Hexis HawkEye G Machine Speed Defense: RSA 2015

•Download as PPTX, PDF•

1 like•197 views

barbara bogue

This presentation was presented by Carlos Soto in the Hexis booth at RSA USA Conference, 2015.

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 2

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 3

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 4Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 4
Why machine
speed defense?
Copyright source: http://writing-the-wrongs.blogspot.com/2011_03_01_archive.html

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 5Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 5
Cost per compromise;
up 28%
Wasted hours chasing
down false alerts
$11.3 M 395/wk
Average time
to detect a threat
240 Days

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 6Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 6
Deborah
Plunkett
Head of US NSA’s
Information Assurance Directorate
“We have to build our systems on the assumption
that adversaries will get in.”

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 7Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 7
Jon Oltsik
ESG Principal Analyst
“To truly gain an advantage against attackers,
security and IT teams need to adopt a proactive approach
to incident response with policy-based automation.”

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 8Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 8
How do we
make automation real?

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 9Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 9
Detect Verify Remove
Continuous Automated Threat Removal

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 10Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 10
HawkEye G
Manager
Hexis
Threat Feed
HawkEye G
Network Sensor
Detect
Detection Information
Multiple Sources
Third-Party Integrations
FireEye® NX
PAN NGFW + WildFire®
19
HawkEye G
Host Sensor
174

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 11Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 11
Verify
Introducing ThreatSync™
Hexis
Threat Feed Third-Party Integrations
HawkEye G
Network Sensor
Threat Fusion
Threat Analytics
Indicator Scoring
Device Incident Score
ThreatSync
FireEye® NX
PAN NGFW + WildFire®
HawkEye G
Host Sensor

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 12Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 12
Hexis
Threat Feed Third-Party Integrations
HawkEye G
Network Sensor
Remove
Policy Manager
Countermeasures
Kill
Quarantine
Block
Expire
Forensics
Future
ThreatSync
FireEye® NX
PAN NGFW + WildFire®
HawkEye G
Host Sensor
Surgical
Automatic
Machine Guided

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 13Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 13
Hexis
Threat Feed Third-Party Integrations
HawkEye G
Network Sensor
Remove
Policy Manager
Countermeasures
Kill
Quarantine
Block
Expire
Forensics
Future
ThreatSync
+
FireEye® NX
PAN NGFW + WildFire®
HawkEye G
Host Sensor

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 14Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 14
Network World: Rated 4.875

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 15
What is the key advantage of Continuously and Automatically
Removing Threats at Machine Speed?
a. Dramatically reduces time to respond to threats
b. Force multiplier for incident responders
c. Reduces the chance of data loss
d. Increases visibility
e. All of the above

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 16
What is the key advantage of Continuously and Automatically
Removing Threats at Machine Speed?
a. Dramatically reduces time to respond to threats
b. Force multiplier for incident responders
c. Reduces the chance of data loss
d. Increases visibility
e. All of the above

Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 17Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 17
Thank you.

Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.

Mitigating Security Risks in Vendor Agreements Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal. Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security. His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine. Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker. Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.

NTXISSACSC4 - Cyber Insurance – Did You Know?

North Texas Chapter of the ISSA

Cyber Insurance – Did You Know? We present a brief discussion of risk and the ways that risk can be handled by an organization, one of which mechanisms is the transfer of risk via insurance. We describe key terms and concepts related to business insurance generally and cyber insurance specifically. These concepts will include brief descriptions of duties to indemnify, duties to defend, limits, sublimits, exclusions, and retentions, as well as different types of insurance, including CGL policies, Crime policies, E&O, D&O, PGL, and cyber policies. We present an introduction to the domain of cyber insurance, discussing how cyber events may or may not be covered by traditional insurance products as well as by cyber insurance products. We will talk about the role of “standardized” contracts supplied by the ISO (Insurance Services Office), how these are changing in the cyber age, and the need for customized contracts. We will also present a general discussion of the cost of cyber insurance, the market penetration of cyber insurance in the US, and the cost of cyber events, citing data from public sources as well as reports from NetDiligence® Heather Goodnight-Hoffmann Over 20 years as Global Sales and Business Development Consultant Cofounder and President, Risk Centric Security, Inc. Ponemon Institute RIM Council (Responsible Information Council) Business Development Manager at Navilogic, Inc. Cofounder and Partner, Cyber Breach Response Partners, LLC Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study Patrick Florer 37 years in Information Technology 17 year parallel career in evidence-based medicine Cofounder and CTO, Risk Centric Security, Inc. Member, Ponemon Institute RIM council Distinguished Fellow, Ponemon Institute. Cofounder and Partner, Cyber Breach Response Partners, LLC. Co-author & co-analyst, NetDiligence® 2016 Cyber Claims Study

Debunked: 5 Myths About Zero Trust Security

Centrify Corporation

In 2018, Zero Trust Security gained popularity due to its simplicity and effectiveness. Yet despite a rise in awareness, many organizations still don’t know where to start or are slow to adopt a Zero Trust approach. The result? Breaches affected as many as 66% of companies just last year. And as hackers become more sophisticated and resourceful, the number of breaches will continue to rise. Unless organizations adopt Zero Trust Security. In 2019, take some time to assess your company’s risk factors and learn how to implement Zero Trust Security in your organization.

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)

Priyanka Aash

NTXISSACSC4 - Business Geekdom: 1 = 3 = 5

North Texas Chapter of the ISSA

Business Geekdom: 1 = 3 = 5 Each year a security team participates in several audits, meetings with the business and strategy meetings. Often times, security is seen as one imposing requirements that are either too difficult, impossible to manage or flat out ridiculous. This is similar to a geek. A geek is defined, as, "an unfashionable or socially inept person." Is this socially ineptness actually just the lack of the ability to translate the passion of the security professional to the business professional? In this presentation, I would like to cover how to create, establish and evangelize a framework that has one backend with several frontends. The backend is a common security control framework (not the UCF) and the front end translates to the various business units, audits and business strategies encountered in a security professionals profession each year. Grant Gilliam is a Enterprise and Solutions Architect for CHRISTUS Health. Previously, Gilliam has been a security architect, senior security engineer and senior data security analyst. Industries worked in include healthcare, insurance, software and news media. Gilliam has also established and created his own business focusing in outsourcing non-competitive business tasks for allowing clients a strategic advantage over competitors by minimizing FTE and contractor headcount. His educational background includes a Master of Science in Information Systems, focusing in Information Security, and Bachelor of Business Administration in Management Information Systems, both from Baylor University. The focus of his masters degree research was IT law and Intellectual Property. Gilliam also is a Certified Information Systems Security Professional, Certified Information Security Manager and Certified Information Systems Auditor.

What's New with ATTACK for ICS?

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour December 2020 By Otis Alexander, Principal Cybersecurity Engineer, MITRE Otis Alexander is a Principal Cyber Security Engineer at the MITRE Corporation and has worked in the areas of security engineering and research, analytic development, and adversary modeling and emulation. Otis is a co-creator of ATT&CK for ICS and has been leading the project since its inception. He also leads an effort to bring MITRE ATT&CK Evaluations to ICS security vendors providing anomaly and threat detection solutions. He advocates for network and host visibility in operational technology environments to increase the situational awareness of defenders.

Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq

North Texas Chapter of the ISSA

Webinar: The role of Threat Intelligence Feeds in the battle against evolving...

Blueliv

MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...

MITRE - ATT&CKcon

Data protection on demand in hybrid it

Hybrid IT Europe

The Prescription for Protection - Avoid Treatment Errors To The Malware Problem

Eric Vanderburg

Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit. 1) Right client – Authentication 2) Right route – Gaps and strategies 3) Right drug – Security controls 4) Right dose – Security/business balance 5) Right time – Staying up to date. Stay healthy, stay safe.

Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins

North Texas Chapter of the ISSA

Emerging Trends in Application Security

Synopsys Software Integrity Group

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

NTXISSACSC4 - The Art of Evading Anti-Virus

North Texas Chapter of the ISSA

The Art of Evading Anti-Virus There are estimates that security analysts, to include penetration testers, are approximately 5 years behind malicious actors. Anti-virus by itself isn’t enough to stop a malicious individual from gaining access to your servers or computers anymore. In fact many of them have devised ways to evade anti-viruses. We as security professionals should understand how these individuals are doing this, and what tools are available for us to replicate these attacks. Tools such as veil-framework assist us with this. This talk will go over this tool, and how malicious individuals evade anti-viruses with ease. Quentin Rhoads-Herrera is a security analyst for State Farm. In this position he is responsible for risk analysis and application security assessments. He is accountable for ensuring risks are identified and properly mitigated throughout the organization. He previously served as the Information Security Director for Clearview Energy and Solarview. In this position he oversaw all information security activities. These included development of company-wide cyber security standards, development of layered defense approaches and the hardening and defense of all company systems. Mr. Rhoads-Herrera has worked in the Information Security space for a total of seven years serving in roles ranging from Security Consultant to Information Security Director.

Webinar: Scale up you Cyber Security Strategy Webinar

Blueliv

What's New with ATTACK for Cloud?

MITRE - ATT&CKcon

From MITRE ATT&CKcon Power Hour October 2020 By Jen Burns, Lead Cybersecurity Engineer, MITRE, @snarejen Jen Burns is a Lead Cybersecurity Engineer at MITRE and the Lead for MITRE ATT&CK® for Cloud. She’s also a red team developer and lead for ATT&CK Evaluations, using her skills in software engineering and adversary emulation. Previously, she was a tech lead at HubSpot on the Infrastructure Security team where she focused on red teaming and building detections in the cloud environment. This presentation is from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Nur Shiqim Chok

Business Continuity and app Security

Cristian Garcia G.

Mediante el uso del marco de perímetro digital seguro, implementando un modelo “defense-in depth” se logrará la continuidad de las operaciones para evitar que los ataques maliciosos afecten las mismas y proporcionar resiliencia de acceso seguro y de red durante interrupciones, desastres naturales y calamidades. Esto permite a la fuerza de trabajo reanudar rápidamente industrias de actividades críticas y esenciales.

Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation

barbara bogue

Hexis Rules of Engagement Webinar

Hexis Cyber Solutions

What's hot

MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE

MITRE - ATT&CKcon

NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements

North Texas Chapter of the ISSA

NTXISSACSC4 - Cyber Insurance – Did You Know?

North Texas Chapter of the ISSA

Debunked: 5 Myths About Zero Trust Security

Centrify Corporation

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)

Priyanka Aash

NTXISSACSC4 - Business Geekdom: 1 = 3 = 5

North Texas Chapter of the ISSA

What's New with ATTACK for ICS?

MITRE - ATT&CKcon

Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq

North Texas Chapter of the ISSA

Webinar: The role of Threat Intelligence Feeds in the battle against evolving...

Blueliv

MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...

MITRE - ATT&CKcon

Data protection on demand in hybrid it

Hybrid IT Europe

The Prescription for Protection - Avoid Treatment Errors To The Malware Problem

Eric Vanderburg

Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins

North Texas Chapter of the ISSA

Emerging Trends in Application Security

Synopsys Software Integrity Group

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

SBWebinars

NTXISSACSC4 - The Art of Evading Anti-Virus

North Texas Chapter of the ISSA

Webinar: Scale up you Cyber Security Strategy Webinar

Blueliv

What's New with ATTACK for Cloud?

MITRE - ATT&CKcon

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Nur Shiqim Chok

Business Continuity and app Security

Cristian Garcia G.

What's hot (20)

MITRE ATT&CKcon 2.0: ATT&CK Updates - Controls Mapping; Mike Long, MITRE

NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements

NTXISSACSC4 - Cyber Insurance – Did You Know?

Debunked: 5 Myths About Zero Trust Security

Sacon - IoT Forum Fresh Thinking (Arvind Tiwary + Bikash Barai)

NTXISSACSC4 - Business Geekdom: 1 = 3 = 5

What's New with ATTACK for ICS?

Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq

Webinar: The role of Threat Intelligence Feeds in the battle against evolving...

MITRE ATT&CKcon 2.0: ATT&CK Updates - Cyber Analytics Repository (CAR); Ivan ...

Data protection on demand in hybrid it

The Prescription for Protection - Avoid Treatment Errors To The Malware Problem

Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins

Emerging Trends in Application Security

Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats

NTXISSACSC4 - The Art of Evading Anti-Virus

Webinar: Scale up you Cyber Security Strategy Webinar

What's New with ATTACK for Cloud?

[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy

Business Continuity and app Security

Similar to Hexis HawkEye G Machine Speed Defense: RSA 2015

Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation

barbara bogue

Hexis Rules of Engagement Webinar

Hexis Cyber Solutions

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

Symantec

WatchGuard Corporate Presentation.pptx

RachatrinTongrungroj1

Threat Landscape Lessons from IoTs and Honeynets

Digital Transformation EXPO Event Series

Ethical hacking

hcls

Netwatcher Credit Union Tech Talk

NetWatcher

A CISO's Guide to Cyber Liability Insurance

SecureAuth

Cyber insurance is not new, in fact it has been around for more than 10 years. Still it remains a complicated issue with confusion about what’s covered and what isn’t. And with incidentals of data breaches rising, so are cyber insurance premiums themselves. One thing is clear: Companies will be breached at some point, if they haven’t been breached already and protecting your organization to minimize financial loss is critical. This SlideShare by SecureAuth and SC Magazine, will discuss what security professionals need to know to ensure they are protected, including: The current state of cyber insurance from a business operations perspective – what is covered and what isn’t What insurance companies look for (ie. people, process, system) regarding your ability to response to an attack How financial reimbursement does not address the real impact of a data breach How adaptive access control can help minimize the potential loss of breached data, reduce CI premiums and keep you ahead of the game

Cybereason - behind the HackingTeam infection server

Amit Serper

On July of 2015, Italian cybersecurity solutions vendor "HackingTeam" was breached and more than 400 gigabytes of HackingTeam's most sensitive data leaked to the internet. Security researchers Amit Serper and Alex Frazer from Cybereason were one of the first to study the datadump and to publish information about. The research was quoted in several tech news sites such as Ars Technica. The research was also published in Hebrew in the DigitalWhisper e-zine, On the cybereason blog as an e-book (in english) and on public free lectures in Tel-aviv by the researchers themselves. The following slide deck is from that lecture.

Cyberattacks on the Rise: Is Your Nonprofit Prepared?

TechSoup

Cyberattacks against small and midsize organizations have increased from 11 percent to 15 percent in 2020, according to an Avast survey. Nonprofits are no exception to this alarming trend, which results in lost productivity, damaged reputations, and serious financial implications. Whether you’re a one-person IT team or a nontechnical concerned stakeholder, this webinar will help you - Protect your organization from common malware attacks - Set up a strong cybersecurity strategy for your organization - Identify solutions to help minimize cyberattack risks

Getting to Know Security and Devs: Keys to Successful DevSecOps

Franklin Mosley

Ntxissacsc5 gold 4 beyond detection and prevension remediation

North Texas Chapter of the ISSA

Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...

Robert Brandel

Hacking intranet websites

shehab najjar

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Ulf Mattsson

Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK

Adam Pennington

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond

SecPod Technologies

It’s widely known that patch management is a major pain point for most businesses. IT teams struggle to keep systems patched and secure. Cyber-attacks are continuous and anti-virus protection alone isn’t effective. Cyber hygiene best practices need to be followed to keep organizations secure and to prevent security breaches. In this webinar, Chandrashekhar - SecPod’s Founder & CEO, Douglas Smith - BlueHat Cyber’s Senior Sales Director, and Greg Pottebaum - SecPod’s VP OEM & Strategic Alliances, demonstrate: - How to efficiently reduce the cyber-attack surface of your business - Simple strategies to improve your security management - How Blue Hat Cyber uses SanerNow to automate patch management and secure their customer’s endpoints Request a FREE Demo of SanerNow platform at: www.secpod.com About SecPod SecPod is an endpoint security and management technology company. SecPod (Security Podium, incarnated as SecPod) was founded in the year 2008. SecPod’s SanerNow platform and tools are used by MSPs and enterprises worldwide. SecPod also licenses security technology to top security vendors through its SCAP Content Professional Feed. Facebook: https://www.facebook.com/secpod/ LinkedIn: https://www.linkedin.com/company/secp... Twitter: https://twitter.com/SecPod Email us at info@secpod.com to get more details on how to secure your organisation from cyber attacks.

Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?

360mnbsu

The Internet of Things (IoT) has the potential to drive new innovation in products, services, and improve "how things are done" in manufacturing. However IoT also brings-to-light safety and security issues when purpose-built computing and network devices are exposed to the internet. This session will review case studies of IoT enabled exploits, explore some of the underlying cause of the vulnerabilities, and briefly review of steps vendors and end-users are taking to mitigate the risk. From the 2014 Taking Shape Summit: The Internet of Things & the Future of Manufacturing.

Amazon GuardDuty Threat Detection and Remediation

Amazon Web Services

Learn about the threat detection capabilities of Amazon GuardDuty and the available remediation options by walking through some real-world threat scenarios. First, explore a scenario where an Amazon EC2 instance is compromised, then one where IAM credentials are compromised. In each scenario, we explore a method to remediate the threat. We use the following services: AWS CloudFormation, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch events, Amazon SNS, Amazon S3, AWS Lambda, and, of course, Amazon GuardDuty. Be sure you have an AWS account. This should be your own personal account and not one through your company. We provide AWS credits to help cover any costs incurred during the lab.

Conf2013 bchristensen thebig_t

Beau Christensen

Similar to Hexis HawkEye G Machine Speed Defense: RSA 2015 (20)

Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation

Hexis Rules of Engagement Webinar

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

WatchGuard Corporate Presentation.pptx

Threat Landscape Lessons from IoTs and Honeynets

Ethical hacking

Netwatcher Credit Union Tech Talk

A CISO's Guide to Cyber Liability Insurance

Cybereason - behind the HackingTeam infection server

Cyberattacks on the Rise: Is Your Nonprofit Prepared?

Getting to Know Security and Devs: Keys to Successful DevSecOps

Ntxissacsc5 gold 4 beyond detection and prevension remediation

Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...

Hacking intranet websites

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK

How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond

Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?

Amazon GuardDuty Threat Detection and Remediation

Conf2013 bchristensen thebig_t

Recently uploaded

Bits & Pixels using AI for Good.........

Alison B. Lowndes

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Knowledge engineering: from people to machines and back

Elena Simperl

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Recently uploaded (20)

Bits & Pixels using AI for Good.........

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Knowledge engineering: from people to machines and back

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

UiPath Test Automation using UiPath Test Suite series, part 4

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Mission to Decommission: Importance of Decommissioning Products to Increase E...

FIDO Alliance Osaka Seminar: Overview.pdf

DevOps and Testing slides at DASA Connect

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

The Art of the Pitch: WordPress Relationships and Sales

UiPath Test Automation using UiPath Test Suite series, part 3

Neuro-symbolic is not enough, we need neuro-*semantic*

Elevating Tactical DDD Patterns Through Object Calisthenics

Accelerate your Kubernetes clusters with Varnish Caching

Hexis HawkEye G Machine Speed Defense: RSA 2015

4. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 4Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 4 Why machine speed defense? Copyright source: http://writing-the-wrongs.blogspot.com/2011_03_01_archive.html

5. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 5Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 5 Cost per compromise; up 28% Wasted hours chasing down false alerts $11.3 M 395/wk Average time to detect a threat 240 Days

6. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 6Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 6 Deborah Plunkett Head of US NSA’s Information Assurance Directorate “We have to build our systems on the assumption that adversaries will get in.”

7. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 7Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 7 Jon Oltsik ESG Principal Analyst “To truly gain an advantage against attackers, security and IT teams need to adopt a proactive approach to incident response with policy-based automation.”

9. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 9Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 9 Detect Verify Remove Continuous Automated Threat Removal

10. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 10Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 10 HawkEye G Manager Hexis Threat Feed HawkEye G Network Sensor Detect Detection Information Multiple Sources Third-Party Integrations FireEye® NX PAN NGFW + WildFire® 19 HawkEye G Host Sensor 174

11. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 11Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 11 Verify Introducing ThreatSync™ Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Threat Fusion Threat Analytics Indicator Scoring Device Incident Score ThreatSync FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor

12. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 12Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 12 Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Remove Policy Manager Countermeasures Kill Quarantine Block Expire Forensics Future ThreatSync FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor Surgical Automatic Machine Guided

13. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 13Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 13 Hexis Threat Feed Third-Party Integrations HawkEye G Network Sensor Remove Policy Manager Countermeasures Kill Quarantine Block Expire Forensics Future ThreatSync + FireEye® NX PAN NGFW + WildFire® HawkEye G Host Sensor

15. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 15 What is the key advantage of Continuously and Automatically Removing Threats at Machine Speed? a. Dramatically reduces time to respond to threats b. Force multiplier for incident responders c. Reduces the chance of data loss d. Increases visibility e. All of the above

16. Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 16 What is the key advantage of Continuously and Automatically Removing Threats at Machine Speed? a. Dramatically reduces time to respond to threats b. Force multiplier for incident responders c. Reduces the chance of data loss d. Increases visibility e. All of the above

Editor's Notes

At Hexis, in building HawkEye G, we took a very different approach. We starting with the assumption that we needed to continuously and automatically remove threats. To do that, we needed a system that had very good detection capabilities and would be able to validate that the threats we think are there are actually real.
So…how does it all work? Let’s start with detection. In order to be able to automate removal, you have to have really good detection. HawkEye G collects information from a variety of sources. It starts by monitoring BOTH networks and endpoints…because you need both to catch the most stealthy of attacks. • On the endpoints alone, HawkEye G monitors 174 different heuristics. • HawkEye G also aggregates 19 separate threat feeds providing over 54 million MD5 hashes, • Finally, HawkEye G ingests detection information from popular 3rd party technologies such as Palo Alto Networks and FireEye Edits – above Hexis threat feed # 19 Host Sensor #174 Two points during the conversation
All of that detection data is consumed and verified by HawkEye G’s proprietary analytics engine called ThreatSync. ThreatSync “fuses” all the data and threat indicators into a single SCORE. This score helps you determine if the threat is real. We’re literally pulling in events and observables from our network sensor, our host sensor, and Hexis threat feed. We’re also bringing in event data from other technologies like Palo Alto and FireEye – creating a higher order of intelligence and analytics around what’s happening on the endpoints and how threats are communicating with the network… …and that data drives any policy based decisions. By doing this correlation, it DRAMATICALLY reduces the number of false network alerts. And ThreatSync scores are dynamically adjusted to reflect real-time activity so that HawkEye G can respond to threats in real time.
HawkEye G now puts all that technology to work for you… using policy-based incident response and removal. Depending on the incident type and severity, HawkEye can deploy a number of countermeasures that are specifically designed to mitigate & remove the threat. • These countermeasures can be applied surgically and done in either a machine-guided or fully-automated mode. • You can automate what you want, when you want it and how you want it done. Key differentiators include the endpoint sensing capabilities, heuristics defined malware w/o signatures and real-time eventing so you have an up-to-date view of each endpoint to do things like ad-hoc investigations or malware hunting. … Also converging endpoint and network sensors, and of course ThreatSync for that higher level of confidence in incident response.
Finally, HawkEye G also sends information (pass information on) to other 3rd party systems such Splunk or ArcSight, to help increase overall visibility and to add value to the investments you’ve already made. The Hexis approach to solving your security pain points… was to combine endpoints, network, analytics, and automation into one complete platform. This is how we can deliver more value over the kill chain landscape vs a vendor who’s only focused on one area.
That’s why HawkEye G was rated a near 5 out of 5 by Network World magazine. Pause…. So that’s Automated threat removal in a nutshell and what Hexis Cyber Securities calls – Machine Speed Defense. Let’s see how well you were paying attention…… with this trivia question….
Thanks so much for your time. I invite you now to visit the HawkEye G demo station for a personalized product tour to see for yourself how automated threat removal works. Our security experts are standing by to scan your badges and answer your questions. Don’t forget o pick up your t-shirt on the way out. Enjoy the conference.

Hexis HawkEye G Machine Speed Defense: RSA 2015

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Hexis HawkEye G Machine Speed Defense: RSA 2015

Similar to Hexis HawkEye G Machine Speed Defense: RSA 2015 (20)

Recently uploaded

Recently uploaded (20)

Hexis HawkEye G Machine Speed Defense: RSA 2015

Editor's Notes