Improving Your Security Posture June 24, 2014 1 Managing Your Managed Security Service Provider Stephen Seljan, General Dynamics Fidelis.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

Advertisements

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

By Hiranmayi Pai Neeraj Jain

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Practical Issues of Implementing Continuous Assurance Systems Presented by John Verver CA, CISA, CMC to the 5 th Continuous Assurance Symposium November.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Information Security Incident Management Process

Vigilante: End-to-End Containment of Internet Worms M. Costa et al. (MSR) SOSP 2005 Shimin Chen LBA Reading Group.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Prepared by Laura L. Glowick, CISSP Federal Home Loan Bank of Boston Enterprise Security Dashboard A Real Life review of Information Security Metrics.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Static Code Analysis and Governance Effectively Using Source Code Scanners.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Vulnerability Types And How to Use Them.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.

REPORTSTAR Health Monitoring Software Overview. WHAT IS REPORTSTAR?

Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.

Security Trifecta – Overview of Vulnerabilities in the Racing Industry Gus Fritschie December 11, 2013.

Event Management & ITIL V3

© 2010 Verizon. All Rights Reserved. PTE / DBIR.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.

Sky Advanced Threat Prevention

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

@packetjay Fun and games until someone uses IPv6 or TCP.

1 Managing the Security Function Chapter 11 2 Figure 11-1: Organizational Issues Top Management Support  Top-Management security awareness briefing.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

Module 14 Monitoring and Maintaining Windows Server® 2008 Servers.

© CounterSnipe – April 2015 TM CounterSnipe – Network Security Welcome Amar Rathore.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Internet of Things, Are You Ready?. Contents ●Introduction ●IoT Examples? ●IoT Benefits ○For Industries ○The Internet of Things In Organizations ○The.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Fine Tuning: Six Things You Can Do Right Now to Improve Your Information Security Chad Carrington.

CSN52: Realizing the Value-Add:

Sophos Central for partners and customers: overview and new features

IoT Security Part 2, The Malware

C IBM Security QRadar SIEM V7.2.6 Associate Analyst

Cybersecurity - What’s Next? June 2017

Machine Learning for Enterprise Security

Intelligence Driven Defense, The Next Generation SOC

Topic: SECURITY and RISK

SECURITY INFORMATION AND EVENT MANAGEMENT

Viewing Trends Overview

NETWORK SECURITY LAB Lab 9. IDS and IPS.

Security Operations Without Going Blind

THE NEXT GENERATION MSSP

Security Operations Without Going Blind

OWASP AppSensor Michael Coates AppSensor Aspect Security

Managing the Security Function

Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.

Third-party risk management (TPRM)

Objectives. Objectives Objectives Content Configure Microsoft Azure monitor.

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Improving Your Security Posture June 24, Managing Your Managed Security Service Provider Stephen Seljan, General Dynamics Fidelis

Introduction SOC Analyst Expectations Event Analysis Event Tuning Device Logging Negative vs. Positive Filters Conclusion & Questions Overview

Does your MSSP know your critical infrastructure? Does your MSSP know what alerts are important to you? Does your MSSP know what you are vulnerable to? Do you work with your MSSP to tune alerts on a daily/weekly basis? Do you ensure all security devices and logs are reporting as they should be? Do you perform frequent review of old alerts Critical Questions

SOC Analyst Expectations

Event Analysis (or the lack of)

Event Tuning

Device Logging

Device Trending

Positive vs. Negative Filters

Event Review Why an Event Review? Because you don’t know what you don’t know until you know it Takes an average of 225 days to detect APTs Days, weeks, even months for AV to detect new Malware New indicators of compromise released everyday New rules pushed daily to IDS/IPS systems Poorly written filters

Conclusion & Questions