- Overview of the AlienVault USM Platform
- Differentiation through Delivery "Threat Detection That Works"
- Ways to Engage via Managed Services, Security Device Management and Professional Services
- AlienVault MSSP Program Details
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
The considerations organisations should be aware of when selecting managed security service providers (MSSPs) for the management of controls and the monitoring of detected intrusions.
With an often-increased focus on effective and timely response to breaches, many organisations are going down the route of using a third party service to conduct an operational role in their security management processes. However there are things to ask of potential providers at the selection stage, as well as requirements on how services operate once up and running.
It is also important to understand that there will be controls and processes that will still be required for effective management of, and communication with, the MSSP. Both parties play a role in responding to incidents from detection to resolution.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Definition of the current global market for Managed Security Services (MSSPs) and a guide to those looking to purchase a service in the future. The presentation also touches on the implications of GDPR on the MSS market.
According to Cisco’s 2018 Cyber security automation Study, organizations overwhelmingly favor specialized tools to get the most robust capabilities across their environment. The more disparate technology a SOC uses, the greater the need for security orchestration and automation platform to help tie everything together.
Visit - https://www.siemplify.co/
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Get advice from security gurus on how to get up & running with SIEM quickly and painlessly. You'll learn about log collection, log management, log correlation, integrated data sources and how-to leverage threat intelligence into your SIEM implementation.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
The considerations organisations should be aware of when selecting managed security service providers (MSSPs) for the management of controls and the monitoring of detected intrusions.
With an often-increased focus on effective and timely response to breaches, many organisations are going down the route of using a third party service to conduct an operational role in their security management processes. However there are things to ask of potential providers at the selection stage, as well as requirements on how services operate once up and running.
It is also important to understand that there will be controls and processes that will still be required for effective management of, and communication with, the MSSP. Both parties play a role in responding to incidents from detection to resolution.
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
View on-demand recording: http://securityintelligence.com/events/ibm-security-qradar-for-msps/
As the number of security events grow in complexity and frequency, your clients are likely looking for ways to deploy leading security capabilities to gain more comprehensive security visibility across their operations. With the next release of IBM Security QRadar, you have an enhanced opportunity to deliver a best-in-class security intelligence solution to your broad base of customers.
Join us for a webcast presented by Vijay Dheap, IBM Security Global Solutions Manager, to learn about the new features of IBM Security QRadar designed especially for Managed Service Providers. He will cover:
- Centralized views and incident management with extensive APIs
- Flexible MSP pricing options
- Horizontal, snap-on scalability that is cloud ready
This is an introduction to AlienVault’s Open Threat Exchange (OTX), an open threat information sharing and analysis network, created to put effective security measures within the reach of all organizations. Unlike invitation-only threat sharing networks, OTX provides real-time, actionable information to all who want to participate.
Three Considerations To Amplify Your Detection and Response ProgramMorphick
View the webinar on demand now! https://goo.gl/Mvv4Hw
Defensive security technologies increasingly fail to prevent advanced attackers from gaining access to enterprise networks. Sophisticated attackers can only be stopped by proactive security measures that harness skilled analysts and advanced technology.
Join Morphick and Endgame for a webinar to learn effective strategies to detect and eliminate advanced threats in your Enterprise. This webinar will highlight:
- Today’s security landscape
- How to close the protection gap
- Three strategic considerations to stop advanced threats
Gamification of your Global Information Security Operations Center - RSA 2015Morphick
This presentation shows how the Whirlpool Corporation and Morphick, Inc. are using gamification to keep their ISOC analyst and incident response team members enthusiastically engaged while at work.
The North American Electric Reliability Corporation (NERC) introduced Critical Infrastructure Protections (CIPs) as mandatory cyber security regulations, intended to protect the bulk electric grid. This compliance guide, updated according to NERC CIP version 4 (applicable as of June 25, 2012), provides an overview of the compliance requirements as well as steps to achieve NERC compliance.
To download a free Nexpose demo, click here:
http://www.rapid7.com/products/nexpose/compare-downloads.jsp
To download a free Metasploit demo, click here:
http://www.rapid7.com/products/metasploit/download.jsp
Webinar: Data warehouse na nuvem da AWS
Amazon Redshift é um serviço de data warehouse (DW), totalmente gerenciado, em escala de petabytes, que torna mais simples e econômica a análise todos os seus dados, utilizando as ferramentas de inteligência de negócios que você já dispõe. Comece aos poucos e aumente a escala até petabytes por menos de $1000 por terabyte por ano, com um décimo do custo das soluções tradicionais de DW.
MSP Sales Best Practice | How to Close Sales LeadsDavid Castro
MSP sales tactics and best practices. Content includes the following: How to plan and prioritize your efforts using your list of qualified leads; Sample goal-setting techniques to help you get ready for a sales appointment; How to identify your best sales opportunities (and avoid wasting time on deals that will never close); How to prepare for – and how to handle – the 4 or 5 most common sales objections; How to use 3 effective closing techniques that will help you win new business. Presented by Kaseya with MSP Sales Pros. September 2013.
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...David Castro
MSP sales tips and techniques. How to use Kaseya to perform an IT network assessment as an effective sales prospecting tool. Topics include how to create a sales pitch for using IT network assessments, what types of network information to gather, and how to analyze the data. Also discussed are tips on how to use Kaseya as the technology that enables this sales tactic, how to prepare for the client meeting to be ready to answer questions - and objections. See a sample Report of Findings and learn how to use the summary report to convert the prospect to a new MSP client.
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
Bill Phelps (Managing Director of Security Programs, Accenture)'s presentation on observations of cloud security trends at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
Why do many managed services relationships fail? And fail again? Both organizations need to be aligned up front and hold hands during onboarding. This presentation covers the top five focus areas. Many MSSP relationships are doomed at the onboarding stage when an organization first becomes a customer. Given how critical these early stage activities are to your partnership, it's imperative to understand the top five areas of focus: technology deployment (the easy part, getting the tech running); the call tree (who do I wake up at 3 a.m.?); process sync (the fun part: mutual synchronization on who does what and when); access, access, access (you need access to do something); and the context of technology (the need to understand your shop).
What you’ll take away:
Understand proven success criteria for successful outsourcing of security operations
Learn how to align security technologies to security processes, and the key focus areas of security operations
Access to key checklists and charts to drive onboarding of managed services
An understanding of specific terms and conditions that need to be included in data-related contracts under applicable laws
Discover how other organizations have succeeded and failed in MSSP relations
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank.
Join us for a live demo to see how AlienVault USM addresses these key IT security needs:
Discover all IP-enabled assets to get an accurate picture of attack surface
Identify vulnerabilities like insecure configurations and unpatched software
Improve situational awareness with real-time threat detection and alerting
Speed incident containment & response with built-in remediation guidance for every alert
Investigate anomalies in protocol usage, privilege escalation, host behavior and more
Generate fast & accurate reports for compliance & management
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Organizations need to apply security analytics to obtain seamless visibility and monitoring across both their on-premises and cloud environments. These challenges can be solved with comprehensive detection rules and behavioral analytics to ensure you detect potential threats.
Join FireEye and AWS to learn how Threat Analytics Platform (TAP) helped unify a major U.S. financial company’s on-premises and cloud-based Security Operations Centers (SOCs) by providing a single, cloud-based solution for monitoring their hybrid IT environment. FireEye’s TAP provides seamless visibility, detection and investigation across your on-premises and AWS Cloud environments ensuring actionable insight into threats targeting your company.
Join us to learn:
• How TAP ingests and analyzes AWS CloudTrail log files, providing visibility into both your AWS environment and the applications running on it
• TAP's best practices workflow to guide and inform your threat investigation
• How a major U.S. financial company unified their on-premises and cloud-based SOCs in to a single, cloud-based security operation
Who should attend: Directors and Managers of Security, IT Administrators, IT Architects, and IT Security Engineers
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
Ensuring cyber resilience presents different risk points and many challenges. Not all organizations possess the internal capabilities and expertise necessary to strategize, execute, and safeguard their attack surface. By identifying vulnerabilities, deploying tools, and educating users, cybersecurity services can make the digital environment safer for all.
Our Cyber Resilience FasTrak provides three flexible options for personalized
protection. Select the service that is right for your organization:
- Improve cyber defenses with a Security Health Check
- Uncover hidden threats with AI powered Threat Hunting Service
- Don’t be scared, be prepared with Incident Response Simulation
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
Optimizing Security Operations: 5 Keys to SuccessSirius
Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents.
Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level.
Read to learn:
--Advantages and disadvantages of different SOC models
--Tips for leveraging advanced analytics tools
--Best practices for incorporating automation and orchestration
--How to boost incident response capabilities, and measure your efforts
--How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation
Start building your roadmap to a next-generation SOC.
Enterprise Class Vulnerability Management Like A Bossrbrockway
A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk takes the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations based on your business' needs.
Webinar - Feel Secure with revolutionary OTM SolutionJK Tech
Learn how you can adopt to use the best Security Mechanisms which leverages unmatched combination of behavioral analysis, machine learning & dynamic threat intelligence to deliver comprehensive rich visibility, holistic threat detection & containment of threats in real-time.
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
Since its launch a year ago, the IBM Security App Exchange has added over 60 apps to help extend the value of security solutions. In this webinar, meet three developers of the newest apps that help detect and respond to threats across networks and endpoints to improve security decision making and speed investigations.
Prevoty Runtime Application and Data Visibility for IBM QRadar provides real-time insights into application attacks, including the OWASP Top 10, data exfiltration and fraudulent behavior. Prevoty's solution is installed directly within an application and travels wherever it is deployed, in the cloud or on-premises. By using Prevoty, enterprises have unprecedented visibility and correlation across network, application and database activity.
Niara User and Entity Behavior Analysis for IBM QRadar reduces alert white noise and accelerates SOC attack response by utilizing QRadar data to provide a new dimension of analytics enabled by over 100 rule-less Machine Learning models designed to detect attacks that have evaded real time defenses while providing detailed forensic visibility.
Check Point Software SmartView for IBM QRadar consolidates monitoring, logging, reporting and event analysis into a single console to bring you comprehensive, easy-to-understand threat visibility to enable your security team to focus their efforts on the critical threats for forensic analysis within a unified console.
Join this webinar hosted by Russ Warren, IBM Security Intelligence Program Manager, to hear more about these apps and how they extend the power of IBM QRadar SIEM, and also how you can develop your own apps.
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
AlienVault Unified Security Management™ (USM) integrates SIEM/event correlation with built-in tools for intrusion detection, asset discovery, vulnerability assessment and behavioral monitoring to give you a unified, real-time view of threats in your environment. NEW v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need, starting on Day 1.
Join us for a live demo to see how new USM v5.0 makes it easier than ever to accomplish these key tasks:
Discover all IP-enabled assets on your network
Identify vulnerabilities like unpatched software or insecure configurations
Detect network scans and malware like botnets, trojans & rootkits
Speed incident response with built-in remediation guidance for every alert
Generate accurate compliance reports for PCI DSS, HIPAA and more
Web app penetration testing best methods tools usedZoe Gilbert
Read this blog to know the best methodologies of web app penetration testing and tools to gain real-world insights by keeping untrusted data separate from commands and queries, with improved access control.
Everything you really need to know about IDS (Intrusion Detection Systems) Combining with HoneyPots. Deployment and usage techniques used in the past and today. How to setup and deploy onto any network including the cloud. Reasons why this should be used in all networks. How to bring BIG DATA down to Small Data that is easy to understand and monitor.
It’s all over the news that data breaches occur daily! I asked WHY these hackers can download terabytes of data in timespans of months without being noticed. What are these companies paying their SOC team millions of dollars for? How come all the money is going to devices to prevent breaches and little to none in detecting when they occur? Don’t people know there are only two types of companies “those that been hacked, and those that don’t know they been hacked”. What can I do to detect a breach within seconds on any network scale? I think I figured it out. In my talk you’ll learn how you and your clients can benefit by applying my exclusive techniques, which I’ve successfully deployed. So the next time you get hacked the hacker would not be able to steal all those credit cards and photos of that Halloween party.
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.
Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.
You'll learn:
What the AlienVault Labs security research team has learned about these threats
How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
How the incident response capabilities in USM Anywhere can help you mitigate attacks
Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast
Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly.
You'll learn everything you need to know about:
* Critical information stored in your logs and how to leverage it for better security
*Requirements to effectively perform log collection, log management, and log correlation
*How to integrate multiple data sources
*What features to look for in a SIEM solution
AlienVault Threat Alerts are a simple yet powerful tool that comes built-in with Spiceworks. When a device on your network has been interacting with a known malicious host or suspicious IP, you’ll immediately get an alert in your feed and you’ll get an alert email.
Open Source IDS Tools: A Beginner's GuideAlienVault
This SlideShare provides an overview of the various Open Source IDS tools available today. Whether you need to monitor hosts or the networks connecting them to identify the latest threats, these are some great open source intrusion detection (IDS) tools available to you.
PCI DSS Implementation: A Five Step GuideAlienVault
Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization.
AlienVault PCI DSS Compliance:
https://www.alienvault.com/solutions/pci-dss-compliance
Have a question? Ask it in our forum:
http://forums.alienvault.com
More videos: http://www.youtube.com/user/alienvaulttv
AlienVault Blogs: http://www.alienvault.com/blogs
AlienVault: http://www.alienvault.com
Improve threat detection with hids and alien vault usmAlienVault
Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including:
Analyzing system behavior and configuration status to track user access and activity
Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes
Correlating HIDS data with known IP reputation, vulnerability scans and more
Logging and reporting for PCI compliance
The State of Incident Response - INFOGRAPHICAlienVault
Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. The results of the 2015 SANS Incident Response Survey provides a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling.
Some key challenges reported by responders to the survey were:
66% cited a skills shortage as being an impediment to effective IR:
54% cited budgetary shortages for tools and technology
45% noted lack of visibility into system or domain events
41% noted a lack of procedural reviews and practice
37% have trouble distinguishing malicious events from nonevents
Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice. Visit http://ow.ly/R3Cr0
Incident response live demo slides finalAlienVault
So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes.
You'll learn:
Tips for assessing context for the investigation
How to spend your time doing the right things
How to to classify alarms, rule out false positives and improve tuning
The value of documentation for effective incident response and security controls
How to speed security incident investigation and response with AlienVault USM
Improve Security Visibility with AlienVault USM Correlation DirectivesAlienVault
At the heart of SIEM is ability to correlate events from one or many sources into actionable alarms based on your security policies. AlienVault USM provides over 2100 correlation directives developed by the AlienVault Labs team, plus the ability to create your own custom rules.
Join us for this customer training session covering how to:
Ensure you are using the latest and greatest built-in correlation directives from AlienVault Labs
Write your own correlation directives based on events from one or more sources
Turn correlation information into actionable alarms
Use correlations to enforce your security policies
With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network.
Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for.
By learning how malware works and recognizing its different types, you’ll understand:
- How they find their way into your network
- How attackers control them remotely
- How they use your systems for nefarious purposes
- And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than EverAlienVault
With a focus on simplifying asset management, OSSIM v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need. Join us for this user training to learn how to get the most out of these new enhancements:
Assign custom labels for assets, groups and networks
Search, filter and group assets by OS, IP address, device type, custom labels and more
Run vulnerability and asset scans on custom asset groups with one click
Filter by asset groups in alarms, security events and raw logs
Update configuration, sensor assignment, asset value and more on multiple assets and groups of assets at once
...and more!
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including:
-Asset Discovery - creating an inventory of running instances
-Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
-Change Management - detect changes in your AWS environment and insecure network access control configurations
-S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
-CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
-Windows Event Monitoring - Analyze system level behavior to detect advanced threats
With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook.
We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools.
In this live demo, we'll show you how USM helps you get more out of OSSEC with:
Remote agent deployment, configuration and management
Behavioral monitoring of OSSEC clients
Logging and reporting for PCI compliance
Data correlation with IP reputation data, vulnerability scans and more
We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM
Best Practices for Configuring Your OSSIM InstallationAlienVault
Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation.
Join us for this customer training webcast where our OSSIM experts will walk through:
How to deploy & configure OSSEC agents
Best practices for configuring syslog and enabling plugins
Scanning your network for assets and vulnerabilities
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output and the three "P's" - policy, procedure and process. We won't stop there either! You will find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
There's always a need to stop bad stuff from coming in, but it's important to remember that those inside the firewall can pose an even bigger risk to your network security. Whether its unsuspecting users clicking on phishing e-mails, someone running bit torrent in your datacenter, or a truly malicious user out to sabotage the network, insider threats can really keep you up at night.
Join us for this technical demo showing how USM can help you detect:
Malware infections on end-user machines
Insiders misusing network resources
Privileged users engaging in suspicious behaviors
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
1. AlienVault – MSSP Program Overview
AUGUST 13, 2014
A DIFFERENT APPROACH TO SECURITY FOR MSSP’S
partners@alienvault.com
2. AGENDA
• Market Overview
• “The 5 areas customers consider when selecting an MSSP”
• Where most MSSPs struggle to offer real value
• Overview of the AlienVault USM Platform
• Differentiation through Delivery "Threat Detection That Works”
• AlienVault MSSP Program Details
3. Market Realities
WHAT WE KNOW ABOUT ORGANIZATIONS
• Lack the in-house capabilities required to keep pace with changing
business demands, compliance mandates, and emerging threats for
strategic implementation of new IT security solutions.
• Don’t have the capabilities to effectively monitor and manage the security
infrastructure to ensure optimal utilization of current assets.
• Have in-house IT staffs that spend too much time on day- to-day
operational security issues versus new strategic projects.
• Depend on IT security tools and processes that provide a reactive, rather
than proactive, approach to mitigating risk and minimizing data loss and
downtime.
… Which has led to organizations moving to
4. Those who look for a
platform that is already
integrated – or “Unified
(Integrated) Security
Two Types of MSSPs
Those who try to buy/build
and integrate it all on their
own…
5. Observations of MSSPs in the Market
CHALLENGES ON DELIVERING VALUE
Operationalizing the Offering
- Many MSSPs don’t have the experience needed to avoid the costly mistakes
and
end up managing the system far more than they spend on the value they bring to
their
customers. Attempting to tie disparate systems together is a failed strategy.
Basic (i.e. “Weak”) Correlation
- Correlation of events and Incident-specific reports are required to offer true
security
visibility; however most MSSPs don’t deploy solutions that allow customers to get
anything more than very basic reporting/correlation
Deployment of SIEM technology to provide in-house alerting and log analysis:
- MSSPs typically lack the needed insight into the customer IT and business
environment; thus, they are challenged in determining whether events involving
6. Let’s “double-click’ on these challenges
High Fidelity vs. False Positives
- “Custom” correlation is the only way to achieve any true value/threat visiblity from a SIEM
platform. The task of base-lining an environment and creating these alerts/alarms is daunting
enough in a single environment – How can an MSSP deliver this across many environments?
Poor Change Management
- Strong correlation is based on “known” baselines and an intimate understanding of a
customers environment. MSSPs by virtue of what they do – are an after thought to change
management by the organizations who work with MSSPs. Every change to that environment
impacts the fidelity of correlation. Poor correlation = poor threat detection.
Poor Log Storage
- Logs are only valuable to your customers if they can access them. Storing logs for a
sufficient period of time or in a location that the customer cannot be access makes the services
less valuable.
CORRELATION
7. Delivering Confidence, Simplicity &
ValueWHAT YOU CAN OFFER YOUR CUSTOMERS
Managed security operations and response
- Provide first line incident detection and triage
- Escalate to customer as needed for remediation response
Reporting of vulnerabilities and threats
- Identify known malicious entities probing their systems
- Detect latest attack payloads
- Identify compromised systems
- Leverage time-tested security controls with minimal deployment overhead
- Identify potentially insecure behaviors
- Identify unpatched software, known to vulnerable
… A single security technology stack makes this possible – AT
SCALE
8. POWER OF THE OPEN THREAT EXCHANGE
(OTX)
TO DETECT THREATS
Crowd-sourced threat data from 8,000+ sites across 140
countries
500,000+ IPs validated daily
Free Threat Services
• Reputation Alert Monitor
• Threat Finder
• Interactive Threat Map
18. MSSP “GETTING STARTED” PACKAGES
Public Training + Deployment
Assistance
Private Training + Deployment
Assistance
Packages include…
• AlienVault product training for one (1)
engineer at a public AlienVault training
center
• Three (3) days of remote support by a
Certified AlienVault Deployment Architect
• AlienVault product training for up to 8
people at your facility
• Three (3) days of remote support by a
Certified AlienVault Deployment Architect
Become a certified AlienVault MSSP partner
19. MSSP Partner of AlienVault
SMALL SAMPLING OF PARTNERS
Today we have 100+ MSSPs around the world… some supporting less than 5
customers…some supporting 100’s of customers
• Breaches/Infection rates have no correlation to company size so smaller MSSPs
have the same challenges that larger MSSPs do. The problem they solve is just
as significant.
• Larger companies do have larger budgets so when serving the small business and
mid-market; efficiency at scale is important.
We offer entry points for any
size MSSP. The largest to
the newly formed.
– It is difficult to strike the right balance between correlation rules that catch all possible attacks and correlation rules that produce too many false-positive alerts. Tuning often requires a professional services engagement and on-going expenses. This will continue to plague the MSSPs who choose traditional SIEM or Logging solutions as the complexity of managing all of the moves, adds, edits to the data sources (servers, devices, & applications) that feed them is not something they can solve for. Organizations rely on the data collection, normalization and retention for the purpose of correlation. Without strong (i.e. custom) correlation, detecting and responding to threats is impossible. Custom correlation must be verified every time there is a change on the network if an organization wants to ensure the fidelity of their correlation logic. For example, it’s not uncommon to see a data source change (OS/firmware update), which will dramatically impact the fidelity of the correlation rules/alarms/logic. This happens when updates are performed to network devices, servers (physical & virtual), anti-virus, applications, etc. Organizations are very dynamic. Correlation must also be dynamics UNLESS you solve for this another way.
The “Rules-based” approach – When a correlated security event is presented to the security analyst, it’s reasonable to expect the analyst to limit his or her investigation to the data sources reported by the alert. A “Rules-based” approach supports only a go-forward view of security data, if you get a correlation rule wrong, you can’t adjust the model and re-analyze the data, because events that didn’t match the old rule have already been discarded. Not the desired outcome…
AlienVault’s USM solution solves for this through “unifying” your entire security technology stack. We’ll dive into that later in this presentation…
AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response. The main advantages of USM are simplicity, streamlined installation and use, and the ability to update all the security functions concurrently. These concurrent updates allow AlienVault to do something no other solution on the market can do. AlienVault’s threat intelligence team can write, maintain and verify all the needed correlation delivering the highest levels of security visibility.