This document summarizes the key findings from the SANS Sixth Annual Log Management Survey. It finds that organizations are collecting more log data from a wider variety of sources and making greater use of logs. Log management is becoming more important for security monitoring, IT operations, and regulatory compliance. However, searching logs and performing analysis remains a major challenge for many organizations.
Часто аналитики SOC находят новые индикаторы и их нужно как-то применить для защиты сети. Если вы делаете это вручную, то это занимает долгое время. Как это автоматизировать?
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
The document discusses modern cybersecurity and operational visibility for industrial control networks. It outlines some of the challenges in protecting industrial control networks, including that systems were previously isolated, use proprietary protocols, and cybersecurity was less rigorous. It emphasizes that operational visibility is critical for cybersecurity as you cannot protect what you cannot see. The document then discusses using Nozomi Networks' solutions to gain visibility into networks and assets, detect malware attacks, and provide hybrid threat detection approaches for industrial control systems. Case studies are presented on network visualization and monitoring, asset discovery and inventory, and hybrid ICS threat detection.
- Nuix incident response provides advanced technology and experience in cybersecurity investigations to help organizations respond faster to incidents.
- The Nuix Engine allows extraction of text and metadata from hundreds of file types and performs powerful filtering, searching, and discovery across evidence items.
- Case studies demonstrate Nuix's ability to rapidly analyze large datasets, such as ingesting over 10 million items in under two hours and discovering a SQL injection attack through log file analysis in just a few minutes.
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Часто аналитики SOC находят новые индикаторы и их нужно как-то применить для защиты сети. Если вы делаете это вручную, то это занимает долгое время. Как это автоматизировать?
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
The document discusses modern cybersecurity and operational visibility for industrial control networks. It outlines some of the challenges in protecting industrial control networks, including that systems were previously isolated, use proprietary protocols, and cybersecurity was less rigorous. It emphasizes that operational visibility is critical for cybersecurity as you cannot protect what you cannot see. The document then discusses using Nozomi Networks' solutions to gain visibility into networks and assets, detect malware attacks, and provide hybrid threat detection approaches for industrial control systems. Case studies are presented on network visualization and monitoring, asset discovery and inventory, and hybrid ICS threat detection.
- Nuix incident response provides advanced technology and experience in cybersecurity investigations to help organizations respond faster to incidents.
- The Nuix Engine allows extraction of text and metadata from hundreds of file types and performs powerful filtering, searching, and discovery across evidence items.
- Case studies demonstrate Nuix's ability to rapidly analyze large datasets, such as ingesting over 10 million items in under two hours and discovering a SQL injection attack through log file analysis in just a few minutes.
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
The document discusses different methodologies for detecting cybersecurity threats: indicators of compromise (IOCs), anomalies, and behaviors. IOCs focus on known malicious artifacts but lack context and are backward-looking. Anomaly detection aims to find new threats but often generates false alerts and requires extensive tuning. Behavioral analysis correlates events across multiple systems to detect adversary techniques, but requires extensive visibility that may be difficult to achieve. The document evaluates these approaches using examples of Russian threat group APT29's activity and common credential theft attacks. It concludes that organizations should pragmatically combine approaches based on their needs and capabilities rather than rely on any single methodology.
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
Cisco offers next generation security solutions to protect networks from advanced threats. Their offerings include the FireSIGHT management platform for continuous monitoring and visibility across the network. Key products discussed are the Sourcefire Next Generation IPS which provides context awareness, application control and advanced malware protection. Cisco has also made several security acquisitions to enhance their capabilities in areas like email/web security, behavioral analytics, and threat intelligence.
The Security Operating Center (SOC) proposed by ITrust aims to supervise the security level of your organization, or a specific isolated part within your organization. This enables you to focus on your core activity by entrusting the cybersecurity of your information system in the hands of IT professionals.
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
First-hand insights on the newest cloud-delivered endpoint security solutions. Hear from Joakim Liallias, Symantec and special guest speakers Sundeep Vijeswarapu from PayPal and top industry analyst Fernando Montenegro, 451 Research. Listen here: https://symc.ly/2UY2TlS.
Securing Electric Utility InfrastructureDragos, Inc.
A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos.
The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility.
Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc
Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
Splunk can help organizations detect security threats and attacks by analyzing patterns in large volumes of machine data. As attacks have evolved beyond simple signatures to target behaviors, a behavioral approach is needed to understand adversary goals and methods. Splunk supports pattern modeling and adaptation to anticipate attack vectors. It detects suspicious patterns and anomalies by establishing baselines of normal behavior and monitoring for deviations. This helps security analysts take an "actor view" to gain insights into persistent threats.
The document discusses Cisco Stealthwatch and its capabilities for network visibility and security. Stealthwatch collects network flow data from switches, routers, firewalls, and other devices using technologies like NetFlow. It analyzes the flows to provide visibility into network traffic, detect threats, and enable incident response. It also discusses encrypted traffic analysis capabilities that can analyze encrypted flows by examining packet lengths, times, and byte distributions without decrypting the actual content.
SCYBER addresses an urgent need in cybersecurity training by developing the skills needed to proactively detect and combat cyber threats. The course spends 60% of time in hands-on labs where students monitor, analyze, and respond to actual cyber attacks. It teaches 4 major competencies - monitoring security events, configuring detection/alarming, analyzing traffic for threats, and appropriately responding to incidents. Key differentiators include being system agnostic, lab-heavy, teaching an inside-out approach, ease of entry for security professionals, and helping students understand why things are threats.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
We will present the details of the Cisco's 2016 Annual Security report with emphasis on the Canadian landscape. The Cisco 2016 Annual Security Report; which presents research, insights, and perspectives from Cisco Security Research & highlights the challenges that defenders face in detecting and blocking attackers who employ a rich and ever-changing arsenal of tools. The report also includes research from external experts, such as Level 3 Threat Research Labs, to help shed more light on current threat trends. We take a close look at data compiled by Cisco researchers to show changes over time, provide insights on what this data means, and explain how security professionals should respond to threats.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Moving from appliances to cloud security with phoenix children's hospitalZscaler
Applying consistent and robust security controls across your remote workforce hasn’t gotten any easier. The complexity brought about by mobile devices, cloud apps, untrusted networks, and more are compounded by the inspection demands of SSL traffic and the performance limitations of security appliances
Sourcefire provides intrusion prevention systems (IPS) that use the Snort detection engine to analyze network traffic and prevent threats. Their IPS offerings include appliances of varying throughput levels, from 5Mbps up to 10Gbps. The IPS provides out-of-the-box protection policies and the ability to customize rules. Sourcefire's Adaptive IPS uses passive network monitoring to provide real-time network awareness and automatically tune the IPS based on the monitored network environment. This helps optimize IPS protection and reduce manual analysis of security events. The Defense Center provides centralized management of sensors and event analysis across the Sourcefire 3D system.
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
This document discusses intelligence-driven industrial security and case studies of ICS attacks. It outlines that ICS security is different than IT security, and common IT security practices can cause issues in ICS environments. Research on ICS vulnerabilities and intrusions is presented, showing gaps. An approach of mapping intelligence models to the ICS cyber kill chain and sliding scale of security is proposed. Case studies of major ICS attacks are reviewed to identify lessons learned around architecture, passive defense, and active defense best practices. Major ICS threat activity groups are also listed.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
This document discusses how a mid-sized US electric utility implemented the Dragos cybersecurity platform to improve the visibility of its operational technology (OT) assets and threats, enhance compliance functions, and better support its limited OT security team. The Dragos solution included passive network monitoring sensors, asset characterization, and threat intelligence reporting. It helped the utility address compliance requirements, leverage Dragos' expertise through training and assistance, and improve its detection of OT threats through behavioral analytics and investigation playbooks. The solution demonstrated that combining technology with personnel support can effectively address common industrial control system security challenges faced by electric utilities.
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
This document discusses threat and vulnerability intelligence (TVI), which is a process to collect information on threats and vulnerabilities, analyze their relevance to an organization, and determine the appropriate corrective actions. It defines threats as malicious factors and vulnerabilities as potential weaknesses. TVI aims to fuse threat and vulnerability information together and help organizations act on it. It discusses sources of threat and vulnerability data, both locally and globally, as well as existing technologies that can be used and enhanced for TVI purposes.
Splunk can help customers document business value by providing deliverables like business cases, value realization studies, and adoption roadmaps. It has helped over 700 customers worldwide since 2013. Key value drivers reported by customers include IT operations, application delivery, security, and compliance. Common challenges to documenting value include lack of tools, benchmarks, and time. The document outlines best practices for positioning value at Splunk, including quantifying business value, qualifying pain points, aligning with objectives, and measuring success. It provides examples of value drivers achieved in areas like infrastructure optimization, revenue growth, and risk reduction.
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
3 Things to Learn About:
-Ponemon Institute's 2016 big data cybersecurity analytics research report
-Quantifiable returns organizations are seeing with big data cybersecurity analytics
-Trends in the industry that are affecting cybersecurity strategies
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
The document discusses different methodologies for detecting cybersecurity threats: indicators of compromise (IOCs), anomalies, and behaviors. IOCs focus on known malicious artifacts but lack context and are backward-looking. Anomaly detection aims to find new threats but often generates false alerts and requires extensive tuning. Behavioral analysis correlates events across multiple systems to detect adversary techniques, but requires extensive visibility that may be difficult to achieve. The document evaluates these approaches using examples of Russian threat group APT29's activity and common credential theft attacks. It concludes that organizations should pragmatically combine approaches based on their needs and capabilities rather than rely on any single methodology.
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
Cisco offers next generation security solutions to protect networks from advanced threats. Their offerings include the FireSIGHT management platform for continuous monitoring and visibility across the network. Key products discussed are the Sourcefire Next Generation IPS which provides context awareness, application control and advanced malware protection. Cisco has also made several security acquisitions to enhance their capabilities in areas like email/web security, behavioral analytics, and threat intelligence.
The Security Operating Center (SOC) proposed by ITrust aims to supervise the security level of your organization, or a specific isolated part within your organization. This enables you to focus on your core activity by entrusting the cybersecurity of your information system in the hands of IT professionals.
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
First-hand insights on the newest cloud-delivered endpoint security solutions. Hear from Joakim Liallias, Symantec and special guest speakers Sundeep Vijeswarapu from PayPal and top industry analyst Fernando Montenegro, 451 Research. Listen here: https://symc.ly/2UY2TlS.
Securing Electric Utility InfrastructureDragos, Inc.
A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos.
The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility.
Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc
Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
Splunk can help organizations detect security threats and attacks by analyzing patterns in large volumes of machine data. As attacks have evolved beyond simple signatures to target behaviors, a behavioral approach is needed to understand adversary goals and methods. Splunk supports pattern modeling and adaptation to anticipate attack vectors. It detects suspicious patterns and anomalies by establishing baselines of normal behavior and monitoring for deviations. This helps security analysts take an "actor view" to gain insights into persistent threats.
The document discusses Cisco Stealthwatch and its capabilities for network visibility and security. Stealthwatch collects network flow data from switches, routers, firewalls, and other devices using technologies like NetFlow. It analyzes the flows to provide visibility into network traffic, detect threats, and enable incident response. It also discusses encrypted traffic analysis capabilities that can analyze encrypted flows by examining packet lengths, times, and byte distributions without decrypting the actual content.
SCYBER addresses an urgent need in cybersecurity training by developing the skills needed to proactively detect and combat cyber threats. The course spends 60% of time in hands-on labs where students monitor, analyze, and respond to actual cyber attacks. It teaches 4 major competencies - monitoring security events, configuring detection/alarming, analyzing traffic for threats, and appropriately responding to incidents. Key differentiators include being system agnostic, lab-heavy, teaching an inside-out approach, ease of entry for security professionals, and helping students understand why things are threats.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
We will present the details of the Cisco's 2016 Annual Security report with emphasis on the Canadian landscape. The Cisco 2016 Annual Security Report; which presents research, insights, and perspectives from Cisco Security Research & highlights the challenges that defenders face in detecting and blocking attackers who employ a rich and ever-changing arsenal of tools. The report also includes research from external experts, such as Level 3 Threat Research Labs, to help shed more light on current threat trends. We take a close look at data compiled by Cisco researchers to show changes over time, provide insights on what this data means, and explain how security professionals should respond to threats.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Moving from appliances to cloud security with phoenix children's hospitalZscaler
Applying consistent and robust security controls across your remote workforce hasn’t gotten any easier. The complexity brought about by mobile devices, cloud apps, untrusted networks, and more are compounded by the inspection demands of SSL traffic and the performance limitations of security appliances
Sourcefire provides intrusion prevention systems (IPS) that use the Snort detection engine to analyze network traffic and prevent threats. Their IPS offerings include appliances of varying throughput levels, from 5Mbps up to 10Gbps. The IPS provides out-of-the-box protection policies and the ability to customize rules. Sourcefire's Adaptive IPS uses passive network monitoring to provide real-time network awareness and automatically tune the IPS based on the monitored network environment. This helps optimize IPS protection and reduce manual analysis of security events. The Defense Center provides centralized management of sensors and event analysis across the Sourcefire 3D system.
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
This document discusses intelligence-driven industrial security and case studies of ICS attacks. It outlines that ICS security is different than IT security, and common IT security practices can cause issues in ICS environments. Research on ICS vulnerabilities and intrusions is presented, showing gaps. An approach of mapping intelligence models to the ICS cyber kill chain and sliding scale of security is proposed. Case studies of major ICS attacks are reviewed to identify lessons learned around architecture, passive defense, and active defense best practices. Major ICS threat activity groups are also listed.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
This document discusses how a mid-sized US electric utility implemented the Dragos cybersecurity platform to improve the visibility of its operational technology (OT) assets and threats, enhance compliance functions, and better support its limited OT security team. The Dragos solution included passive network monitoring sensors, asset characterization, and threat intelligence reporting. It helped the utility address compliance requirements, leverage Dragos' expertise through training and assistance, and improve its detection of OT threats through behavioral analytics and investigation playbooks. The solution demonstrated that combining technology with personnel support can effectively address common industrial control system security challenges faced by electric utilities.
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin
This document discusses threat and vulnerability intelligence (TVI), which is a process to collect information on threats and vulnerabilities, analyze their relevance to an organization, and determine the appropriate corrective actions. It defines threats as malicious factors and vulnerabilities as potential weaknesses. TVI aims to fuse threat and vulnerability information together and help organizations act on it. It discusses sources of threat and vulnerability data, both locally and globally, as well as existing technologies that can be used and enhanced for TVI purposes.
Splunk can help customers document business value by providing deliverables like business cases, value realization studies, and adoption roadmaps. It has helped over 700 customers worldwide since 2013. Key value drivers reported by customers include IT operations, application delivery, security, and compliance. Common challenges to documenting value include lack of tools, benchmarks, and time. The document outlines best practices for positioning value at Splunk, including quantifying business value, qualifying pain points, aligning with objectives, and measuring success. It provides examples of value drivers achieved in areas like infrastructure optimization, revenue growth, and risk reduction.
2016 Cybersecurity Analytics State of the UnionCloudera, Inc.
3 Things to Learn About:
-Ponemon Institute's 2016 big data cybersecurity analytics research report
-Quantifiable returns organizations are seeing with big data cybersecurity analytics
-Trends in the industry that are affecting cybersecurity strategies
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Splunk
This document discusses how to better understand the value of a Splunk deployment through assessing data sources. It presents a data source assessment tool to map data sources to use cases and organizational groups to identify opportunities. The tool shows which data sources are indexed and overlap between groups. It aims to maximize benefits from machine data by supporting business objectives and enabling broader impact.
This document provides an overview of how Splunk can help customers document business value. It discusses key value drivers in IT operations, application delivery, and security and compliance. It also outlines best practices for positioning value, including aligning with objectives, qualifying pain points, and quantifying business value. Common data sources, use cases, and benchmarks from over 700 customer engagements are presented for each value area.
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary.
Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves.
Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks.
During this webinar you will learn about:
The current challenges cybersecurity professionals are facing today
How big data technologies are extending the capabilities of cybersecurity applications
Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
This document provides an overview of a presentation given by Dave Herrald, a security architect at Splunk, on Splunk's Enterprise Security and User Behavior Analytics solutions. The presentation covered new features in Splunk Enterprise Security 4.1, including enhanced threat intelligence integration, risk-based searching and incident review, and integration with Splunk User Behavior Analytics. It also reviewed capabilities in Splunk User Behavior Analytics 2.2 like custom threat modeling, expanded attack coverage, and context enrichment.
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPROIDEA
Sesja o doświadczeniach profesjonalnego zespołu SOC (Security Operations Center) w oparciu o przykłady z życia wzięte. Od anatomii ataków do rekomendacji jak można się skutecznie bronić.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
User management - the next-gen of authentication meetup 27012022lior mazor
Authentication is evolving. Customers are expecting much more from the user management experience in applications they are using today. Join us virtually for our upcoming "User Management - the next-gen of Authentication" meetup to learn about the secrets of building user management the right way, the secure way.
Preventing The Next Data Breach Through Log ManagementNovell
The document discusses how log management can be used for prevention, detection, and investigation of security incidents and data breaches. It explains that log management provides transparency by collecting logs from across an organization's IT infrastructure in a central location. This allows security teams to discover misconfigurations, unauthorized access attempts, and other anomalies that could indicate potential threats or actual security breaches. The document advocates for taking a preventative approach to security by using log data to monitor user activity and identity risks. It also promotes investing in security intelligence capabilities like security monitoring, analytics, and automated remediation.
The document provides an overview and update on Splunk's Enterprise Security and User Behavior Analytics solutions. It summarizes the key capabilities of each solution, including advanced threat detection, user activity monitoring, and machine learning-based anomaly detection. It also highlights new features recently added to Enterprise Security 4.0 like breach analysis tools and integration with Splunk UBA.
This document discusses how Allegro, an online transaction platform in Central and Eastern Europe, uses Splunk to gain insights from machine-generated big data. It describes how Splunk enables real-time monitoring and alerts, integration with applications, and archiving of big data in Hadoop at Allegro. The document also provides an overview of Splunk, including its customers, products, and capabilities for real-time operational intelligence, security and compliance, and business analytics.
IT infrastructure is changing and needs controls for mobile, cloud, and big data
Guardium is the leader in database and big data security
Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk
Supports separation of duties
Integration with other security products
No additional training for multiple products
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
22. ArcSight Highlights
Company Background Analyst Recognition
• ONLY Pure play SIEM public company SIEM Leader’s
Quadrant -
(NASD:ARST) SIX years running
• 2000+ Customers in 70+ Countries #1 in Market Share –
• 30% Fortune 100 companies; 37% of DJ Last three reports
Index companies; 6 out of Top 10 World
Banks #1 In-use for both SIEM
and Log Management
Industry Recognition
24. Top Use Cases
#
2008 2009 2010
1 Security / system User activity Detect/prevent
event detection monitoring unauthorized access
2 Monitoring IT Forensics analysis /
IT Operations
controls / forensics correlation
3 Regulatory Forensics analysis / Regulatory
compliance correlation compliance
4 Regulatory
IT operations IT Operations
compliance
From reactive to proactive
Advanced user/asset management
25. Top Logs Being Collected
#
2008 2009 2010
1 Switch/Router/
OS OS
Firewall
2 Switch/Router/ Switch/Router/
Servers
Firewall Firewall
3 Applications and
Databases Databases
Identity data
Diverse and advanced use cases
26. Evolving use cases bring new challenges
#
2008 2009 2010
1
Collection IT Operations Searching
2 Analysis and
Search Normalization
Reporting
3 Multiple
Reporting Search
vendors/formats
4 Entire
Reporting Normalization
Lifecycle
Analysis across all data – Structured and Unstructured
Enrichment of data for smarter analysis
27. Why existing solutions cannot meet
these challenges?
– Designed for different purpose
Solution 1 Solution 2 Ideal Solution
Security and IT Operations One solution does all
Compliance
Long-term Short-term Automatic
retention retention enforcement
Structured data Unstructured data Capture Everything
Search Anything
– SIEM and LM are not different
– Missing context on assets/users
28. How to select the ideal solution?
Log Management Solution is NOT IDEAL if it:
• CANNOT simultaneously handle Security, Compliance,
and IT Ops
• CANNOT collect from everything
• CANNOT analyze across structured and unstructured
data
• HAS tradeoff between fast collection, fast analysis
and efficient storage
• DOES NOT normalize events to make them easy to
understand
• DOES NOT offer audit-quality log collection
• DOES NOT have pre-packaged content
• DOES NOT offer flexible, economic and long term
storage
• DOES NOT have real-time correlation (user model,
asset model, etc.)
30. Summary
• Validation
– Growing space, increasing adoption
• Use Case Expansion
– Beyond security and compliance to identity management
and IT operations
• Searching and Reporting
– Normalization and device coverage