SlideShare a Scribd company logo

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Rapid7
Rapid7

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence. To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp

TechnologyBusiness
1 of 27
Download to read offline
Rapid7 & LogRythym Webcast: Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Dana Wolf Director of Products, Rapid7 Presenters 2 Seth Goldhammer Director of Product Management, LogRhythym
Speed With Control Dana Wolf, Director of Products
Meaningful progress in security? 4
5 Challenges to Forward Progress
Lack of relevant, right-time information 6
Lack of decision-making framework 7
Hard to get others to take action or change 8 IT Guy You mean patch ADOBE? Fix CVE 456?
Under resourced and over stretched 9
10
Visibility through the chaos 11
The Rapid7 Solution: Speed with Control for You 12 Brain-dead Simple Remediation Time-Saving Automation
Rapid7’s Solution: Security Programs 13 Decision Making Frameworks (Real Risk, Policy & Compliance) Offensive Security Infrastructure Fingerprinting Applications Configuration, Vulnerability Content Remediation Guidance Security Program TrendingSecurity Testing Business Context SecurityPrograms Threat & Exploit Information
Rapid7 & LogRhythm Joint solutions Efficiency & Right-Time information in Monitoring 14
Rapid7 focused on assessing the risk in your organization based on state of the environment LogRhythm focused on monitoring activities in real-time Content from Rapid7’s portfolio adds context to LogRhythm’s monitoring analytics • OS, Vulnerability, Services, Applications, etc. • Exploits, Malware kits, etc. Assessment & Monitoring 15
Let Us Get You Started 16
Get Real-Time Cyber Threat Protection with Risk Management and SIEM LogRhythm Rapid7
2012 Verizon Breach Report – Key Stats • The number of compromised records across these incidents skyrocketed • “We will likely continue to see the perpetrators utilize such vulnerabilities as the path of least resistance to gain unauthorized entry” • “92% of incidents were discovered by a third party” (Up 6% from previous year) • “Monitor and mine event logs” critical for large organizations • “Anomaly detection is active in the conversation and growing in importance.”
ent.heisler COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 Logon ID: (0x0,0x9BDC1AFD) Logon Type: 3 Logon Process: GUID: {0e9506c5-1c90-769c-d69f-933db4f52454} Caller User Name: - Caller Source Network Address: - Source Port: ryce.griswold COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 OX Logon ID: (0x0,0x9BDC1B32) Logon Type: 3 Logon Process: 08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC=Sec cessful Network Logon: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BDC86 eros Authentication Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff948b - Caller - Caller Process ID: - Transited Services: - Source Network Address: - 11 9:08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC= Successful Network Logon: ame: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BD Kerberos Authentication e: Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff9 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110 100100100100100110010101001110 Compromised Credentials Suspicious Privileged User Activity Reconnaissance Followed by Attack Critical Service Failed Brute Force Attack Malicious Content Observed Unauthorized Network Connection Opened Zero Day Exploit Detected Host Compromised Medical Records Breached Credit Card Data TransferredUnauthorized Access of ePHI
Understanding ‘Normal’ User Identity Access Privilege External Context Threat Intelligence IP Reputation GeoLocation Application Access Transactions Error Behavior Host Process Access File Activity Resources Internal Context Business Value Asset Classification Risk Rating Vulnerability Network Connection Direction Content Volume Manual discovery of what’s normal network activity is impractical due to the sheer volume of data across multiple types of dimensions. An unmanageable volume of false positives based on benign anomalies Significant blind spots / false negatives Need an automated technology to learn behavioral attributes across multiple dimensions Normal
What is multi-dimensional? • Multiple dimensions of behavior can be observed • Multiple techniques through which behavior can be modeled • Multiple behaviors can be modeled in a single rule Why is this important • We can align the behavior we want to model with the ideal analysis technique. • We can reduce false positives by identifying multiple behavioral changes indicating a highly corroborated event. • We enable customers to see behavioral changes they’ve been blind to, enabling the detection of a new class of events. Multi-Dimensional Behavioral Analytics(MDBA)
Log Manager Log Manager LogRhythm Components Network and Security Devices Routers Switches Next Gen Firewalls IDS/IPS VPN Flow Hosts and Applications Operating System Applications Databases Others Vulnerability Data Physical Card Access Point of Sale Etc. Log Managers LogRhythm System Monitor File Integrity Monitoring File Activity Monitoring Database Activity Monitoring Process Monitoring Network Connection Monitoring Event Manager Events Advanced Intelligence Engine All Log, Flow and Event Data Events Intelligence Alerts SmartResponse™ • In memory processing of all log and flow data • Correlation, pattern recognition, and behavioral analysis • No blind spots – accurate recognition of compromised accounts and hosts, fraud, misuse, data exfiltration, etc Reports Real-Time Big Data Security Analysis
1. Vulnerability data collected from Rapid7 Nexpose and Metasploit products 2. For every message, LogRhythm: • Collects • Classifies • GeoTags • Recognizes Events • Assigns Risk Prioritization • Stores log and event data for long term retention • Applies behavioral analysis techniques • Performs correlation across data sources 3. Triggers SmartResponse actions when applicable Integration Use Cases: • Security Risk Assessment • Sophisticated Intrusions • Zero Day Confirmation • Compliance Violations
Quick Investigations and Forensics • Invaluable insight into internal behavior, potential risks and imminent threats • Quick root cause analysis; Identify sources of attacks • Recognize breach scope • Appropriate presentation for key stake holders
Knowledge Experts in:  Advanced threat detection & response  Industry and governmental regulations  Compliance automation and assurance  Log and event taxonomies and normalization  Advanced correlation and rules development  Incident response Providing Out-of-the-Box & Continuously Updated Embedded Expertise  Layouts designed to present the right information to the right people at the right time  Executive Views  Compliance-specific Dashboards  Role-based Analyst Screens  Pre-defined forensic investigations accelerate root cause analysis and impact discovery  Comprehensive library of ready-to-use analytic rule sets & alarms enables immediate use for the detection of threats, breaches and compliance violations  SmartResponse™ plug-ins accelerate response and reduce the impact of actionable events
Example Use Cases Prioritizing Attack Data Identify Zero Day Attacks Quick Remediation Identifies vulnerability state of host Correlates IDS and Malware to detected vulnerabilities Alert on attacks to known vulnerabilities Recognizes susceptible attacks Scans for attack behavior pattern Alert on matches for attempted attacks Maintains library of custom, accurate remediation steps Identifies highly suspicious series of anomalies Triggers immediate scan with associated, specific remediation steps
Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Recommended

Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Akamai waf
Akamai wafAkamai waf
Akamai waf
Aysegul Ekinci
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 

Recommended

Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Scott Hurrey
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault
 
Akamai waf
Akamai wafAkamai waf
Akamai waf
Aysegul Ekinci
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
Dragos, Inc.
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment ReportHarshit Singh Bhatia
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
Rahul Khengare
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for ProtectionOpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
Rapid7
 
How to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's EffectivenessHow to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's Effectiveness
Rapid7
 

More Related Content

What's hot

Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
Dragos, Inc.
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
Rahul Khengare
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 

What's hot (20)

Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 

Viewers also liked

OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for ProtectionOpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
Rapid7
 
How to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's EffectivenessHow to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's Effectiveness
Rapid7
 
How to Sell Security to Your CIO
How to Sell Security to Your CIOHow to Sell Security to Your CIO
How to Sell Security to Your CIO
Rapid7
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
 
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD MethodologyPenetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
Rapid7
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
Rapid7
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
Symantec
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
Jorge Sebastiao
 

Viewers also liked (9)

OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for ProtectionOpenSSL Heartbleed Vulnerability Explained & Tips for Protection
OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
 
How to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's EffectivenessHow to Manage Your Security Control's Effectiveness
How to Manage Your Security Control's Effectiveness
 
How to Sell Security to Your CIO
How to Sell Security to Your CIOHow to Sell Security to Your CIO
How to Sell Security to Your CIO
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD MethodologyPenetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 

Similar to Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
Splunk
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
Splunk
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
Novetta
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
TechBiz Forense Digital
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
Couronne1
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
Giuliano Tavaroli
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
Minh Le
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
 

Similar to Get Real-Time Cyber Threat Protection with Risk Management and SIEM (20)

Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Deepika_Resume
Deepika_ResumeDeepika_Resume
Deepika_Resume
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 

More from Rapid7

[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
Rapid7
 
Life's a Breach: Yahoo Gets Burned by SQL Injection
Life's a Breach: Yahoo Gets Burned by SQL InjectionLife's a Breach: Yahoo Gets Burned by SQL Injection
Life's a Breach: Yahoo Gets Burned by SQL Injection
Rapid7
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government Sector
Rapid7
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7
 
Rapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7 CAG Compliance Guide
Rapid7 CAG Compliance Guide
Rapid7
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
Rapid7
 
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Rapid7
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher Education
Rapid7
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
Rapid7
 
The Dynamic Nature of Virtualization Security
The Dynamic Nature of Virtualization SecurityThe Dynamic Nature of Virtualization Security
The Dynamic Nature of Virtualization Security
Rapid7
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
Rapid7
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
Rapid7
 

More from Rapid7 (13)

[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
 
Life's a Breach: Yahoo Gets Burned by SQL Injection
Life's a Breach: Yahoo Gets Burned by SQL InjectionLife's a Breach: Yahoo Gets Burned by SQL Injection
Life's a Breach: Yahoo Gets Burned by SQL Injection
 
Rapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government SectorRapid7 Report: Data Breaches in the Government Sector
Rapid7 Report: Data Breaches in the Government Sector
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
 
Rapid7 CAG Compliance Guide
Rapid7 CAG Compliance GuideRapid7 CAG Compliance Guide
Rapid7 CAG Compliance Guide
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
 
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher Education
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
 
The Dynamic Nature of Virtualization Security
The Dynamic Nature of Virtualization SecurityThe Dynamic Nature of Virtualization Security
The Dynamic Nature of Virtualization Security
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

  • 1. Rapid7 & LogRythym Webcast: Get Real-Time Cyber Threat Protection with Risk Management and SIEM
  • 2. Dana Wolf Director of Products, Rapid7 Presenters 2 Seth Goldhammer Director of Product Management, LogRhythym
  • 3. Speed With Control Dana Wolf, Director of Products
  • 6. Lack of relevant, right-time information 6
  • 8. Hard to get others to take action or change 8 IT Guy You mean patch ADOBE? Fix CVE 456?
  • 9. Under resourced and over stretched 9
  • 10. 10
  • 12. The Rapid7 Solution: Speed with Control for You 12 Brain-dead Simple Remediation Time-Saving Automation
  • 13. Rapid7’s Solution: Security Programs 13 Decision Making Frameworks (Real Risk, Policy & Compliance) Offensive Security Infrastructure Fingerprinting Applications Configuration, Vulnerability Content Remediation Guidance Security Program TrendingSecurity Testing Business Context SecurityPrograms Threat & Exploit Information
  • 14. Rapid7 & LogRhythm Joint solutions Efficiency & Right-Time information in Monitoring 14
  • 15. Rapid7 focused on assessing the risk in your organization based on state of the environment LogRhythm focused on monitoring activities in real-time Content from Rapid7’s portfolio adds context to LogRhythm’s monitoring analytics • OS, Vulnerability, Services, Applications, etc. • Exploits, Malware kits, etc. Assessment & Monitoring 15
  • 16. Let Us Get You Started 16
  • 17. Get Real-Time Cyber Threat Protection with Risk Management and SIEM LogRhythm Rapid7
  • 18. 2012 Verizon Breach Report – Key Stats • The number of compromised records across these incidents skyrocketed • “We will likely continue to see the perpetrators utilize such vulnerabilities as the path of least resistance to gain unauthorized entry” • “92% of incidents were discovered by a third party” (Up 6% from previous year) • “Monitor and mine event logs” critical for large organizations • “Anomaly detection is active in the conversation and growing in importance.”
  • 19. ent.heisler COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 Logon ID: (0x0,0x9BDC1AFD) Logon Type: 3 Logon Process: GUID: {0e9506c5-1c90-769c-d69f-933db4f52454} Caller User Name: - Caller Source Network Address: - Source Port: ryce.griswold COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 OX Logon ID: (0x0,0x9BDC1B32) Logon Type: 3 Logon Process: 08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC=Sec cessful Network Logon: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BDC86 eros Authentication Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff948b - Caller - Caller Process ID: - Transited Services: - Source Network Address: - 11 9:08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC= Successful Network Logon: ame: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BD Kerberos Authentication e: Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff9 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110 100100100100100110010101001110 Compromised Credentials Suspicious Privileged User Activity Reconnaissance Followed by Attack Critical Service Failed Brute Force Attack Malicious Content Observed Unauthorized Network Connection Opened Zero Day Exploit Detected Host Compromised Medical Records Breached Credit Card Data TransferredUnauthorized Access of ePHI
  • 20. Understanding ‘Normal’ User Identity Access Privilege External Context Threat Intelligence IP Reputation GeoLocation Application Access Transactions Error Behavior Host Process Access File Activity Resources Internal Context Business Value Asset Classification Risk Rating Vulnerability Network Connection Direction Content Volume Manual discovery of what’s normal network activity is impractical due to the sheer volume of data across multiple types of dimensions. An unmanageable volume of false positives based on benign anomalies Significant blind spots / false negatives Need an automated technology to learn behavioral attributes across multiple dimensions Normal
  • 21. What is multi-dimensional? • Multiple dimensions of behavior can be observed • Multiple techniques through which behavior can be modeled • Multiple behaviors can be modeled in a single rule Why is this important • We can align the behavior we want to model with the ideal analysis technique. • We can reduce false positives by identifying multiple behavioral changes indicating a highly corroborated event. • We enable customers to see behavioral changes they’ve been blind to, enabling the detection of a new class of events. Multi-Dimensional Behavioral Analytics(MDBA)
  • 22. Log Manager Log Manager LogRhythm Components Network and Security Devices Routers Switches Next Gen Firewalls IDS/IPS VPN Flow Hosts and Applications Operating System Applications Databases Others Vulnerability Data Physical Card Access Point of Sale Etc. Log Managers LogRhythm System Monitor File Integrity Monitoring File Activity Monitoring Database Activity Monitoring Process Monitoring Network Connection Monitoring Event Manager Events Advanced Intelligence Engine All Log, Flow and Event Data Events Intelligence Alerts SmartResponse™ • In memory processing of all log and flow data • Correlation, pattern recognition, and behavioral analysis • No blind spots – accurate recognition of compromised accounts and hosts, fraud, misuse, data exfiltration, etc Reports Real-Time Big Data Security Analysis
  • 23. 1. Vulnerability data collected from Rapid7 Nexpose and Metasploit products 2. For every message, LogRhythm: • Collects • Classifies • GeoTags • Recognizes Events • Assigns Risk Prioritization • Stores log and event data for long term retention • Applies behavioral analysis techniques • Performs correlation across data sources 3. Triggers SmartResponse actions when applicable Integration Use Cases: • Security Risk Assessment • Sophisticated Intrusions • Zero Day Confirmation • Compliance Violations
  • 24. Quick Investigations and Forensics • Invaluable insight into internal behavior, potential risks and imminent threats • Quick root cause analysis; Identify sources of attacks • Recognize breach scope • Appropriate presentation for key stake holders
  • 25. Knowledge Experts in:  Advanced threat detection & response  Industry and governmental regulations  Compliance automation and assurance  Log and event taxonomies and normalization  Advanced correlation and rules development  Incident response Providing Out-of-the-Box & Continuously Updated Embedded Expertise  Layouts designed to present the right information to the right people at the right time  Executive Views  Compliance-specific Dashboards  Role-based Analyst Screens  Pre-defined forensic investigations accelerate root cause analysis and impact discovery  Comprehensive library of ready-to-use analytic rule sets & alarms enables immediate use for the detection of threats, breaches and compliance violations  SmartResponse™ plug-ins accelerate response and reduce the impact of actionable events
  • 26. Example Use Cases Prioritizing Attack Data Identify Zero Day Attacks Quick Remediation Identifies vulnerability state of host Correlates IDS and Malware to detected vulnerabilities Alert on attacks to known vulnerabilities Recognizes susceptible attacks Scans for attack behavior pattern Alert on matches for attempted attacks Maintains library of custom, accurate remediation steps Identifies highly suspicious series of anomalies Triggers immediate scan with associated, specific remediation steps