Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Operations Without Going Blind

Published byJuan Carlos Coronel Hidalgo Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Operations Without Going Blind"— Presentation transcript:

1 Security Operations Without Going Blind
Greg Taylor-Broun, Product Strategist

2 Challenge #1 Majority of analysts don’t enjoy continuous security monitoring nor do they rate is as particularly valuable to their primary objective Voice of the Analyst Survey, Cyentia Institute

3 Challenge #2 Hiring and retaining analysts

4 Challenge #3 We’ll never be able to look at everything with human analysis Telemetry IDS/IPS, AV, Web Proxy, EDR Pattern-matching Log Platform Collectors, Forwarders and DB Aggregation, Filtering & Storage Rules, Queries & ML SIEM, UEBA, ML Correlation & Anomalies Consoles & Dashboards Human Analytics Human Security Monitoring

5 Security Analyst role Investigate Threat Prioritize & Escalate
Receive feedback & improve Operational Duties Scope & Build Case Environmental Awareness Foundational Knowledge Security Expertise

6 You’re the Analyst How would you analyze this Network IPS event?
: > :443, SQL Injection, 6Aug16, 20:08:03, Exploitation, Permit, Medium

7 You’re the Analyst How would you analyze this Network IPS event?
Source Port Ephemeral? Destination Port Server Port? Attack Category Which attack stage? Severity How severe? : > :443, SQL Injection, 6Aug16, 20:08:03, Exploitation, Permit, Medium Source IP Ext or Int? Tor Exit Node? Public VPN? Country of Origin? Is an IOC? Destination IP Vulnerable? Port open? Change ticket? Critical Asset? Signature Modern? Recently updated? Seen in an incident? False positive? Date and Time Suspicious Pattern? False positive pattern? Device Action Blocked? Allowed? Now do this 170 times an hour in a hour shift!!

8 Modeling Human Decision Making
Expert system and Bayesian Network

9 Rule Logic vs. Probabilistic Reasoning
Probability theory is nothing but common sense reduced to calculation. Pierre-Simon Laplace

10 Security Operations Center Respond Software AI Expert System
Strategy & Approach We’re moving to a new model for security monitoring and analysis Security Operations Center Business Focused Analytics 8x5 Operations Incident Response Hunting & Investigation Business Focused Use Cases & Respond Software AI Expert System 24/7 Monitoring, Scoping & Escalation Complete Visibility of Core Use Cases Business Context Local and Global Learning Elevate your analysts

11 Questions

Download ppt "Security Operations Without Going Blind"

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Guidelines and Management

Security Guidelines and Management
2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,

2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,
Correlations, Alarms and Policies

Correlations, Alarms and Policies
Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.
Security Information Management.  Thesis  Managing security event information is a difficult task  Most successful deployments start with a clear understanding.

Security Information Management.  Thesis  Managing security event information is a difficult task  Most successful deployments start with a clear understanding.
Supporting UChicago’s Global Presence CSG Fall Workshop 2012.

Supporting UChicago’s Global Presence CSG Fall Workshop 2012.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Web Application Security A Project X Course Date: Nov 1 th – 2 nd, 2010 Confidential Material.

Web Application Security A Project X Course Date: Nov 1 th – 2 nd, 2010 Confidential Material.
Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.

Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.

Computer Forensics in Practice Armed Forces of the Slovak Republic mjr. Ing. Albert VAJÁNYI 1Lt. Ing. Boris ZEMEK (c) May 2005.
Firewall Technologies Prepared by: Dalia Al Dabbagh - 120090285 Manar Abd Al- Rhman - 120080113 University of Palestine -2010.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Similar presentations

Ads by Google