Otx introduction sw

•Download as PPTX, PDF•

1 like•1,200 views

This is an introduction to AlienVault’s Open Threat Exchange (OTX), an open threat information sharing and analysis network, created to put effective security measures within the reach of all organizations. Unlike invitation-only threat sharing networks, OTX provides real-time, actionable information to all who want to participate.

WHAT IS OTX?
An open information sharing and
analysis network
Provides access to real-time,
detailed information about threats
and incidents around the world
Enables security professionals to
share threat data and benefit from
data shared by others
At the heart of OTX is the world’s
largest, crowd-sourced repository
for threat data.

SCORING AND ANALYSIS
 Confirmation by other
sources
 Voting based on known
abuse patterns
 White-listing known sources
of false positives

THE THREAT LANDSCAPE
CHANGES
• IPs Change
IPs may be rebound to a different server, owner
• Threats Get Remediated
In the case of compromised/slaved servers, system
owners may remediate threat
• Threats Naturally Expire
Campaigns and targeted attacks end per orchestrator’s
plans

DATA EXPIRY
 Contributed Data: expires
after 30 days
 Scanning: expires after 30
days without additional
evidence
 Malware: validate ongoing
hosting
 Web-based Threats:
confirm ongoing activity

DATA PRIVACY IN OTX
122.225.118.219 # Scanning Host
CN,Hangzhou,30.2936000824,120.161399841
122.225.118.66 # Scanning Host
CN,Hangzhou,30.2936000824,120.161399841
188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0
211.87.176.197 # Scanning Host CN,,35.0,105.0
95.163.107.201 # Spamming RU,,60.0,100.0
188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0
72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,-
111.890602112
174.120.172.125 # Malware IP US,Houston,29.7523002625,-
95.3669967651
210.148.165.67 # Malware IP JP,,36.0,138.0
75.75.253.84 # Spamming US,Henderson,36.0312004089,-
115.073898315
What OTX Collects
• External IPs connecting
to system
• Traffic Patterns (Timestamps)
What OTX Does NOT Collect
• System data
• System information
• Internal IP traffic
• Any personally identifiable
information
OTX API Example

What's hot

Alienvault threat alerts in spiceworks

AlienVault

Demonstrating compliance with PCI DSS is far from a trivial exercise. Those 12 requirements often translate into a lot of manual and labor-intensive tasks, along with the need to access data and reports from many different systems and tools. Join us for this technical demo to learn how AlienVault can simplify PCI DSS compliance and improve your overall security posture. We'll cover: Common PCI DSS compliance challenges Questions to ask as you plan and prepare Core capabilities needed to demonstrate compliance How AlienVault Unified Security Management simplifies compliance and threat detection Core capabilities needed to demonstrate compliance How to simplify compliance with a unified approach to security

How to Simplify PCI DSS Compliance with AlienVault USM

AlienVault

Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar

How to Solve Your Top IT Security Reporting Challenges with AlienVault

AlienVault

At the heart of SIEM is ability to correlate events from one or many sources into actionable alarms based on your security policies. AlienVault USM provides over 2100 correlation directives developed by the AlienVault Labs team, plus the ability to create your own custom rules. Join us for this customer training session covering how to: Ensure you are using the latest and greatest built-in correlation directives from AlienVault Labs Write your own correlation directives based on events from one or more sources Turn correlation information into actionable alarms Use correlations to enforce your security policies

Improve Security Visibility with AlienVault USM Correlation Directives

AlienVault

Malware detection how to spot infections early with alien vault usm

AlienVault

Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges. The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure. In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs. The presentation encompasses: • An overview of the CIS Critical Security Controls, including ongoing updates • Success patterns organizations have demonstrated for using the controls to their advantage • How an automation can reduce the staffing load to determine whether controls are in place and effective • How to prioritize remediation efforts • Real-world examples of recent attacks that leveraged misconfigured systems Watch the on-demand webcast: https://goo.gl/j6Posx

Automating Critical Security Controls for Threat Remediation and Compliance

Qualys

There's always a need to stop bad stuff from coming in, but it's important to remember that those inside the firewall can pose an even bigger risk to your network security. Whether its unsuspecting users clicking on phishing e-mails, someone running bit torrent in your datacenter, or a truly malicious user out to sabotage the network, insider threats can really keep you up at night. Join us for this technical demo showing how USM can help you detect: Malware infections on end-user machines Insiders misusing network resources Privileged users engaging in suspicious behaviors

Insider Threats: How to Spot Trouble Quickly with AlienVault USM

AlienVault

They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly. You'll learn: How these attacks work and what you can do to protect your network What data you need to collect to identify the warning signs of an attack How to identify impacted assets so you can quickly limit the damage How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence

How to Detect SQL Injections & XSS Attacks with AlienVault USM

AlienVault

Beginner's Guide to SIEM

AlienVault

Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard. Review this presentation to learn: - Common audit compliance failures - A pre-audit checklist to help you plan and prepare - Core security capabilities needed to demonstrate compliance - How to simplify compliance with a unified approach to security

How to Simplify Audit Compliance with Unified Security Management

AlienVault

The CIS Critical Security Controls the International Standard for Defense

EnclaveSecurity

Configuring Data Sources in AlienVault

AlienVault

Creating Correlation Rules in AlienVault

AlienVault

Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series. In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications. You will learn how Qualys Cloud Platform allows you to: • Have all of your data analyzed in real time • Respond to threats immediately • See the results in one place, in just seconds • Protect your digital transformation efforts Watch the on-demand recording: https://goo.gl/gC7jZR

Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...

Qualys

20 Security Controls for the Cloud

NetStandard

The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and targeted attacks?”

Effective Cyber Defense Using CIS Critical Security Controls

BSides Delhi

When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...

Cam Fulton

In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including: -Asset Discovery - creating an inventory of running instances -Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks -Change Management - detect changes in your AWS environment and insecure network access control configurations -S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance -CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior -Windows Event Monitoring - Analyze system level behavior to detect advanced threats With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook. We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.

AWS Security Best Practices for Effective Threat Detection & Response

AlienVault

The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible. During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments. Understand how: • To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment • To track remediation progress as you patch against Spectre and Meltdown • The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress Watch the on-demand webcast: https://goo.gl/6FQ6uJ

Avoid Meltdown from the Spectre - How to measure impact and track remediation

Qualys

With a focus on simplifying asset management, OSSIM v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need. Join us for this user training to learn how to get the most out of these new enhancements: Assign custom labels for assets, groups and networks Search, filter and group assets by OS, IP address, device type, custom labels and more Run vulnerability and asset scans on custom asset groups with one click Filter by asset groups in alarms, security events and raw logs Update configuration, sensor assignment, asset value and more on multiple assets and groups of assets at once ...and more!

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

AlienVault

What's hot (20)

Alienvault threat alerts in spiceworks

How to Simplify PCI DSS Compliance with AlienVault USM

How to Solve Your Top IT Security Reporting Challenges with AlienVault

Improve Security Visibility with AlienVault USM Correlation Directives

Malware detection how to spot infections early with alien vault usm

Automating Critical Security Controls for Threat Remediation and Compliance

Insider Threats: How to Spot Trouble Quickly with AlienVault USM

How to Detect SQL Injections & XSS Attacks with AlienVault USM

Beginner's Guide to SIEM

How to Simplify Audit Compliance with Unified Security Management

The CIS Critical Security Controls the International Standard for Defense

Configuring Data Sources in AlienVault

Creating Correlation Rules in AlienVault

Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...

20 Security Controls for the Cloud

Effective Cyber Defense Using CIS Critical Security Controls

When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...

AWS Security Best Practices for Effective Threat Detection & Response

Avoid Meltdown from the Spectre - How to measure impact and track remediation

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

Viewers also liked

This talk will include an overview and demo of the Open Threat Exchange (OTX) and describe some of its information sources, including anonymous sharing from Open Source Security Information Management (OSSIM.) Jaime will share some of his experiences using OTX as a security researcher. He will also provide his thoughts on how OWASP members can benefit from security research and threat intelligence to "build in" security rather than constantly reacting.

Crowd-Sourced Threat Intelligence

AlienVault

Jovenes en el mundo digital

Rene Cotto Strems

Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry. The AlienVault Open Threat Exchange is different. It is one of the first (and most diverse) threat sharing networks, open to any and all who wish to join. And, free services like new ThreatFinder help make the threat data in OTX available and actionable by all. Join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use OTX to improve network security. Russ & Tom will cover: How threat intelligence is gathered and vetted in the Open Threat Exchange How to use the threat data provided by OTX free services Examples of the types of threats you can identify with OTX Best practices to investigate and mitigate threats, including a quick tour of AlienVault USM

How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks

AlienVault

More information on this webcast: http://ow.ly/IyNdF Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way. You'll learn: How attackers exploit vulnerabilities to take control of systems What they do next to find & exfiltrate valuable data How to catch them before the damage is done with AlienVault USM Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.

How to Detect System Compromise & Data Exfiltration with AlienVault USM

AlienVault

Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack. You'll learn: How attackers can use brute force attacks to gain access to your network Measures you can take to better secure your environment and prevent these attacks How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down How to use AlienVault USM to investigate an attack and identify compromised assets

AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...

AlienVault

AlienVault Threat Alerts in Spiceworks

AlienVault

Worldwide User Group & Summit 2016 Highlights | Final day

WeDo Technologies

As security teams today become more focused on improving their detection and response capabilities, they're having to revisit technologies they rely on, as well as how they're using those technologies to combat threats and improve security posture. Few technologies have played a bigger role in detection and response than intrusion detection and prevention systems. Today these tools are considered "must have" controls for security and compliance, but are we using them effectively? Are we getting the right alerts, and looking for the right events and patterns in network traffic? How can we more effectively correlate data from IDS and IPS with other information and build a better security capability based on internal and external threat intelligence? In this webcast, we'll revisit the IDS and its evolution as a mainstay technology in our security arsenal. We'll also look at where teams are taking these tools using more effective processes and technology to improve detection and response significantly.

The Evolution of IDS: Why Context is Key

AlienVault

By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage. Don’t fall victim to ransomware! AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack. You'll learn: How AlienVault USM detects communications with the command and control server How the behavior is correlated with other signs of trouble to alert you of the threat Immediate steps you need to take to stop the threat and limit the damage

Demo how to detect ransomware with alien vault usm_gg

AlienVault

The Attackers Advantage

Shiv Shivakumar

AlienVault MSSP Overview - A Different Approach to Security for MSSP's

AlienVault

How real-time network sleuthing can help you lock down IT. Everyone in IT knows that security is a big deal, but did you know that SIEM (security information and event management) can help protect your network from data breaches, even when traditional defenses fail? If SIEM a mystery to you, lets grab Colonel Mustard, the candlestick and head to the library because this mystery is about to be solved. We'll be giving out more than just clues in this webinar: you'll discover explanations of security concepts, tools, tips and tricks as we unravel the mystery of how to better protect your network. Bring your magnifying glass, because you’ll also learn about event correlation, EPS, normalization and other things that will surely impress your friends. Sign up now to learn from our chief gumshoe and noted SIEM Enthusiast Joe Schreiber. He’ll explain the reasons that SIEM exists, how it works, and most importantly - what you can do with it. IT WAS MR. BODDY ALL ALONG!!!

SIEM 101: Get a Clue About IT Security Analysis

AlienVault

Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly. You'll learn everything you need to know about: * Critical information stored in your logs and how to leverage it for better security *Requirements to effectively perform log collection, log management, and log correlation *How to integrate multiple data sources *What features to look for in a SIEM solution

SIEM for Beginners: Everything You Wanted to Know About Log Management but We...

AlienVault

Viewers also liked (13)

Crowd-Sourced Threat Intelligence

Jovenes en el mundo digital

How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks

How to Detect System Compromise & Data Exfiltration with AlienVault USM

AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...

AlienVault Threat Alerts in Spiceworks

Worldwide User Group & Summit 2016 Highlights | Final day

The Evolution of IDS: Why Context is Key

Demo how to detect ransomware with alien vault usm_gg

The Attackers Advantage

AlienVault MSSP Overview - A Different Approach to Security for MSSP's

SIEM 101: Get a Clue About IT Security Analysis

SIEM for Beginners: Everything You Wanted to Know About Log Management but We...

Similar to Otx introduction sw

The Lazy Attacker: Defending Against Broad-based Cyber Attacks

AlienVault

We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary. Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves. Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks. During this webinar you will learn about: The current challenges cybersecurity professionals are facing today How big data technologies are extending the capabilities of cybersecurity applications Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system

Preparing for the Cybersecurity Renaissance

Cloudera, Inc.

SplunkLive Auckland 2015 - Splunk for Security

Splunk

Splunk for Security

Gabrielle Knowles

SplunkLive Wellington 2015 - Splunk for Security

Splunk

Spice world 2014 hacker smackdown

AlienVault

Cryptographic protocols are widely applied to many application to enjoy security, privacy, authenticity and other features. Such protocols and cryptographic techniques are often composed to try to realize complicated features like a LEGO. It seems a good way to achieve many new security and privacy goals. However, the security of combination of cryptographic techniques cannot be thought is LEGO. This keynote talk at IWSEC 2015 explains how we are tackling with this issues for long years and how this problem is essential for future applications like blockchain. This talk was provided on August 26, 2015.

Cryptographic Protocol is and isn't like LEGO.

Shin'ichiro Matsuo

As an IT security pro, unless you've been hiding under a rock, you've heard about ransomware threats like Cryptolocker. These threats are typically delivered via an e-mail with a malicious attachment, or by directing a user to a malicious website. Once the Cryptolocker file executes and connects to the command and control server, it begins to encrypt files and demands payment to unlock them. As a result, detecting infection quickly is key to limiting the damage. AlienVault USM uses several built-in security controls working in unison to detect ransomware like Cryptolocker, usually as soon as it attempts to connect to the command and control server. Join us for a live demo showing how AlienVault USM detects these threats quickly, saving you valuable time in limiting the damage from the attack. You'll learn: How AlienVault USM detects communications with the command and control server How the behavior is correlated with other signs of trouble to alert you of the threat Immediate steps you need to take to stop the threat and limit the damage

How to Detect a Cryptolocker Infection with AlienVault USM

AlienVault

Port of seattle security presentation david morris

Emily2014

How to protect your corporate from advanced attacks

Microsoft

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...

Cloudera, Inc.

Weaponizing Intelligence: Interdiction in Today’s Threat Landscape

Priyanka Aash

Discovery of Compromised Machines

Anton Chuvakin

Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks. By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network. In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.

Using NetFlow to Streamline Security Analysis and Response to Cyber Threats

Emulex Corporation

ciso-platform-annual-summit-2013-Hp enterprise security overview

Priyanka Aash

NetWitness

TechBiz Forense Digital

MITRE_ATTACK_Enterprise_11x17.pdf

AisyiFree

Honeypots for Cloud Providers - SDN World Congress

Vallie Joseph

Open Cybersecurity Alliance Briefing at RSAC 2020

Carol Geyer

Sophisticated ransomware attacks on healthcare organizations by ruthless cybercriminals are on the rise. Savvy HIT leaders are taking immediate action to protect their IT systems and data. During this webinar you’ll gain insight into the 5 most important precautions that healthcare providers should take and what steps should be followed in event your system is compromised to minimize the impact on patient care and restore your systems as quickly as possible. In this presentation you’ll learn: - 5 most important ways to protect your organizations from a ransomware attack - What steps to take in the event your system is compromised by a ransomware attack Link to On-Demand Webinar: https://www.cleardata.com/knowledge-hub/5-ways-to-protect-your-healthcare-organization-from-a-ransomware-attack/

5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...

ClearDATACloud

Similar to Otx introduction sw (20)

The Lazy Attacker: Defending Against Broad-based Cyber Attacks

Preparing for the Cybersecurity Renaissance

SplunkLive Auckland 2015 - Splunk for Security

Splunk for Security

SplunkLive Wellington 2015 - Splunk for Security

Spice world 2014 hacker smackdown

Cryptographic Protocol is and isn't like LEGO.

How to Detect a Cryptolocker Infection with AlienVault USM

Port of seattle security presentation david morris

How to protect your corporate from advanced attacks

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...

Weaponizing Intelligence: Interdiction in Today’s Threat Landscape

Discovery of Compromised Machines

Using NetFlow to Streamline Security Analysis and Response to Cyber Threats

ciso-platform-annual-summit-2013-Hp enterprise security overview

NetWitness

MITRE_ATTACK_Enterprise_11x17.pdf

Honeypots for Cloud Providers - SDN World Congress

Open Cybersecurity Alliance Briefing at RSAC 2020

5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...

More from AlienVault

Malware Invaders - Is Your OS at Risk?

AlienVault

Insider Threat Detection Recommendations

AlienVault

Security operations center 5 security controls

AlienVault

Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization. AlienVault PCI DSS Compliance: https://www.alienvault.com/solutions/pci-dss-compliance Have a question? Ask it in our forum: http://forums.alienvault.com More videos: http://www.youtube.com/user/alienvaulttv AlienVault Blogs: http://www.alienvault.com/blogs AlienVault: http://www.alienvault.com

PCI DSS Implementation: A Five Step Guide

AlienVault

Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including: Analyzing system behavior and configuration status to track user access and activity Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes Correlating HIDS data with known IP reputation, vulnerability scans and more Logging and reporting for PCI compliance

Improve threat detection with hids and alien vault usm

AlienVault

Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. The results of the 2015 SANS Incident Response Survey provides a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling. Some key challenges reported by responders to the survey were: 66% cited a skills shortage as being an impediment to effective IR: 54% cited budgetary shortages for tools and technology 45% noted lack of visibility into system or domain events 41% noted a lack of procedural reviews and practice 37% have trouble distinguishing malicious events from nonevents Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice. Visit http://ow.ly/R3Cr0

The State of Incident Response - INFOGRAPHIC

AlienVault

AlienVault Unified Security Management™ (USM) integrates SIEM/event correlation with built-in tools for intrusion detection, asset discovery, vulnerability assessment and behavioral monitoring to give you a unified, real-time view of threats in your environment. NEW v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need, starting on Day 1. Join us for a live demo to see how new USM v5.0 makes it easier than ever to accomplish these key tasks: Discover all IP-enabled assets on your network Identify vulnerabilities like unpatched software or insecure configurations Detect network scans and malware like botnets, trojans & rootkits Speed incident response with built-in remediation guidance for every alert Generate accurate compliance reports for PCI DSS, HIPAA and more

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

AlienVault

Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation. Join us for this customer training webcast where our OSSIM experts will walk through: How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities

Best Practices for Configuring Your OSSIM Installation

AlienVault

Over the last several years, we have seen that attackers are innovating much faster than defenders are. This trend is steering many companies to look towards cyber threat intelligence (CTI) to help them navigate today’s threatening landscape. SANS conducted a survey this year to explore who is using cyber threat intelligence and how they are using it. The survey collected responses from 326 IT professionals working in a variety of industries, in all sizes and from many different regions. 69% of the respondents reported implementing CTI to some extent, with only 16% planning not to pursue CTI in their environments. Which side of this percentage do you fall into? The infographic below provides some of the key questions to ask when getting started with threat intelligence, along with data from the SANS survey to show you how others are using threat intelligence.

Alien vault sans cyber threat intelligence

AlienVault

Security by Collaboration: Rethinking Red Teams versus Blue Teams

AlienVault

Despite significant investments in the latest preventative security technologies, organizations continue to suffer devastating security breaches. And, attacks are not limited to just the big companies, smaller organizations are facing the same threats. If even the largest companies are struggling to avoid breaches, how can smaller teams with more limited security staff and budgets hope to avoid that same fate? Join Fran Howarth of Bloor Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering: Developments in the threat landscape driving a shift from preventative to detective controls Essential security controls needed to defend against modern threats Fundamentals for evaluating a security approach that will work for you How a unified approach to security visibility can improve threat detection

Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”

AlienVault

More from AlienVault (11)

Malware Invaders - Is Your OS at Risk?

Insider Threat Detection Recommendations

Security operations center 5 security controls

PCI DSS Implementation: A Five Step Guide

Improve threat detection with hids and alien vault usm

The State of Incident Response - INFOGRAPHIC

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

Best Practices for Configuring Your OSSIM Installation

Alien vault sans cyber threat intelligence

Security by Collaboration: Rethinking Red Teams versus Blue Teams

Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”

Otx introduction sw

1. INTRODUCTION TO OPEN THREAT EXCHANGE

2. WHAT IS OTX? An open information sharing and analysis network Provides access to real-time, detailed information about threats and incidents around the world Enables security professionals to share threat data and benefit from data shared by others At the heart of OTX is the world’s largest, crowd-sourced repository for threat data.

3. OTX + ALIENVAULT LABS

4. SCORING AND ANALYSIS  Confirmation by other sources  Voting based on known abuse patterns  White-listing known sources of false positives

5. THE THREAT LANDSCAPE CHANGES • IPs Change IPs may be rebound to a different server, owner • Threats Get Remediated In the case of compromised/slaved servers, system owners may remediate threat • Threats Naturally Expire Campaigns and targeted attacks end per orchestrator’s plans

6. DATA EXPIRY  Contributed Data: expires after 30 days  Scanning: expires after 30 days without additional evidence  Malware: validate ongoing hosting  Web-based Threats: confirm ongoing activity

7. DATA PRIVACY IN OTX 122.225.118.219 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 122.225.118.66 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0 211.87.176.197 # Scanning Host CN,,35.0,105.0 95.163.107.201 # Spamming RU,,60.0,100.0 188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0 72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,- 111.890602112 174.120.172.125 # Malware IP US,Houston,29.7523002625,- 95.3669967651 210.148.165.67 # Malware IP JP,,36.0,138.0 75.75.253.84 # Spamming US,Henderson,36.0312004089,- 115.073898315 What OTX Collects • External IPs connecting to system • Traffic Patterns (Timestamps) What OTX Does NOT Collect • System data • System information • Internal IP traffic • Any personally identifiable information OTX API Example

Otx introduction sw

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to Otx introduction sw

Similar to Otx introduction sw (20)

More from AlienVault

More from AlienVault (11)

Otx introduction sw