Downloaded 55 times
Uploaded byAlienVault
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
The document discusses the growing threat of data breaches, emphasizing that smaller firms are particularly at risk. It advocates for a unified security management platform incorporating various tools for asset discovery, threat management, and monitoring to enhance incident response. Recommendations include maintaining an updated software inventory, continuous vulnerability monitoring, and utilizing threat intelligence for better security posture.
More Related Content
![[Webinar] The Art & Value of Bug Bounty Programs](https://cdn.slidesharecdn.com/ss_thumbnails/bugcrowdartofbugbountywebinaroutlinefinalmay201-150521164931-lva1-app6892-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
- 1. telling the rightstoryConfidential © Bloor Research 2015
- 2. Introductions Fran Howarth Senior Analystwith Bloor Patrick Bedwell VP, Product Marketing with AlienVault
- 3. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Breach victims “It’s not if, but when and how often” Three-fold increase over previous year Source: PwC/Infosec Europe 2014, Symantec
- 4. telling the rightstoryConfidential © Bloor Research 2015 Smaller firms in danger
- 5. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Smaller firms vital for the economy Source: UK Department for Business, Innovation & Skills
- 6. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Challenges in threat detection for SMEs Source: Ponemon Institute
- 7. telling the rightstoryConfidential © Bloor Research 2015 A more proactive response A unified security management platform: Asset discovery Vulnerability and threat management Intrusion detection, threat identification and management Behavioural monitoring Security intelligence Centralised management
- 8. telling the rightstoryConfidential © Bloor Research 2015 Asset discovery
- 9. telling the rightstoryConfidential © Bloor Research 2015 Vulnerability and risk assessment
- 10. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Threat identification: the role of threat intelligence Source: InformationWeek
- 11. telling the rightstoryConfidential © Bloor Research 2015 Behavioural monitoring
- 12. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Technology investments in event of breach Source: Ponemon Institute
- 13. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Use of SIEM for security intelligence Source: InformationWeek
- 14. telling the rightstoryConfidential © Bloor Research 2015 Integrate tools into a single operating console or dashboard Maintain a continually updated software inventory Use continuous vulnerability monitoring Complete a hardware inventory Use network mapping Incorporate log aggregation and correlation Take threat intelligence feeds for threat identification and prioritisation Source: SANS Institute Recommendations
- 15. telling the rightstoryConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015 Expected improvements for incident response Source: SANS Institute
- 16. telling the rightstoryConfidential © Bloor Research 2015 Advantages of security management platforms Correlation of data from throughout network Anomaly detection Comprehensive visibility Advanced threat protection Risk prioritisation Alerting and monitoring Customise according to business needs Demonstrate adherence to policies and controls Protect sensitive data Limit exposure to breach disclosure Reduce risk to business partners and customers Reduce costs
- 17. AlienVault USM ASSET DISCOVERY •Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SIEM • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • File Integrity Monitoring Integrated, Essential Security Controls
- 18. Integrated Threat Intelligence IncludingRemediation & Response Guidelines Coordinated Analysis, Actionable Guidance
- 19. Integrated Threat Intelligence IncludingRemediation & Response Guidelines Coordinated Analysis, Actionable Guidance
- 20. OTX + AlienVaultLabs Threat Intelligence Powered by Open Collaboration
- 21. Now for someQ&A… Test Drive AlienVault USM Download a Free 30-Day Trial http://www.alienvault.com/free-trial Try our Interactive Demo Site http://www.alienvault.com/live-demo-site Questions? hello@alienvault.com Twitter: @alienvault
Editor's Notes
- #2 \
- #21 Integrated approach to threat intel Comprised of OTX (data from 140+ countries) and the independent research from our AlienVault Labs’ team we’re analyzing over 500.000 malware samples per day Users submitting an average of ~11 million per month (365,000 a day) Updated every 30 minutes the ability to quickly convert data into actionable information So you can call out those truly significant events to help you prioritize your efforts reduce the need for in-house expertise. ------ OTX derives its data from three primary sources: USM and OSSIM that systems that enable OTX sharing, external feeds from public researchers and partners, and the research from our alienvault labs team. - This data is automatically analyzed through a powerful discovery engine that is able to granularly analyze the nature of the threat, and a similarly powerful validation engine that continually curates the database and certifies the validity of those threats. Crowd-sourced information remains the core focus of OTX. OTX derives information from normalized an anonymous event logs: firewalls, content filters, ips/ids logs, etc. We receive approximately 17,000 contributions daily from over 140+ countries. -I want to make something clear: OTX's information is anonymous and normalized. OTX does not analyze your data or do anything that would identify you, we are solely focused on analyzing the nature of the threat jeopardizing your system. OTX derives a significant amount of data from the security community. We work with public research institutions, government organizations, and private companies and partners to share and analyze threat data. With over 50+ partners working with us on OTX, if you look around Blackhat you're likely to see some of our partners. - AlienVault labs research is also a critical part of our analysis. Our labs team generates novel research on high profile threats, as well as instrumenting the automatic analysis for discovering and certifying all threats coming from OTX partners and OSSIM and USM customers who opt in to share data.