obat aborsi Bontang wa 081336238223 jual obat aborsi cytotec asli di Bontang6...
December-2017-Cyber_JPaul-Haynes_-eSentire.pptx
1. The Leader in Pure-play Managed Detection and Response
eSentire Managed Detection
and Response
CIO Strategy Council| December 5, 2017
J.Paul Haynes
2. MANAGED DETECTION AND RESPONSE
$5.7T Protected Assets SOCs
Canada 43.3616° N, 80.3144° W | GMT -0.5
Ireland 51.8969° N, 8.4863° W | GMT -0.0
550 Customers 340 Employees
98% Customer Retention 50% Growth
We absorb the complexity of doing truly effective cybersecurity
We respond near real time to hunt down threats before they become business disrupting
We call this approach, Micro Incident Response
4. Managing the Complexity of Cybersecurity
SIGNAL
ENRICHMENT
CORRELATE &
INVESTIGATION
ANALYST
RESPONSE
SIGNAL
INGESTION
HUNTING FOR
THE SIGNALS
IN THE NOISE
REALTIME
NETWORK/CLOUD/
ENDPOINT FORENSICS
ENRICHMENT
FULL CONTEXT ATTACK
INVESTIGATION
ANALYST REAL-TIME
FORENSIC HUNT
CONTAINMENT
CONNECTION TERMINATION
QUARANTINE
COORDINATED REMEDIATION
NOTIFICATION AND ESCALATION
5. Q3 Data – 550 Customers & 1.1M Investigations
Top 3 growers in Q3 are:
» Intrusion Attempts – 34% overall
» Information Gathering – 19% Overall
» Availability/DOS attacks – 8% of Overall
6. TARGETED RANSOMWARE ATTACK
7:43 AM
INITIAL 87.exe BLOCKED
FROM BLACKLISTED IP
SUBSEQUENTLY DOWNLOADED
FROM NEW/UNKNOWN IP
7:44 AM
TESLACRYPT BEACONS
TO CNC SERVER
35
Seconds Response
7:54 AM
SOC ALERTS ON INFECTION
AND BLOCKS TRAFFIC
10.5
Minute Containment
20
Minute SLO Met
8:00AM
HOST ISOLATED
LOOK ACROSS THE CLIENT
NETWORK FOR OTHERSIGNS
OF INFECTION
8:30AM
HOST RESTORED
FROM BACKUP
EVENT RESOLVED
47
Full Remediation
INVESTIGATION
FULL PACKET CAPTURE
INSPECT BINARY
DETONATE MALWARE
TALK TRACK
eSentire is the leading pure-play provider Managed Detection and Response services. We absorb the complexity of operational security hunting down threats in real-time to prevent them from becoming business disrupting. We call this approach Micro Incident Response.
We have over 500 customers across varied industries like finance, legal, energy, retail, manufacturing and technology. No matter the industry, our clients trust us to protect their assets and more importantly, their reputation.
The bad guys have nowhere to hide.
We invented a highly integrated technology stack that enables unparalleled visibility into our customers’ networks, and agile real-time threat response capabilities. Our team of elite security analysts use these tools to detect the threats already lurking in your network and stop them.
CLICK: Based on Agency-grade tradecraft, our SOC analysts have access to signals ingested from across your network, endpoints and cloud sources.
CLICK: They combine you signals with reputation, geolocation and other threat intelligence feeds from across the government, law enforcement and the security industry.
CLICK: They correlate this information and use it to investigate potential attacks. Humans have intuition; something a policy-driven machine will never match.
CLICK: And when our analysts find something suspicious, they don’t just alert on threats, they investigate and respond on your behalf.
7:43
User receives a SPAM email and clicks on it
High quality/targeted phishing campaign
AMP blocks 87.exe from blacklisted IP
Seconds later, 87.exe is downloaded from another site, not blacklisted.
60 Second of attack
The malware beacons home to retrieve the encryption keys, and this traffic is detected by our sensors.
2 min later, Analyst assess DPI and tracks new variant of TeslaCrypt.
Contacts client and talks then through the mitigation
Clients had good Cyber playbook and isolated host. Reimage system
SOC extracts threat intel (new binary, checksums, IPs) and pushing back down to client sensors and sharing across our client base.
Started looking for additional signs of previous or continuing compromise.
8:30
Client calls SOC to notify that the device was coming back onto the network. They also reviewed all network nodes and found new additional signs of infection
We shared the threat with various feeds and continued looking for additional signs of compromise.
eSentire MDR consists of Network, Endpoint and Cloud protection. These services are fed into proprietary, purpose-built MDR technology that feeds the SOC analysts and allows them to investigate threats with unparalleled visibility into network, endpoint and cloud traffic and activity. eSentire has been delivering MDR for 15 years, and over that tenure has developed these specialized tools and systems, because off the shelf SIEMs and other security tools did not provide the necessary visibility, deep packet inspection or correlation required.
And this approach, we call MICRO INCIDENT RESPONSE. The faster we identify the attack and contain it, the less opportunity it has to spread and metastasize through the organization and become business disrupting.
We absorb ABSORBING THE COMPLEXITY OF OPERATIONAL SECURITY. We leverage advanced tradecraft, the latest threat intelligence and proprietary technology to detect and respond to threats at wire-speed
And all of our clients receive the same, ELITE, WHITE-GLOVE SERVICE. There are tiers or levels of service. Everyone flies first class.
WE BECOME AN EXTENSION OF YOUR TEAM
We treat every customer as a top priority, and we actively protect all of the complexities of your attack surface 7X24X365. You can sleep because we don’t.
