Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Published byDuane Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon."— Presentation transcript:

1 Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon

2 © Fidelis Cybersecurity The Challenges 2 PEOPLE Security Skills Shortage TECHNOLOGY Patchwork of Security Solutions PROCESS Manual, Ad-Hoc Processes Not enough security experts for effective defense Reviewing alerts is time consuming and critical alerts are missed Overlapping tools create more work and lead to alert fatigue

3 © Fidelis Cybersecurity What It Takes to Find Attackers 3 Changing Data/Hijacking Services Content Staging Insider Threat SQL Injection Suspicious App & User Behavior Cross-Site Scripting (XSS) Zero-Day Exploits Data & Credential Theft Web Shells Surveillance/ Espionage Unusual User Behavior Malicious Content & Services It’s About More than Malware

4 © Fidelis Cybersecurity See patterns in network activity The Day-to-Day Reality All facets must be brought together for rapid detection and response Monitor for exfiltration of data See beaconing and block it Identify malicious network behavior See lateral movement Perform real-time and historical analysis 4

5 © Fidelis Cybersecurity Attack Lifecycle Overview Detection at Every Stage of an Attack Preventing attackers from achieving their mission requires detection and visibility at every stage of the attack. Initial CompromiseEstablish FootholdEscalate PrivilegesMove LaterallyData Theft Gain Initial Access Strengthen Position Steal Valid User Credentials Access Other Servers & Files Package & Steal Target Data Attacker Objective Sample Tools & Tactics Phishing e-mail Watering-hole attack Removable media Malicious download Custom malware Command and control 3 rd party application exploitation Credential theft “Pass-the-hash” Window & Linux lateral movement techniques Reverse shell access Staging servers & directories Data consolidation Data theft 5

6 © Fidelis Cybersecurity The Threat Timeline Milliseconds to Minutes Time-to- Compromise Minutes to Days Time-to- Exfiltration Data Exfiltration Window Months to Years Attacker Timeline Months to YearsDays to Weeks Time-to-Discovery Time-to-Containment Milliseconds to Minutes Time-to- Prevention Defender Timeline Defense Options: 1.Prevent the Initial Compromise 2.Compress or Eliminate the Data Exfiltration Window by reducing the Time-to-Discovery and Time-to-Containment Speed Matters – you are in a race with the attacker! 6

7 © Fidelis Cybersecurity Traditional Security -Looks Here- Threats that make it past the Perimeter/Gateway Insider Threat operates here Initial CompromiseEstablish FootholdEscalate PrivilegesMove LaterallyData Theft The Value Gap 7 $$$$$ Cost of Incident Response and Remediation Cohesive Threat Lifecycle Visibility

8 © Fidelis Cybersecurity Rapid Detection and Response Model 8

9 © Fidelis Cybersecurity Firewalls (FW / NGFW) Network Malware Detection/Sandbox Network DLP / Data Theft Network Security Analytics / Forensics Security Information and Event Management Network Protocols (TCP / UDP) Content / Embedded Content Business Applications / Run-time Environment (PDF, Office, JAVA, Flash) Signature-base CVE Detection - Packet- based Protocol Attacks, Exploits, and Evasions, Access Control, Protocol Misuse Signature-based CVE Detection - Packet- based Network Application Attacks and Exploits Commodity Malware Targeted Data Theft and Insider Threat Adv. Targeted Attacks – Advanced Malware, RATs Rich, Content-infused Metadata & Packet Capture IPS / IDS (IPS / NGIPS) Network Applications (HTTP, SMTP, SSL, DNS…) Fully Decoded Forensic Detail-Historical Analysis Defense in Depth Event Correlation, Data Correlation, Alerting, Dashboard Endpoint Detection & Response (EDR) Functional Components Features Endpoint Protection Platforms (EPP) Antivirus, Network Protocols, Application Security Detect, Contain, Investigate, Remediate Advancing Security Traditional Security 9 Functional Components Features Attack Vectors

10 © Fidelis Cybersecurity Advancing Security Traditional Security 10 Case in Point Rapid Remediation AUTOMATE Required Case Scenario Automate = Minutes

11 Questions? www.Fidelissecurity.com www.PacStar.com Vincent.Holtmann@Fidelissecurity.com

Download ppt "Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.

Breaking the Lifecycle of the Modern Threat Santiago Polo Sr. Systems Engineer Palo Alto Networks, Inc.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.

Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview John Bolger Manager Channels, US-Central FireEye.
“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.

“Next Generation Security” ISACA June Training Seminar Philip Hurlston 6/20/14.
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

Similar presentations

Ads by Google