SlideShare a Scribd company logo

Automated Threat Detection and Response

barbara bogue
barbara bogue

The document discusses automated threat removal, describing it as an integrated approach to threat detection and response through flexible, policy-based automation. It notes challenges with traditional response approaches, like not having enough skilled personnel. Automation is presented as a solution, helping to detect, verify and remove threats faster. The Hexis HawkEye G system is highlighted as integrating visibility, verification and automated response capabilities across endpoints and networks to improve detection and allow more surgical threat removal.

Technology
1 of 34
Download to read offline
Automated  Threat  Removal   Todd  Weller   VP  Corporate  Development   June  2015  
What  is  Automated  Threat  Removal?     An  integrated  approach  to  threat  detection  and  response   that  leverages  flexible,  policy-­‐based  automation  to   detect,  verify,  and  remove  threats  before  they  do  damage.    
The  Response  Problem   Despite  deploying  lots  of  security  technologies,  organizations  continue     to  experience  multiple  challenges  responding  to  threats.         Not  enough  skilled  people   to  respond  fast  enough   AV  and  Network  Perimeter   not  blocking  threats   1   Too  many  events  and  false   positives  to  review   2   3  
The  Response  Problem   Despite  deploying  lots  of  security  technologies,  organizations  continue     to  experience  multiple  challenges  responding  to  threats.         Response  Visibility   1   Verification   2   3  
Spending  Shift  to  Detection  and  Response   Detection  &  Response   Prevention   §  Prevention  is  not  100%  effective     §  Nature  of  attacks  driving  need  for   greater  visibility   §  Response  more  top  of  mind  
Move  to  Continuous  Response   §  Attack  environment  resulting  in  increased  investment  in   response   §  Continuous  attacks  driving  shift  from  incident  response  to   continuous  response   §  Continuous  response  requires  increasing  use  of  automation  
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              7       Why  Automation  is  Necessary  
Human  Assets  Are  Tough  to  Find  and  Scale  
Demand  for  Talent  Outstripping  Supply   Source:    Burning  Glass  Technologies  “Job  Market  Intelligence:  Report  on  the  Growth  of  Cybersecurity  Jobs”     “The  talent  you’re  looking  for  in  incident  response  is  absolutely  the  hardest        I’ve  seen  to  find  in  security  in  general”     -­‐Christine  Gadsby,  Manager,  Blackberry  Product  Security  Incident  response  Team    
Automated  Attacks  =  Automated  Defense  
Forrester’s  Call  for  Automated  Response   “A  call  to  action  for  a  more     automated  threat  response  process   based  on  developing  a  set  of  cyber   rules  of  engagement”      
“Security  Automation  is  Inevitable”   Source:  Forrester  Research   Forrester  Rules  of  Engagement  Themes   Better  tools  to  detect  breaches   Defining  policy  (rules  of  engagement)  to  facilitate  of   adoption  of  automation   Response  index  
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              13       What  are  essential  ingredients?  
Automated   Response  Visibility   Verification   1   2   3  
§  Ensuring  environments  are  properly  instrumented  to  detect   today’s  threats     §  Initial  focus  was  network-­‐based  sandboxing  solutions     §  Focus  shifting  to  Endpoint  Visibility  &  Control   Visibility   1  
Advanced  Threat  Detection  Frameworks  
Takeaways   §  Sandboxing  is  important  but  it’s  just  one  component  of  defense   §  Malware  increasingly  sandbox  aware  and  evading  sandboxes     §  Visibility  on  both  endpoints  and  the  network  is  required   §  Including  correlation  of  activity  
§  STRATEGIC:    Corroboration  and  threat  fusion  to  improve   detection  and  prioritize  investigation  and  response     §  TACTICAL:    Solving  “ghost  alert”  issue  related  to  network   security  alerts   Verification   2  
§  A  collection  of  countermeasures    that  can  be  flexibly  deployed   based  on  policy   §  Ability  to  operate  countermeasures  in  any  combination  of   automated  or  machine-­‐guided  modes     §  Manual  investigation  capabilities   Automated  Response   3  
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              20      
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              21       Mix  ‘em  up  so  they  work  together…  
Automation  Requires  Integration   §  Visibility     §  Verification     §  Automated  Response   Integration  &  Orchestration  
HawkEye  G  Solves  the  Response  Problem   1   2   3   Detect   Verify   Remove   Integrated  platform:   •  Real-­‐time  endpoint  agents   •  Network  edge  detection   •  3rd  party  ecosystem   Host  and  Network     correlation  confirms  the   threat  to  pinpoint  where  you   really  need  to  respond   Automation  and   machine-­‐guided  is  a  force   multiplier  to  remove  the   threat  before  breach  
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              24       HawkEye G Manager Hexis Threat Feed HawkEye G Network Sensor Detect     Endpoints + Network   174 Heuristics 19 Threat Feeds 3rd Party Integration   Third-Party Integrations FireEye® NX PAN NGFW + WildFire® 19 HawkEye G Host Sensor 174
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              25       174 Verify   Introducing ThreatSync™ Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Threat Fusion Threat Analytics Indicator Scoring Device Incident Score ThreatSync   FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor 19
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              26       174 Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Remove   Policy Manager Countermeasures Kill Quarantine Block Expire Forensics Future   ThreatSync   FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor Surgical Machine Guided Automatic 19
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              27       Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Report   Policy Manager Countermeasures   Kill Quarantine Block Expire Forensics Future ThreatSync   +   FireEye® NX PAN NGFW + WildFire® 174 HawkEye G Host Sensor 19 Machine Guided Automatic
§  Detect,  Verify,  Remove   §  Endpoint  +  network     §  Improve  detection   effectiveness   §  Verify  endpoint  infections   §  Enable  automated   response       §  U.S.  Intelligence   Community  reference   architecture  (SHORTSTOP)     §  Integrated  Active  Cyber   Defense  (ACD)  solution   §  Includes  Hexis,  Palo  Alto,   FireEye,  and  Splunk     How  Hexis  is  Embracing  Integration   Architectures  Integrated   Platform   ThreatSync™  
Hexis  Key  Differentiators   §  Full  arsenal  of  machine-­‐guided  and  automated  countermeasures  that  can  be   flexibly  deployed  based  on  policy   §  Endpoint  sensing  capabilities  –  heuristics,  real-­‐time  eventing   §  Endpoint  +  network  including  correlation   §  ThreatSync™  analytics  fuses  Hexis  detection  with  3rd  party  indicators   §  Integrated  platform  spanning  detection,  investigation,  and  response     §  Developed  using  military-­‐grade  cyber  capabilities  and  state-­‐of-­‐the-­‐art     commercial  technologies  
Forrester’s  Call  for  Automated  Response   “A  call  to  action  for  a  more     automated  threat  response  process   based  on  developing  a  set  of  cyber   rules  of  engagement”       REVIEW  
“Security  Automation  is  Inevitable”   Source:  Forrester  Research   Forrester  Rules  of  Engagement  Themes   Better  tools  to  detect  breaches   Defining  policy  (rules  of  engagement)  to  facilitate  of   adoption  of  automation   Response  index   REVIEW   …totally  in  sync  HawkEye  G  3.0  vision  
Security  Automation  Adoption   §  Crawl,  walk,  run     §  Early  win  automation  use  cases   §  Verification  of  network  alerts   §  Automated  removal  of  nuisance  malware     §  Organizations  can  buy  and  operate  their  own  automation   platforms  or  consume  via  a  managed  service    
Security  Automation  Benefits   §  Increase    in  response  time  =  improved  security  posture   §  Narrow  gap  between  time  to  detect  and  time  to  remediate     §  Automation  can  serve  as  a  force  multiplier  for  scarce  human   security  resources   §  Free  up  existing  resources  to  focus  on  more  meaningful  alerts/issues   §  Efficiently  scale  response  efforts  
Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              34       Questions?   Thank  You!  

Recommended

Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Overview
OverviewOverview
OverviewNathan Burke
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 

Recommended

Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Overview
OverviewOverview
OverviewNathan Burke
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedEnergySec
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Chris Ross
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle ManagementFujitsu Middle East
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?0 0
 
Solving the cybersecurity capacity problem
Solving the cybersecurity capacity problemSolving the cybersecurity capacity problem
Solving the cybersecurity capacity problemNathan Burke
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber DefensePaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 

More Related Content

What's hot

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Chris Ross
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramLancope, Inc.
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?0 0
 
Solving the cybersecurity capacity problem
Solving the cybersecurity capacity problemSolving the cybersecurity capacity problem
Solving the cybersecurity capacity problemNathan Burke
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 

What's hot (18)

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforce
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?How would you handle and prevent fires from IoT forests?
How would you handle and prevent fires from IoT forests?
 
Solving the cybersecurity capacity problem
Solving the cybersecurity capacity problemSolving the cybersecurity capacity problem
Solving the cybersecurity capacity problem
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s Important
 

Viewers also liked

Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 
WHY WE FAIL TO DETECT HACKERS ON THE INTERNET
WHY WE FAIL TO DETECT HACKERS ON THE INTERNETWHY WE FAIL TO DETECT HACKERS ON THE INTERNET
WHY WE FAIL TO DETECT HACKERS ON THE INTERNETnetmonastery
 
Локализация Spree Сommerce
Локализация Spree СommerceЛокализация Spree Сommerce
Локализация Spree СommerceJetRuby Agency
 
BSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleBSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleRobert M. Lee
 
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATA
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATACYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATA
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATAKeith P. Melvey
 
Cyber Defense Center - Private Sector Participation
Cyber Defense Center - Private Sector ParticipationCyber Defense Center - Private Sector Participation
Cyber Defense Center - Private Sector Participationdazz057
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Mobile apps strategydips
Mobile apps strategydipsMobile apps strategydips
Mobile apps strategydipsDeepti Bhutani
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Eric Vanderburg
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 

Viewers also liked (20)

Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid Cybersecurity
 
WHY WE FAIL TO DETECT HACKERS ON THE INTERNET
WHY WE FAIL TO DETECT HACKERS ON THE INTERNETWHY WE FAIL TO DETECT HACKERS ON THE INTERNET
WHY WE FAIL TO DETECT HACKERS ON THE INTERNET
 
Локализация Spree Сommerce
Локализация Spree СommerceЛокализация Spree Сommerce
Локализация Spree Сommerce
 
BSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleBSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense Cycle
 
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATA
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATACYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATA
CYBERdisk WORMdisk SLIDES 2016-HACK PROOF DATA
 
Twitter ppt
Twitter pptTwitter ppt
Twitter ppt
 
Cyber Defense Center - Private Sector Participation
Cyber Defense Center - Private Sector ParticipationCyber Defense Center - Private Sector Participation
Cyber Defense Center - Private Sector Participation
 
Q1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and BeyondQ1 2016 Open Source Security Report: Glibc and Beyond
Q1 2016 Open Source Security Report: Glibc and Beyond
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
Mobile apps strategydips
Mobile apps strategydipsMobile apps strategydips
Mobile apps strategydips
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber Defense
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 

Similar to Automated Threat Detection and Response

Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightResilient Systems
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxCNSHacking
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress NycBob Maley
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
3895SafeAssign Originality ReportComputer Sec.docx
3895SafeAssign Originality ReportComputer Sec.docx3895SafeAssign Originality ReportComputer Sec.docx
3895SafeAssign Originality ReportComputer Sec.docxlorainedeserre
 

Similar to Automated Threat Detection and Response (20)

Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Security automation
Security automationSecurity automation
Security automation
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
3895SafeAssign Originality ReportComputer Sec.docx
3895SafeAssign Originality ReportComputer Sec.docx3895SafeAssign Originality ReportComputer Sec.docx
3895SafeAssign Originality ReportComputer Sec.docx
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Automated Threat Detection and Response

  • 1. Automated  Threat  Removal   Todd  Weller   VP  Corporate  Development   June  2015  
  • 2. What  is  Automated  Threat  Removal?     An  integrated  approach  to  threat  detection  and  response   that  leverages  flexible,  policy-­‐based  automation  to   detect,  verify,  and  remove  threats  before  they  do  damage.    
  • 3. The  Response  Problem   Despite  deploying  lots  of  security  technologies,  organizations  continue     to  experience  multiple  challenges  responding  to  threats.         Not  enough  skilled  people   to  respond  fast  enough   AV  and  Network  Perimeter   not  blocking  threats   1   Too  many  events  and  false   positives  to  review   2   3  
  • 4. The  Response  Problem   Despite  deploying  lots  of  security  technologies,  organizations  continue     to  experience  multiple  challenges  responding  to  threats.         Response  Visibility   1   Verification   2   3  
  • 5. Spending  Shift  to  Detection  and  Response   Detection  &  Response   Prevention   §  Prevention  is  not  100%  effective     §  Nature  of  attacks  driving  need  for   greater  visibility   §  Response  more  top  of  mind  
  • 6. Move  to  Continuous  Response   §  Attack  environment  resulting  in  increased  investment  in   response   §  Continuous  attacks  driving  shift  from  incident  response  to   continuous  response   §  Continuous  response  requires  increasing  use  of  automation  
  • 7. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              7       Why  Automation  is  Necessary  
  • 8. Human  Assets  Are  Tough  to  Find  and  Scale  
  • 9. Demand  for  Talent  Outstripping  Supply   Source:    Burning  Glass  Technologies  “Job  Market  Intelligence:  Report  on  the  Growth  of  Cybersecurity  Jobs”     “The  talent  you’re  looking  for  in  incident  response  is  absolutely  the  hardest        I’ve  seen  to  find  in  security  in  general”     -­‐Christine  Gadsby,  Manager,  Blackberry  Product  Security  Incident  response  Team    
  • 10. Automated  Attacks  =  Automated  Defense  
  • 11. Forrester’s  Call  for  Automated  Response   “A  call  to  action  for  a  more     automated  threat  response  process   based  on  developing  a  set  of  cyber   rules  of  engagement”      
  • 12. “Security  Automation  is  Inevitable”   Source:  Forrester  Research   Forrester  Rules  of  Engagement  Themes   Better  tools  to  detect  breaches   Defining  policy  (rules  of  engagement)  to  facilitate  of   adoption  of  automation   Response  index  
  • 13. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              13       What  are  essential  ingredients?  
  • 14. Automated   Response  Visibility   Verification   1   2   3  
  • 15. §  Ensuring  environments  are  properly  instrumented  to  detect   today’s  threats     §  Initial  focus  was  network-­‐based  sandboxing  solutions     §  Focus  shifting  to  Endpoint  Visibility  &  Control   Visibility   1  
  • 16. Advanced  Threat  Detection  Frameworks  
  • 17. Takeaways   §  Sandboxing  is  important  but  it’s  just  one  component  of  defense   §  Malware  increasingly  sandbox  aware  and  evading  sandboxes     §  Visibility  on  both  endpoints  and  the  network  is  required   §  Including  correlation  of  activity  
  • 18. §  STRATEGIC:    Corroboration  and  threat  fusion  to  improve   detection  and  prioritize  investigation  and  response     §  TACTICAL:    Solving  “ghost  alert”  issue  related  to  network   security  alerts   Verification   2  
  • 19. §  A  collection  of  countermeasures    that  can  be  flexibly  deployed   based  on  policy   §  Ability  to  operate  countermeasures  in  any  combination  of   automated  or  machine-­‐guided  modes     §  Manual  investigation  capabilities   Automated  Response   3  
  • 20. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              20      
  • 21. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              21       Mix  ‘em  up  so  they  work  together…  
  • 22. Automation  Requires  Integration   §  Visibility     §  Verification     §  Automated  Response   Integration  &  Orchestration  
  • 23. HawkEye  G  Solves  the  Response  Problem   1   2   3   Detect   Verify   Remove   Integrated  platform:   •  Real-­‐time  endpoint  agents   •  Network  edge  detection   •  3rd  party  ecosystem   Host  and  Network     correlation  confirms  the   threat  to  pinpoint  where  you   really  need  to  respond   Automation  and   machine-­‐guided  is  a  force   multiplier  to  remove  the   threat  before  breach  
  • 24. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              24       HawkEye G Manager Hexis Threat Feed HawkEye G Network Sensor Detect     Endpoints + Network   174 Heuristics 19 Threat Feeds 3rd Party Integration   Third-Party Integrations FireEye® NX PAN NGFW + WildFire® 19 HawkEye G Host Sensor 174
  • 25. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              25       174 Verify   Introducing ThreatSync™ Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Threat Fusion Threat Analytics Indicator Scoring Device Incident Score ThreatSync   FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor 19
  • 26. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              26       174 Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Remove   Policy Manager Countermeasures Kill Quarantine Block Expire Forensics Future   ThreatSync   FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor Surgical Machine Guided Automatic 19
  • 27. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              27       Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Report   Policy Manager Countermeasures   Kill Quarantine Block Expire Forensics Future ThreatSync   +   FireEye® NX PAN NGFW + WildFire® 174 HawkEye G Host Sensor 19 Machine Guided Automatic
  • 28. §  Detect,  Verify,  Remove   §  Endpoint  +  network     §  Improve  detection   effectiveness   §  Verify  endpoint  infections   §  Enable  automated   response       §  U.S.  Intelligence   Community  reference   architecture  (SHORTSTOP)     §  Integrated  Active  Cyber   Defense  (ACD)  solution   §  Includes  Hexis,  Palo  Alto,   FireEye,  and  Splunk     How  Hexis  is  Embracing  Integration   Architectures  Integrated   Platform   ThreatSync™  
  • 29. Hexis  Key  Differentiators   §  Full  arsenal  of  machine-­‐guided  and  automated  countermeasures  that  can  be   flexibly  deployed  based  on  policy   §  Endpoint  sensing  capabilities  –  heuristics,  real-­‐time  eventing   §  Endpoint  +  network  including  correlation   §  ThreatSync™  analytics  fuses  Hexis  detection  with  3rd  party  indicators   §  Integrated  platform  spanning  detection,  investigation,  and  response     §  Developed  using  military-­‐grade  cyber  capabilities  and  state-­‐of-­‐the-­‐art     commercial  technologies  
  • 30. Forrester’s  Call  for  Automated  Response   “A  call  to  action  for  a  more     automated  threat  response  process   based  on  developing  a  set  of  cyber   rules  of  engagement”       REVIEW  
  • 31. “Security  Automation  is  Inevitable”   Source:  Forrester  Research   Forrester  Rules  of  Engagement  Themes   Better  tools  to  detect  breaches   Defining  policy  (rules  of  engagement)  to  facilitate  of   adoption  of  automation   Response  index   REVIEW   …totally  in  sync  HawkEye  G  3.0  vision  
  • 32. Security  Automation  Adoption   §  Crawl,  walk,  run     §  Early  win  automation  use  cases   §  Verification  of  network  alerts   §  Automated  removal  of  nuisance  malware     §  Organizations  can  buy  and  operate  their  own  automation   platforms  or  consume  via  a  managed  service    
  • 33. Security  Automation  Benefits   §  Increase    in  response  time  =  improved  security  posture   §  Narrow  gap  between  time  to  detect  and  time  to  remediate     §  Automation  can  serve  as  a  force  multiplier  for  scarce  human   security  resources   §  Free  up  existing  resources  to  focus  on  more  meaningful  alerts/issues   §  Efficiently  scale  response  efforts  
  • 34. Copyright  ©  2015,  Hexis  Cyber  Solutions,  Inc.  All  rights  reserved.   Page              34       Questions?   Thank  You!