Threat Detection and Incident Response: What's New for 2014

1,155 views

Published on

As any security practitioner can tell you, things change quickly in the world of IT security, particularly with respect to new and evolving threats. As a result, organizations need to continuously adapt their security strategies to defend against new threats and take advantage of the latest capabilities for responding quickly when there is a breach. In this session, Mike Rothman, President of Security Analyst firm Securosis, and Jaime Blasco, Director of AlienVault Labs, will give an overview of key changes in the information security world in 2013 and considerations for adapting your 2014 strategy to stay ahead of threats.

In this session, Mike and Jaime will cover:

*New attack methods and vulnerabilities exploited in 2013
*New options for defending against these and other threats, including use of crowd-sourced threat intelligence
*Best practices to ensure you can respond and recover quickly in the event of a breach

You'll come away with key insights to ensure your 2014 security strategy is up to date

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,155
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
73
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Need to add their photos
  • Real-time, detailed information about incidents that may impact you, allowing you to learn from and work with others who have already experienced them.Unlike… Closed, invitation-only information sharing and analysis networks (FS-ISAC, Infragard, ISAC)OTX…Provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and employing the right defenses, to avoid becoming a target themselves.
  • AlienVault training page – from Terra Verde websiteEd to send me the URL to add here as a CTA
  • Threat Detection and Incident Response: What's New for 2014

    1. 1. THREAT DETECTION AND INCIDENT RESPONSE WHAT‟S NEW FOR 2014?
    2. 2. INTRODUCTIONS Meet today‟s speakers Mike Rothman President, Securosis @securityincite mrothman@securosis.com Jaime Blasco Director, AlienVault Labs @jaimeblascob 2
    3. 3. AGENDA • • • • New attack methods and vulnerabilities exploited in 2013 How to respond and recover quickly from a breach Security technologies to consider going into 2014 Q&A
    4. 4. • Independent analysts with backgrounds on both the user and vendor side. • Focused on deep technical and industry expertise. • We like pragmatic. • We are security guys - that‟s all we do. About Securosis
    5. 5. http://www.flickr.com/photos/imlichenit/5532476683/ The Pendulum Swings Back to Security
    6. 6. • Attacks > Defenses • Advanced Attackers > You • Attack surface is (pretty much) infinite. • This isn‟t going to change… Advanced Malware is Advanced
    7. 7. • 300+ Gbps network attacks • Availability attacks on the applications • Favorite tactic of hacktivists http://www.flickr.com/photos/astanhope/3592189/ Denial of Service hits the mainstream
    8. 8. http://www.flickr.com/photos/52859023@N00/644335254 The Cloud - Not If, But WHEN
    9. 9. Technology Problems are easy…
    10. 10. http://www.flickr.com/photos/morton/2305095296/ Biggest emerging problem is the security skills gap
    11. 11. • Depends on the maturity of your security program… • Determine: • Where you are • Where you want to be • Do you understand what that really means? • But the first job is to… http://www.flickr.com/photos/clintw/6051081177 / “Best Practices” Moving Forward
    12. 12. http://www.flickr.com/photos/61063852@N00/5088741119 /
    13. 13. • You can‟t stop all the attacks, so you better detect them faster. • And respond better. • This involves monitoring, forensics, and incident response. • Most enterprises don‟t do this very well. React Faster and Better
    14. 14. • Malware/Attack Detection • Evolving Network Security • Endpoint/Server Hygiene • Logging and Simple Alerting http://www.flickr.com/photos/bibbit/6187662743/ Less Mature Programs: Blocking and Tackling
    15. 15. http://www.flickr.com/photos/crowt59/2217016729/ More Mature Programs: Deeper Detection • • • Network-based Malware Detection Incident Response Focus/Forensics Threat Intelligence
    16. 16. Shopping List 2014
    17. 17. • Network-based Malware Detection • Next Generation Firewall • Perimeter Re-architecture • Perimeter Security Gateway Network Security
    18. 18. • Advanced Malware Protection • • Isolation (browser & kernel) • White Listing • • Application HIPS Endpoint Activity Monitoring Whither traditional AV? http://flic.kr/p/9kC2Q1 Endpoint Security
    19. 19. • Continued investment in monitoring technologies • Aggregation of information across the entire technology stack • Alerting, Visualization, Reporting • Threat Intelligence Driven Security Monitoring/Management
    20. 20. ALIENVAULT OPEN THREAT EXCHANGE (OTX) COLLABORATIVE THREAT INTELLIGENCE 20
    21. 21. OTX IN ACTION Continuous updates Updates provided every 30 minutes 200,000-350,000 validated malicious IP‟s at any point Active and open threat sharing Since March 2012, OSSIM & USM users have flagged 196 million events as malicious Average of ~11 million a month (365,000 a day) Effective against targeted attacks 20% of „live‟ APT1 domains were in OTX at time of Mandiant report 218 domains were „live‟ at time of report (the rest were added later the same day), 44 IPs found in OTX
    22. 22. ALIENVAULT UNIFIED SECURITY MANAGEMENT (USM) WITH THREAT INTELLIGENCE POWERED BY OTX
    23. 23. ALIENVAULT IN ACTION Step 1: Immediately identify known malicious IPs targeting your network. Step 2: Dig deeper by clicking on bad IP to continue investigation.
    24. 24. DIG DEEPER ON BAD IP ADDRESSES SHARE AND REVIEW COMMENTS ON ACTIVE THREAT S
    25. 25. ALIENVAULT IN ACTION Step 3: Follow step-by-step guidance in responding to the threat.
    26. 26. ALIENVAULT IN ACTION Optional: Provide contextual feedback to OTX so others can avoid becoming targets of the same threat.
    27. 27. UNIFIED MONITORING, PRESCRIPTIVE GUIDANCE, AND PREVENTATIVE RESPONSE    AlienVault USM delivers unified and coordinated security monitoring for incident response and compliance management. AlienVault Labs provides coordinated intelligence and analysis of the latest threats, and prescriptive guidance on how to respond. AlienVault Open Threat Exchange offers real-time insights on incidents affecting others that may impact you, so you can deploy a preventative response.
    28. 28. http://www.flickr.com/photos/alanenglish/6027912804/ Critical Success Factor 2014: Invest in Your People • • You can‟t find them, so you need to grow them Training, Internships
    29. 29. NOW FOR SOME Q&A More from Securosis… More from AlienVault…    Follow Mike on Twitter: @securityincite Securosis blog: http://securosis.com/blog  exchange  Securosis research: http://securosis.com/research Join OTX:http://www.alienvault.com/open-threat- AlienVault Labs blog: http://www.alienvault.com/open-threat-exchange/blog  Download a Free 30-Day Trial of USM:http://www.alienvault.com/free-trial Securosis publishes (almost) everything for free. Contribute. Make it better.  Join us for a LIVE Demo of USM:http://www.alienvault.com/marketing/alienvaultusm-live-demo
    30. 30. View Webcast On-Demand View a recorded version of this webcast On-Demand here.

    ×