The document discusses the modern cyber threat landscape, highlighting how prevention-centric security strategies are becoming obsolete against advanced targeted attacks. It argues that effective security now requires rapid threat detection and response capabilities through security intelligence platforms that can analyze big data, detect anomalies, and orchestrate incident response workflows. Such platforms allow organizations to gain a broader view of threats, improve mean time to detect from months to minutes, and reduce the risk of experiencing damaging breaches by quickly neutralizing threats over their lifecycle.
This document discusses how cloud services can help with security. It notes that scalability, cost savings, and agility are key drivers for companies adopting cloud services. However, cybercrime poses rising risks and costs to businesses. The cloud can enhance security through features like 24/7 monitoring, patching, firewalls, encryption, and identity/access management. It also discusses adopting a "assume breach" mindset and conducting wargame exercises to prepare for and respond to security incidents rapidly. The document promotes Microsoft's cloud compliance certifications and transparency around law enforcement data requests. It introduces their Advanced Threat Analytics solution for on-premises behavioral analytics and advanced threat detection.
The document discusses how cloud services can help with security challenges. It notes that cloud platforms provide robust security capabilities like 24/7 monitoring, patching, antivirus software and firewalls. Additionally, the cloud ensures data confidentiality, integrity and availability through encryption, access controls and regular penetration testing. However, the document also acknowledges that organizations must assume a breach will occur and prepare response plans to quickly detect, contain and recover from incidents. The cloud can help improve security posture but companies still need to adopt a "assume breach" mindset and implement detection and response capabilities.
This document discusses how advanced network forensics can help security teams investigate cyber attacks more effectively. It describes how IBM's QRadar Incident Forensics solution allows organizations to (1) retrace an attacker's steps through raw packet data reconstruction, (2) speed up investigations by indexing network activity into searchable information, and (3) give security teams better visibility into security incidents through a simplified search interface.
This document discusses cybersecurity threats and strategies. It contains the following key points:
1) Cybercrime poses a serious threat to financial services through account takeovers and data breaches at companies that store personal information. Education of both banks and customers is important to increase awareness of threats.
2) New technologies like biometrics and behavioral analytics show promise in improving security, but cybercriminals are also innovative so defenses must remain dynamic.
3) Adopting a big data approach to security analytics allows detection of complex patterns and threats that were previously difficult to identify from fragmented data sources. This has potential to automate some security monitoring and response.
"Cybercriminals are more aggressive and technically proficient - they are professional, industrialized with well-defined organizational structures" "It’s now more than ever IT security professionals, businesses, agencies, and authorities need to collaborate and function as a unified force, exchanging resources, information, and intelligence to reduce the threat of Cybercriminal activities."
Victims of damaging cyber breaches make the news every week – don’t become one of them! The rate of breaches continues to go up every year and it is not just experienced by large companies. Companies need to have the ability to: View “Holistic attack surface”,2. Mission realization, and 3.Kill the threat easily 60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders. Fortunately, an intrusion does not equal a breach. In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service. Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and defuse. Logrhythm help organizations reduce MEAN TIME TO DETECT & MEAN TIME TO RESPOND. Omar Barakat, Regional Channel Manager – Middle East, Turkey & Africa, Logrhythm Threat Life Cycle Management
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
This document discusses how cloud services can help with security. It notes that scalability, cost savings, and agility are key drivers for companies adopting cloud services. However, cybercrime poses rising risks and costs to businesses. The cloud can enhance security through features like 24/7 monitoring, patching, firewalls, encryption, and identity/access management. It also discusses adopting a "assume breach" mindset and conducting wargame exercises to prepare for and respond to security incidents rapidly. The document promotes Microsoft's cloud compliance certifications and transparency around law enforcement data requests. It introduces their Advanced Threat Analytics solution for on-premises behavioral analytics and advanced threat detection.
The document discusses how cloud services can help with security challenges. It notes that cloud platforms provide robust security capabilities like 24/7 monitoring, patching, antivirus software and firewalls. Additionally, the cloud ensures data confidentiality, integrity and availability through encryption, access controls and regular penetration testing. However, the document also acknowledges that organizations must assume a breach will occur and prepare response plans to quickly detect, contain and recover from incidents. The cloud can help improve security posture but companies still need to adopt a "assume breach" mindset and implement detection and response capabilities.
This document discusses how advanced network forensics can help security teams investigate cyber attacks more effectively. It describes how IBM's QRadar Incident Forensics solution allows organizations to (1) retrace an attacker's steps through raw packet data reconstruction, (2) speed up investigations by indexing network activity into searchable information, and (3) give security teams better visibility into security incidents through a simplified search interface.
This document discusses cybersecurity threats and strategies. It contains the following key points:
1) Cybercrime poses a serious threat to financial services through account takeovers and data breaches at companies that store personal information. Education of both banks and customers is important to increase awareness of threats.
2) New technologies like biometrics and behavioral analytics show promise in improving security, but cybercriminals are also innovative so defenses must remain dynamic.
3) Adopting a big data approach to security analytics allows detection of complex patterns and threats that were previously difficult to identify from fragmented data sources. This has potential to automate some security monitoring and response.
"Cybercriminals are more aggressive and technically proficient - they are professional, industrialized with well-defined organizational structures" "It’s now more than ever IT security professionals, businesses, agencies, and authorities need to collaborate and function as a unified force, exchanging resources, information, and intelligence to reduce the threat of Cybercriminal activities."
Victims of damaging cyber breaches make the news every week – don’t become one of them! The rate of breaches continues to go up every year and it is not just experienced by large companies. Companies need to have the ability to: View “Holistic attack surface”,2. Mission realization, and 3.Kill the threat easily 60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders. Fortunately, an intrusion does not equal a breach. In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service. Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and defuse. Logrhythm help organizations reduce MEAN TIME TO DETECT & MEAN TIME TO RESPOND. Omar Barakat, Regional Channel Manager – Middle East, Turkey & Africa, Logrhythm Threat Life Cycle Management
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Damballa automated breach defense june 2014Ricardo Resnik
This document discusses the need for advanced threat protection and containment solutions due to the high percentage of cyber attacks that go undetected for months. It notes that traditional prevention-focused security approaches are no longer sufficient. The document then highlights statistics on the financial and resource costs of cyber attacks. It introduces Damballa's automated breach defense platform, which uses behavioral analytics to automatically identify active threats, regardless of prior knowledge. The platform aims to enable a breach resistant organization. The document concludes by presenting several customer case studies where Damballa helped reduce costs, detection times, and improve visibility and response.
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.“
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Cyber threat intelligence aims to help companies understand and address cybersecurity threats. It involves collecting and analyzing information on current and potential cyber attacks from sources like malware analysis and human intelligence. There are three main types of threat intelligence: strategic intelligence for executives, tactical intelligence for IT professionals, and operational intelligence from active attacks. Uncovering threats through cyber threat intelligence can help identify security issues like malware infections and prevent costly data breaches and ransomware attacks. The intelligence gathering process typically involves four phases: planning, data collection, threat analysis, and responding to threats.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
This document discusses risk management in cyber security. It begins by explaining the concept of risk management and how it has been applied to physical security measures. It then discusses how risk management principles are applied to cyber security, including identifying vulnerabilities, educating employees, and forming incident response teams. The document outlines the process of implementing a cyber security risk management system, including prioritizing assets, applying layered security, and documenting procedures. It also discusses risk mitigation strategies, incident response plans, and the role of cyber forensics in risk management.
OSB50: Operational Security: State of the UnionIvanti
The document discusses operational security and the state of cyber threats. It provides an overview of key trends including less control over data and devices, more complex networks, the rise of insecure internet of things devices, and the need for security to balance risk mitigation and enable business opportunities. Survey results show that security tasks are often split between IT and security teams. The document argues that organizations need to take a risk-based approach to security centered around understanding inherent risks, how assets could be compromised, and ensuring effective controls are in place. It also discusses challenges to achieving effective security.
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
Threat intelligence needs to be in a language the business understands. SurfWatch Labs can help connect cyber threat intelligence to business operations in order to help manage cyber risk.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
Ulf Mattsson presented on cyber risk management challenges and recommendations in 2017. He discussed trends like the increasing involvement of boards in cybersecurity oversight. Mattsson also covered topics such as talking to boards about cyber risk, data security blind spots within organizations, and how the Payment Card Industry Data Security Standard is evolving to incorporate concepts like data discovery and integrating security into the development process. He emphasized the importance of generating security metrics and adopting a DevSecOps approach to strengthen an organization's security posture and compliance.
The document discusses threat lifecycle management (TLM) as a framework to help organizations reduce the time it takes to detect and respond to cyber threats. It describes the typical phases of a cyber attack lifecycle and how TLM aims to detect threats earlier through six phases: 1) forensic data collection, 2) discover threats, 3) qualify threats, 4) investigate threats, 5) mitigate threats, and 6) recover from incidents. Implementing people, processes and technologies to support effective TLM across these phases can help minimize the business impact of cyber attacks.
The document discusses threat lifecycle management (TLM) as a framework to help organizations reduce the time it takes to detect and respond to cyber threats. It describes the typical phases of a cyber attack lifecycle and how implementing effective TLM processes across six phases - forensic data collection, discover, qualify, investigate, mitigate and recover - can help detect threats earlier before major impacts occur. The six phases of TLM involve collecting log and security event data, using machine learning to discover threats, qualifying threats to assess risk, investigating qualified threats, neutralizing threats through incident response, and recovering from incidents. Implementing TLM requires people, processes and technologies working together to optimize detection and response times.
This document summarizes a continuing education conference for accounting, finance, and human resources professionals on technology updates for 2011. The conference will cover topics including cloud computing, security best practices, disaster recovery plans, and how to effectively use social media for business. The presenter will discuss what cloud computing really means, current security threats facing businesses, how to safeguard mission critical data through disaster recovery plans, and how to establish social media policies for business collaboration. The conference aims to bring professionals up to date on important technology topics and best practices.
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, views, and limitations of SQL security. It defines SQL injection attacks and gives examples of how attacks work by inserting malicious SQL statements into user input. The document recommends best practices for prevention, including using prepared statements with bound variables, input validation, output encoding, and limiting database permissions.
This document provides information on first aid, including objectives, definitions, common emergencies, transportation of casualties, bandaging, qualities of first aiders, and first aid skills. It aims to describe the principles and practice of first aid, and to enable students to promote safety, prevent accidents, and manage common trauma and emergencies. The document outlines how to assess emergency situations, provide initial care including restoring breathing and circulation, and calling for additional assistance.
More Related Content
Similar to LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
Damballa automated breach defense june 2014Ricardo Resnik
This document discusses the need for advanced threat protection and containment solutions due to the high percentage of cyber attacks that go undetected for months. It notes that traditional prevention-focused security approaches are no longer sufficient. The document then highlights statistics on the financial and resource costs of cyber attacks. It introduces Damballa's automated breach defense platform, which uses behavioral analytics to automatically identify active threats, regardless of prior knowledge. The platform aims to enable a breach resistant organization. The document concludes by presenting several customer case studies where Damballa helped reduce costs, detection times, and improve visibility and response.
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.“
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Cyber threat intelligence aims to help companies understand and address cybersecurity threats. It involves collecting and analyzing information on current and potential cyber attacks from sources like malware analysis and human intelligence. There are three main types of threat intelligence: strategic intelligence for executives, tactical intelligence for IT professionals, and operational intelligence from active attacks. Uncovering threats through cyber threat intelligence can help identify security issues like malware infections and prevent costly data breaches and ransomware attacks. The intelligence gathering process typically involves four phases: planning, data collection, threat analysis, and responding to threats.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
This document discusses risk management in cyber security. It begins by explaining the concept of risk management and how it has been applied to physical security measures. It then discusses how risk management principles are applied to cyber security, including identifying vulnerabilities, educating employees, and forming incident response teams. The document outlines the process of implementing a cyber security risk management system, including prioritizing assets, applying layered security, and documenting procedures. It also discusses risk mitigation strategies, incident response plans, and the role of cyber forensics in risk management.
OSB50: Operational Security: State of the UnionIvanti
The document discusses operational security and the state of cyber threats. It provides an overview of key trends including less control over data and devices, more complex networks, the rise of insecure internet of things devices, and the need for security to balance risk mitigation and enable business opportunities. Survey results show that security tasks are often split between IT and security teams. The document argues that organizations need to take a risk-based approach to security centered around understanding inherent risks, how assets could be compromised, and ensuring effective controls are in place. It also discusses challenges to achieving effective security.
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...SurfWatch Labs
Threat intelligence needs to be in a language the business understands. SurfWatch Labs can help connect cyber threat intelligence to business operations in order to help manage cyber risk.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
Ulf Mattsson presented on cyber risk management challenges and recommendations in 2017. He discussed trends like the increasing involvement of boards in cybersecurity oversight. Mattsson also covered topics such as talking to boards about cyber risk, data security blind spots within organizations, and how the Payment Card Industry Data Security Standard is evolving to incorporate concepts like data discovery and integrating security into the development process. He emphasized the importance of generating security metrics and adopting a DevSecOps approach to strengthen an organization's security posture and compliance.
The document discusses threat lifecycle management (TLM) as a framework to help organizations reduce the time it takes to detect and respond to cyber threats. It describes the typical phases of a cyber attack lifecycle and how TLM aims to detect threats earlier through six phases: 1) forensic data collection, 2) discover threats, 3) qualify threats, 4) investigate threats, 5) mitigate threats, and 6) recover from incidents. Implementing people, processes and technologies to support effective TLM across these phases can help minimize the business impact of cyber attacks.
The document discusses threat lifecycle management (TLM) as a framework to help organizations reduce the time it takes to detect and respond to cyber threats. It describes the typical phases of a cyber attack lifecycle and how implementing effective TLM processes across six phases - forensic data collection, discover, qualify, investigate, mitigate and recover - can help detect threats earlier before major impacts occur. The six phases of TLM involve collecting log and security event data, using machine learning to discover threats, qualifying threats to assess risk, investigating qualified threats, neutralizing threats through incident response, and recovering from incidents. Implementing TLM requires people, processes and technologies working together to optimize detection and response times.
This document summarizes a continuing education conference for accounting, finance, and human resources professionals on technology updates for 2011. The conference will cover topics including cloud computing, security best practices, disaster recovery plans, and how to effectively use social media for business. The presenter will discuss what cloud computing really means, current security threats facing businesses, how to safeguard mission critical data through disaster recovery plans, and how to establish social media policies for business collaboration. The conference aims to bring professionals up to date on important technology topics and best practices.
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, views, and limitations of SQL security. It defines SQL injection attacks and gives examples of how attacks work by inserting malicious SQL statements into user input. The document recommends best practices for prevention, including using prepared statements with bound variables, input validation, output encoding, and limiting database permissions.
This document provides information on first aid, including objectives, definitions, common emergencies, transportation of casualties, bandaging, qualities of first aiders, and first aid skills. It aims to describe the principles and practice of first aid, and to enable students to promote safety, prevent accidents, and manage common trauma and emergencies. The document outlines how to assess emergency situations, provide initial care including restoring breathing and circulation, and calling for additional assistance.
- Early initiation of basic life support, including chest compressions and use of an automated external defibrillator, can increase the chances of survival for cardiac arrest victims.
- For adults, the chain of survival involves early CPR, defibrillation with an AED, and advanced life support. For children, preventing respiratory emergencies is the first priority.
- Proper basic life support for adults involves assessing the scene, checking breathing and pulse, calling for help, performing chest compressions and rescue breaths, and using an AED if available. For children and infants, the process is similar but with adjustments to compression depth and rate.
The document summarizes the anatomy of the female pelvis. It describes the four pelvic bones - the two innominate bones, sacrum, and coccyx. It details the structures of the innominate bones including the ilium, ischium, and pubic bone. It discusses the pelvic joints and ligaments. It also describes the false pelvis, true pelvis including the brim, cavity, and outlet. It notes the diameters and landmarks of the brim. It concludes by summarizing the muscles of the pelvic floor.
The placenta is a complex organ that develops fully by 10 weeks after fertilization. It acts as the interface between the mother and developing fetus, carrying out essential functions like gas exchange, nutrient transport, waste removal, and hormone production. The placenta grows from the trophoblast layer of the fertilized egg and consists of the fetal chorionic villi interdigitated within the maternal decidua. The placenta allows for selective transport of substances between the maternal and fetal circulations. At term, the placenta weighs about 500g and has distinct maternal and fetal surfaces. The umbilical cord contains blood vessels that connect the fetus to the placenta.
The document discusses the growth of e-banking in Nepal and challenges in developing skilled e-banking users. It notes that while the number of bank accounts and internet/mobile users is increasing, over 70% with bank accounts and 53% with broadband do not use e-banking. Key challenges include infrastructure limitations, risk perceptions, linguistic/literacy factors and transaction limits. The document recommends solutions like digital literacy programs, simplified interfaces, and policy changes to increase e-banking adoption and skills.
The document discusses access control and authorization in distributed systems. It introduces role-based access control (RBAC) as a promising approach. RBAC separates the administration of principals and roles from the specification of authorization policy in terms of roles. This allows authorization policy to be expressed independently of changes to principal membership. RBAC also facilitates inter-domain authorization by allowing roles to span domains. The document presents an example RBAC implementation using the OASIS framework that specifies role activation and authorization policies using rules. It describes how roles can be activated and how certificates tied to roles can be used to enforce authorization across distributed services.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
4. 4 | Company Confidential
The Economist, November 2015
“Attackerswillstillgetin(toomuchbadlydesignedhardwareand
softwareisoutthere,andseeminglyinnocentwebsitescanbe
doctoredtoinfectcomputersthatvisitthem).Theonlysafe
assumptionisthatyournetworkisbreached,andtomakesure
thatyoudealwithintruderspromptly—notafterthe200-odd
dayswhichittypicallytakes.“ -EdwardLucas
5. 5 | Company Confidential
The Economist, November 2015
“Manynetworkshavenomeansofdetectingabreachatall.And
old-stylecyber-securitygeneratestoomanyalerts:“false
positives”,inthejargon.Whenaburglaralarmringsconstantly,
peopleignoreit.Nowthecombinationofclevereralgorithms,
betterdatacollection,cheaperstorageandgreaterprocessing
powermakesiteasiertoautomatethedetectionofanomalous
behaviour,andtoworkoutwhoisuptowhat.“ -EdwardLucas
6. 6 | Company Confidential
The Expanding Cyber Threat Motive
Political Ideological Criminal
7. 7 | Company Confidential
Damaging Data Breaches
8. 8 | Company Confidential
Common Security Challenges
• Connections Moving to Encrypted
Channels
• Increased Load = poor performance
• Difficult to Deploy
• Potential lost visibility
• "Social Attack" – Employees will mix
Personal with Professional
• social tactics being used in around 20% of
confirmed data breaches
• 30% over larger time frame
• the top three, phishing (72%), pretexting
(16%), and bribery/solicitation (10%),
represent the vast majority of social actions in
the real world.
• 80% of data breaches involve exploitation of
stolen, weak, default or easily guessable
passwords
"Many data breach victims believe they are
in isolation, dealing with sophisticated
tactics and zero-day malware never seen
before—we see otherwise. To us, few
breaches are unique. In fact, our VERIS
research indicates that at any given point
in time, a small number of breach scenarios
comprise the vast majority of incidents
we investigate. There is tremendous
commonality in real-world cyber-attacks. In
fact, according to our RISK Team incident
data set over the previous three years,
just 12 scenarios represent over 60% of our
investigations."
http://media.scmagazine.com/documents/214/verizon_data_breach_
digest_53373.pdf
9. 9 | Company Confidential
Common Attack Scenario
Weaponization
Delivery
Reconnaissance Command & Control
Actions on Objective
Exploitation
Installation
10. 11 | Company Confidential
Prevention-Centric is Obsolete
“Advanced targeted attacks make prevention-centric
strategies obsolete. Securing enterprises in 2020 will
require a shift to information and people-centric security
strategies, combined with pervasive internal monitoring
and sharing of security intelligence.”
“By 2020, 60% of enterprise information security budgets
will be allocated for rapid detection and response
approaches up from less than 10% in 2013.”
- Neil MacDonald,
11. 12 | Company Confidential
Prevention-Centric is Obsolete
“For many enterprises there is a disconnect between the
products they are buying and their effectiveness. "Many
people are putting firewall, IPS, and antivirus in place
thinking that intelligence is actually going to help them,"
Chenette said...”
“"Hope is not a strategy," said Chenette, so in order for
companies to improve their security strategy, they need to
realize that technology can fail. "Controls fail over time,
and the worst outcome is that there is a breach because
they had a control in place that should’ve detected,"
Chenette said.”
- Stephan Chenette, CEO, AttackIQ
12. 13 | Company Confidential
“Traditional Security” Creates Silos
Security
Firewall
IPS
Malware
WAF
End Point
Network
Routers
Switches
Wireless
Directory
Services
Active
Directory
Users
Groups
Data
Management
Data Loss
Data in
Motion
Data at Rest
Email
Spam
Malware
Phishing
Physical
Alarms
Surveillance
Access
Control
Partners Have
Engaged Their
Customers With
These Solutions
For Years…..
LogRhythm
Makes These
Pieces Work As A
Single Security
Eco System…
13. 14 | Company Confidential
Bringing it all into one place
14. 15 | Company Confidential
Big Data Analytics can best detect these threats
An Excellent Security
Intelligence Platform
Delivers:
• Big Data analytics to identify
advanced threats
• Qualified and prioritized
detection, reducing noise
• Incident response workflow
orchestration and automation
• Capabilities to prevent high-
impact breaches & damaging
cyber incidents
However, advanced threats:
• Require a broader view to recognize
• Only emerge over time
• Get lost in the noise
Prevention-centric approaches
can stop common threats
A New Security Approach is Required
15. 16 | Company Confidential
Data Exfiltration Can Be Avoided
Advanced threats take their time
and leverage the holistic attack surface
Early neutralization = no damaging cyber incident or data breach
Initial
Compromise
Command
& Control
Lateral
Movement
Target
Attainment
• Exfiltration
• Corruption
• Disruption
Reconnaissance
16. 17 | Company Confidential
Security Intelligence Platform
TIME TO DETECT TIME TO RESPOND
Recover
Cleanup
Report
Review
Adapt
Neutralize
Implement
countermeasures
to mitigate threat
and associated
risk
Investigate
Analyze threat to
determine nature
and extent of the
incident
Threat Lifecycle Management: End-to-End Detection & Response Workflow
Qualify
Assess threat to
determine risk
and whether full
investigation
is necessary
Detect &
Prioritize
User
Analytics
Machine
Analytics
Collect &
Generate
Forensic
Sensor Data
Security
Event Data
Example Sources
Log &
Machine Data
Example Sources
17. 18 | Company Confidential
Faster Detection & Response Reduces Risk
High Vulnerability Low Vulnerability
Months
Days
Hours
Minutes
Weeks
MTTD
&
MTTR
MEAN-TIME-TO-DETECT (MTTD)
The average time it takes to recognize
a threat requiring further analysis and
response efforts
MEAN-TIME-TO-RESPOND (MTTR)
The average time it takes to respond
and ultimately resolve the incident
As organizations improve their ability to
quickly detect and respond to threats,
the risk of experiencing a damaging
breach is greatly reduced
Exposed to Threats Resilient to Threats
18. 20 | Company Confidential
Market Leadership
Certifications & Validations Industry Awards
Company Awards
Company of the Year
Industry Analysts
19. 21 | Company Confidential
Nate.Traiser@logrhythm.com
Twitter @1832PRO
THANK YOU
Editor's Notes
Jim Wineberg
Regional Account Manager – Mtn States & NW
Mobile: 970.214.5394
Email: jim.wineberg@logrhythm.com
Nate Traiser
Enterprise Sales Engineer – Mtn States & NW
Mobile: 720.935.7767
Email: nate.traiser@logrhythm.com
http://www.theworldin.com/article/10644/counter-hack
Show of hands:
? Who feels confident they can find a potential breach in their network?
If YES, how confident are you?
If NO, what are you doing about shining light to the dark areas of our network?
Key Talking Points:
Nation states are operating in a cyber cold war.
There is a lucrative growing cybercrime economy.
The growing cybercrime economy creates an ecosystem that lowers the bar for all threat actors to do bad things.
Notes:
There are increasing motivations for bad people to bad things.
Politically motivated groups may be well-funded, well-educated, and looking for Intellectual Property to advance their own country’s GDP
Ideological groups may be small pockets of individuals or crowd-sourced, used the Internet to connect like-minded to create disruption, damage, or create embarrassment for organization
Primarily criminally motivated groups are seeking financial reward and can be incredibly well-funded and organized. Regardless of motivation, each three resort to criminal actions to achieve their goals
There are different motivations for hackers, but given social media and dark sites different hackers/groups can collaborate or purchase intel from each other to achieve their own ends – force multiplier for all bad actors
Examples:
Political: Allegedly, North Korea is responsible for the mass data theft of Sony Entertainment as a pay back for releasing the movie, “The Interview”
Ideological: The Syrian Electronic Army is responsible for a number of website defacements, including in Jan 2015 SEA hackers managed to infiltrate LeMonde’s publishing tool before launching a denial of service
Criminal: A cyber attack exposed 11 million Premera Blue Cross members data to sell the IDs on the black market and enable identity thefts
Key Talking Points:
1) Victims of damaging cyber breaches make the news every week – don’t become one of them!
2) These are just the high-profile breaches in the past 6mo – countless more happen all of the time and they don’t make headlines
-----
Notes:
Bad actors have executed a series of high-profile, damaging data breaches. It seems like there’s someone new on the cover of the WSJ every week. This slide illustrates how much damage is being done.
Make sure to understand the difference between a data breach vs. just a compromise.
https://thehackernews.com/2015/12/hyatt-hotel-hack.html
https://thehackernews.com/2016/03/ddos-protection.html
https://cyber.ciab.com/2015/08/10/social-engineering-hack-costs-ubiquiti-networks-46-7-million/
https://linux.slashdot.org/story/16/02/24/1924229/linux-mint-hack-is-an-indicator-of-a-larger-problem
http://hackinstagram.net/
https://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/
http://www.cnbc.com/2015/12/02/vtech-hack-data-of-64m-kids-exposed.html
http://www.usatoday.com/story/tech/2015/06/12/office-of-personnel-management-hack-china/71146452/
http://www.hackbusters.com/news/stories/474978-landesk-hacked
http://arstechnica.com/security/2016/03/seagate-employees-w-2-forms-exposed-in-another-payroll-phish/
Perimeter applications and appliances are focused on what they do best – the perimeter. They provide a number of tools to effectively combat a large percentage of known threats, leveraging signature based technologies, some dpi for protocol analysis, some user behavior (outbound requests only) and some sandboxing techniques
Your employees and your business partners can be potential threat actors or targeted victims. It is important to not lose sight of the role humans play in data breaches.
>They are not leveraging new techniques – this is the same old story. After performing some initial recon (ie: ping tools, nmap, metasploit) against external facing assets, they move their recon phase over to target acquisition. During the target acquisition phase, they identify and isolate their targets using the same platforms we all do business and pleasure on (linkedin, facebook, amazon, twitter…). Some simple google query hacking and they have the content they need to craft a very compelling email with an attachment.
>Once the target is primed, a zero day payload is sent out to the target via a spear phishing email, and they sit back and wait for a call back to whatever command and control infrastructure the have in place. Could be a dyndns server, could be a twitter feed, could be a fast flux network or ftp server.
>Once they’ve exploited your internal asset, they then use that account to gather other hashes or move laterally in the network to other high value assets. Obviously the end goal here is to take your IP, or customer data in the long term and build some redundancy so they can re-infiltrate your network in the future.
Key Talking Points:
A new approach is needed and Gartner agrees.
Detection and response growing from 10% of budget to 60% of budget
Notes:
The punchline is the Gartner quote saying that a prevention-centric approach is obsolete and that budgets are changing to reflect that reality. The industry is shifting from a focus on prevention to a more rounded approach including ability to detect and respond.
There has to be a better way of detecting these compromised accounts and assets internally right?,
There is – its starts with breaking down the security and infrastructure silos in the environment. You have 50+ applications and devices running on your networks. Some organizations it can be thousands. Some of these devices can communicate with each other but it’s not contextually around security.
Even your IT staff can be segmented – your Exchange admin can be a different group or person from your firewall admin, and your desktop group can be completely separate from your security group. Not only are there technical silos, but also hierarchical silos that have been created over the years.
When we talk about breaking the silos, we’re specifically talking about finding a home for all of the contextual data all your devices and users are creating within the network. The LogRhythm platform is uniquely designed to act as your log management layer for compliance, your SIEM for correlated and high corroborated activities, with another layer and level of UBA (user behavior analytics), network threat analytics and endpoint analytics so you can gain visibility into who is in your network, what they are doing, what risk they pose and mitigate the risk before it becomes loss.
Combine this technology stack with people and process, and you have a readily defendable network.
Key Talking Points:
With traditional methods, threats get lost in the noise.
“Big Data” analytics can help solve this problem.
“Prioritized threats”
Notes:
Some things can be blocked and stopped, but only known threats in real-time, or otherwise you get in the way of the business. Analytics is needed to address the threats that get through. We use big data analytics to separate the signal from the noise. This slide also sets up our incident response message.
Key Talking Points:
“Holistic attack surface”
Mission realization
Kill the threat easily
Previous breaches would’ve been avoided if detected early.
-----
Notes:
Goes further on our solution to show that damaging breaches can be avoided because the threat lifecycle takes time.
The lifecycle of a threat begins with reconnaissance. Find their way in by manipulating users, dropping USB keys in parking lot, compromising physical environment, etc. At some point, they will begin to engage with the environment and eventually compromise the system. If that compromise isn’t detected, they will take increasing control over the environment and move laterally toward their target, taking over accounts and systems until they attain their target, where the biggest damage is done: exfiltration, corruption, disruption, etc.
This is how threats work. If we can stop the attacker after the initial compromise, we can prevent the damaging breach.
Key Talking Points:
“Threats always evidenced in forensic data”
“Machine analytics is the future”
Unified Security Intelligence Platform best protects
Notes:
How do we actually measure detection and response and enable organizations to accelerate these processes?
MTTD: When a threat engages, there are tracks left behind. The first challenge is discovering this threat. User Analytics is done by people and works well, but it doesn’t scale well. Good place to take digs at Splunk. Machine Analytics is where we excel. Analytics performed continuously by software. Prioritize threats. This is the future of threat discovery. This is where we lead the market and invest the most heavily. Qualification is about determining whether this is a threat that can bring us hard that requires more investigation.
MTTR: The next step is to investigate and determine if there is a real risk. If so, need to mitigate the threat. These comprise time to respond. LR has an embedded case and security incident management facility that manages and streamlines the response process. An alarm comes in and can be moved to a case as part of an evidence locker, it can be annotated, add PCAPs and files, add collaborators, centralize management, determine if it’s an incident, provide visibility to CISO. Can organize response, including automated SmartResponses.
The last step is Recover. We don’t really measure this because this can be done at your own pace. We do accelerate recovery because of our incident response facility.
What’s unique about LR is that our platform delivers this workflow end-to-end. This increases effectiveness and efficiency. Makes security teams their absolute best. We’ve seen lots of companies that have built something similar from a collection of different providers, with something like ArcSight, Splunk, maybe a custom built system and a bunch of spreadsheets, probably no machine analytics. This gives them an expensive and ineffective Frankenstein system. LR has spent 10 years building a purpose built workflow.
-----
Alternate:
LogRhythm’s Security Intelligence Platform is unique in the industry to unify all steps of the work flow within a single platform, creating greater efficiencies and effectiveness as a result.
Workflow step details:
Forensic Data; evidence of the threat will by captured in log and audit data, or captured via sensors on the endpoint or in the network.
Discover: This evidence must be discovered.
Discovery can be through user analytics, viewing dashboards, reports, running daily searches, etc
But more likely via Machine Analytics given the volume and variety of activities on a daily basis. Machine analytics must leverage multiple analytical techniques and corroborate activities to surface those sets of activities requiring an analysts’ attention
Qualify: A concerning activity has been discovered, but now must be qualified. The solution provides tools to quickly understand the activities surrounding a concerning event to qualify as a threat, activities that appear to represent true harm intended to the organization
Once the threat is qualified, the threat has been discovered. This can be measured as the time to detect. This now starts the clock on the response effort.
Investigate: Now that the threat is qualified, a fuller understanding of scope is required. How many hosts were impacted, other user accounts, etc? This requires collecting all of the evidence into a single repository and coordination across multiple analysis as necessary.
Mitigation: With full scope understood, the threat can be mitigated. Some countermeasures can be automated, such as disabling user accounts, quarantining hosts, or changing ACLs while other mitigations will require the details of the investigation to be understood.
Once the threat is mitigated, it has been responded to. The organization can understand the time it took to respond.
Recover: While not as critically time-bound but important, is a recovery step to fully understand how the threat was discovered, qualified, and mitigated to understand how to decrease MTTD and MTTR, as well as other changes to the IT environment or User Training.
Key Talking Points:
“Mean-time-to-detect” and “Mean-time-to-response”
Reduce risk of damaging cyber incident or data breach
Notes:
What’s the solution? Faster detection and faster response.
We’ve developed a model to assess your current maturity and ability to detect and respond to threats. Help customers measure their overall security posture. Many studies show that MTTD and MTTR are measured in weeks and months, and companies that want to improve need the types of solutions we provide.