The document discusses automated threat removal, describing it as an integrated approach to threat detection and response through flexible, policy-based automation. It notes challenges with traditional response approaches, like not having enough skilled personnel. Automation is presented as a solution, helping to detect, verify and remove threats faster. The Hexis HawkEye G system is highlighted as integrating visibility, verification and automated response capabilities across endpoints and networks to improve detection and allow more surgical threat removal.
2. What is Automated Threat Removal?
An
integrated
approach
to
threat detection and response
that
leverages
flexible, policy-‐based automation
to
detect, verify, and remove threats
before
they
do
damage.
3. The Response Problem
Despite
deploying
lots
of
security
technologies,
organizations
continue
to
experience
multiple
challenges
responding
to
threats.
Not
enough
skilled
people
to
respond
fast
enough
AV
and
Network
Perimeter
not
blocking
threats
1
Too
many
events
and
false
positives
to
review
2 3
4. The Response Problem
Despite
deploying
lots
of
security
technologies,
organizations
continue
to
experience
multiple
challenges
responding
to
threats.
Response Visibility
1
Verification
2 3
5. Spending Shift to Detection and Response
Detection & Response
Prevention
§ Prevention
is
not
100%
effective
§ Nature
of
attacks
driving
need
for
greater
visibility
§ Response
more
top
of
mind
6. Move to Continuous Response
§ Attack
environment
resulting
in
increased
investment
in
response
§ Continuous
attacks
driving
shift
from
incident
response
to
continuous
response
§ Continuous
response
requires
increasing
use
of
automation
9. Demand for Talent Outstripping Supply
Source:
Burning
Glass
Technologies
“Job
Market
Intelligence:
Report
on
the
Growth
of
Cybersecurity
Jobs”
“The talent you’re looking for in incident response is absolutely the hardest
I’ve seen to find in security in general”
-‐Christine
Gadsby,
Manager,
Blackberry
Product
Security
Incident
response
Team
11. Forrester’s Call for Automated Response
“A
call
to
action
for
a
more
automated threat response
process
based
on
developing
a
set
of
cyber
rules of engagement”
12. “Security Automation is Inevitable”
Source:
Forrester
Research
Forrester Rules of Engagement Themes
Better
tools
to
detect
breaches
Defining
policy
(rules
of
engagement)
to
facilitate
of
adoption
of
automation
Response
index
17. Takeaways
§ Sandboxing
is
important
but
it’s
just
one
component
of
defense
§ Malware
increasingly
sandbox
aware
and
evading
sandboxes
§ Visibility
on
both
endpoints
and
the
network
is
required
§ Including
correlation
of
activity
18. § STRATEGIC:
Corroboration
and
threat
fusion
to
improve
detection
and
prioritize
investigation
and
response
§ TACTICAL:
Solving
“ghost
alert”
issue
related
to
network
security
alerts
Verification
2
19. § A
collection
of
countermeasures
that
can
be
flexibly deployed
based on policy
§ Ability
to
operate
countermeasures
in
any
combination
of
automated
or
machine-‐guided
modes
§ Manual
investigation
capabilities
Automated Response
3
23. HawkEye G Solves the Response Problem
1 2 3
Detect Verify Remove
Integrated platform:
• Real-‐time
endpoint
agents
• Network
edge
detection
• 3rd
party
ecosystem
Host
and
Network
correlation
confirms the
threat
to
pinpoint
where
you
really
need
to
respond
Automation
and
machine-‐guided
is
a
force
multiplier
to remove the
threat before breach
28. § Detect,
Verify,
Remove
§ Endpoint
+
network
§ Improve
detection
effectiveness
§ Verify
endpoint
infections
§ Enable
automated
response
§ U.S.
Intelligence
Community
reference
architecture
(SHORTSTOP)
§ Integrated
Active
Cyber
Defense
(ACD)
solution
§ Includes
Hexis,
Palo
Alto,
FireEye,
and
Splunk
How Hexis is Embracing Integration
Architectures Integrated
Platform ThreatSync™
29. Hexis Key Differentiators
§ Full
arsenal
of
machine-‐guided and
automated countermeasures that
can
be
flexibly
deployed
based on policy
§ Endpoint sensing capabilities
–
heuristics,
real-‐time eventing
§ Endpoint + network including
correlation
§ ThreatSync™ analytics fuses
Hexis
detection
with
3rd party indicators
§ Integrated platform spanning
detection,
investigation,
and
response
§ Developed
using
military-‐grade
cyber
capabilities
and
state-‐of-‐the-‐art
commercial
technologies
30. Forrester’s Call for Automated Response
“A
call
to
action
for
a
more
automated threat response
process
based
on
developing
a
set
of
cyber
rules of engagement”
REVIEW
31. “Security Automation is Inevitable”
Source:
Forrester
Research
Forrester Rules of Engagement Themes
Better
tools
to
detect
breaches
Defining
policy
(rules
of
engagement)
to
facilitate
of
adoption
of
automation
Response
index
REVIEW
…totally in sync HawkEye G 3.0 vision
32. Security Automation Adoption
§ Crawl,
walk,
run
§ Early
win
automation
use
cases
§ Verification
of
network
alerts
§ Automated
removal
of
nuisance
malware
§ Organizations
can
buy
and
operate
their
own
automation
platforms
or
consume
via
a
managed
service
33. Security Automation Benefits
§ Increase
in
response
time
=
improved
security
posture
§ Narrow
gap
between
time
to
detect
and
time
to
remediate
§ Automation
can
serve
as
a
force
multiplier
for
scarce
human
security
resources
§ Free
up
existing
resources
to
focus
on
more
meaningful
alerts/issues
§ Efficiently
scale
response
efforts