A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Malware evolution and Endpoint Detection and Response Adrian Guthrie
As malware evolves into targeted Advance Persistent Threat the response has to change to more proactive security model.
Automated Prevention Block malware and exploits to prevent Automated Detection -Targeted and zero-day attack are block in real time
Automated Forensics - Forensic information for in-dept analysis of every attempted attack
Automated Remediation - Automated malware removal
all made possible by Big Data analytics and Collective Intelligence .
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior.
More info: http://www.pandasecurity.com/enterprise/solutions/advanced-threat-protection/
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
As today’s cyber-attackers become more sophisticated and nefarious, organizations must adopt the right mix of conventional and next-generation security tools to effectively defend their infrastructure from advanced threats. The Critical Security Controls effort is a growing movement that has been helping government agencies and large enterprises prioritize their cyber security spending accordingly.
By leveraging NetFlow and other types of flow data, Lancope’s StealthWatch System delivers continuous network visibility to fulfill a number of the highest priority controls, enhancing timely detection of targeted threats and improving incident response.
Learn the latest about the Critical Security Controls and hear how the StealthWatch System fits in.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Kaspersky Lab, one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned, presents a short story about the company - its Values, Business, Solutions, i.e. what we think and strive for in our business, how we develop our technologies and solutions to protect our customers and people around the globe against cyberthreats, as well as the results we've managed to achieve.
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
As threats evolve, it is essential to move beyond looking at events toward developing behavioral analysis capabilities. Knowing not only the components but also the rhythms of your environment becomes crucial to enable earlier detection of attackers. This session will review the threat and risk landscape today, recommend approaches to bolster your security control monitoring, apply situational awareness and kill chain techniques, and walk through the construction of two specific use cases. They are 1) detecting compromised accounts via remote access behavior analysis and 2) detecting malicious activity (attacker or insider) by detecting and tracing network jumpers from corporate to guest networks. The session will discuss the design approach and searches used in these two use cases so that you can build other use cases to improve your security capability and posture.
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
Symantec Cyber Security Solutions minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
Adapt or Die: The Evolution of Endpoint SecurityTripwire
The rapid transformation of the digital landscape and the proliferation of new business models are bringing sweeping changes to IT organizations everywhere. In order to keep up with the accelerating cycles of change and keep your company safe in an increasingly hostile threat landscape, your organization’s endpoint protection strategy must evolve.
In this interactive webinar, Eric Ogren, Senior Security Analyst at 451 Research and Gajraj Singh, VP of Product Marketing at Tripwire will provide insight into proactive steps you can take to improve your endpoint security.
Topics include:
• The top three things you can do today to improve the effectiveness of your endpoint security program.
• How to gain sufficient endpoint visibility to effectively reduce breaches.
• The likely evolution of endpoints and how technology is adapting to protect them.
• How to incorporate the evolutions of endpoint detection into security investment decisions.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Panda Adaptive Defense is a new security model which can guarantee complete protection for devices and servers by classifying 100% of the processes running on every computer throughout the organization and monitoring and controlling their behavior.
More info: http://www.pandasecurity.com/enterprise/solutions/advanced-threat-protection/
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
As today’s cyber-attackers become more sophisticated and nefarious, organizations must adopt the right mix of conventional and next-generation security tools to effectively defend their infrastructure from advanced threats. The Critical Security Controls effort is a growing movement that has been helping government agencies and large enterprises prioritize their cyber security spending accordingly.
By leveraging NetFlow and other types of flow data, Lancope’s StealthWatch System delivers continuous network visibility to fulfill a number of the highest priority controls, enhancing timely detection of targeted threats and improving incident response.
Learn the latest about the Critical Security Controls and hear how the StealthWatch System fits in.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Kaspersky Lab, one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned, presents a short story about the company - its Values, Business, Solutions, i.e. what we think and strive for in our business, how we develop our technologies and solutions to protect our customers and people around the globe against cyberthreats, as well as the results we've managed to achieve.
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
As threats evolve, it is essential to move beyond looking at events toward developing behavioral analysis capabilities. Knowing not only the components but also the rhythms of your environment becomes crucial to enable earlier detection of attackers. This session will review the threat and risk landscape today, recommend approaches to bolster your security control monitoring, apply situational awareness and kill chain techniques, and walk through the construction of two specific use cases. They are 1) detecting compromised accounts via remote access behavior analysis and 2) detecting malicious activity (attacker or insider) by detecting and tracing network jumpers from corporate to guest networks. The session will discuss the design approach and searches used in these two use cases so that you can build other use cases to improve your security capability and posture.
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
Symantec Cyber Security Solutions minimize the potential business impact of increasingly sophisticated and targeted attacks by reducing the time it takes to detect, assess and respond to security incidents.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
Adapt or Die: The Evolution of Endpoint SecurityTripwire
The rapid transformation of the digital landscape and the proliferation of new business models are bringing sweeping changes to IT organizations everywhere. In order to keep up with the accelerating cycles of change and keep your company safe in an increasingly hostile threat landscape, your organization’s endpoint protection strategy must evolve.
In this interactive webinar, Eric Ogren, Senior Security Analyst at 451 Research and Gajraj Singh, VP of Product Marketing at Tripwire will provide insight into proactive steps you can take to improve your endpoint security.
Topics include:
• The top three things you can do today to improve the effectiveness of your endpoint security program.
• How to gain sufficient endpoint visibility to effectively reduce breaches.
• The likely evolution of endpoints and how technology is adapting to protect them.
• How to incorporate the evolutions of endpoint detection into security investment decisions.
Data Loss Prevention technologies are needed to protect data coming into and leaving the organization. There are a number of problems and challenges with the many vendors supplying DLP technology. This presenation reviews some of the Myths around Data Loss Prevention.
Insider Threat: How Does Your Security Stack Measure Up?ThinAir
Security technologists, practitioners, and the media love to talk about the latest malware, and zero-day attacks that hackers and nation states direct against their targets. The reality is that a significant portion of security incidents and data breaches come from within an organization’s security perimeter. The insider threat is the unglamorous side of security, and one that most vendors and industry professionals tend to ignore. Which tools in your security stack truly address the insider threat problem? What percentage of your security budget is dedicated to this issue?
This presentation will explore the rise of the insider threat, and the five essential components of an effective approach to identifying and investigating breaches that result from the malicious or innocent actions of internal actors.
Learning Objectives:
• Learn about the trends, size & scope of the insider threat problem
• How to Evaluate your security stack against the insider threat problem
• Explore emerging concept of insider detection and investigation and the five required components of an insider threat approach.
For #Redpill2017, The most offensive security conference in Thailand.
This slide talks about the weak point of endpoint protection such as Antivirus, User Account Control, AppLocker.
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Technology Futurist Monty Metzger (http://blog.monty.de/keynote-speaker) speaks about how to master the fourth industrial revolution. The Digital Future will have far more impact — the next 25 years will usher more change than in the previous three centuries. What separates great leaders from the rest, is they have a precise vision of the future. A vision to enable change today.
Who will be leading the Fourth Industrial Revolution? How will our economy depend on data, analytics and AI? How Digital Transformation can boost your business?
Monty’s keynote speeches are for those who want to change things and for those who want embrace the opportunities of the Digital Future.
Book Monty for your conference, workshop or company meeting
http://blog.monty.de/keynote-speaker
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
This paper discusses the question of optimizing security decisions in an organization, based on the information provided by the technical security infrastructure.
Your Challenge
As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating.
Vendors use a lot of marketing jargon, buzzwords, and statistics to sell their solutions, making objective evaluation rather difficult.
The endpoint protection (EPP) market is overcrowded and fragmented, resulting in information overload and consequently, a difficult vendor assessment.
Disparate product solutions are being bundled into one-off solutions or suites, often resulting in less efficient solutions than the more niche players.
Imminent obsolescence is an issue. Previous EPP solutions have not adapted with the rapidly evolving threat landscape and are no longer relevant, resulting in breaches or vulnerabilities.
Critical Insight
Don’t let vendors and market reports define your endpoint protection needs. Identify the use cases and corresponding feature sets that best align with your risk profile before evaluating the vendor marketspace.
Your security controls are diminishing in value (if they haven’t already). Develop a strategy that accounts for the rapid evolution and imminent obsolescence of your endpoint controls. Plan for future needs when making purchasing decisions today.
Endpoint protection is a matter of defense in depth and risk modelling, there is no silver bullet protection and mitigation solution. As end-client-technology providers release regular product/software updates, security tools will become outdated. Multiyear endpoint protection commitments will leave you playing a constant game of catch up.
Impact and Result
The solution is a holistic internal security assessment that not only identifies, but satisfies, your desired endpoint protection feature set with the corresponding endpoint protection suite and a comprehensive implementation strategy.
Use this blueprint to walk through the steps of selecting and implementing an endpoint protection solution that best aligns with your organizational needs.
Risk management is one of the main concepts that have been used by most of the organisations to protect their assets and data. One such example would be INSURANCE. Most of the insurance like Life, Health, and Auto etc have been formulated to help people protect their assets against losses. Risk management has also extended its roots to physical devices, such as locks and doors to protect homes and automobiles, password protected vaults to protect money and jewels, police, fire, security to protect against other physical risks. Dr. C. Umarani | Shriniketh D "Risk Management" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37916.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37916/risk-management/dr-c-umarani
Security Operations Center scenario Interview based Questionspriyanshamadhwal2
Are you prepared to face the scenarios of hashtag#SecurityOperationsCenter (SOC) interviews?
Why not go well prepared and impress your interviewer with correct, concise and specific answers? Check this resource for all your SOC-related queries along with the answer key.
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...infosecTrain
Are you ready for the interview situations from the #SecurityOperationsCenter (SOC)?
Why not show the interviewer that you are well-prepared by providing accurate, brief, and targeted responses? Check this resource for all your SOC-related queries along with the answer key.
Visit us Page for Become a SOC Analyst - https://www.infosectrain.com/courses/soc-analyst-training/
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
Threat intelligence needs to be in a language the business understands. SurfWatch Labs can help connect cyber threat intelligence to business operations in order to help manage cyber risk.
You should consider cyber security. Issues that should be addressed before an issue arises in order to prevent it. Protecting digital data and preventing its loss or theft is one of the responsibilities that cybersecurity consulting companies are responsible for. Without anybody knowing, a hacker can connect to any of the company's devices and get data.
The specialist, however, recognises such assaults and takes preemptive action. Without the assistance of cybersecurity experts, you cannot be certain that sensitive information and internal systems are consistently safeguarded against unintentional errors and outside invasions. Therefore, businesses should invest in cybersecurity organisations for their IT security needs.
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Intelligence Driven Threat Detection and ResponseEMC
This white paper examines how an intelligence-driven approach to threat detection and response can help organizations achieve predictably high standards of security despite today’s rapidly escalating and unpredictable threat environment.
Similar to A Buyers Guide to Investing in Endpoint Detection and Response for Enterprises 2017-2018 (20)
A look at current cyberattacks in UkraineKaspersky
Kaspersky researchers have been monitoring the activity of APT actors, cybercriminals and hacktivists currently involved in the conflict in Ukraine. During this webinar, the Global Research and Analysis Team (GReAT) will share their findings on the most recent cyberattacks targeting Ukraine and present their observations, analysis and top findings.
- The types of attacks that have been targeting Ukraine for the past few months
- The results of analysis on destructive attacks and malware (HermeticWiper, etc...)
- How organizations can defend themselves against cyberattacks
GReAT, Kaspersky’s Global Research and Analysis Team, consists of 40 researchers based around the world that work on uncovering APTs, cyberespionage campaigns, major malware, ransomware and underground cybercriminal trends across the world.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, a Chinese researcher posted his now-monumental discovery on Twitter: there was a Remote Code Execution vulnerability in the popular Apache Log4j library. This library is used in millions of commercial and open-source applications. Ranked 10 out of 10 in terms of severity, CVE-2021-44228, also known as Log4Shell, is capable of giving attackers full control over targeted systems.
The exploit takes advantage of Apache’s Java Naming and Directory Interface (JNDI), which provides programmers with an easy way to process remote commands and remote objects by calling external objects. However, with Log4Shell, attackers can inject their own code into the JNDI lookup command: code that will then be executed on the targeted system.
The Log4Shell Vulnerability – explained: how to stay secureKaspersky
On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale.
While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell.
What should companies or organizations do?
Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session.
To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Kaspersky
Алексей Гуревич, Индивидуальный член CIGRE, член комитета B5 CIGRE, секретарь рабочей группы D2.51 комитета D2 CIGRE, член рабочей группы по кибербезопасности EnergyNet, в своем докладе рассказывает о кибербезопасности систем управления современных объектов электроэнергетики.
Подробнее о конференции: https://kas.pr/kicsconf2021
#KasperskyICS #KICScon
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыKaspersky
Максим Бородько, Генеральный директор GPSPATRON, в своем докладе рассказывает о применении ГНСС в критической инфраструктуре, типах спуфинговых атак и методах их детектирования; делает обзор зарегистрированных инцидентов в мире, России и Беларуси, а также прогнозирует применение ГНСС спуфинга в будущем.
Подробнее о конференции: https://kas.pr/kicsconf2021
#KasperskyICS #KICScon
Кирилл Набойщиков. Системный подход к защите КИИKaspersky
Кирилл Набойщиков, Лидер направления защиты КИИ «Лаборатории Касперского», в своем докладе рассказывает о важности системного подхода к защите КИИ.
Подробнее о конференции: https://kas.pr/kicsconf2021
#KasperskyICS #KICScon
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...Kaspersky
Вениамин Левцов, Директор глобального центра экспертизы по корпоративным решениям, рассказывет о стратегии трасформации решений Лаборатории Касперского для промышленных сред.
Подробнее о конференции: https://kas.pr/kicsconf2021
#KasperskyICS #KICScon
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Kaspersky
Джан Демирел, Глава команды сервисов по индустриальной кибербезопасности в Cyberwise, в своем докладе рассказывает о текущем статусе регулирования промышленной кибербезопасности в Турции в свете геополитики и стратегии.
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021Kaspersky
Мария Гарнаева, Старший исследователь угроз информационной безопасности в «Лаборатория Касперского», в своем докладе делает обзор целевых атак на промышленные компании в 2020 и 2021 годах.
Подробнее о конференции: https://kas.pr/kicsconf2021
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Kaspersky
Активное расширение областей применения киберфизических систем, в том числе в области промышленной автоматизации, привело к необходимости переосмысления подходов к обеспечению информационной безопасности систем с фактически переменным набором составляющих их компонентов. Дмитрий Правиков, Директор Научно-образовательного центра новых информационно-аналитических технологий (НОЦ НИАТ) РГУ нефти и газа (НИУ) им. И. М. Губкина, в своем докладе рассматривает концепцию, реализованную до верхнеуровневого алгоритма, которая предусматривает формирования подходов к обеспечению безопасности на уровне переменного (по составу входящих в него элементов) роя киберфизических систем.
Подробнее о конференции: https://kas.pr/kicsconf2021
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Kaspersky
Андрей Суворов, Генеральный директор НПО «Адаптивные Промышленные Технологии», и Максим Карпухин, Директор по продажам НПО «Адаптивные Промышленные Технологии», в своем докладе рассматривают под микроскопом KISG 100 на KasperskyOS - первое реальное киберимунное устройство для IIoT.
Подробнее о конференции: https://kas.pr/kicsconf2021
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...Kaspersky
Глеб Дьяконов, Директор по консалтингу в «NtechLab», в своем докладе рассказывает о ИИ-видеоаналитике как инструменте копроративного риск-менеджмента в промышленных компаниях.
Подробнее о конференции: https://kas.pr/kicsconf2021
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраKaspersky
Основные уроки текущих и завершенных проектов по категорированию, проектированию и внедрению комплексных систем информационной безопасности (ИБ) значимых объектов КИИ.
Развертывание продуктов KICS for Networks, KICS for Nodes в составе перечня средств защиты. Возникавшие проблемы при внедрениях в технологических сетях предприятий, как они были преодолены на конкретных случаях, обобщенные выводы и рекомендации. Как построить эффективную ИБ конфигурацию в сложных технологических и организационно-штатных системах реального предприятия.
О чем говорят производственники, когда обсуждают с нашими специалистами вопросы ИБ и отказоустойчивость технологических процессов. Особенности различных секторов экономики РФ при проектировании ИБ решений. Как проекты цифровизации влияют и будут влиять на уровень защищенности технологических сетей. Интернет вещей и 5G сети на производстве. Что в перспективе 2-3 лет придется менять в концепциях защиты АСУ ТП. Все эти вопросы поднимает Игорь Рыжов, Заместитель директора Центра промышленной безопасности АО НИП «Информзащита».
Подробнее о конференции: https://kas.pr/kicsconf2021
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Kaspersky
Александр Карпенко, Руководитель направления защиты АСУ ТП и КИИ «Инфосистемы Джет», в своем докладе описывает различия промышленных систем управления, возможности по обеспечению безопасности в них в зависимости от их возраста и технических особенностей, а также рассуждает о возможности тиражирования единой архитектуры системы защиты на все типы защищаемых объектов.
Подробнее о конференции: https://kas.pr/kicsconf2021
Марина Сорокина. Криптография для промышленных системKaspersky
Презентация Марины Сорокиной, Руководителя продуктового направления в ИнфоТеКС, посвящена теме использования криптографии для защиты промышленных систем. Вопрос необходимости применения криптографических методов для защиты АСУ достаточно часто обсуждается сообществом, однако рассуждения, как правило, касаются сценариев по обеспечению конфиденциальности при передачи информации по каналам связи. Криптография же - это не только шифрование, а сценарии безопасности от защиты каналов до обеспечения целостности самих устройств АСУ и доверия к ним. В докладе рассказывается, какие сценарии используются и как они реализуются в современных АСУ на примерах продуктов компании ИнфоТеКС – промышленного шлюза безопасности ViPNet Coordinator IG, криптоклиента ViPNet Client (в том числе для KOS), Встраиваемого решения для АСУ ViPNet SIES и криптобиблиотек ViPNet OSSL (в том числе для KOS).
Подробнее о конференции: https://kas.pr/kicsconf2021
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...Kaspersky
Александр Лифанов, Руководитель направления «Промышленные компьютеры и граничные вычисления» в Siemens, в своем докладе рассказывает о платформе граичных вычислений Siemens Industrial Edge.
Подробнее о конференции: https://kas.pr/kicsconf2021
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Kaspersky
Александр Волошин, Директор Центра компетенций НТИ «Технологии транспортировки электроэнергии и распределенных интеллектуальных энергосистем» НИУ «МЭИ», в своем докладе рассказывает об исследованиях и разработках решений по обеспечению ИБ современных и перспективных комплексов АСУ ТП.
Подробнее о конференции: https://kas.pr/kicsconf2021
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Kaspersky
Евгений Дружинин, Ведущий эксперт направления информационной безопасности в КРОК, в своем докладе освещает следующие аспекты реализации проекта по защите АСУ ТП:
1. Какие типичные проблемы мешают внедрению средств защиты АСУ ТП?
2. Как выглядит целевое состояние защищенной АСУ ТП: архитектура, ключевые характеристики.
3. Как достичь целевого состояния защищенности: этапы, варианты.
4. Особенности и «подводные камни» модернизации ИТ-инфраструктуры.
5. Способы подтверждения и особенности обеспечения совместимости средств защиты с компонентами АСУ ТП: вовлекаемые стороны, виды испытаний.
6. Особенности этапа построения систем безопасности АСУ ТП: лучшие практики при внедрении средств защиты.
7. Важные аспекты надежной эксплуатации систем безопасности АСУ ТП: особенности обновления средств защиты, внешняя техническая поддержка.
Подробнее о конференции: https://kas.pr/kicsconf2021
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций в соотве...Kaspersky
При создании АСУ ТП электрических подстанций заказчики пользуются годами наработанными схемами, шаблонами технических заданий, где учтено все, кроме требований современного законодательства. Вендоры АСУ ТП, в свою очередь, также часто не касаются вопросов информационной безопасности на первоначальных стадиях. Такая ситуация приводит к тому, что конкурс проводится между поставщиками, включающими в свое предложение системы информационной безопасности и поставщиками, игнорирующими данный вопрос на этапе конкурса. Тем не менее, требования всплывают на поздних этапах, когда служба ИБ эксплуатации не принимает объект. Кто виноват и что делать? В своем докладе на этот вопрос отвечает независимый эксперт Алексей Иванов.
Подробнее о конференции: https://kas.pr/kicsconf2021
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозKaspersky
Государства используют дипломатию как инструмент обеспечения собственной безопасности, в том числе в киберпространстве. Одна из центральных задач здесь — защита критической инфраструктуры от киберугроз. Олег Шакиров, Консультант ПИР-Центра, в своем докладе рассказывает, как дипломатия способствует этому путём выработки общих норм, касающихся ненападения на объекты КИ, создания механизмов сотрудничества между государствами в случае возникновения инцидентов, а также запуска программ помощи, направленных на укрепление кибербезопасности партнёров. Хотя потенциал кибердипломатии пока не раскрыт полностью, она уже позволяет решать конкретные задачи. Глобальный характер киберугроз будет делать её ещё более востребованной.
Подробнее о конференции: https://kas.pr/kicsconf2021
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
De mooiste recreatieve routes ontdekken met RouteYou en FME
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprises 2017-2018
1. A Buyer’s Guide to Investing
in Endpoint Detection & Response
for Enterprise 2017-2018
Kaspersky Enterprise Cybersecurity
www.kaspersky.com
#truecybersecurity
www.kaspersky.com
#truecybersecurity
2.
3. Contents
Introduction 1
All about Endpoint Detection and Response 2
Defining EDR 5
The Top 5 challenges when initiating an EDR project 8
1. Endpoint data: too much visibility 8
2. Responsibility for aggregated and stored data 9
3. Detection: manual hunting vs automated engines 10
4. Don’t just React - Respond 12
5. Prevention – EDR or EPP? 13
The Future of Enterprise Endpoint Security 14
Immediate Recommendations 15
4. 1
Introduction
One key business goal of any organization is to maintain the constant availability of data and
systems that can be trusted for decision-making purposes. The evolving threat landscape has
resulting in an increased focus, right up to board level, on cybersecurity. IT operational and
security teams should demonstrate a comprehensive, cohesive approach in their response to
security incidents and data breaches.
Endpoints at the sharp end
Corporate endpoints – your servers, workstations, mobile phones etc – are
where that synergy between data, users and corporate systems that generate
and implement business processes takes place, and these myriad individual
devices remain the key element in any network from both a business and
a security point of view.
To protect these endpoints, and to prevent their use as illicit entry points into your
infrastructure, you should expect your information security teams to be looking
at adopting processes and technologies associated with advanced detection,
threat hunting, IoC-scanning, malware analysis, incident forensics, global
threat intelligence implementation and the establishment of a formal Incident
Response process.
But where do you start? Jump on the advanced machine learning bandwagon?
Improve your threat hunting? Focus on growing your monitoring and SOC?
Better perhaps to cover these areas and more with one of the new Endpoint
Detection and Response (EDR) solutions. But what exactly can you expect from
EDR, and what type of solution should you go for?
This Document can help you to choose the EDR solution that will deliver for you.
Our goal is to highlight the vital differences between various types of EDR
capabilities available on market, and to help you identify the technologies which
will prove most valuable in securing business continuity and security in your
organization.
Cybersecurity is now one of the
‘Top-3’ priorities recognized by
senior management in their pursuit
of business continuity leading to
business success.
Business leaders today need an understanding
of the cyberthreat landscape specific to
their organizations. They should be asking
questions like these:
• Does my organization understand the
main threats and security risks to our
industry sector and to ourselves?
• Can we quickly detect and halt
cyberattacks?
• How do we position the reduction of
cyber-risk within our overall business
development strategy?
5. 2
A new approach to endpoint security
To prevent attacks, protect your perimeter. It always sounded reasonable – if your
IT perimeter is well defended, endpoint protection becomes just one more layer
in your overall security strategy.
But this approach falls short in a world where, thanks to technologies like mobile
devices, connected devices (IoT) and cloud computing, defining let alone
defending your IT perimeter becomes a challenge, and where the evolution of
threats has rendered a defensive perimeter-based approach obsolete.
Targeted attacks, a sharp increase in complex penetration techniques, fileless
malware and the use of legitimate software, the stolen credentials of normal
users, legitimate rights usage, exploitation of security policies issues and
misconfigurations - all these have led organizations to recognize the importance
of integrated security solutions and strategies. This in turn has led to the growth
of SIEM implementation and Security Operational Centers (SOCs). Corporate
cybersecurity has become proactive, multi-faceted and highly specialist – of
necessity.
The world is changing, and is ready to embrace a new endpoint security paradigm.
The focus has shifted back to the endpoint. There have always been far-sighted IT
Departments who have treated every endpoint as requiring its own security
perimeter. And, thanks in part to organizations who have not taken this approach,
and whose poor visibility over individual devices has led to low overall security
levels, endpoints have never ceased to be the main initial target for cybercriminals.
Becoming more proactive
Meanwhile, regulators are introducing new requirements (GDPR, PCI DSS etc.)
which may call for continuous monitoring and incident recording over every
endpoint in the network. For most enterprises, the number of events/incidents
recorded by their current security solution keeps escalating, so that verifying
and analyzing every event recorded becomes an issue in itself. It doesn’t help
that security experts with the necessary skills in Reverse Engineering, Malware
Analysis, Digital Forensics and Incident Response to handle these tasks are now
at premium, and are not easy to come by.
At this point, most security processes concentrating on advanced threats, and
most SOC monitoring approaches, are essentially alert-driven and reactive.
Security officers wait for evidence of a breach before alerting the security
analyst, after which the incident response team can take action. At best, incident
responders identify the artifacts of an attack at the latest stage of the ‘kill chain’:
at worst, they simply wait to tally the damage, sometimes months after systems
were breached. This is clearly unsatisfactory. So organizations are reviewing their
security processes, particularly in terms of proactive incident detection as well as
response.
How does this affect endpoint
solutions?
The latest generation of endpoint solutions focuses on the effective detection
of new threats coming into the organization, patrolling and analyzing events in
the ‘grey zone’ where unknown, undefined threats may be lurking – we’re talking
about proactive ‘threat hunting’.
All about Endpoint
Detection and Response
Threat Hunting - helping to uncover
advanced threats hiding within the
organization, using proactive threat
search capabilities and carried out
by highly qualified and experienced
security professionals.
6. 3
Beyond endpoint protection
Effective threat hunting relates directly to the capabilities of a mature SOC.
Upgrading bought-in security solutions is not enough. New requirements can’t
simply be imposed on traditional Endpoint Protection (EPP) solutions – they will
not fit or function effectively.
Let’s take look at some key issues effectively closed by traditional EPP, and the
new challenges that endpoint security now faces:
How can these new challenged be addressed?
Issues of control and protection,
closed by traditional solutions EPP:
New advanced challenges for endpoint security:
How to automatically protect (both
prevent and roll-back) against existing
threats, including ransomware and
crypto-lockers
How to proactively seek out intrusion evidence such as Indicators of
Compromise over the entire network in real time
How to centrally manage and enforce
security controls for web/apps/devices
How to detect and remediate an intrusion before the intruder has a chance to
cause significant damage
How to centrally manage vulnerability
assessment and patch management
processes
How to correlate alerts from network security controls in order to understand
what’s happening on the endpoint in real time
How to protect corporate data and
information on devices
How to validate alerts and potential incidents discovered by security solutions
How to deploy endpoint-level web
and mail protection policies
How to rapidly investigate and centrally manage incidents across thousands of
endpoints
How to provide endpoint users with
specific sets of security domains
tailored to their own needs
How to make the incident response process (manual work, level-3 skills, alerts
overload etc.) less expensive by automating routine security team operations
?
?
?
?
«Good» Trusted Legitimate«Bad» Malicious
«Gray»
Unknown/new
Prevention
Detection
Advanced
?
?
??
?
?
7. 4
Your endpoint cybersecurity strategy:
adaptive, advanced, predictive
One of the most effective Adaptive Security Frameworks is founded on the viable
security architecture described by Gartner. Its approach is to provide a cycle of
activities in four key areas: Prevent, Detect, Respond, and Predict.
• Prevent – both blocking common threats and hardening the core systems to
decrease the risk of advanced threats
• Detect – rapid discovery of activities that could signal a targeted attack or
existing breach
• Respond – precisely contain the threat, perform investigations and respond
appropriately to attacks
• Predict – know where and how new targeted attacks could appear
• Analyze potential security gaps
• Adjust countermeasures accordingly
• Empower SOCs with Threat Intelligence
• Undertake proactive Threat Hunting
• Manage the incident
• Investigate the Incident
• Neutralize with immediate steps to
mitigate the consequences
• Full-circle Incident Response
• Continuous monitoring
• Incident discovery
• Qualifying incident severity
and risk level
• Mitigate the risks
• Raise awareness
• Harden target systems and assets
• Improve qualification and current
solution effectiveness against
modern threats
PREDICT PREVENT
DETECTRESPOND
Adaptive Security Model
Essentially, this assumes that traditional prevention, especially for endpoints,
should function in coordination with advanced detection technologies, threat
analytics, response capabilities and predictive security techniques. The result
is a cybersecurity system that continuously adapts and responds to emerging
enterprise challenges.
Multi-layered, prevention-based technologies are still a key element in this
new, proactive approach to guarding against targeted attacks. But if the attacker
is sufficiently highly motivated, and perhaps even hired by a third party to
conduct a successful attack, a prevention-only approach will not be enough.
You must also be able to quickly identify threats, make decisions and anticipate
the possibility of penetration, while simplifying current manual operations and
automating response tools.
Harder to detect and - often - even
harder to eliminate, targeted attacks
and advanced threats call for a
comprehensive, adaptive security
strategy.
8. 5
Key features of an EDR-like solution
As we’ve seen, Gartner defines EDR solutions as having the following primary
capabilities:
• detect security incidents
• contain the incident at the endpoint, such that network traffic or process
execution can be remotely controlled
• investigate security incidents
• remediate endpoints to a pre-infection state
How well do organizations understand the workings of EDR, and how these
technologies contribute to business continuity? A Kaspersky Lab survey among
the enterprise organizations over 2016 produced some disturbing results.
Defining EDR
Incident
Containment
Response
Contain the Incident
at the endpoint and
Remediate endpoints
to a pre-infection state.
Remove malicious files, roll back
and repair other changes or - can
create remediation instructions
that can be made available for
other tools to implement
Forensics
Data Collection
Collect datasets,
RAM dumps, HDD
snapshots etc. for
further analysis
Incident
Investigation
Investigate security
incidents. The
investigate function
should include a
historical timeline of all
primary endpoint events
to determine both the
technical changes that
occurred and the
business effect
(privilege escalation, spread, exfiltration,
geolocation of CC and adversary
attribution if possible)
Endpoint Incident
Detection
Detect security incidents
by monitoring of
endpoint activities and
objects, policy violations
or by validating
externally fed indicators
of compromise (IOCs)
sh = 000
me = 2010-11-
160.188.116 pn
24 m = 537 ms
nection Clos
450.11.28
9. 6
Survey question: ‘How well you know the EDR class of solutions?’
Response:
At the same time, interviewed representatives of companies clearly formulated
the basics of their expectations and the results that they would like to see from
the use of EDR solutions in their organizations:
Helps to better prepare for security audits
Better use of staff time and capabilities
Better prepares us for the next attack by giving us actionable intelligence
Centralized logging of security incidents to aid future security planning
Better job of understanding threats/malware compared to traditional endpoint products
Serves as a critical part of our overall threat intelligence process
Faster threat response and action taken
Better job of detecting threats compared to traditional endpoint products
Faster security event identification
Fills in holes where other security technologies have let us down
Less malware dwell time
Saves money due to faster containment of threats
33%
32%
29%
27%
24%
23%
21%
20%
20%
19%
17%
17% Most Important
Any Top 3
This combination of limited understanding and clear expectations is a concern.
EDR solution providers are naturally keen to meet these expectations, developing
‘kill-features’ which promise much and look exciting at the pilot stage, but which
often prove very much less practical and cost-effective when incorporated
into the customer’s new or already established processes of incident response,
investigation or threat hunting.
As a result, EDR is already viewed in some quarters with suspicion.
I have a strong understanding of
how this works
I have heard of this: Only some
idea how it works
I have heard of this: Don’t
understand it
I have not
heard of this
Source: IT Experts In Businesses With Over 250 Employees
16%45%28%11%
10. 7
The rise and fall of Endpoint Detection
and Response solutions
Unfortunately, there’s not as yet an established comparative analysis or
independent report laying out all the key functionalities and possible variations
of EDR technologies available in the market today. And many ‘first generation’
products in this still-immature market initially failed to deliver in practice what
experts and organizations had expected.
Most solutions started with some ‘kill features’ instead of complex functionality.
Instead of an integrated solution with the ability to unify and automate network
security threat intelligence, threat hunting, anti-malware, incident response
and forensics capabilities, EDR proved in practice to be a set of analytical and
research tools. And this technology toolkit turned out to be both costly for what
it was and extremely tough for the average security professional to master.
Some EDR solutions also failed to deliver on efficiency promises. When
responding to a malware incident, an EDR solution will gather information from
endpoints – signatures and malware behavior – which can be used to identify
future infections. But if the solution is not tightly integrated with detection
technologies and security systems, there’s a high risk of overlap and duplication,
actually generating more manual processes and hampering workflow, instead of
improving efficiency and effectiveness. The EDR simply becomes an additional
storage silo of security-related data - data which can’t in itself tell you how the
event originated or how to stop it recurring. Without root case resolution built
into the workflow, an organization can’t remediate conclusively and reduce the
risk of a recurrence.
Another shortcoming has been that some solutions initially on the market were
not really designed to discover or investigate APTs. To do this, EDR owners still
needed to outsource activities to experts – possibly those belonging to the
vendor – or to purchase expensive additional training. If an external incident
response team must be brought in whenever a breach is identified, the cost-
effectiveness of the original EDR solution may well come into question.
A growing trend has been the use of cloud versions of EDR, with certain logs and
data being transferred to the vendor’s cloud rather than held on installed agents
or a centralized repository. But this has tended to result in the generation of more
incidents, with slower reaction times (and occasionally none at all).
However, much of this is in the past, and those currently contemplating the
EDR market should not judge the potential outcomes of their investment by the
experiences of those early pioneers. Today the market has grown and become
more mature.
So what should you be looking for in EDR today, and what should be taken into
account? Let’s look at 5 challenges that you need to consider when starting up
your EDR project.
Early-adopters of EDR solutions are
not always, alas, the technologies’
biggest fans. There were
shortcomings with many of the very
first EDR solutions, resulting in some
customers facing disappointment and
frustration.
11. 8
Endpoint data: too much visibility
Endpoint protection in any form begins with the collection of new data, its
storage and analysis. Theoretically, the more data you can collect, the greater
the benefit. The same theory also used to be applied to SIEM systems. But, to
interpret large volumes of collected data, the EDR operator also needs relevant
context. For example, the rapid discovery of a malicious connection to a bad
domain is of considerably less value if you don’t know from which endpoint this
originated, how the process started, what the root cause was and which assets
may have already been affected.
Immature EDR solutions on the market collect some data, but do not provide the
right context. They may, for example, allow the operator to quickly discover which
machines hold a file with a certain hash sum, without providing information
about how the file appeared on these machines. A list of generated processes
may be provided for the object and activities, but with no visualization. Or complex
alerts about atypical behavior or deviations may be provided, but without basic
scans and verdicts.
Some solutions collect all the data from the endpoints, then present it straight
onto the interface - like a direct window into the database. Unless the operator is
a data scientist or big data champion as well as a security expert, he or she won’t
be able to make an informed decision on the basis of this raw data.
Often such systems generate thousands of messages, and literally millions of
alerts, all of which somebody has to validate. Even in the largest organizations,
the monitoring and response team is unlikely to be able to handle more than
50-60 medium to highly critical incidents at any one time. As a result, we have
a solution which finds everything, but little or nothing can actually be done about
what’s found – there’s just too much, and not enough, to see.
One compromise here may be the sharing of alerts between your own security
team and an external MSSP, but you’ll need to find a provider with the right
training and expertise. And without incident prioritization, this could involve
a huge investment and waste of resources on non-critical alerts. An additional
concern, as with any MSSP, is the matter of trust, data privacy and compliance
restrictions.
The Top 5 challenges
when initiating an EDR project
There are inevitably going to be new challenges for
organizations embracing any new technology or unfamiliar
processes. And as EDR solutions are more expensive than
their traditional EPP counterparts, justifying your investment
in EDR in terms of added value, when weighed against
the costs of a SIEM or forensic tools for example, can be a
complicated business.
The core capability of an enterprise-grade EDR is the
ability to assist the security team with question-driven
investigations: hunting tips are iterative and start with
questions or hypotheses – in order to achieve visibility.
An initial question or hypothesis might be based on the
steps of the cyber-kill chain and be something like “Is data
exfiltration or malicious communication happening?”
or “If there is suspicious connection to external domain
happening it’s most likely going on through this part of the
network but from which endpoint and process?”.
In order to deliver these capabilities, the EDR solution must
have investigation-assisting functionality as well as data
collection and storage features. And incident discovery
should incorporate both automated and manual elements.
Last but not least – as the initial incident is detected, the
security team and threat responder should be equipped
to easily contain the threat, remediate the endpoints and
prevent the specific activity from happening again.
Let’s take a look at 5 common challenges that organizations
should take into account while choosing advanced EDR
solutions, or generally improving their current Endpoint
Security in terms of Detection and Response.
1
12. 9
Recommendations:
• Look for solutions that don’t just enable you to automatically expose risk
through alerts, but which also allow for deep customization - configuring
different user roles, allocating VIP groups, quickly setting up whitelists.
This will allow you to properly highlight what’s important, reduce what’s
unnecessary, and check that only critical information is visible to any external
MSSP.
• Think about the extent to which you’re expecting to conduct data analysis
within the organization, and how much data you’re expecting to store and
process. Gearing up to handing terabytes of data in-house may well mean
substantial additional hardware costs.
Responsibility for aggregated
and stored data
Another important feature related to data is how it’s collected and stored.
Questions you need to ask an EDR vendor here are:
• How much data is stored, and why?
• What data is stored?
• Where is it stored?
There are several possible storage approaches:
Central
Repository
On-premise
Enterprise
Cloud
On Endpoints
Let’s take a closer look at them.
Cloud
Many vendors offer cloud solutions to store data or even to manage EDR agents
(so-called MDR). They’re convenient, but limited by the amount of data they can
upload at any one time. This also involves having an open conduit transmitting
data outside the organization, which can be an issue in some environments.
When considering this option, questions to ask include:
• Are we ready to send security data into a public cloud? How much control will
we have?
• Can the vendor or cloud provider (this may be a third party) who will be
storing my data be trusted? How good are their own cybersecurity provisions?
• Could using this service violate compliance with internal security standards
and/or regulatory requirements?
• If only small volumes of non-critical data are sent the cloud, how effective can
the solution be?
2
13. 10
On-agent
A local cache on each device delivers a compromise between heavy storage and
the cloud. This approach has less impact on the network, and large numbers
of agents can be supported simultaneously. Important information is recorded
into the endpoint cache itself, and all analysis takes place in real time through
queries. But decentralized storage is not always the fastest and most effective
way to analyze and respond to information. If, for example, a sub-segment of
the network is unavailable, it will not be possible to incorporate data from the
machines affected into the overall analysis.
Centralized on-premise repository
All essential information is accumulated and analyzed by a dedicated server
with a repository. A local database and analysis tools (for example, a sandbox)
do all the work. This local approach has a number of advantages - data is not
stored on potentially compromised devices, as can theoretically be the case with
agent-based storage. There’s no load on the resources of the computer, and you
can conduct endpoints queries and ‘fast search’ over the database itself in real
time. On-premise solutions like this are particularly useful where regulations or
security standards require that no data is transferred outside the organization.
Recommendations:
• For cloud storage, assess your cloud EDR provider in terms of data privacy and
control
• For sensitive environments, and where regulatory compliance puts potential
restrictions on external data transfer, your evaluation may include exploring
options for on-premise, fully isolated implementation and the private delivery
of threat intelligence.
• For agent-based data storage, check what will happen if an endpoint is
unavailable, or has been compromised by your attacker (how the agent itself,
the PC, and data are protected)
• For on-premise solutions, check internal data storage capacity and the
amount of data sent from each device.
The number of agents will dictate hardware requirements – if an EDR solution
requires only a small server to support hundreds of thousands of agents –
there’s something odd going on. On average, one endpoint generates around
10 megabytes of useful telemetry per day. So if you have 10,000 nodes, you’re
looking at 100 gigabytes of data per day – or 3TB for a one-month retrospec-
tive database.
Detection: manual hunting vs
automated engines
You’ve dealt with data and storage. Now we move to data analysis - threat
hunting and monitoring conducted manually using your vendor’s toolkits,
databases and resources, and automatically through the EDR system itself.
The earlier you detect an attack, the lower the financial impact and the less the
disruption caused. So the speed and effectiveness of detection is paramount –
and manual detection techniques alone are not generally the fastest or most
efficient approach. Many vendors provide so-called ‘advanced detection
techniques’– IoC scanning of endpoints in real time or fast search over databases
of centrally stored forensics data – adding an automated element to incident
discovery capabilities.
To fully utilize your aggregated data, you will need powerful automated
data analytics techniques that help your analysts reveal the risks and threats
presenting over the network. Multi-dimensional and multi-layered analysis
should continuously deliver not just new security incidents but also actionable
intelligence, in order to help your security team make the right decisions and
avoid spending unnecessary time on non-critical events.
3
14. 11
Such advanced detection and threat discovery technologies shouldn’t just
uncover common malicious activities, but should go ‘beyond malware’ to detect
more sophisticated breaches. We’re now talking not about the filtering layers of
prevention technologies that form the basis of most EPP solutions, but about
advanced analytical systems.
Security solutions that use multiple detection technologies can greatly increase
your chances of spotting attacks and intrusions more rapidly, before serious
damage is done to the organization. EDR solutions should include multiple
detection engines - integrated to deliver Advanced Threat Detection that
combines static, behavior-based and dynamic analysis plus real-time access to
global threat intelligence and machine learning technologies.
So the main goal here is to leverage as many different detection engines as
possible to provide in-house ‘virus analysis lab’ capabilities, able to validate
predictions, start new investigations or support those already in progress.
Machine Learning
Anti-malware
engine
Standard signatures YARA engine
Advanced
sandboxing
Reputation
database
Global threat intelligence
Customer-supplied
and third party threat
intelligence
Depending on the vendor, detection techniques and engines used will almost
certainly comprise a manual toolkit and automated systems in some combination:
Manual Detection Aids
• Indicators of Compromise upload and automated/manual search
• Fast search over the retrospective data
• Sandboxing (the ability to send a specific object to a dedicated or cloud-based
sandbox)
• Access to the vendor’s threat intelligence sources
Automated Detection
• Anti-malware
• YARA rules (customizable by vendor or/and your security team)
• Threat intelligence (delivered by vendor automatically)
• Reputation services (files or/and domains)
• Automated sandbox analysis of suspicious objects
• Machine learning
• Deep learning (no signature – neural network)
• Artificial intelligence (base-lining, behavior analysis)
15. 12
Recommendations:
• Ask your EDR vendor what detection technologies are available and in place
• Find out whether they are using in-house, OEM or open-source detection
engines
• Explore the quality and immediacy of the threat intelligence that feeds these
engines
• If there are several detection technologies in place – how are they integrated
and correlated? (you don’t want to end up with separate incidents logged in
different engines for the same event)
Don’t just React — Respond
Reacting to an incident is easy: responding effectively is what brings resolution.
The response process is activated once a security incident has been validated
through triage and initial investigation. Once it’s confirmed that this is not a ‘false
positive’, a swift, accurate response is required.
The Incident Response Management process will depend on the severity of the
incident. Most incidents will have relatively little business impact (being detected
directly upon entry). But there will be those which could lead to a serious situation -
a major data breach, financially-related crime, espionage or even worse. These
are the critical situations requiring an Emergency Response and Investigation
process.
Once you’ve manually discovered or received a security alert about a potential
threat, via a third party security solution or your EDR product, what happens
next? Have you outlined the triage, investigation, and response processes for
your organization? Without this in place, your security team can quickly become
overwhelmed by the workflow surrounding any EDR solution.
Kill Process
Delete Object
Quarantine/Recover
Prevent
Run a Script/Program
Threat
Hunting
Visibility
Monitoring
Advanced
Detection
Incident
Response
Prevention
Collect
Forensic Data
exe
Detecting an active threat is the vital first stage in repelling an attack. Having
spotted the threat, you need to respond rapidly across potentially thousands of
endpoints. An effective EDR solution will enable the centralized management of
incidents across all endpoints on the corporate network – with a seamless workflow.
In addition, a wide range of automated responses will help you avoid using
traditional remediation processes – such as wiping and re-imaging – that can
result in expensive downtime and loss of productivity.
4
16. 13
Core response functionality depends on the vendor approach, but should focus
on these common operations:
• Prohibiting the launch of PE files, office documents and scripts
• Ability to remotely delete the file on the workstation
• Move the file from the workstation to quarantine and recover it if necessary
• Obtain the file and perform an analysis during the investigation (for example
forced Sandbox execution)
• Force the process to shut down
• Run the program/script on the workstation
Some vendors may provide additional scenarios for more precise responses.
These could include network isolation, process isolation, user deactivation, roll-
back, and remediation scenarios.
Recommendations:
Look for:
• Vendors with the ability to maintain powerful, comprehensive threat intelligence
databases, and to provide you with expert support and consultancy as and when
needed.
• EDR solutions backed by effective skills training courses, educating your security
team so they can establish effective processes and make the most of your
investment.
• A seamless workflow between detection, manual threat hunting, third party
IOC and Incident Response processes, without the need to switch between
different consoles or solutions.
• Agents that are silent for end-users even during investigations, that will not
impact user behavior and that will not contribute to downtime
Prevention – EDR or EPP?
EDR solutions are increasingly incorporating prevention elements in an attempt
to offer an “all-in-one” solution. As prevention capabilities mature, it’s possible
that endpoint prevention, visibility, detection, and response capabilities will
converge into a single endpoint product.
But we’re not there yet. While it may be tempting to look for a solution that
includes prevention alongside detection and response, we would not recommend
that you give this aspect too much consideration at this point. Select your product
first for its visibility, detection, and response capabilities. If the solution also includes
prevention elements, that’s an added bonus. But be cautious of ‘next gen’ EDR
solutions with immature prevention capabilities. If you attempt to replace your
traditional EPP with an EDR solution, you’re unlikely to achieve the same levels
of prevention functionality.
However, many EPP vendors are now buying in or developing their own EDR.
If you’re happy with your current EPP and your EPP vendor offers an EDR solution,
it makes sense to evaluate how both interact and how they might work together
for you – particularly if this means not having to install a second agent for EDR.
Recommendations:
• Look at the EDR product’s roadmap and how it may evolve over time to deliver
additional prevention capabilities.
• If the idea of integrated endpoint protection, detection and IR appeals, look
at your current EPP vendor’s EDR offering, and see what EPP capabilities other
EDR vendors are offering
• Check out the EDR’s architecture and in particular the ability to use a single
agent for both EPP and EDR.
5
17. 14
For security experts right now, the endpoint security market feels seriously
over-saturated with different vendors. It’s becoming clear that this can’t continue.
Large vendors will eventually gobble up smaller businesses, using their products
to fill portfolio gaps and to improve their brands. Market leaders will try to adopt
new technologies and leverage internal in-house development to increase their
EDR capabilities.
True ‘Next Generation’ endpoint security, offering both traditional methods of
control and protection and advanced technologies, will evolve through the
efforts of major players in the EPP market. The current generation of advanced
endpoint security agents, like EDR, offer only elements of true EPP functionality –
they’re not aiming at this point to take on the mantle of a full-function endpoint
protection suite.
Endpoint security has moved back up the corporate agenda, and will continue
to attract ever more attention. Future customers will adapt and evolve their security
strategies, revolving around advanced endpoint protection technologies
combined with endpoint activity monitoring.
Technologically, such advanced solutions will form an adaptive approach
to providing protection, while simultaneously providing systems hardening,
malicious activity prevention and advanced detection. Cloud-based threat
intelligence and on-premise machine learning, threat hunting including active
response and rapid investigation and deep behavioral and threat intelligence
analysis will also all play their part.
The Future
of Enterprise Endpoint Security
Market leaders will try to adopt new
technologies and leverage internal in-
house development to increase their
EDR capabilities.
18. 15
Recognizing the growing need for deeper endpoint analysis and protection,
security professionals inevitably find themselves with a long list of needs and
a limited budget with which to address them all. But even without a budget, it
makes sense to evaluate current technologies and possible future developments
in terms of how they correspond with your business goals and internal capabilities.
By fully investigating and testing the options, you can help focus your overall
business decision-makers’ attention on what new technologies can deliver,
ensure more precise future security budget planning, and know that when the
time comes to invest, you ‘re ready to do so wisely.
Actions to take right away
1. Evaluate your overall security capabilities. How fast and how unified is your
current Incident Response process? Are you currently running the right solutions
for you, aside from EDR considerations? How do you stand on this in relation
to your industry and your competitors?
2. Understand your current detection capabilities over endpoints. Perform
analyses and look at trialling additional intelligence sources – for example,
look at using Threat Data Feeds with your SIEM
3. Think about how you can start to grow IR expertise in-house. Evaluate your
team’s capabilities and investigate effective training options.
4. Start of formulate your actual requirements/upcoming demand and look at
shortlisting EDR solutions in line with this.
Some useful links
1. Incident Response Guidelines: https://cdn.securelist.com/files/2017/08/
Incident_Response_Guide_eng.pdf
2. Assess your security with this IT security calculator and download the Global
Enterprise Report: https://calculator.kaspersky.com/en/
Immediate
Recommendations