLAs Noise Reduction Automate data gathering tasks Threat intelligence integrated with IR Time to Detect per event reduced Compress the time to contain and remediate incidents Enable visibility for changes and task fulfillment across teams Easily handle common attacks to improve response closure Integration with core security systems Process and Accountability Defined Security Information Network for intel and attack method updates Automated querying of internal and supplier environments Educational expert systems and best practice sharing EnhancedTimetoDetectandRespond 5 – Networked Intelligence A large percentage of organizations are working at Level 1
© 2016 ServiceNow All Rights Reserved Sooooo….What can you automate? (without getting fired*) * if you are fired for doing everything I outline here you have my sympathy but I surely am not to blame • Start with something simple, repetitive, important - and something that is going to save your analysts’ time • A typical phishing investigation can take about 20-30 minutes and requires a lot of manual steps – When not followed up on it can lead to large costs and infection – When following up you may miss other pressing issues – Initial (triage) research does not require a particular set of skills
© 2016 ServiceNow All Rights Reserved Start passively • Automate process lookups – What is running? • Is this normal? – What is open? • Explode malware in sandbox • Pull asset records – Who owns it? – Where is it? • Threat lookups – Have I seen this before? – Has someone else seen it?
© 2016 ServiceNow All Rights Reserved Grow to human stopgaps • Disable account – Only when confirmed to be compromised • Block on firewall – Only block known infected systems • Reset passwords • Delete phishing email(s) • Push button automation
© 2016 ServiceNow All Rights Reserved Go Active • Move to active after significant testing • Blocking – Can be disruptive but can also be undone quickly • Disabling accounts – Can keep you out of the headlines • Audit everything! – Create Change records for every automated task • Do more with the same! – Automation allows your analysts to operate at lightspeed
© 2016 ServiceNow All Rights Reserved
© 2016 ServiceNow All Rights Reserved 1 2 3 Top Takeaways Start passively Grow to gated automation Move to active (albeit carefully)
© 2016 ServiceNow All Rights Reserved What’s the Ideal Response Process? 1 6 3 4 5 UTILIZE THREAT INTELLIGENCE INTEGRATE YOUR SECURITY PRODUCTS DETERMINE RESPONSE ACTION REMEDIATE THREATS FAST REVIEW POST INCIDENT REPORTS 2 AUTOMATICALLY PRIORITIZE SECURITY INCIDENTS
© 2015 ServiceNow All Rights Reserved 25 Thank you! Director Solutions Consulting - Security ServiceNow Rob Randell

Recommended

Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1TECHNOLOGY CONTROL CO.
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityHuntsman Security
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 

Recommended

Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1TECHNOLOGY CONTROL CO.
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityHuntsman Security
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Ivanti
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOCAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCBIZ, Inc.
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Source Conference
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSecPod Technologies
 

More Related Content

What's hot

Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Ivanti
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOCAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCBIZ, Inc.
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Source Conference
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 

What's hot (20)

Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness Assessment
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
 

Similar to Can Security and Automation Work Together

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSecPod Technologies
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsAujas
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application securityRogue Wave Software
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 

Similar to Can Security and Automation Work Together (20)

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems Management
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus Analytics
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 

More from Trish McGinity, CCSK

Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebToken Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebTrish McGinity, CCSK
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggTrish McGinity, CCSK
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxTrish McGinity, CCSK
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Trish McGinity, CCSK
 
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Trish McGinity, CCSK
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionTrish McGinity, CCSK
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 

More from Trish McGinity, CCSK (16)

Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 
Privacy 101
Privacy 101Privacy 101
Privacy 101
 
Cloud Seeding
Cloud SeedingCloud Seeding
Cloud Seeding
 
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebToken Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
 
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
 
Ed Rios - New ncc brief
Ed Rios - New ncc briefEd Rios - New ncc brief
Ed Rios - New ncc brief
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Can Security and Automation Work Together

  • 1. © 2015 ServiceNow All Rights Reserved Security and Automation: Can they work together? Can we survive if they don’t? Rob Randell, CISSP Director, Security and Risk Solutions Consulting
  • 2. © 2016 ServiceNow All Rights Reserved The Problem Reference: http://ir.finjan.com/all-sec-filings/content/0001628280-15-006727/ex992finjanirpresentatio.htm??TB_iframe=true&height=auto&width=auto&preload=false
  • 3. © 2016 ServiceNow All Rights Reserved Business Impact: Time to Containment is Key to Reducing Impact and Cost of Breach Source: Ponemon Institute 2016 On average, it took respondents 229 days to spot a breach caused by malicious agents, and 82 days to contain it.
  • 4. © 2016 ServiceNow All Rights Reserved Why are Defenses Failing? Disparate and Siloes Security Tools SIEMS, Malware, Threat Network Protection Endpoint Solutions Access & Identity Solutions
  • 5. © 2016 ServiceNow All Rights Reserved Security Teams Are Overwhelmed Manual Tools Too Many Alerts & No Context Siloed from IT Security IT
  • 6. © 2016 ServiceNow All Rights Reserved Its 1999 Operations Management all over again!!!!! Thousands of events per day… people can’t scale to meet the volume SIEM Firewall/IPS/IDS Identity & Access Threat/Intel Vulnerability Detection Network Security Security Endpoint Detection Security & IT Teams What do we do with all of this?! What do we do with all of this? • Consolidate to a Single System • Understand Business Criticality • Execute Consistent Workflow • Manage Service Levels • Auto Remediate • Capture Metrics • Enable IT, Security, & BU Collaboration • Meet Audit and Regulatory Requirements
  • 7. © 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Identify/Detect Too many systems and tools Too many events / too much information Not enough context Security Analyst Tier 1 Tier 2 Tier 3
  • 8. © 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Contain Lack knowledge for containment and resolution steps Too long to respond Proactive response Security Analyst Multiple Round-trips Poor cross-team response times Response Automation
  • 9. © 2016 ServiceNow All Rights Reserved Sample Response Workflow IDS Alert Generates Incident Analyst needs to prioritize, assign and categorize incident Analyst needs to identify and extract IPs, hashes and indicators Analyst needs to run reputational lookups via threat intel on indicators Analyst needs to get network connections off target machine Analyst needs to run hashes on all running processes Analyst needs to run threat intel lookups on all processes and network connections Analyst needs to confirm threat Analyst needs to get running processes off target machine Analyst starts remediation and containment *Note: Blue boxes indicate data enrichment activities
  • 10. © 2016 ServiceNow All Rights Reserved Enterprise Security Response The Need: Enterprise Security Response! Security Incident Response Vulnerability Response Threat Intelligence Workflow & Automation Deep IT Integration
  • 11. © 2016 ServiceNow All Rights Reserved Getting started with automation Objectives – Automation, how and where to begin What you will learn – Some of the definition(s) of Automation – Learn about automating Enterprise Security Response – Crawl, walk, run
  • 12. © 2016 ServiceNow All Rights Reserved One in ~32 million definitions
  • 13. © 2016 ServiceNow All Rights Reserved Automation vs Orchestration: What’s the Difference? • Orchestration vs. automation – a lot of people use the terms interchangeably • Automation – Execution of a simple task or action by a machine • Orchestration – Optimization and automated execution of an end-to-end workflow or complex series of processes, tasks and actions Orchestration Automation
  • 14. © 2016 ServiceNow All Rights Reserved Is it risky? “Automate and/or die” – Anton Chuvakin Yes! But you are probably doing it today
  • 15. © 2016 ServiceNow All Rights Reserved Most widely known automation • The most common automation story is quarantining an infected system • The auto-blocking tools vendors warn that if you don’t automate you will make the cover of the NY Times • Most folks remember the heydays when IPS was taking down production business applications every Friday at beer o’clock – That of course is when the IPS appliance CPU wasn’t at 100% • Many of these were poorly designed automation tools built with the of best intentions
  • 16. © 2016 ServiceNow All Rights Reserved Crawl, walk, run, robot
  • 17. © 2016 ServiceNow All Rights Reserved Security Operations Maturity Levels 1 – Basic Operations Security Operations Maturity 2 – Visibility and Performance 3 - Context and Enrichment 4 - Automated Remediation Value-based Prioritization, Visibility and Reporting Enhanced data enrichment tied to incidents Context-driven detection Automated Response Actions for Proactive Measures and Countermeasures Integrated Change Request and History Circles of Trust for Peer Intel Sharing Dynamic Workflow to Educate and Enable SOC Teams Basic Incident Ticketing, Incident Response Definition Prioritization by Impact KPIs, Reporting and SLAs Noise Reduction Automate data gathering tasks Threat intelligence integrated with IR Time to Detect per event reduced Compress the time to contain and remediate incidents Enable visibility for changes and task fulfillment across teams Easily handle common attacks to improve response closure Integration with core security systems Process and Accountability Defined Security Information Network for intel and attack method updates Automated querying of internal and supplier environments Educational expert systems and best practice sharing EnhancedTimetoDetectandRespond 5 – Networked Intelligence A large percentage of organizations are working at Level 1
  • 18. © 2016 ServiceNow All Rights Reserved Sooooo….What can you automate? (without getting fired*) * if you are fired for doing everything I outline here you have my sympathy but I surely am not to blame • Start with something simple, repetitive, important - and something that is going to save your analysts’ time • A typical phishing investigation can take about 20-30 minutes and requires a lot of manual steps – When not followed up on it can lead to large costs and infection – When following up you may miss other pressing issues – Initial (triage) research does not require a particular set of skills
  • 19. © 2016 ServiceNow All Rights Reserved Start passively • Automate process lookups – What is running? • Is this normal? – What is open? • Explode malware in sandbox • Pull asset records – Who owns it? – Where is it? • Threat lookups – Have I seen this before? – Has someone else seen it?
  • 20. © 2016 ServiceNow All Rights Reserved Grow to human stopgaps • Disable account – Only when confirmed to be compromised • Block on firewall – Only block known infected systems • Reset passwords • Delete phishing email(s) • Push button automation
  • 21. © 2016 ServiceNow All Rights Reserved Go Active • Move to active after significant testing • Blocking – Can be disruptive but can also be undone quickly • Disabling accounts – Can keep you out of the headlines • Audit everything! – Create Change records for every automated task • Do more with the same! – Automation allows your analysts to operate at lightspeed
  • 22. © 2016 ServiceNow All Rights Reserved
  • 23. © 2016 ServiceNow All Rights Reserved 1 2 3 Top Takeaways Start passively Grow to gated automation Move to active (albeit carefully)
  • 24. © 2016 ServiceNow All Rights Reserved What’s the Ideal Response Process? 1 6 3 4 5 UTILIZE THREAT INTELLIGENCE INTEGRATE YOUR SECURITY PRODUCTS DETERMINE RESPONSE ACTION REMEDIATE THREATS FAST REVIEW POST INCIDENT REPORTS 2 AUTOMATICALLY PRIORITIZE SECURITY INCIDENTS
  • 25. © 2015 ServiceNow All Rights Reserved 25 Thank you! Director Solutions Consulting - Security ServiceNow Rob Randell

Editor's Notes

  1. <click> Well first, while all of an organization’s security products do a nice job of protecting and detection potential security incidents, they create A LOT of alerts. Some organizations can see hundreds or even thousands of these alerts a day. How do they tell them apart? Which ones do they work on first? The graphic on the screen is an interesting way of visualizing it. All of those alerts look pretty similar. Is the red one most important? Or the darker red or red outline? The alerts are typically missing context or how or if a particular alert will really affect an organization. <click> Then – once a security teams knows they have a problem, the tools they are using for resolution are typically manual. For example, many organizations take the alerts from their systems – whether they are directly from an endpoint security product, firewall or even a SIEM and put them into the best data repository they have – a spreadsheet or Microsoft Excel. And as they work on the process for resolving the problem, the processes are might be on paper as part of a policy or they need to go and speak with another security analyst or team member. And do they teams communicate? Via the same tools they use for other communications – email. <click> And lastly, we are finding that while security and IT teams are all part of the same larger group, they typically act in silos. They use different toolsets. These silos and toolsets are another important factor as when security teams determine what’s needed to fix a problem, it is typically IT that is required to fix the problem. This could be patching or rebooting a server. Or taking a machine off of the network. Or disabling a person’s network or AD credentials. These silos cause resolution to take longer.
  2. “Drinking from the firehose”
  3. So, what this demo is going to highlight is some of the investments that we’ve been making in security operations for Istanbul. It highlights integrations with strategic security vendors, automation of data enrichment to help answer those questions that the security analyst needs to ask, and orchestration and remediation. It’s also a bit rough as we’re still putting the final touches on things, but what I’m going to demo is an integration with Palo Alto Networks, where we receive an alert from their WildFire malware system and we use that information to automatically run reputational lookups to get more information and from there we initiate an orchestration task to block a malicious network site on the Palo Alto Networks firewall. Normally, the enrichment process would take a significant amount of time and the ability to get a change put quickly in place, but what we’re ultimately demonstrating is a compression of the time to identify and time to contain windows.
  4. Note: Highlight why the audience should care to sit through your presentation. For example, if you want to automate your legacy processes, you’ll learn what we did and how we accomplished it. Our experience with compliance/QA challenges can save your company time and headaches.
  5. For me automation could be many things; route a some work, do a lookup, install a patch, block a computer, disable an account, all of the above! Explain the SN instance provisioning process What is automation? It isn’t the same for everyone. Hell, it isn’t even the same across a single business Legacy systems have little to none available Private and Public Clouds may have a fair bit of it
  6. Flip baby image around
  7. 17
  8. Note: Please limit to one slide.
  9. The step-by-step journey diagram from the corporate marketing message