Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu

309 views

Published on

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu @BGASecurity

Published in: Technology
  • Be the first to comment

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu

  1. 1. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL1 Threat Hunting: Fast and easy with CbR 1-Oct-18 Nagaraj Hebbar Technical Account Manager – Middle East, Turkey & Africa (META)
 CISSP, CISM
  2. 2. Agenda Confidential © 2017 Carbon Black. All Rights Reserved. 01. Threat & Threat hunting - Overview 02. 03. Threat hunting demo Cb Response
  3. 3. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL3 NON-MALWARE ATTACKS ON THE RISE 47%OF BREACHES USE MALWARE 53%OF BREACHES ARE NON-MALWARE MALWARE ATTACKS NON-MALWARE ATTACKS KNOWN UNKNOWN RANSOM OBFUSCATED MEMORY MACROS REMOTE LOGIN POWERSHELL 93% OF RESEARCHERS SAY NON-MALWARE ATTACKS POSE MORE BUSINESS RISK THAN MALWARE MALWARE + NON-MALWARE
  4. 4. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL4 Threat vs. Vulnerability vs. Risk • Threat • Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset • A Threat is what we are trying to protect against • Vulnerability • Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized asset to an asset • A vulnerability is a weakness or gap in our protection efforts • Risk • The potential for loss, damage or destruction of an asset as a results of a threat exploiting a vulnerability • Risk is the intersection of assets, threats and vulnerabilities
  5. 5. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL5 Proactive Threat Hunting WHAT IS IT? • Proactive and iterative search for attacks • Informed by in-depth knowledge of your environment • Often hypothesis-based WHAT IS IT NOT? • Out-of-the-box detection • A checklist of indicators of compromise • Applying 3rd party threat intel feeds
  6. 6. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL6 The Challenges NO REAL-TIME VISIBILITY INTO ADVANCED ATTACKS TIRED OF BEING REACTIVE NO CENTRALIZED ACCESS TO UNFILTERED DATA 91% OF ORGANIZATIONS REPORT INCREASES IN SPEED & ACCURACY OF RESPONSE DUE TO THREAT HUNTING 77% CONSIDER ENDPOINT SECURITY DATA NECESSARY IN THEIR THREAT HUNTING FEEDS The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey
  7. 7. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL7 ✓ Stops the headline breach ✓ Scales the hunt ✓ Integrates your defenses ✓ Gives you a community of experts How We Solve Those Challenges Advances you from monitoring to proactive threat hunting
  8. 8. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL8 Detect & Respond Faster with Cb Response
  9. 9. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL9 Endpoint Security Market Leader 30 of Fortune 100 3,700 Customers 14M Endpoints 13,000 Practitioners 75+ IR/MSSPs 60%+ Y/Y Growth PURPOSE BUILT FOR SOC/IR MARKET-LEADING DETECTION & RESPONSE PRO-ACTIVE THREAT HUNTING
  10. 10. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL10 Cb Response: IR & Threat Hunting COMPLETE VISIBILITY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE GLOBAL COMMUNITY LEVERAGE
  11. 11. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL11 Complete Visibility PROCESS ACTIVITY REGISTRY ACTIVITY FILE ACTIVITY NETWORK ACTIVITY IDENTIFY ROOT CAUSE CAPTURE ALL ENDPOINT ACTIVITY AGGREGATE THREAT INTEL VISUALIZE THE ATTACK MINIMIZE RESOURCE IMPACT CONTINUOUS & CENTRALIZED RECORDING
  12. 12. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL12 CUSTOMIZE WATCHLISTS CAPTURE ALL ENDPOINT ACTIVITY Proactive Threat Hunting CONSOLIDATE THREAT FEEDS OPEN APIs AND INTEGRATIONS MAKE THE NEXT ATTACK HARDER AUTOMATE THE HUNT INTEGRATE DEFENSES STOP THE “HEADLINE” BREACH LEVERAGE COMMUNITY EXPERTS
  13. 13. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL13 Real-Time Response CUSTOM BANNINGENDPOINT ISOLATION LIVE RESPONSEPROCESS TERMINATION REMEDIATE INFECTED DEVICES ISOLATE INFECTED SYSTEMS PREVENT FUTURE ATTACKS COLLECT FORENSIC DATA
  14. 14. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL14 1 Market-Leading IR & Threat Hunting COMPLETE VISIBILTY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE PROVEN AT SCALE 2 3 4
  15. 15. © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL15 THANK YOU

×