SlideShare a Scribd company logo

Democratising Security: Update Your Policies or Update Your CV

Download as PPTX, PDF
ExtraHop Networks
ExtraHop Networks

Security is everyone's responsibility. That’s the lesson learned as enterprises seek to improve their detection and response for cyber incidents. This session introduces a new model where InfoSec sets the policies and delegates monitoring to application teams.

Technology
1 of 16
Democratising Security: Update Your Policies or Update Your CV Raja Mukerji Co-Founder and President, ExtraHop Networks
Democratising Security: Update Your Policies or Update Your CV Raja Mukerji Co-Founder and President, ExtraHop Networks
Security Risks
Actionable Takeaways You cannot secure what you cannot see.
“You know the things you intend to have in your network. We know the things that are actually in your network.” Rob Joyce Chief of Tailored Access Operations National Security Agency
Policy Compliance != Security Security Policy compliance Risk visibility Policy compliance Secure Checkbox Compliance Traditional Risk Mitigation Holistic Understanding Business Enablement
Analyze Data in Flight to Understand Risk
Wire Data = Risk Visibility CVE Detection Shellshock HTTP.sys Turla malware Heartbleed FREAK SSL/TLS POODLE Logjam Compliance SSH tunneling Non-standard ICMP Non-standard DNS Non-standard HTTP Disallowed file types Invalid file extension writes Blacklisted traffic Encryption Profile Certificate expiration Key length Outdated SSL sessions MD5/SHA-1 cert signing SSL traffic by port Email encryption Wild card certificates Protocol Activity Unencrypted FTP Telnet Gopher TACACS SNMP v1, v2, v2c Finger IRC Application & User Behavior Privileged user logins Unauthorized connections Lateral network traversal Brute force attacks Storage/DB access Fraudulent transactions Large data transfers Unstructured Packets Structured Wire Data
Scaling SecOps Traditional Model: Enterprise Perimeter • InfoSec is siloed • Not enough skilled staff • Security controls fail due to complexity New Model: Micro-Perimeters • InfoSec is partner (enforcement and advisory) • Equip everyone to make security part of their job • Focus on InfoSec as a service App A: Assets App A: Data App A: Assets App A: Data Corporate IT Specialist IT Remote Workers IaaS: Assets IaaS: Data SaaS App App A: Assets App A: Data App A: Assets App A: Data Corporate IT Specialist IT Remote Workers IaaS: Assets IaaS: Data SaaS App
Enrich Your Security Infrastructure User behavior Application behavior System behavior Network behavior Open Data Stream Big Data lake for security Stream Analytics Unstructured network packets • Programmable stream processor for custom metrics • Open Data Stream (syslog, Kafka, HTTP) for any data • Bi-directional REST API for ingest and orchestration
Everything Transacts on the Network Target Host Evil Mail ServerDatabase Day 30 – Exfiltration of data over a throttled connection. Day 0 – Target compromised Day 5 – Rootkit downloaded Day 5 - Command and control set up. Day 6 through 14 - Slow port scan Day 14 through 25 - Low-intensity brute-force login attempts Day 26 through 29 - Data downloaded over a four-day period. 7 different L7 protocols, various behaviors, and data exchanged over a 30-day period SMTPHTTP SSH ICMP & TCP LDAP FTP MySQL
Data Exfiltration Observe and correlate every step of the intrusion lifecycle on the network: malicious email -> malware download -> C&C -> scanning -> brute-force login -> data download -> exfiltration ICMP Ping and TCP-SYN scanning Failed database logins FTP to internal and external servers
Realization of Threat Intelligence • Detect attacks based on observed behavior, not signatures • Reduce alert fatigue with intelligence based on precise activity • Better than logs: Network observation is always on and cannot be deleted or turned off
Business Process Anomaly Detection 4 hours Traditional security analytics/intelligence systems are too slow to catch fraud. Example: An online travel management service needed to detect and cancel fraudulent activity before the criminals went to the airport and received cash refunds for the tickets. Policy violation!
Simplify Compliance Audit • Track every AD login, CIFS file access, and who connected to sensitive applications • Store historical data to simplify audit reporting and enable investigation • Verify existing security controls are working or not • Monitor encryption use and cipher suite strength
Questions? See an ExtraHop demo at booth #XXX

Recommended

Fast 360 assessment sample report
Fast 360 assessment sample reportFast 360 assessment sample report
Fast 360 assessment sample report
ExtraHop Networks
 
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsRansomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
ExtraHop Networks
 
How to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data AnalyticsHow to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data Analytics
ExtraHop Networks
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015
ExtraHop Networks
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
ExtraHop Networks
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
ExtraHop Networks
 
Stream Analytics for Data in Motion
Stream Analytics for Data in MotionStream Analytics for Data in Motion
Stream Analytics for Data in Motion
ExtraHop Networks
 
How to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT OperationsHow to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT Operations
ExtraHop Networks
 

Recommended

Fast 360 assessment sample report
Fast 360 assessment sample reportFast 360 assessment sample report
Fast 360 assessment sample report
ExtraHop Networks
 
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for CriminalsRansomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
Ransomware: Hard to Stop for Enterprises, Highly Profitable for Criminals
ExtraHop Networks
 
How to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data AnalyticsHow to Detect Heartbleed with Wire Data Analytics
How to Detect Heartbleed with Wire Data Analytics
ExtraHop Networks
 
Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015Clinical and Business Analytics - HIMSS 2015
Clinical and Business Analytics - HIMSS 2015
ExtraHop Networks
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
ExtraHop Networks
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
ExtraHop Networks
 
Stream Analytics for Data in Motion
Stream Analytics for Data in MotionStream Analytics for Data in Motion
Stream Analytics for Data in Motion
ExtraHop Networks
 
How to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT OperationsHow to Use Big Data to Transform IT Operations
How to Use Big Data to Transform IT Operations
ExtraHop Networks
 
ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
ExtraHop Networks
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report Sample
ExtraHop Networks
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
Splunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXP
Splunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
Splunk
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
Splunk
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
Splunk
 
Ease out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngineEase out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngine
ManageEngine
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
Splunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-OnSplunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-On
Splunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk
 
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
Hortonworks
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout Session
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
GDPR & Forensics Readiness -English
GDPR & Forensics Readiness -EnglishGDPR & Forensics Readiness -English
GDPR & Forensics Readiness -English
Studio Fiorenzi Security & Forensics
 
dlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptxdlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptx
alex hincapie
 

More Related Content

What's hot

ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
ExtraHop Networks
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report Sample
ExtraHop Networks
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
Splunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXP
Splunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
Splunk
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
Splunk
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
Splunk
 
Ease out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngineEase out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngine
ManageEngine
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
Splunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-OnSplunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-On
Splunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk
 
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
Hortonworks
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout Session
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 

What's hot (20)

ExtraHop Splunk datasheet
ExtraHop Splunk datasheetExtraHop Splunk datasheet
ExtraHop Splunk datasheet
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report Sample
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
SplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXPSplunkLive! Utrecht 2016 - NXP
SplunkLive! Utrecht 2016 - NXP
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
 
Ease out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngineEase out the GDPR adoption with ManageEngine
Ease out the GDPR adoption with ManageEngine
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
Splunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-OnSplunk Enterpise for Information Security Hands-On
Splunk Enterpise for Information Security Hands-On
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
Make Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for YouMake Streaming IoT Analytics Work for You
Make Streaming IoT Analytics Work for You
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout Session
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 

Similar to Democratising Security: Update Your Policies or Update Your CV

GDPR & Forensics Readiness -English
GDPR & Forensics Readiness -EnglishGDPR & Forensics Readiness -English
GDPR & Forensics Readiness -English
Studio Fiorenzi Security & Forensics
 
dlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptxdlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptx
alex hincapie
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
Splunk
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
edwardstudyemai
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
Splunk
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Rapid7
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
NormShield
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
Splunk
 
Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3
Open Access Systems Corporation
 
Malicious Topologies of IPv4
Malicious Topologies of IPv4Malicious Topologies of IPv4
Malicious Topologies of IPv4
Bob Rudis
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morris
Emily2014
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
Adeo Security
 
cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptx
AritMistri1
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 

Similar to Democratising Security: Update Your Policies or Update Your CV (20)

GDPR & Forensics Readiness -English
GDPR & Forensics Readiness -EnglishGDPR & Forensics Readiness -English
GDPR & Forensics Readiness -English
 
dlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptxdlp-sales-play-sales-customer-deck-2022.pptx
dlp-sales-play-sales-customer-deck-2022.pptx
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3
 
Malicious Topologies of IPv4
Malicious Topologies of IPv4Malicious Topologies of IPv4
Malicious Topologies of IPv4
 
Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morris
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
cyber sequirety Terms.pptx
cyber sequirety Terms.pptxcyber sequirety Terms.pptx
cyber sequirety Terms.pptx
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 

More from ExtraHop Networks

ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization Datasheet
ExtraHop Networks
 
City of Geel Case Study
City of Geel Case StudyCity of Geel Case Study
City of Geel Case Study
ExtraHop Networks
 
Zonar Case Study
Zonar Case StudyZonar Case Study
Zonar Case Study
ExtraHop Networks
 
Managed Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire DataManaged Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire Data
ExtraHop Networks
 
Conga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHopConga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHop
ExtraHop Networks
 
ExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheetExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Networks
 
ExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheetExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheet
ExtraHop Networks
 
Web Application Troubleshooting Guide
Web Application Troubleshooting GuideWeb Application Troubleshooting Guide
Web Application Troubleshooting Guide
ExtraHop Networks
 
Hl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical InsightsHl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical Insights
ExtraHop Networks
 

More from ExtraHop Networks (9)

ExtraHop for Virtualization Datasheet
ExtraHop for Virtualization DatasheetExtraHop for Virtualization Datasheet
ExtraHop for Virtualization Datasheet
 
City of Geel Case Study
City of Geel Case StudyCity of Geel Case Study
City of Geel Case Study
 
Zonar Case Study
Zonar Case StudyZonar Case Study
Zonar Case Study
 
Managed Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire DataManaged Services Provider Serves Customers Better with Wire Data
Managed Services Provider Serves Customers Better with Wire Data
 
Conga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHopConga case study: Application visibility in AWS with ExtraHop
Conga case study: Application visibility in AWS with ExtraHop
 
ExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheetExtraHop Atlas Services Operational Excellence datasheet
ExtraHop Atlas Services Operational Excellence datasheet
 
ExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheetExtraHop Atlas Services QuickStart datasheet
ExtraHop Atlas Services QuickStart datasheet
 
Web Application Troubleshooting Guide
Web Application Troubleshooting GuideWeb Application Troubleshooting Guide
Web Application Troubleshooting Guide
 
Hl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical InsightsHl7 Analytics for IT and Clinical Insights
Hl7 Analytics for IT and Clinical Insights
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 

Democratising Security: Update Your Policies or Update Your CV

  • 1. Democratising Security: Update Your Policies or Update Your CV Raja Mukerji Co-Founder and President, ExtraHop Networks
  • 2. Democratising Security: Update Your Policies or Update Your CV Raja Mukerji Co-Founder and President, ExtraHop Networks
  • 5. “You know the things you intend to have in your network. We know the things that are actually in your network.” Rob Joyce Chief of Tailored Access Operations National Security Agency
  • 6. Policy Compliance != Security Security Policy compliance Risk visibility Policy compliance Secure Checkbox Compliance Traditional Risk Mitigation Holistic Understanding Business Enablement
  • 7. Analyze Data in Flight to Understand Risk
  • 8. Wire Data = Risk Visibility CVE Detection Shellshock HTTP.sys Turla malware Heartbleed FREAK SSL/TLS POODLE Logjam Compliance SSH tunneling Non-standard ICMP Non-standard DNS Non-standard HTTP Disallowed file types Invalid file extension writes Blacklisted traffic Encryption Profile Certificate expiration Key length Outdated SSL sessions MD5/SHA-1 cert signing SSL traffic by port Email encryption Wild card certificates Protocol Activity Unencrypted FTP Telnet Gopher TACACS SNMP v1, v2, v2c Finger IRC Application & User Behavior Privileged user logins Unauthorized connections Lateral network traversal Brute force attacks Storage/DB access Fraudulent transactions Large data transfers Unstructured Packets Structured Wire Data
  • 9. Scaling SecOps Traditional Model: Enterprise Perimeter • InfoSec is siloed • Not enough skilled staff • Security controls fail due to complexity New Model: Micro-Perimeters • InfoSec is partner (enforcement and advisory) • Equip everyone to make security part of their job • Focus on InfoSec as a service App A: Assets App A: Data App A: Assets App A: Data Corporate IT Specialist IT Remote Workers IaaS: Assets IaaS: Data SaaS App App A: Assets App A: Data App A: Assets App A: Data Corporate IT Specialist IT Remote Workers IaaS: Assets IaaS: Data SaaS App
  • 10. Enrich Your Security Infrastructure User behavior Application behavior System behavior Network behavior Open Data Stream Big Data lake for security Stream Analytics Unstructured network packets • Programmable stream processor for custom metrics • Open Data Stream (syslog, Kafka, HTTP) for any data • Bi-directional REST API for ingest and orchestration
  • 11. Everything Transacts on the Network Target Host Evil Mail ServerDatabase Day 30 – Exfiltration of data over a throttled connection. Day 0 – Target compromised Day 5 – Rootkit downloaded Day 5 - Command and control set up. Day 6 through 14 - Slow port scan Day 14 through 25 - Low-intensity brute-force login attempts Day 26 through 29 - Data downloaded over a four-day period. 7 different L7 protocols, various behaviors, and data exchanged over a 30-day period SMTPHTTP SSH ICMP & TCP LDAP FTP MySQL
  • 12. Data Exfiltration Observe and correlate every step of the intrusion lifecycle on the network: malicious email -> malware download -> C&C -> scanning -> brute-force login -> data download -> exfiltration ICMP Ping and TCP-SYN scanning Failed database logins FTP to internal and external servers
  • 13. Realization of Threat Intelligence • Detect attacks based on observed behavior, not signatures • Reduce alert fatigue with intelligence based on precise activity • Better than logs: Network observation is always on and cannot be deleted or turned off
  • 14. Business Process Anomaly Detection 4 hours Traditional security analytics/intelligence systems are too slow to catch fraud. Example: An online travel management service needed to detect and cancel fraudulent activity before the criminals went to the airport and received cash refunds for the tickets. Policy violation!
  • 15. Simplify Compliance Audit • Track every AD login, CIFS file access, and who connected to sensitive applications • Store historical data to simplify audit reporting and enable investigation • Verify existing security controls are working or not • Monitor encryption use and cipher suite strength
  • 16. Questions? See an ExtraHop demo at booth #XXX

Editor's Notes

  1. Raja’s previous experience about checkbox compliance …
  2. Build this slide