SlideShare a Scribd company logo

Incident Response: Security's Special Teams

Download as PPTX, PDF
Resilient Systems
Resilient Systems

In football, special teams - the groups that do field goals, kick-offs, etc. - don't spend a ton of time on the field. But they routinely win (or lose) games. For this reason, even though special teams is a part-time job for many of the players, they are nonetheless thoroughly conditioned, trained, briefed, and otherwise prepared for this crucial role. Incident response (IR) teams serve a similar function for enterprise IT organizations. Many team members don't work full-time on IR. Yet when they are needed, the stakes couldn't be higher for the IT department. As such, it is absolutely crucial that the IR team is on top of its game. This webinar will review the factors driving the ascendence of IR as the next crucial discipline for IT in general and the CIO / CSO in particular. It will then highlight the crucial components of an effective IR capability with particular emphasis on what leading organizations are doing to upgrade their IR function. Our featured speakers for this timely webinar will be: -Andrew Jaquith, Chief Technology Officer & SVP Cloud Strategy, SilverSky -Ted Julian, Chief Markting Officer, Co3 Systems

1 of 29
Incident Response: Security’s Special Teams
Page 2 Introductions: Today’s Speakers • Ted Julian, Chief Marketing Officer, Co3 Systems • Ted is a serial entrepreneur who has launched four companies during his ~20 years in the security / compliance industry. • Andrew Jaquith, Chief Technology Officer & SVP Cloud Strategy, SilverSky • Andy is a thought-leader with ~20 years experience in the security industry. He has helped shape the security industry as an enterpreneur at SilverSky and @stake and as an industry analyst at Forrester Research and Yankee Group.
Page 3 Agenda • Introductions • IR: The Next Security Discipline • Enhancing Your IR Capability • Technology • People • Process • Final Thoughts / Recommendations • Q&A
Page 4 Co3 Automates Incident Response PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • See $ exposure • Send notice to team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion
Page 5 SilverSky simplifies how customers secure information MANAGE email, messaging and collaboration SECURE data with our security software MONITOR networks for intrusions 24x7 Exchange Lync SharePoint Email Security Mobile device management Email DLP Email Encryption Email Archive Email Continuity Log management Vulnerabiity management Brand protection UTM management Event monitoring and response Managed BlackBerry By tirelessly safeguarding our customers’ most important information, SilverSky enables growth-minded leaders to pursue their business ambitions without security worry. SilverSky protects $525 billion in banking and credit union assets. Each month, we analyze 15 billion raw security events and investigate 140,000 alerts.
Page 6 By Mike Kaplan [Public domain], via Wikimedia Commons Offense
Page 7 By U.S. Navy photo by Mass Communication Specialist David P. Coleman [Public domain], via Wikimedia Commons Defense
Page 8 By U.S. Navy photo by Lt. Cmdr. Scott Allen. [Public domain], via Wikimedia Commons Special Teams
Page 9 Information security has three phases too Prevention Detection Response • Stop malicious threats • Secure endpoints, networks, and servers • Maintain secure and compliant configurations • Identify anomalous behavior • Detect compromises • Discover data leaks & potential breaches • Have a plan • Assess events • Escalate to incidents • Manage • Report
Page 10 Why Incident Response Matters Compromised asset No damage Budget IDS, AV or other control repels an attack Attacker infects a workstation Attacker “pivots” to gains control over sensitive systems Analogy Damage “Preventative care” “Infection” “Disease” millions 000s 0 0 000s millions Multiple compromised assets Chain of events
Page 11 Compromises are the new reality SilverSky analyzed security incidents based on data from 861 financial institutions for the second half of 2012 We found: • 1,628 likely and confirmed customer compromises • 441 institutions affected • 51% of our financial customers experienced at least one incident SilverSky blocked 1/3 of incidents Traffic analysis detected the rest Size of institution ($assets) Average # of incidents Small (<$25 million) 3 Mid-sized (<$1 Bm) 4 Large (>$1 Bn) 7 Source: SilverSky 2012 2H Financial Institutions Threat Report. (Base: 861 SilverSky customers)
Page 12 Guess where most IT security budgets go? By victor vic (all in, tapis) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons
Page 13 Prevention + Detection Dominate Security Spend Segment 2012 revenue Prevention / Detection Products $27B* Prevention / Detection Services $29B* Response Services $6B** Response Products < $1B*** * Gartner ** ABI Research ***Co3 estimate 89% 11%
Page 14 Public Domain Pictures.net - Eggs In The Grass by Ed Hoskins There is a metaphor for this strategy…
Page 15 IR Demands Investment “If you are going to invest in one thing - it should be incident response.” GARTNER – JUNE 2013 “You can’t afford ineffective incident response.” FORRESTER – APRIL 2013
POLL
Page 17 Is This IR? By ErrantX. [Public domain], via Wikimedia Commons
Page 18 Is This IR?
Page 19 The Incident Response Lifecycle PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • Calculate $ exposure • Notify team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion
Page 20 IR Is More Than Just Forensics Forensics Security Tools Threat Intelligence Partners / Providers Law Enforcement IT / Security Controls Service Providers Law Enforcement Partner Perpetrator(s) Internal Staff Customers Detection Investigation IT / Security Controls Service Providers Law Enforcement Partners Internal Staff Response IR Team
POLL
Page 22 • IT • Legal • Compliance • Audit • Privacy • Marketing • HR • Senior Executives INTERNAL • Legal • Consultants • Audit • Law Enforcement • Partners EXTERNAL DON’T FORGET TO: • Communicate • Practice • Train Incident Response People
Page 23 Incident Response Process PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • Calculate $ exposure • Notify team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion BE SURE TO INCLUDE: • Regulatory Requirements • State, Federal, and Trade • Industry Standard Frameworks • NIST, CERT, SANS • Organization Standards / Best Practices • Contractual Requirements
Page 24 Incident Response Technology This? By KoS. [Public domain], via Wikimedia Commons
Page 25 Incident Response Technology This? By Rens ten Hagen. [Public domain], via Wikimedia Commons
Page 26 Incident Response Technology This?
Page 27 Incident Response Technology SYSTEM REQS • Secure • Distinct • Available • Integrated with related systems • Prescriptive • Cognizant of regulations, best practices, threats • Easy to use • Built-in workflow • Built-in reporting / dashboards • Always up to date • Linked to threat intelligence • Faster response time • Staff augmentation • Consistency • Repeatability • Ensure compliance • Foster collaboration • Simplify reporting / status updates • Improved threat context / correlation OBJECTIVES FUNCTIONAL REQUIREMENTS
QUESTIONS
One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM Andrew Jaquith Chief Technology Officer & SVP Cloud Strategy SilverSky ajaquith@silversky.com www.silversky.com “One of the most important startups in security…” BUSINESS INSIDER – JANUARY 2013 “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013 “an invaluable weapon when responding to security incidents.” GOVERNMENT COMPUTER NEWS “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE

Recommended

How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
EnergySec
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
Resilient Systems
 

Recommended

How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
EnergySec
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
Resilient Systems
 
Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Resilient Systems
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
Resilient Systems
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
Resilient Systems
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
Resilient Systems
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
Resolver Inc.
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
The importance of industrial water filtration
The importance of industrial water filtrationThe importance of industrial water filtration
The importance of industrial water filtration
carolgarcia581
 
Microcontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtrationMicrocontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtration
Ernesto Empig
 

More Related Content

What's hot

Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Resilient Systems
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
Resilient Systems
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
Resilient Systems
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
Resilient Systems
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
Resolver Inc.
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 

What's hot (20)

Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Incident response
Incident responseIncident response
Incident response
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 

Viewers also liked

The importance of industrial water filtration
The importance of industrial water filtrationThe importance of industrial water filtration
The importance of industrial water filtration
carolgarcia581
 
Microcontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtrationMicrocontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtration
Ernesto Empig
 
Caught on Cotton? Vital Signs
Caught on Cotton? Vital SignsCaught on Cotton? Vital Signs
Caught on Cotton? Vital Signs
Worldwatch Institute
 
SEM water filtration analysis
SEM water filtration analysisSEM water filtration analysis
SEM water filtration analysisRobert Leonard
 
Filtration and disinfection of water
Filtration and disinfection of waterFiltration and disinfection of water
Filtration and disinfection of water
Vinod Kumar Nehta
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure Guidelines
Resilient Systems
 
Nlp ile Başarının İç Oyunu
Nlp ile Başarının İç OyunuNlp ile Başarının İç Oyunu
Nlp ile Başarının İç Oyunu
NLPDAP Danışmanlık ve Eğitim Merkezi
 
โรคเบาหวาน
โรคเบาหวานโรคเบาหวาน
โรคเบาหวานweerawatkatsiri
 
150415 教育学特殊XIV(学級規模の教育心理学)第2講
150415 教育学特殊XIV(学級規模の教育心理学)第2講150415 教育学特殊XIV(学級規模の教育心理学)第2講
150415 教育学特殊XIV(学級規模の教育心理学)第2講
Koyo Yamamori
 
懐かし
懐かし懐かし
懐かし
Koyo Yamamori
 
Guida Introduttiva a Facebook
Guida Introduttiva a FacebookGuida Introduttiva a Facebook
Guida Introduttiva a Facebook
Emanuele Pulli
 
Multiple streams of_income_1
Multiple streams of_income_1Multiple streams of_income_1
Multiple streams of_income_1
weichieh
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update Resilient Systems
 
Miriam Sturdee - Xray vision
Miriam Sturdee - Xray vision Miriam Sturdee - Xray vision
Miriam Sturdee - Xray vision Sebastian Weise
 
Guida Introduttiva a Google+
Guida Introduttiva a Google+Guida Introduttiva a Google+
Guida Introduttiva a Google+
Emanuele Pulli
 
Presentazione Enginet
Presentazione Enginet Presentazione Enginet
Presentazione Enginet Enginet
 

Viewers also liked (20)

The importance of industrial water filtration
The importance of industrial water filtrationThe importance of industrial water filtration
The importance of industrial water filtration
 
Microcontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtrationMicrocontroller-based Monitoring System for Water filtration
Microcontroller-based Monitoring System for Water filtration
 
Caught on Cotton? Vital Signs
Caught on Cotton? Vital SignsCaught on Cotton? Vital Signs
Caught on Cotton? Vital Signs
 
SEM water filtration analysis
SEM water filtration analysisSEM water filtration analysis
SEM water filtration analysis
 
Filtration and disinfection of water
Filtration and disinfection of waterFiltration and disinfection of water
Filtration and disinfection of water
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure Guidelines
 
Nlp ile Başarının İç Oyunu
Nlp ile Başarının İç OyunuNlp ile Başarının İç Oyunu
Nlp ile Başarının İç Oyunu
 
โรคเบาหวาน
โรคเบาหวานโรคเบาหวาน
โรคเบาหวาน
 
150415 教育学特殊XIV(学級規模の教育心理学)第2講
150415 教育学特殊XIV(学級規模の教育心理学)第2講150415 教育学特殊XIV(学級規模の教育心理学)第2講
150415 教育学特殊XIV(学級規模の教育心理学)第2講
 
Html images
Html imagesHtml images
Html images
 
140811 outline
140811 outline140811 outline
140811 outline
 
懐かし
懐かし懐かし
懐かし
 
Guida Introduttiva a Facebook
Guida Introduttiva a FacebookGuida Introduttiva a Facebook
Guida Introduttiva a Facebook
 
Multiple streams of_income_1
Multiple streams of_income_1Multiple streams of_income_1
Multiple streams of_income_1
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
 
Wanted & available
Wanted & availableWanted & available
Wanted & available
 
Proyecto de ingles
Proyecto de inglesProyecto de ingles
Proyecto de ingles
 
Miriam Sturdee - Xray vision
Miriam Sturdee - Xray vision Miriam Sturdee - Xray vision
Miriam Sturdee - Xray vision
 
Guida Introduttiva a Google+
Guida Introduttiva a Google+Guida Introduttiva a Google+
Guida Introduttiva a Google+
 
Presentazione Enginet
Presentazione Enginet Presentazione Enginet
Presentazione Enginet
 

Similar to Incident Response: Security's Special Teams

Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
Resilient Systems
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC Advisory Group
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
Resilient Systems
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
North Texas Chapter of the ISSA
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
Resilient Systems
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
Jim Kaplan CIA CFE
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
April Mardock CISSP
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Emily2014
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
Joseph Wynn
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
Ulf Mattsson
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
guidepostsolutions
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
Anthony Dials
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 

Similar to Incident Response: Security's Special Teams (20)

Breached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident ResponseBreached! App Attacks, Application Protection and Incident Response
Breached! App Attacks, Application Protection and Incident Response
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 

More from Resilient Systems

Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents
Resilient Systems
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Resilient Systems
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Resilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response Imperative
Resilient Systems
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
Resilient Systems
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
Resilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
Resilient Systems
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their Tracks
Resilient Systems
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The Money
Resilient Systems
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
Resilient Systems
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance Issue
Resilient Systems
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat Landscape
Resilient Systems
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Resilient Systems
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
Resilient Systems
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
Resilient Systems
 
Introducing Co3's Security Incident Response Module
Introducing Co3's Security Incident Response ModuleIntroducing Co3's Security Incident Response Module
Introducing Co3's Security Incident Response Module
Resilient Systems
 

More from Resilient Systems (20)

Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a PanaceaEncryption: Who, What, When, Where, and Why It's Not a Panacea
Encryption: Who, What, When, Where, and Why It's Not a Panacea
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response Imperative
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their Tracks
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The Money
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance Issue
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat Landscape
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Introducing Co3's Security Incident Response Module
Introducing Co3's Security Incident Response ModuleIntroducing Co3's Security Incident Response Module
Introducing Co3's Security Incident Response Module
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 

Recently uploaded (20)

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

Incident Response: Security's Special Teams

  • 2. Page 2 Introductions: Today’s Speakers • Ted Julian, Chief Marketing Officer, Co3 Systems • Ted is a serial entrepreneur who has launched four companies during his ~20 years in the security / compliance industry. • Andrew Jaquith, Chief Technology Officer & SVP Cloud Strategy, SilverSky • Andy is a thought-leader with ~20 years experience in the security industry. He has helped shape the security industry as an enterpreneur at SilverSky and @stake and as an industry analyst at Forrester Research and Yankee Group.
  • 3. Page 3 Agenda • Introductions • IR: The Next Security Discipline • Enhancing Your IR Capability • Technology • People • Process • Final Thoughts / Recommendations • Q&A
  • 4. Page 4 Co3 Automates Incident Response PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • See $ exposure • Send notice to team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion
  • 5. Page 5 SilverSky simplifies how customers secure information MANAGE email, messaging and collaboration SECURE data with our security software MONITOR networks for intrusions 24x7 Exchange Lync SharePoint Email Security Mobile device management Email DLP Email Encryption Email Archive Email Continuity Log management Vulnerabiity management Brand protection UTM management Event monitoring and response Managed BlackBerry By tirelessly safeguarding our customers’ most important information, SilverSky enables growth-minded leaders to pursue their business ambitions without security worry. SilverSky protects $525 billion in banking and credit union assets. Each month, we analyze 15 billion raw security events and investigate 140,000 alerts.
  • 6. Page 6 By Mike Kaplan [Public domain], via Wikimedia Commons Offense
  • 7. Page 7 By U.S. Navy photo by Mass Communication Specialist David P. Coleman [Public domain], via Wikimedia Commons Defense
  • 8. Page 8 By U.S. Navy photo by Lt. Cmdr. Scott Allen. [Public domain], via Wikimedia Commons Special Teams
  • 9. Page 9 Information security has three phases too Prevention Detection Response • Stop malicious threats • Secure endpoints, networks, and servers • Maintain secure and compliant configurations • Identify anomalous behavior • Detect compromises • Discover data leaks & potential breaches • Have a plan • Assess events • Escalate to incidents • Manage • Report
  • 10. Page 10 Why Incident Response Matters Compromised asset No damage Budget IDS, AV or other control repels an attack Attacker infects a workstation Attacker “pivots” to gains control over sensitive systems Analogy Damage “Preventative care” “Infection” “Disease” millions 000s 0 0 000s millions Multiple compromised assets Chain of events
  • 11. Page 11 Compromises are the new reality SilverSky analyzed security incidents based on data from 861 financial institutions for the second half of 2012 We found: • 1,628 likely and confirmed customer compromises • 441 institutions affected • 51% of our financial customers experienced at least one incident SilverSky blocked 1/3 of incidents Traffic analysis detected the rest Size of institution ($assets) Average # of incidents Small (<$25 million) 3 Mid-sized (<$1 Bm) 4 Large (>$1 Bn) 7 Source: SilverSky 2012 2H Financial Institutions Threat Report. (Base: 861 SilverSky customers)
  • 12. Page 12 Guess where most IT security budgets go? By victor vic (all in, tapis) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons
  • 13. Page 13 Prevention + Detection Dominate Security Spend Segment 2012 revenue Prevention / Detection Products $27B* Prevention / Detection Services $29B* Response Services $6B** Response Products < $1B*** * Gartner ** ABI Research ***Co3 estimate 89% 11%
  • 14. Page 14 Public Domain Pictures.net - Eggs In The Grass by Ed Hoskins There is a metaphor for this strategy…
  • 15. Page 15 IR Demands Investment “If you are going to invest in one thing - it should be incident response.” GARTNER – JUNE 2013 “You can’t afford ineffective incident response.” FORRESTER – APRIL 2013
  • 16. POLL
  • 17. Page 17 Is This IR? By ErrantX. [Public domain], via Wikimedia Commons
  • 19. Page 19 The Incident Response Lifecycle PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • Calculate $ exposure • Notify team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion
  • 20. Page 20 IR Is More Than Just Forensics Forensics Security Tools Threat Intelligence Partners / Providers Law Enforcement IT / Security Controls Service Providers Law Enforcement Partner Perpetrator(s) Internal Staff Customers Detection Investigation IT / Security Controls Service Providers Law Enforcement Partners Internal Staff Response IR Team
  • 21. POLL
  • 22. Page 22 • IT • Legal • Compliance • Audit • Privacy • Marketing • HR • Senior Executives INTERNAL • Legal • Consultants • Audit • Law Enforcement • Partners EXTERNAL DON’T FORGET TO: • Communicate • Practice • Train Incident Response People
  • 23. Page 23 Incident Response Process PREPARE Improve Organizational Readiness • Assign response team • Describe environment • Simulate events and incidents • Focus on organizational gaps REPORT Document Results and Track Performance • Document incident results • Track historical performance • Demonstrate organizational preparedness • Generate audit/compliance reports ASSESS Quantify Potential Impact, Support Privacy Impact Assessments • Track events • Scope regulatory requirements • Calculate $ exposure • Notify team • Generate Impact Assessments MANAGE Easily Generate Detailed Incident Response Plans • Escalate to complete IR plan • Oversee the complete plan • Assign tasks: who/what/when • Notify regulators and clients • Monitor progress to completion BE SURE TO INCLUDE: • Regulatory Requirements • State, Federal, and Trade • Industry Standard Frameworks • NIST, CERT, SANS • Organization Standards / Best Practices • Contractual Requirements
  • 24. Page 24 Incident Response Technology This? By KoS. [Public domain], via Wikimedia Commons
  • 25. Page 25 Incident Response Technology This? By Rens ten Hagen. [Public domain], via Wikimedia Commons
  • 26. Page 26 Incident Response Technology This?
  • 27. Page 27 Incident Response Technology SYSTEM REQS • Secure • Distinct • Available • Integrated with related systems • Prescriptive • Cognizant of regulations, best practices, threats • Easy to use • Built-in workflow • Built-in reporting / dashboards • Always up to date • Linked to threat intelligence • Faster response time • Staff augmentation • Consistency • Repeatability • Ensure compliance • Foster collaboration • Simplify reporting / status updates • Improved threat context / correlation OBJECTIVES FUNCTIONAL REQUIREMENTS
  • 29. One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM Andrew Jaquith Chief Technology Officer & SVP Cloud Strategy SilverSky ajaquith@silversky.com www.silversky.com “One of the most important startups in security…” BUSINESS INSIDER – JANUARY 2013 “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013 “an invaluable weapon when responding to security incidents.” GOVERNMENT COMPUTER NEWS “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE

Editor's Notes

  1. http://en.wikipedia.org/wiki/File:Shea_Smith-edit1.jpgThis image or file is a work of a U.S. Air Force Airman or employee, taken or made during the course of the person&apos;s official duties. As a work of the U.S. federal government, the image or file is in the public domain.
  2. http://en.wikipedia.org/wiki/File:2006_Pro_Bowl_tackle.jpgThis image is in the public domain because it contains materials that originally came from the United States Marine Corps. As a work of the U.S. federal government, the image is in the public domain.
  3. http://en.wikipedia.org/wiki/File:Shane_Lechler_punts_at_Falcons_at_Raiders_11-2-08.JPGPhoto taken by User:BrokenSphere and released under the following license(s). You may use it for any purpose as long as you credit me and follow the terms of the license you choose.Example: © BrokenSphere / Wikimedia Commons
  4. Preventative: $7115. Detect/respond: $1040