A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Endpoint Detection and Response for DummiesLiberteks
This document provides an introduction to the concepts of endpoint detection and response (EDR). It defines an endpoint broadly as any connected device used to access an organization's network and data. As new types of devices connect, the definition of an endpoint is expanding beyond traditional computers and mobile devices to also include IoT devices, servers, and industrial systems. The document outlines how EDR can help organizations securely manage this growing variety of endpoints and detect and respond to security threats through automated monitoring and response capabilities. It provides an overview of the topics that will be covered in the book.
Security Analytics and Big Data: What You Need to KnowMapR Technologies
The number of attacks on organization's' IT infrastructure are continuously increasing. It is becoming more and more difficult to identify unknown threats, in particular. This problem requires the ability to store more data and better tools to analyze the data.
Learn in this webinar why big data is enabling new security analytics solutions and why the MapR Quick Start Solution for Security Analytics offers an easy starting point for faster and deeper security analytics.
As organizations struggle to mature their security and IT service profiles across expanding numbers of endpoints, they are increasingly turning to the proactive management capabilities of endpoint detection and responses platforms.
To provide organizations with a clear example of how to identify the most effective EDRP solutions, leading IT analyst firm Enterprise Management Associates (EMA) has conducted independent and objective research on the features and capabilities of two of the leading solution suites in this market: Tanium Core and 1E Tachyon.
"Thinking diffrent" about your information security strategyJason Clark
The document discusses the need for a new security strategy that focuses on data protection rather than infrastructure. It recommends evaluating current security spending and redirecting funds to intelligence-led approaches. A next generation security model is proposed that uses context awareness and data-centric policies to identify and contain advanced threats, including insider risks.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
This document summarizes a presentation on building a cybersecurity risk management program. Some key points:
- The presenter discusses the importance of understanding business impacts of cybersecurity failures and balancing compliance obligations with operational risks.
- Cybersecurity controls must be embedded in business processes to be effective.
- As an executive, one must understand the organization's risk posture relative to peers and how the organization responds to incidents.
- The presenter emphasizes communicating cybersecurity risks using common language executives can understand and prioritizing risks based on limited resources.
Endpoint Detection and Response for DummiesLiberteks
This document provides an introduction to the concepts of endpoint detection and response (EDR). It defines an endpoint broadly as any connected device used to access an organization's network and data. As new types of devices connect, the definition of an endpoint is expanding beyond traditional computers and mobile devices to also include IoT devices, servers, and industrial systems. The document outlines how EDR can help organizations securely manage this growing variety of endpoints and detect and respond to security threats through automated monitoring and response capabilities. It provides an overview of the topics that will be covered in the book.
Security Analytics and Big Data: What You Need to KnowMapR Technologies
The number of attacks on organization's' IT infrastructure are continuously increasing. It is becoming more and more difficult to identify unknown threats, in particular. This problem requires the ability to store more data and better tools to analyze the data.
Learn in this webinar why big data is enabling new security analytics solutions and why the MapR Quick Start Solution for Security Analytics offers an easy starting point for faster and deeper security analytics.
As organizations struggle to mature their security and IT service profiles across expanding numbers of endpoints, they are increasingly turning to the proactive management capabilities of endpoint detection and responses platforms.
To provide organizations with a clear example of how to identify the most effective EDRP solutions, leading IT analyst firm Enterprise Management Associates (EMA) has conducted independent and objective research on the features and capabilities of two of the leading solution suites in this market: Tanium Core and 1E Tachyon.
"Thinking diffrent" about your information security strategyJason Clark
The document discusses the need for a new security strategy that focuses on data protection rather than infrastructure. It recommends evaluating current security spending and redirecting funds to intelligence-led approaches. A next generation security model is proposed that uses context awareness and data-centric policies to identify and contain advanced threats, including insider risks.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
This document summarizes a presentation on building a cybersecurity risk management program. Some key points:
- The presenter discusses the importance of understanding business impacts of cybersecurity failures and balancing compliance obligations with operational risks.
- Cybersecurity controls must be embedded in business processes to be effective.
- As an executive, one must understand the organization's risk posture relative to peers and how the organization responds to incidents.
- The presenter emphasizes communicating cybersecurity risks using common language executives can understand and prioritizing risks based on limited resources.
The document provides an overview of cybersecurity, explaining why it is important for businesses to implement security measures to protect their data, networks, and systems from cyber threats in order to avoid economic losses, reputational damage, and regulatory penalties. It discusses the components of cybersecurity including identity and access management, security information and event management, endpoint security, network security, and data security. The document also covers cybersecurity compliance regulations and best practices organizations should follow.
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Stay out of headlines for non compliance or data breachSridhar Karnam
Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
The Next Generation of Security Operations Centre (SOC)PECB
The document discusses the key aspects of building a next generation Security Operations Centre (SOC). It emphasizes that skilled people, well-defined processes, and integrating new technologies are critical. Specifically, it recommends adopting automation and analytics to analyze large datasets, integrating threat intelligence from multiple sources, and establishing red and blue teams to continuously test defenses. The goal of a next generation SOC is to use predictive analysis of vast security data to improve threat detection, response, and the overall security posture of an organization.
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
5 Steps to Securing Your Company's Crown JewelsIBM Security
Today's critical business data is under constant threat, which is why enterprises must apply adequate data protection for their data security measures. Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.
Effective Security Operation Center - present by Reza AdinehReZa AdineH
The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
The document discusses moving security operations from a traditional reactive model to a proactive model called SOC 3.0. SOC 3.0 leverages vast amounts of data from both internal and external sources, including social media, dark web monitoring, business intelligence, and technical data. By analyzing patterns in this diverse data, SOC 3.0 aims to provide strategic threat intelligence rather than just responding to incidents. The key is gaining a fundamental understanding of the business to interpret technical data within the proper context. Outsourcing SOC services can help organizations gain the benefits of this approach without the cost and challenges of building extensive in-house security operations capabilities.
The document provides an introduction and agenda for a 3-day security operations center fundamentals course. Day 1 will cover famous attacks and how to confront them, as well as an introduction to security operations centers. Day 2 will discuss the key features, modules, processes, and people involved in SOCs. Day 3 will focus on the technology used in SOCs, including network monitoring, investigation, and correlation tools. The instructor is introduced and the document provides an overview of common attacks such as eavesdropping, data modification, spoofing, password attacks, denial of service, man-in-the-middle, and application layer attacks.
Make IR Effective with Risk Evaluation and ReportingPriyanka Aash
Today, determining risk of a cyberattack is the generic vulnerability or malware rating ignoring aspects of how the business is impacted. Understanding the vulnerability state of the network, reputational risk, business loss, cost of IR and reconstitution cost are rarely understood. This presentation will show a data-driven approach to IR prioritizing response based on risk and business impact.
(Source: RSA USA 2016-San Francisco)
This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
The document discusses automated threat removal, describing it as an integrated approach to threat detection and response through flexible, policy-based automation. It notes challenges with traditional response approaches, like not having enough skilled personnel. Automation is presented as a solution, helping to detect, verify and remove threats faster. The Hexis HawkEye G system is highlighted as integrating visibility, verification and automated response capabilities across endpoints and networks to improve detection and allow more surgical threat removal.
RSA: Security Analytics Architecture for APTLee Wei Yeong
The document discusses advanced persistent threats (APTs) and security analytics. It provides an overview of APT methodology, key features, and evolution. It also outlines challenges in responding to APTs and needed capabilities. Finally, it introduces security analytics as a way to gain comprehensive visibility, enable agile threat analysis, and provide actionable intelligence through a scalable infrastructure and integrated threat intelligence.
View this webcast to learn how you can accelerate your security transformation from traditional SIEM to a unified platform for incident detection, investigation and advanced security analysis. Understand why organizations are moving to a true big data security platform where compliance is a byproduct of security, not the other way around. More via
http://bcove.me/d2e9wpd2
The document provides an overview of cybersecurity, explaining why it is important for businesses to implement security measures to protect their data, networks, and systems from cyber threats in order to avoid economic losses, reputational damage, and regulatory penalties. It discusses the components of cybersecurity including identity and access management, security information and event management, endpoint security, network security, and data security. The document also covers cybersecurity compliance regulations and best practices organizations should follow.
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Stay out of headlines for non compliance or data breachSridhar Karnam
Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
The Next Generation of Security Operations Centre (SOC)PECB
The document discusses the key aspects of building a next generation Security Operations Centre (SOC). It emphasizes that skilled people, well-defined processes, and integrating new technologies are critical. Specifically, it recommends adopting automation and analytics to analyze large datasets, integrating threat intelligence from multiple sources, and establishing red and blue teams to continuously test defenses. The goal of a next generation SOC is to use predictive analysis of vast security data to improve threat detection, response, and the overall security posture of an organization.
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
5 Steps to Securing Your Company's Crown JewelsIBM Security
Today's critical business data is under constant threat, which is why enterprises must apply adequate data protection for their data security measures. Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.
Effective Security Operation Center - present by Reza AdinehReZa AdineH
The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
The document discusses moving security operations from a traditional reactive model to a proactive model called SOC 3.0. SOC 3.0 leverages vast amounts of data from both internal and external sources, including social media, dark web monitoring, business intelligence, and technical data. By analyzing patterns in this diverse data, SOC 3.0 aims to provide strategic threat intelligence rather than just responding to incidents. The key is gaining a fundamental understanding of the business to interpret technical data within the proper context. Outsourcing SOC services can help organizations gain the benefits of this approach without the cost and challenges of building extensive in-house security operations capabilities.
The document provides an introduction and agenda for a 3-day security operations center fundamentals course. Day 1 will cover famous attacks and how to confront them, as well as an introduction to security operations centers. Day 2 will discuss the key features, modules, processes, and people involved in SOCs. Day 3 will focus on the technology used in SOCs, including network monitoring, investigation, and correlation tools. The instructor is introduced and the document provides an overview of common attacks such as eavesdropping, data modification, spoofing, password attacks, denial of service, man-in-the-middle, and application layer attacks.
Make IR Effective with Risk Evaluation and ReportingPriyanka Aash
Today, determining risk of a cyberattack is the generic vulnerability or malware rating ignoring aspects of how the business is impacted. Understanding the vulnerability state of the network, reputational risk, business loss, cost of IR and reconstitution cost are rarely understood. This presentation will show a data-driven approach to IR prioritizing response based on risk and business impact.
(Source: RSA USA 2016-San Francisco)
This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
The document discusses automated threat removal, describing it as an integrated approach to threat detection and response through flexible, policy-based automation. It notes challenges with traditional response approaches, like not having enough skilled personnel. Automation is presented as a solution, helping to detect, verify and remove threats faster. The Hexis HawkEye G system is highlighted as integrating visibility, verification and automated response capabilities across endpoints and networks to improve detection and allow more surgical threat removal.
RSA: Security Analytics Architecture for APTLee Wei Yeong
The document discusses advanced persistent threats (APTs) and security analytics. It provides an overview of APT methodology, key features, and evolution. It also outlines challenges in responding to APTs and needed capabilities. Finally, it introduces security analytics as a way to gain comprehensive visibility, enable agile threat analysis, and provide actionable intelligence through a scalable infrastructure and integrated threat intelligence.
View this webcast to learn how you can accelerate your security transformation from traditional SIEM to a unified platform for incident detection, investigation and advanced security analysis. Understand why organizations are moving to a true big data security platform where compliance is a byproduct of security, not the other way around. More via
http://bcove.me/d2e9wpd2
The world around us is changing. Data is embedded in everything, and users from all lines of business want to leverage this data to influence decisions. The trick is to create a culture for pervasive analytics and empower the business to use data everywhere.
The core enabling technology to make this happen is Apache Hadoop. By leveraging Hadoop, organizations of all sizes and across all industries are making business models more predictable, and creating significant competitive advantages using big data.
Join Cloudera and Forrester to learn:
- What we mean by pervasive analytics, how it impacts your organization, and how to get started
- How leading organizations are using pervasive analytics for competitive advantage
- How Cloudera’s extensive partner ecosystem complements your strategy, helping deliver results faster
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
This document discusses security analytics and hunting maturity. It defines hunting as a proactive approach to identifying incidents by actively looking for patterns, intelligence or hunches, rather than waiting for notifications. It describes the "SIEM gap" where SIEM tools are designed for known threats and lack the tools and flexibility for human analysis and hunting of unknown threats. It outlines techniques used in security analytics like event clustering, association analysis, and visualization to help analyze large datasets and discover unknown threats. The document argues security analytics provides the data access, analysis techniques and workflows to help close the SIEM gap and improve an organization's hunting maturity over time.
The document discusses the transition from Enterprise 1.0 to Next-Generation Enterprise or Enterprise 2.0. Enterprise 1.0 is described as hierarchical and machine-like, unable to adapt quickly to changes. Enterprise 2.0 is presented as more adaptive, utilizing new technologies like cloud and social networks to be more open, collaborative, and focused on clients. It emphasizes decentralization, autonomy, intrinsic motivation, knowledge sharing, and innovation across the organization to better respond to accelerating changes in today's business environment.
The document discusses two topics: a new university password policy and fun with PHP. The password policy summary points include yearly password changes, minimum length of 6 characters including two digits or punctuation, and locking out accounts after 5 failed attempts. The PHP section provides a brief history and overview of PHP, noting it is a powerful but flexible server-side scripting language that can enable massive security holes if not coded properly. It encourages validating all user input and provides some examples of attacks seen on PHP applications.
This document provides an overview of security analytics from the perspective of Simon Bennett, who works in networking and information security. It discusses the need for security as an IT service to prevent downtime, loss of reputation, data, and intellectual property from threats like DDoS attacks and malware infections. Security analytics is defined as examining all possible data sources, including technical logs, informational sources on the internet, and personal contacts, to glean intelligence. This intelligence can then be used to analyze firewall and other security device traffic logs to detect anomalies. The document also briefly outlines the history of firewalls and how next generation firewalls can implement more advanced policies than early stateful firewalls through powerful analysis of network traffic.
This document discusses using Hadoop for network and security analytics. It describes network and security analytics as finding malicious traffic among large amounts of network data. Hadoop can help solve problems by allowing analysis of huge datasets using multiple algorithms and approaches. The document provides an example workflow of using Hadoop to detect a polymorphic botnet and discusses lessons learned, emphasizing using the right tools for each part of the analysis process.
Protecting Innovation Through Next Generation Enterprise File SharingIntralinks
File sharing has been one of the killer apps for "the cloud," gaining broad adoption in people’s day-to-day lives, but getting the same level of adoption in the enterprise will require more. View our Vice President of Enterprise Business Michael Lees' presentation from Gartner Symposium/ ITxpo 2013, in which you'll learn how to assess enterprise file-sharing solutions while reviewing best practices for enterprise-wide deployment.
IP&A109 Next-Generation Analytics Architecture for the Year 2020Anjan Roy, PMP
The document discusses next generation information architecture. It describes how traditional architectures are no longer sufficient to handle big data and varied sources. A next generation architecture features a data lake that stores all data in its native format without schema. It also includes an analytics fabric and cloud fabric to enable flexible, scalable analysis and lower costs. This architecture supports self-service analytics, predictive modeling, and real-time insights across diverse data.
Envisioning the Next Generation of AnalyticsLora Cecere
The presentation during a panel discussion at the Supply Chain Insights Global Summit in Scottsdale, AZ on September 10, 2014.
Envisioning the Next Generation of Analytics
Join this panel to hear case studies on new ways to use analytics and unleash the Art of the Possible. Gain new insights for the use of cognitive learning, concurrent optimization, and embracing new forms of data.
The panel included:
Facilitator: Lora Cecere, Founder and CEO of Supply Chain Insights
Dr. Mani Janakiram, Director of Supply Chain Strategy at Intel
Stephen N. Wagner, Global Supply Chain, Global Director, Network Design & Logistics Analytics at Schneider Electric
In depth presentation covers market trends and risks related to network security & big data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
This is the successor of my Dr. Hectic and Mr. Hype presentation where I first explained the consequences of the economic darwinism for an enterprise IT and started to lay out a new, competitive IT that is ready to respond to the new change drivers.
In this presentation I try to provide a more comprehensive picture than in the former presentation. I added additional change drivers that were missing in the first presentation and derived the goals, the principles and the building blocks for an appropriate next generation of an enterprise IT in a lot more detail than in the first presentation.
Yet, the presentation is still very high level as it tries to lay out a complete vision for a future enterprise IT in 60 minutes, i.e., it would be possible to create one or more detailed presentation for mostly every single term and statement in this presentation. Thus, it might appear too high level for some persons. On the other hand I think it is important to create such a high level vision as it makes it a lot easier to classify all those trends that are pushing on us every single day.
And as always the voice track is missing. Yet, I hope that the presentation provides some valuable insights.
1. Intuit uses security science and big data analytics to improve their cloud security operations. They aggregate logs from AWS accounts and services into a single platform for detection and investigation.
2. Intuit profiles account usage and detects drift from standards to identify misuse early. They use threat intelligence and egress monitoring to detect external attacks and unauthorized access.
3. Intuit is developing tools and scoring to help product development teams understand how their decisions impact security and compliance. This aims to reduce security friction and guide more secure choices.
The anlaytics industry is in the biggest state of flux at this time with Adobe SiteCatalyst 15, Google Beta and WebTrends 10 hitting the market. Analytics, as a field, is changing faster than ever and the need of integrating analytics with more and more channels is increasing. The PPT covers some aspects of the tools and technologies available for advance analytics reporting and insights.
This document discusses user behavioral analytics and machine learning for threat detection. It summarizes that legacy security information and event management (SIEM) technologies are not adequate for detecting insider threats and advanced adversaries. It then describes how user behavioral analytics uses machine learning to develop multi-entity behavioral models across users, applications, hosts, and networks to detect anomalous behavior indicative of insider threats or advanced cyberattacks. Contact information is provided for the security consultant presenting on this topic.
Video (at YouTube) - http://bit.ly/19TNSTF
Big Data Security Analytics, Data Science and Machine Learning are a few of the new buzzwords that have invaded out industry of late. Most of what we hear are promises of an unicorn-laden, silver-bullet panacea by heavy-handed marketing folks, evoking an expected pushback from the most enlightened members of our community.
This talk will help parse what we as a community need to know and understand about these concepts and help understand where the technical details and actual capabilities of those concepts and also where they fail and how they can be exploited and fooled by an attacker.
The talk will also share results of the author's current ongoing research (on MLSec Project) of applying machine learning techniques to information secuirty monitoring.
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
Security analytics, what is real and examined the promise, the hype and the real state of artificial intelligence, machine learning and data science in solving fundamental security problems.
This document discusses proactive security and outlines the key steps involved. It describes proactive security as being secure before being acted upon by trying to mitigate and prevent risks. The main steps outlined are discovery, scoping, assessment, reporting, remediation, and training. It provides details on vulnerability discovery methods like automated scanning, manual testing, and instant discovery. It also discusses scoping a security assessment using a tiered approach, reporting essentials, the appsec pipeline, and importance of training and awareness.
This document discusses proactive security and outlines the key steps involved. It describes proactive security as being secure before being acted upon by trying to mitigate and prevent risks. The main steps outlined are discovery, scoping, assessment, reporting, remediation, and training. It then provides more details on various aspects of the process including vulnerability discovery through automated and manual means, attack surface analysis, scoping a testing approach, reporting essentials, the application security pipeline, and training and awareness programs.
This document summarizes a debrief presentation on appsec management given in London in December 2016. It notes that the organization's applications currently have high security risks that have not been fixed, there is no appsec team, and the security of the applications and ability to detect attacks cannot be assured. It proposes creating a "Legacy-SecDevOps" team to focus on fixing security issues, refactoring code, and improving testing and deployment over 6 months to help kickstart an appsec program for 2017. The team would work to improve security practices like threat modeling, reviews, and monitoring across the organization.
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
Developers and DevOps teams often find collaboration with security teams difficult or even a waste of time. But sometimes this interaction cannot be avoided, for example, when applications move to production. Why is collaboration with security teams so difficult? Let’s see how to make it fun.
Building trust in your data lake. A fintech case study on automated data disc...DataWorks Summit
This talk talks through learning from the HDP implementation at G-Research, a leading Fin-Tech company based in London.
The team at G-Research implemented the Hortonworks Data Platform to build a data lake and
enable the business team to build analytics and machine learning tools. The team faced challenges
to accurately control and manage any sensitive data. Business teams were not able to search
through data due to lack of data classification.
G-Research implemented Privacera auto-discovery solution to precisely discover and tag data
as it is ingested into the HDP environment. The tags are pushed to Apache Atlas and then
Apache Ranger for enabling tag based policies. The G-Research team also build custom tools to push Spark lineage
information into Atlas. Finally, Privacera monitoring tools continuously analyzed access audit information to
alert if sensitive data is moved to folders that might not be protected.
Consequently, security team got real visibility into the sensitive data. Also, business users could
search and find the data within appropriate data classification in place.
Speakers
Balaji Ganesan, Co-Founder and CEO, Privacera
Alberto Romero, Big Data Architect, G-Research
Tactical Edge - How Much Security Do You Really Need?Wendy Nather
This document discusses how to evaluate your organization's security spending and portfolio. It notes that even security experts don't agree on exactly how much should be spent. The document recommends using a Cyber Defense Matrix to identify key assets and risks, and evaluating spending based on addressing real risks and having evidence it is effective, rather than just compliance or benchmarking. It also cautions that spending alone does not equal effective security, and processes are also important.
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
This document provides an agenda and overview for an AWS Security Week workshop on focusing security practices that matter. It discusses assessing security, recommendations, and introduces the Threat Stack team leading the workshop. It then covers real-time host monitoring, vulnerability monitoring, threat intelligence correlation and continuous compliance capabilities of the Threat Stack platform. Several slides examine common security issues seen in AWS customers like open SSH ports, lack of MFA, and S3 bucket permissions. Other slides analyze software update frequency, OS uptime, and reasons why long uptimes are concerning. The document discusses traditional security pains versus changes in the cloud, and how Threat Stack provides host-level visibility and detection in AWS.
This document provides guidance on building an effective security team in 2016. It recommends distributing security responsibilities across business units by embedding security-focused people within teams like product, infrastructure, and compliance. This integrated approach allows security to better support business goals while increasing visibility. Key benefits include improved productivity, reduced need for a large centralized security team, and motivating employees through a sense of shared success.
ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...Amazon Web Services
There’s no shortage of noise about cybersecurity. Between the shear number of vendors and daily news coverage about the next big vulnerability or breach, it’s easy to start feeling directionless and reactive. However, there are ways to cut through the noise. The first step is understanding how companies are actually getting breached - not just the ones you hear about in the media. Then, you can create a strategy that’s tailored to your risk profile and attack surface. In this session, you’ll leave with an understanding of how to measure your risk, devise a realistic defense strategy, and deploy high impact security, no matter what your budget or time crunch is.
The document discusses the challenges of implementing security practices at fintech companies that blend aspects of both IT and banking. It notes that while banks have strict regulations and processes, many fintech startups initially neglect security. The document advocates for approaches like identifying and examining systems and traffic, continuous monitoring, and having response plans to balance security and business needs in a rapidly changing environment that combines enterprise and custom technologies.
This document discusses G-Research's journey implementing data governance and security controls on their Hadoop data platform. They faced challenges with big and sensitive market data including high volumes, stringent security requirements, and multi-tenant access. To address these, G-Research implemented Privacera to discover, classify, and control access to data while also anonymizing data and monitoring its use. Over time, they improved security by customizing Atlas metadata and Ranger policies based on data tags to restrict access and better govern their rapidly growing volumes of sensitive data.
This document provides information about an application security company called Entersoft. It discusses Entersoft's current traction in the market, serving over 300 clients and winning multiple awards. It describes Entersoft's offensive security approach and product called Enprobe, which is a cloud-based application vulnerability scanning platform. The document also provides details on Entersoft's team, launch plans for Enprobe in Q2, and revenue model, as well as their vision to be a global leader in application security by 2020.
This document contains a summary of a webinar discussing tips for selecting a threat and vulnerability management solution. It includes an introduction of the speakers and their backgrounds. The webinar then covers 10 tips for selecting such a solution, including allowing access to underlying data, assisting operational flexibility, delivering a knowledge base, enhancing security context, facilitating integration and automation, operating as a force multiplier, producing metrics and reporting, ensuring scalability and performance, supporting data compartmentalization, and simplifying collaboration. It concludes with an overview of RiskSense's platform and scoring model, and next steps.
Josh Corman, Research Director, Enterprise Security Practice, is often known for his deep insights into and candid discussions about the state of enterprise security and the variables and trends that impact it. Listen as Josh discusses how and why PCI compliance has affected the state of security-specifically, the impact of approaching PCI as a checklist. He also gives ideas for what we need to do, and the types of solutions we need to have to not only satisfy the PCI audit, but to also provide real system security. Josh discusses this in an informal back and forth format with Gene Kim, Tripwire co-Founder and CTO.
In this webcast, you'll learn:
How compliance introduced cost complexity by causing a divergence between what we need to do to pass an audit versus avert threats.
The fallacy that being PCI compliance means you're secure.
Controls that both help you pass your PCI audit while also deterring advanced threats.
How Tripwire VIA solutions provide that rare combination of controls that address both compliance and security.
Jim Geovedi - Machine Learning for Cybersecurityidsecconf
This document discusses using machine learning for cybersecurity. It outlines some key challenges in cybersecurity like the increasing number of vulnerabilities and novel attacks. It then discusses how machine learning can help by allowing minimum human intervention in prevention, detection, and analysis of attacks. Some implementation challenges of machine learning for cybersecurity are also highlighted, like lack of data and evolving attacks. The document also describes components of a threat prediction platform using machine learning as well as characteristics of security-related data.
The document discusses the evolution of cyber threats and detection capabilities. It argues that current security approaches are failing and that a new approach with complete visibility is needed. It promotes the RSA security analytics platform as a unified solution for advanced threat detection, investigation and response across network, endpoint, cloud and log data.
The document discusses the modern cyber threat landscape, highlighting how prevention-centric security strategies are becoming obsolete against advanced targeted attacks. It argues that effective security now requires rapid threat detection and response capabilities through security intelligence platforms that can analyze big data, detect anomalies, and orchestrate incident response workflows. Such platforms allow organizations to gain a broader view of threats, improve mean time to detect from months to minutes, and reduce the risk of experiencing damaging breaches by quickly neutralizing threats over their lifecycle.
A common problem for information security professionals is that security is perceived as a business blocker; hindering the operational efficiency and adding controls that make everybody's life more difficult. But we don't have to accept that as a norm. The presentation focuses on avoiding activities that create that feeling, and alternative ways to approach information security board buy-in
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
This document summarizes CrowdStrike's endpoint security product Falcon and argues that it provides more effective protection than legacy antivirus solutions. It notes that antivirus has an efficacy rate of only 45% against modern threats and is ineffective at stopping sophisticated attacks. CrowdStrike's Falcon uses techniques like machine learning, IOAs, and threat intelligence to prevent a wider range of attacks while having a smaller system footprint than antivirus. It also provides detection capabilities like endpoint detection and response to eliminate attack dwell time. The document aims to convince readers to replace their legacy antivirus with CrowdStrike's Falcon.
Similar to Next generation security analytics (20)
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
4. GRAPHS?
NAVIGATING A GRAPH
▸ Expensive exploits are expensive
▸ Use the least expensive weapon
▸ Cost of 0Day exploits
▸ Use once == expensive
5. DEFENDERS THINK IN POINT SOLUTIONS
IMPLEMENTING MOVIE-PLOT POINTS
▸ Natural-path engineering; layout buildings, let people find paths
▸ We find the best way forward
▸ We get around controls - it’s in our nature.
6. MOTIVATION IS NOT IMPACTED BY
CONTROLS.
AS LONG AS THE ATTACK IS ECONOMICALLY
FEASIBLE MOTIVATION REMAINS.
ME!
ACADEMIC PSEUDO-INTELLECTUALISM
7. MOTIVATION AND ECONOMIC BENEFIT
▸ The implementation of the “child pornography filter” did not
change the number of convictions in Denmark
▸ It did move it out of the “open” Internet
▸ Introducing a censorship filter for enticing terrorism will not
solve the problem of radicalising the youth
▸ It will move it from the “open” Internet somewhere else
▸ The clearing of pusher-street in Christiania did not stop the
sale of marihuana
▸ It did move it out of the open
▸ Laws work wonders for law-abiding citizens
8. ECONOMIC BENEFIT
▸ Paedophiles will not stop because of a DNS block,
regardless of the penalty
▸ Buying marihuana does not carry a penalty in Denmark
▸ Selling marihuana does not carry a penalty
(besides whatever you have on you at the point of arrest)
▸ We can only start winning once we understand what
“winning” is and what game we are actually playing
9. WE FIGHT HUMAN NATURE.
PICKING THE RIGHT BATTLE IS
KEY FOR WINNING.
ME
PICKING THE RIGHT BATTLE
10. WE WANT THE EASIEST ATTACKS.
NOT THE HARDEST.
ME
WINNING THE RIGHT BATTLE
11. EASY ATTACKS - SINCE WE CANT AVOID ATTACKS
SURRENDERING?
▸ Attackers are lazy
▸ Attackers optimise cost (0days)
▸ Controls raise the cost of attacks
▸ Making attacks hard to detect
▸ Controls are not “free”
▸ Cancer-screening has a higher mortality than not
screening
▸ Anti-Virus engines are points-of-infection
▸ Accept attacks will happen
▸ Deal with the attacks when they happen
▸ Don’t screen for cancer or move the attackers
away from the obvious routes
12. EASY ATTACKS - SINCE THEY CAN’T BE AVOIDED
NOT SURRENDERING - PICKING THE BATTLEFIELD
▸ Defensively design your security architecture
▸ Understand it’s weaknesses
▸ Exploit weaknesses
▸ Monitor and gather intelligence, and defend smarter
13. ECONOMY OF THE DEFENCE
SHOULDN’T WE INVEST IN CONTROLS?
▸ Of course!
▸ Controls associated with costs
towards the attacks
▸ The barrier of entry (cost of attack)
deters some, but typically only the
lowest on the spectrum
▸ Controls as point-solutions gives way
for target-fixation
▸ GDPR changes the economy of the
defence
15. CURRENT STATE OF SECURITY ANALYTICS
COMPONENTS OF SECURITY ANALYTICS
DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
16. CURRENT STATE OF SECURITY ANALYTICS
▸ Nothing new.
▸ Everyone does syslog
▸ Everyone has an agent
▸ Some do Flow-analytics
▸ Some do application-level analytics
▸ Few do full-packet captures
DATA INGESTION DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
17. CURRENT STATE OF SECURITY ANALYTICS
▸ Inbound content must be structured
▸ Structure sometimes follows a common language
▸ Taxonomy, Ontology - whatever floats your boat
▸ Some content is sometimes enriched with metadata
▸ Threat Intel, GeoIP, Asset Management DB info etc.
▸ This part has to be fast - many vendors “cheat”
PROCESSING DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
18. ANALYSIS
▸ Analytics today is relatively simple
▸ Simple statistics
▸ Advanced statistics
▸ Patterns
▸ Known-bad, known-good analysis on more COTS
platforms
▸ Most vendors pack tons of alerts and correlations
SECURITY ANALYTICS DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
19. ANALYSIS
▸ Most vendors provide views on the raw data or an abstraction
of the raw data
▸ Most vendors provide a relatively easy way to setup views on
the raw or aggregated data for analytics
▸ Some vendors have great views when presenting alerts and
important events
▸ Few if any systems are able to present hierarchies of data, the
relationships between events and deviations on hierarchies
PRESENTATION DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
20. ANALYSIS
▸ Pie charts
▸ geo maps
▸ tables
▸ rows, columns and heatmaps
▸ Nothing you couldn't do with excel - and maybe thats ok
DATA VISUALIZATION DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
21. ANALYSIS
▸ We collect syslog, application data and network data
▸ We process it, transform it
▸ We enrich and present it both for the analyst and graphically
▸ Making the system provide actionable information for the
analyst
▸ Some systems even go the next step and perform proactive
responses on other platforms
▸ Shuts ports, adds to ACLs, disables users e.g.
ACTIONS DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
22. CURRENT STATE OF SECURITY ANALYTICS
COMPONENTS OF SECURITY ANALYTICS
DATA
INGEST
PROCES ANALYSE PRESENT VIZ ACT.
SCALING
OUT
ANCHOR
IN
ORG
INVEST
IN
PROJ.
IN-
HOUSE?
NON-INF
APPS
USING SIEM AND GETTING VALUE FROM ANALYTICS
24. USING AND GETTING VALUE OUT OF SIEM
SCALING OUT
▸ The only thing constant is change; 20% growth in volume
▸ Areas that we need to scale on
▸ Ingestion
▸ Processing
▸ Storage
▸ Presentation
25. USING AND GETTING VALUE OUT OF SIEM
SCALING OUT
▸ Ensure your system scales well when it comes to ingestion
▸ Everyone is doing it differently
▸ Some solutions tie together backends and presentation
layers
▸ Scaling presentation is immensely important for
widespread adoption in your organisation
▸ Scaling the backends should not be a concern in 2016
29. IN THE CORNER.
SILENTLY COLLECTING LOGS AND
TRIGGERING ALERTS, NOBODY
WILL EVER SEE.
ME
WHEN DO WE FAIL
30. USING AND GETTING VALUE OUT OF SIEM
ORGANISATIONAL ANCHORING
▸ SIEMS fail if they are the point solution to a problem
▸ Stakeholders lose interest
▸ The value-prop was never clear
▸ A great sale but a horrible purchase
31. USING AND GETTING VALUE OUT OF SIEM
ORGANISATIONAL ANCHORING
▸ Logs and network data is immensely rich in information
▸ This information can be used for much more than security
▸ Let help-desk-users use pre-defined views and prepared
analytics for easier resolution (move work to 1st level support)
▸ Allow your OPs team to use analytics for root-cause analysis,
statistics for predictions and forecasts
▸ Allow your management-team to view quality of infrastructure
and do controls of outsourced services
▸ Liberate data from silos
33. USING AND GETTING VALUE OUT OF SIEM
INVESTING IN THE PROJECT
▸ Set expectations - understand why we use analytics
▸ Introduce the notion of the Lockheed Martin Cyber Kill
Chain (see next slide)
▸ Understand the threat landscape
▸ Identify the key threats to the organisation (ext)
▸ Identify the key threats identified by the organisation (int)
▸ Bringing it all together
38. INVESTING IN THE PROJECT
IDENTIFYING KEY INTERNALLY IDENTIFIED THREATS
▸ Use the internal risk assessment
▸ Compare with external threat information
▸ Identify any potential gap - ask yourself why it exists
39. INVESTING IN THE PROJECT
BRINGING IT ALL TOGETHER
▸ With threats and critical systems identified
▸ And with an understanding of the kill-chain and the cost of
controls in mind
▸ The task of the project-team is to identify the success
criteria for the project with a common acceptance and
buy-in from leadership and stakeholders
41. THE SECURITY OPERATIONS CENTER
CONSIDERATIONS
▸ The 3 Ps
▸ People, Process and Technology
▸ Is it possible to retain skill
▸ With level we need
▸ In numbers sufficient to staff the SOC
▸ Are we mature enough to identify which alerts and incidents we want to act
on
▸ Can we with confidence say that we understand how to act when we
then receive the alert?
▸ Engagement models:
▸ Who takes action on our network during a breach
▸ What gets escalated back “home”
▸ Do we have sensitive data preventing a full managed SOC?
43. USING SIEM FOR ENTERPRISE APPLICATIONS
WHERE IS THE GOLD IN YOUR NETWORK
▸ Third generation SCADA
▸ Industry 4.0
▸ SOA-Enabling your ERP Platforms
▸ Federated Access with suppliers
44. WHERE IS THE GOLD
PATH OF LEAST RESISTANCE
▸ Vulnerabilities in SCADA
▸ Hard-coded admin-passwords
▸ non-patchable systems, “because operational IT”
▸ Non-networked mindset of admins
▸ Industry 4.0
▸ “Smart products with localisation point, status, historical
positions and data points, allowing globally unique
identification of all products” - Good luck with that
45. WHERE IS THE GOLD
PATH OF LEAST RESISTANCE
▸ SOA-Enabling your ERP Platforms
▸ % of SAP notes
found externally
▸ SAP offers mobile access, organisations offers BYOD
▸ Do we trust jail-break detection?
▸ Federated Access with external suppliers
▸ Identities does not exist any longer
▸ Business rules define access to the network now
46. WHERE IS THE GOLD
USE-CASES FOR ENTERPRISE APPLICATION SIEM USE
▸ Changing master data records
▸ Critical transactions (payments)
▸ Changes in performance data (valve pressure)
▸ Critical changes to equipment (voltage, valve positions)
▸ Abnormality on order sizes, frequency, workflows
▸ The data is here - why not use it?
49. NEXT GENERATION - CHALLENGES
DIVERSITY IN DATA - VALUE IS FOUND EVERYWHERE
TWO PROBLEMS
LARGE VARIATION
LARGE VOLUME
50. NEXT GENERATION
INFORMATION OVERLOAD: OVERCOMING CHALLENGES
▸ Even with effective alerts, the amount of data is
unmanageable
▸ Workflow is the key
PREPARE
SITUATIONAL
AWARENESS
IDENTIFY
ANALYSIS
REACT
INVESTIGATE
IMPROVE
COLLABORATE
51. NEXT GENERATION
WORKFLOW
▸ Situational awareness
▸ Identify anomalies based on what is observed
▸ Time of day deviations or time of year (scale!)
▸ Identify / analyse
▸ Based on the norm and baseline we can work on large-scale analytics
▸ Complex temporal changes in behaviours and activity
▸ React and “arm the investigators”
▸ Rapid response on what data was exposed, how and not least why
▸ Improve / Collaborate
▸ Feedback of the intelligence created in the analysis must be fed back into the system
▸ Partners and collaborators must receive the right amount of supporting information
▸ Think of this as the collective immune system
53. NEXT GENERATION
WORKING WITH DATA
▸ Drill-down
▸ Re-draw - build hierarchies based on relationships
▸ Use gathered data, third party threat intel or collaboration
data as a key to further expand on the search
▸ With our “enriched” analysis we can map a focus area
▸ Replay interactions over time, spot patterns and behaviour
▸ Login, data is moved out of network (repeat ad. inifitum)
54. NEXT GENERATION
LIMITATIONS OF CURRENT-GENERATION ARCHITECTURES
▸ Remember the architecture?
▸ Ingest, process, analyse, visualise, act
▸ This is inherently inefficient and a testament to legacy
▸ “NoSQL” is more part of the problem than the solution
▸ “BigData” in it’s true form is what will move us forward
▸ We spend most of the hardware available for processing
data to store it and to prepare it
55. NEXT GENERATION
INSIGHTS INTO NEXT-GENERATION ARCHITECTURES
▸ Small hardware footprint needed for storage
▸ No processing, no normalisation, just straight to disk
▸ Use the hardware you have for analytics
▸ Towards realtime analytics and away from “Queries”
▸ Ingestion of full packet capture as an equal part to log-
collections
57. NEXT GENERATION ARCHITECTURE
BIG DATA?
▸ Hadoop (ecosystem) is full of great and powerful tools
▸ Cluster management, realtime streaming, graph
databases, distributed file systems (HDFS) etc.
▸ The technology is ready - vendors just need to get going ;)
58. CONCLUSIONS
ANALYTICS TRENDS
▸ Machine Learning
▸ People who bought X also looked at Y
▸ Automatic signature and pattern creation
▸ Payload analytics
▸ Deep behavioural analytics on network and log data
▸ Frameworks supports use-cases we could only dream of
▸ Online packet compression in real-time
▸ Analysis on packets to reconstruct network topologies behind NAT
59. CONCLUSIONS
ANALYTICS TRENDS
▸ Machine Learning Based Botnet Detection With Dynamic
Adaptation
▸ Botnet beaconing based on linguistic analytics of DNS-names
▸ Detect stealthy DDoS against large-scale networks (ML)
▸ Automated discovery, attribution, analysis and risk
assessment
▸ Social connectivity graphs, Machine-Learning, automatic
malware reverse-engineering
60. CONCLUSIONS
ANALYTICS TRENDS
▸ Creation of “Social graphs” by crawling social networks
and intercepting mail traffic
▸ Creation of “Social graphs” by analysing voice patterns
and writing patterns regardless of from where they
originate
▸ Combining social graphs and analyse sentiment
▸ (Radicalisation between actors)
61. NEXT GENERATION
PRODUCTISING
▸ Anomaly detection
▸ Machine learning (SparkML2.0 just released)
▸ Graph processing (All of Facebook is stored in 1 GraphDB)
▸ Scale dynamically - provision servers and services along
with the processing need
▸ Scale locally or in the cloud - based on data sensitivity
62. NEXT GENERATION
ENRICHMENT
▸ Enriching data is possible today but sees relatively slow
adoption in security
▸ STIX/TAXII/Cybox/Yara and other standards provide an
ontology for attacks, actors, motives
▸ The SIEM of tomorrow will evaluate every event against
internal and external threat intelligence sources
▸ The SIEM of tomorrow will forward-integrate with whatever
“flavor of the month” point-solution implemented
64. CONCLUSIONS
TRANSITIONS
▸ The threat-landscape is changing
▸ The efficiency of technical controls declines in comparison to
the economy of the attacker
▸ We have to level the playing field by understanding our
weaknesses
▸ Ensure we have security analytics in place
▸ Ensure we have the insights and capacities to deal with it our
selves or move it to a third party (responsibility not included)
65. CONCLUSIONS
TECHNOLOGY TRENDS
▸ We move to larger platforms
▸ Built with the tools developed at Twitter, LinkedIN and
Facebook
▸ Queries, SQL and pre-processed data does not scale
▸ Imagine an out-sourced SOC with an installed capacity for
the 20 of the Top2000 companies in Europe -
▸ Milions and Milions of events every second (EPS)
66. ANALYTICS
WRAP UP
▸ We have the technology now
▸ We have the math
▸ And we are starting to understand
the threats and playing field
▸ The vendors just have to wrap
everything together
▸ Few, if any, organisations have the
capacity to write algorithms