What We’ve Learned Building a Cyber Security Operation Center: du ...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

SESSION ID:SESSION ID:
#RSAC
Tamer El Refaey
What We’ve Learned Building a Cyber
Security Operation Center: du Case
Study
...

84%
of breaches had available
forensic evidence*
1,400 Log sources
4,000 Events per second
72 SIEM correlation rules
Sourc...

The
Approach

Prioritize
The Efforts
Business impact
assessment
Critical business
processes
Confidential
data
Credential
repositories
Co...

Recognize
The Threats
Data leakage
Denial of service
Web defacement
Loss of revenue
Malicious insider
Malware infection

Understand
The Environment
Business processes Vendors and partners
Expected
activities
Security policiesIdentity and acces...

Enhance
Security Visibility
Advanced endpoint
visibility
Database activity
monitoringOpen source
intelligence
User behavio...

Search
For Digital Crumbs
SIEM Advanced Security
tools
Hunting
User awareness

Measure
The Performance
Detection time
Response time
Successful breaches
Detection method
Weaknesses
Phase of detection
Vi...

The
Outcome

#RSAC
Visibility Vs Quality
2013 2014 2015 2016
Number of detected incidents Vs
number of SIEM rules
Detected incidents SI...

#RSAC
Detection time
74%
82%
81%
86%
2013 2014 2015 2016
% of incidents detected within
24 hrs from initial attempt
19.6
1...

#RSAC
Phase of incident detection
Reconnaisance Attack delivery Host
exploitation
Binary
installtion
C&C Local
compromise
...

#RSAC
What’s after detection?
<1.5hrs
Time between incident response and containment
<4hrs <8hrs <24hrs >7 days1–7 days
<1...

What We
Learned

Insider
threat

Context
Identity
Access details
Job role
Vulnerabilities
Compliance
status
Threat score
True positive
score
Geolocation
Em...

Hunting
User behavior
analytics
Known IOCs
Experience
Endpoint visibility

Suspicion

Automation
User notifications
Evidence collection
Response actions
Periodic reports

#RSAC
Automation Sample

Deterrence
Reduces noise
Insider threats

Show your
work

#RSAC
Dashboard_Video_v3.0

#RSAC
Apply what we discussed
Next week you should:
Decide the appropriate security KPIs for your organization and what th...

What We’ve Learned Building a Cyber Security Operation Center: du Case Study

Share Slideshare

LinkedIn
Facebook
Twitter

Embed

Size (px)

Show related Slideshows at end

WordPress Shortcode

Link

Share
Email

2024 Trend Updates: What Really Wor... by Search Engine Jou... 1063109 views
Storytelling For The Web: Integrate... by Chiara Aliotta 981811 views
Artificial Intelligence, Data and C... by OECD Directorate ... 923520 views
How to Leverage AI to Boost Employe... by SocialHRCamp 392340 views
2024 State of Marketing Report – by... by Marius Sescu 221896 views
Everything You Need To Know About C... by Expeed Software 237729 views

View on Slideshare

1 of 26 Ad

View on Slideshare

1 of 26 Ad