Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2014 Bit9. All Rights Reserved. Prevent Detect & Respond Prevention Visibility Detection Response Security Life Cycle for Advanced Threats EPP ETDR.

Similar presentations


Presentation on theme: "©2014 Bit9. All Rights Reserved. Prevent Detect & Respond Prevention Visibility Detection Response Security Life Cycle for Advanced Threats EPP ETDR."— Presentation transcript:

1 ©2014 Bit9. All Rights Reserved

2 Prevent Detect & Respond Prevention Visibility Detection Response Security Life Cycle for Advanced Threats EPP ETDR

3 Once Upon A Time… You could keep the enemy at the gates

4 Technology Has Evolved Cloud Computing Mobile Computing Internet of Things Surface area is ever-increasing Perimeters are becoming less relevant Everything is connected to something Technology is crossing into our physical world

5 Threat Actors Have Evolved Criminal Enterprises Broad-based and targeted attacks Financially motivated Getting more sophisticated Hactivists Targeted and destructive attacks Unpredictable motivations Generally less sophisticated Nation-States Targeted and multi-stage attacks Motivated by information and IP Highly sophisticated, endless resources

6 Endless Stream of News

7 The Malware Problem By the Numbers 66% of malware took months or even years to discover (dwell time) 1 69% of intrusions are discovered by an external party Verizon Data Breach Investigations Report | 2. McAfee Threats Report: First Quarter 2013 | 3. Ponemon Institute 2013 Cost of a Data Breach Study $5.4M The average total cost of a data breach 3 155k The number of new malware samples that are seen daily 2

8 The State of Information Security Compromise happens in seconds Data exfiltration starts minutes later It continues undetected for months Remediation takes weeks At $341k per incident in forensics costs THIS IS UNSUSTAINABLE

9 DON’T OVERCOMPLICATE THE THREAT SIMPLE THREAT MODEL: 1: OPPORTUNISTIC 2: NOT

10 Opportunistic threats find value in our computers. Goal: breadth of access. “Advanced” threats find value in our data. Goal: precision of access.

11 How This Impacts Traditional Security Hosts Compromised Time k 10k 100k Week 2Week 1Week 3Week 4Week 5Week 6Week 7 Hosts Compromised Time k 10k 100k Week 2Week 1Week 3Week 4Week 5Week 6Week 7 Opportunistic “Advanced” THRESHOLD OF DETECTION Goal is to maximize slope. Goal is to minimize slope. Signature available. Signature available?

12 A New Perspective Is Required assume you will be breached compromise is inevitable

13 “In 2020, enterprises will be in a state of continuous compromise.” Gartner, “Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence,” Neil MacDonald, May 30, 2013

14 The Assumption of Breach how will you know? what will you do?

15 Rethink Your Security Strategy security cannot be done in isolation it is a continuous process prevention is no longer enough invest in detection and response traditional approaches are ineffective move from reactive to proactive

16 The Adaptive Security Architecture Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

17 The Adaptive Security Architecture Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

18 The Adaptive Security Architecture - Capabilities Gartner, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” February, 2014

19 Key Characteristics of “Next Gen” Security Forensic quality data collection and analysis Threat intelligence to interpret and prioritize data At all stages of kill chain, not just point of delivery Based on behaviors and context, not just files/IPs Real-time, not scan or snapshot based Provide full historical context of activity Information needed to assess impact and scope Remediation and containment Proactive signature-less prevention techniques Adapt based on detection and response Incorporate and correlate data from third party sources Export data and alerts to other tools Detection Visibility Response Integration Prevention

20 Visibility Detection Response Security Life Cycle for Advanced Threats

21 Reduce Attack Surface with Default-Deny Traditional EPP failure Scan/sweep based Signature based –Block known bad Success of emerging endpoint prevention solutions Real time Policy based –Tailor policies based on environment Trust based –Block all but known good Objective of emerging endpoint prevention solutions Lock down endpoint/server Reduce attack surface area –Make it as difficult as possible for advanced attacker Prevention Visibility Detection Response Visibility

22 Prevention Visibility Detection Response Visibility Detect in Real-time and Without Signatures Traditional EPP failure Scan/sweep based Small signature database Success of emerging endpoint detection solutions Large global database of threat intelligence Signature-less detection through threat indicators Watchlists Objective of emerging endpoint detection solutions Prepare for inevitability of breach and continuous state of compromise Cover more of the kill chain than prevention Enable rapid response

23 Prevention Visibility Detection Response Visibility Rapidly Respond to Attacks in Motion Traditional EPP failure Expensive external consultants Relies heavily on disk and memory artifacts for recorded history Success of emerging endpoint incident response solutions Real-time continuous recorded history delivers IR in seconds –In centralized database Attack process visualization and analytics Better, faster and less expensive Objective of emerging endpoint incident response solutions Pre-breach rapid incident response Better prepare prevention moving forward

24 Too Much Data, Not Enough Intelligence incorporate threat intelligence what happens to someone else can happen to you filter, prioritize and alert on third party feeds, reputation and indicators integrate your tools attacks happen on endpoints correlate network and endpoint for actionable intelligence

25 Summary The threat landscape continues to evolve The enemy is more advanced, attacks are more targeted Rethink your security strategy, traditional security tools are insufficient Assume you will breached Invest in entire lifecycle: detection, response and prevention Don’t treat security tools as islands, integrate them

26 Endpoint Threat Detection, Response and Prevention for DUMMIES Download the eBook at… Bit9.com eBook resources section https://www.bit9.com/resources/ebook s/endpoint-threat-detection-response- prevention-dummies/ https://www.bit9.com/resources/ebook s/endpoint-threat-detection-response- prevention-dummies/

27 questions

28 ©2014 Bit9. All Rights Reserved


Download ppt "©2014 Bit9. All Rights Reserved. Prevent Detect & Respond Prevention Visibility Detection Response Security Life Cycle for Advanced Threats EPP ETDR."

Similar presentations


Ads by Google