SlideShare ist ein Scribd-Unternehmen logo

The State of Threat Detection 2019

Fidelis Cybersecurity
Fidelis Cybersecurity

The document discusses the state of threat detection in 2018 and plans for improving threat detection and hunting in 2019. Some key points: - Email still delivers most malware while file-less attacks that evade prevention are rising. Cyber attacks are the top concern for many businesses. - Only 28% of respondents felt preventive defenses were highly effective against targeted attacks. Just 21% believed post-breach detection was highly effective. - Common pain points included insufficient resources, lack of automation for incident response, and alert overload. - Threat hunting involves proactive searching across systems based on expert hypotheses, unlike typical detection techniques. Many organizations do not threat hunt due to lack of time, skills or visibility. - To

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
THE STATE OF THREAT DETECTION 2018 It’s time to lean forward LIVE WEBINAR
© Fidelis Cybersecurity Agenda Introductions 2018 in a Nutshell Temperature Check Pain Points Definitions Threat Hunting Plans Bob Flores Former CIA CTO and current Advisor, Fidelis Cybersecurity Tom Clare Product/Technical Marketing Fidelis Cybersecurity 2
© Fidelis Cybersecurity 2018 in Nutshell Email is still delivering the vast majority of malware –with some reports claiming that as much as 92% of attacks are still delivered by email The use of sandboxes means attacks are getting better at using phishing, social engineering and drive-bys to gain initial footholds in private domains Over 50% of attacks are file-less with macros and PowerShell scripts evading preventive defenses The cases of ransomware attacks has reduced, while cryptocurrency mining is stepping up – reports suggest $1 billion in cryptocurrency has so far been stolen in 2018 Cyber-attacks are the biggest concern for businesses in Europe, Asia and North America, according to a new survey of executives by the World Economic Forum (WEF)
© Fidelis Cybersecurity Attackers are Breaching Defenses How are organizations responding? Fidelis conducted a study of 582 security professionals to evaluate the adoption of threat hunting practices and overall threat detection strengths and weaknesses. REGION › Europe: 25% › USA: 29% › Global: 36% › Other: 10% JOB TITLE › CISO/CITO/CTO: 10% › VP/Director/Manager: 36% › Architect/Engineer: 27% › Analyst: 16% › Other: 12% COMPANY SIZE › Large Enterprise (5000+ employees): 39% › Medium Enterprise (1000-4999 employees): 18% › Medium Business (250-999 employees): 19% › Small Business (1-249 employees): 24%
© Fidelis Cybersecurity Temperature Check - Preventive Defenses How effective do you believe your preventive defenses to be against targeted attacks? 28% 50% 10% 11% HI GHLY E FFE CTI V E E FFE CTI V E NOT V E RY E FFE CTI V E DO NOT K NOW Only 28% of respondents said that they felt their solutions were highly effective. AV Test industry averages for real time prevention is 97.4% for Android, 99.7% for MacOS and a resounding 100% for Windows. 33% of Financial organizations said they believed their solutions to be highly effective. Insurance (28%) and technology (25%) organizations followed closely behind Just 4% of manufacturing organizations deemed their preventative solutions to be highly effective.
© Fidelis Cybersecurity Temperature Check – Detection Capabilities How effective do you believe your post breach detection to be? 21% 53% 13% 14% HI GHLY E FFE CTI V E EFFECTI VE NOT VERY E FFE CTI V E DO NOT KNOW Just 21% of respondents cited that they perceive their post-breach detection measures to be highly effective 68% do not have an Endpoint Detection and Response solution 25% of all participants stated that they do not have a detection and response strategy in place at all Healthcare organizations were least confident, with just 5% citing that they trusted their detection and response capabilities to be highly effective
© Fidelis Cybersecurity Pain Points 33% of respondents cited that ‘insufficient security resources’ was a main concern. 30% of respondents cited ‘lack of automation for IR and investigation’ as a major issue 29% of respondents cited ‘alert overload’ as a major issue What are the main issues facing your organization? 16% 18% 21% 24% 29% 30% 33% MEAN TIME TO RESPOND IS TOO LONG MEAN TIME TO DETECT IS TOO LONG TOO MANY DISPARATE TOOLS FOR IR AND INVESTIGATIONS NONE OF THE ABOVE ALERT OVERLOAD LACK OF AUTOMATION FOR IR AND INVESTIGATIONS INSUFFICIENT SECURITY RESOURCES
© Fidelis Cybersecurity CISO/CIO/CTO ARCHITECT 41% 41% 34% ALERT OVERLOAD LACK OF AUTOMATION INSUFFICIENT SECURITY RESOURCES 51% 36% 36% LACK OF AUTOMATION INSUFFICIENT SECURITY RESOURCES TOO MANY DISPARATE TOOLS FOR IR AND… 33% 28% 24% INSUFFICIENT RESOURCES ALERT OVERLOAD LACK OF AUTOMATION ANALYST/RESEARCHER By Job Title
© Fidelis Cybersecurity Priorities 62.61% 24.87% 4.52% 8.00% V E RY I MP ORTA NT I MP ORTA NT NOT V E RY I MP ORTA NT DO NOT K NOW / THI S I S N' T MY A RE A OF E XP E RT I S E How important to you is detecting post-breach attacks in the first few minutes and hours? • Oil/Gas/Utilities – 81% • Finance/Banking – 72% • Manufacturing – 43% • State and Local Gov – 56% • Manufacturing – 47% • State and Local Gov – 30% • Balance among other industries • Education – 21% • State and local Gov – 12%
© Fidelis Cybersecurity The Knowledge Gap • Mission brief provided key intel on first challenge • Read the brief, averaged ~100 commands • Did not read, used spray and pray efforts • Knowledge before and during phases reduces knowledge gap/commands • Over time hackers become quieter and harder to detect • Early detection is critical • Deception layers need to be automatically kept current and dynamic 10
© Fidelis Cybersecurity How are Organizations Detecting Attacks? 15% 20% 28% 38% 55% 63% DECEPTION DEFENSE PLATFORMS DO NOT KNOW/ THIS ISN'T MY AREA OF EXPERTISE USER/ENTITY BEHAVIOR ANALYTICS (UEBA) DATA LOSS PREVENTION (DLP) ENDPOINT DETECTION AND RESPONSE (EDR) SIEM OR LOG/EVENT MONITORING (SIM/SEM)
© Fidelis Cybersecurity What About Threat Hunting? First,let’sdefineit Threat Detection Multiple Detection Techniques: Signatures, Patterns, Rules, Statistics, Sandboxing, Emulation, Anomaly Detection, Machine Learning, Behavior Analysis, etc. Matching IoCs, IoAs Real-time and Retrospectively Query, Search, Pivot: Logs, Events, SIEM, Data Lakes, Metadata, etc. Threat Modeling Proactive process to improve applications, systems and network security Assessing potential risks, threats, and vulnerabilities often from an attacker’s perspective Enumerate and prioritize countermeasures to address the effects Increasingly important for Cloud, IoT and autonomous converged IT/OT solutions Threat Hunting Proactive, analyst-centric, iterative and interactive ad hoc process Driven by expert intuitive hypotheses assuming a breach Combines security expertise, data analyst skills and creative thinking upon a knowledgebase across applications, systems and networks
© Fidelis Cybersecurity What is NOT Threat Hunting… • Threat hunting is triggered by SIEM or AV alerts… • Investigating the most frequent AV alert for root cause and hunting on it… • Constantly monitoring and investigating any suspicious activity or anomalies… • Non-baseline behavior or triggered events drive analyst investigations… • Reviewing many logs within a SIEM and developing custom queries… • Using Endpoint Detection & Response (EDR) to match TI and IOCs… • Better alert triage or improved investigation capabilities… • Searching through a data lake…
© Fidelis Cybersecurity Who is doing it? Does you security team currently engage in threat hunting? 42% 21% 37% NO A ND W E DO NOT HA V E P LA NS TO NO B UT W E HA V E P LA N T O W I THI N T HE NE XT Y E A R Y E S W E CURRE NTLY HA V E THRE A T HUNTE RS
© Fidelis Cybersecurity Threat Hunting by Industry 25% 26% 28% 30% 36% 36% 36% 36% 38% 44% 46% MANUFACTURING OTHER STATE & LOCAL GOVERNMENT TECHNOLOGY OIL/GAS/UTILITIES HEALTH CARE EDUCATION SERVICES FEDERAL PUBLIC SECTOR INSURANCE FINANCE/BANKING ORGANIZATIONS WHO ARE THREAT HUNTING
© Fidelis Cybersecurity What’s Stopping us from Threat Hunting? 48% 35% 4.40% 12.40% W E DON' T HA V E THE TI ME TE A M DOE S N' T HA V E THE S K I LLS W E DON' T HA V E THE V I S I B I LI TY W E DON' T THI NK I T' S NE CE S S A RY 86% of those who do not threat hunt want to but can’t – due to lack of time, skills and visibility
© Fidelis Cybersecurity Hunting Threat Hunting Evolution AV IDS Events/Logs SIEMs Data Lakes ML/Analytics NTA/Sensors EDR METADATA - Indexed Ready to Query - 90% of Content - 20% of Storage Fees Skills Training Internal Threat Intelligence Reactionary Indicators Internal Skills & Resources Services Platforms 3rd Party Threat Intelligence Detection Detection Proactive Hunting
© Fidelis Cybersecurity Types of Metadata • Investigation and Response Alert pivots and hunting by switching between content and context of sessions • Automatic Retrospective Application of Threat Intelligence • Cross Session Correlation, plus Security Analytics • Network Visibility & Profiles See patterns not seen in firewall logs or SIEM dashboards • Anomaly Detection Frequent and rare instances of attributes, plus cross session, multi-faceted and behavioral analysis 18 Plus custom tags!
© Fidelis Cybersecurity Improving Threat Detection and Hunting in 2019 We suggest 3 areas of focus to improve threat detection capabilities in the coming year: Collect Metadata Develop the Skill Sets for Threat Hunting and Threat Detection 1 Incorporate Internal and 3rd Party Threat Intelligence2 3
Thank You!

Empfohlen

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 

Empfohlen

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response RolesFlorian Roth
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseDon Murdoch GSE CyberGuardian CISSP
 
vCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptxvCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptxArt Ocain
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 

Weitere ähnliche Inhalte

Was ist angesagt?

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
vCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptxvCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptxArt Ocain
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 

Was ist angesagt? (20)

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAse
 
vCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptxvCIO vCISO - Information Technology and Security Strategy.pptx
vCIO vCISO - Information Technology and Security Strategy.pptx
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 

Ähnlich wie The State of Threat Detection 2019

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...SolarWinds
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2Jorge Sebastiao
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Precisely
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019Precisely
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
 

Ähnlich wie The State of Threat Detection 2019 (20)

Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to Cyberattacks
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in Cybersecurity
 
ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2ITS Datamatix Gitex Conference 2009 New ICT Security V2
ITS Datamatix Gitex Conference 2009 New ICT Security V2
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
Taking the Pulse of IT Security for 2019: Results from Syncsort's Security Su...
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 

Mehr von Fidelis Cybersecurity

Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 

Mehr von Fidelis Cybersecurity (16)

Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 

Kürzlich hochgeladen

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Kürzlich hochgeladen (20)

Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

The State of Threat Detection 2019

  • 1. THE STATE OF THREAT DETECTION 2018 It’s time to lean forward LIVE WEBINAR
  • 2. © Fidelis Cybersecurity Agenda Introductions 2018 in a Nutshell Temperature Check Pain Points Definitions Threat Hunting Plans Bob Flores Former CIA CTO and current Advisor, Fidelis Cybersecurity Tom Clare Product/Technical Marketing Fidelis Cybersecurity 2
  • 3. © Fidelis Cybersecurity 2018 in Nutshell Email is still delivering the vast majority of malware –with some reports claiming that as much as 92% of attacks are still delivered by email The use of sandboxes means attacks are getting better at using phishing, social engineering and drive-bys to gain initial footholds in private domains Over 50% of attacks are file-less with macros and PowerShell scripts evading preventive defenses The cases of ransomware attacks has reduced, while cryptocurrency mining is stepping up – reports suggest $1 billion in cryptocurrency has so far been stolen in 2018 Cyber-attacks are the biggest concern for businesses in Europe, Asia and North America, according to a new survey of executives by the World Economic Forum (WEF)
  • 4. © Fidelis Cybersecurity Attackers are Breaching Defenses How are organizations responding? Fidelis conducted a study of 582 security professionals to evaluate the adoption of threat hunting practices and overall threat detection strengths and weaknesses. REGION › Europe: 25% › USA: 29% › Global: 36% › Other: 10% JOB TITLE › CISO/CITO/CTO: 10% › VP/Director/Manager: 36% › Architect/Engineer: 27% › Analyst: 16% › Other: 12% COMPANY SIZE › Large Enterprise (5000+ employees): 39% › Medium Enterprise (1000-4999 employees): 18% › Medium Business (250-999 employees): 19% › Small Business (1-249 employees): 24%
  • 5. © Fidelis Cybersecurity Temperature Check - Preventive Defenses How effective do you believe your preventive defenses to be against targeted attacks? 28% 50% 10% 11% HI GHLY E FFE CTI V E E FFE CTI V E NOT V E RY E FFE CTI V E DO NOT K NOW Only 28% of respondents said that they felt their solutions were highly effective. AV Test industry averages for real time prevention is 97.4% for Android, 99.7% for MacOS and a resounding 100% for Windows. 33% of Financial organizations said they believed their solutions to be highly effective. Insurance (28%) and technology (25%) organizations followed closely behind Just 4% of manufacturing organizations deemed their preventative solutions to be highly effective.
  • 6. © Fidelis Cybersecurity Temperature Check – Detection Capabilities How effective do you believe your post breach detection to be? 21% 53% 13% 14% HI GHLY E FFE CTI V E EFFECTI VE NOT VERY E FFE CTI V E DO NOT KNOW Just 21% of respondents cited that they perceive their post-breach detection measures to be highly effective 68% do not have an Endpoint Detection and Response solution 25% of all participants stated that they do not have a detection and response strategy in place at all Healthcare organizations were least confident, with just 5% citing that they trusted their detection and response capabilities to be highly effective
  • 7. © Fidelis Cybersecurity Pain Points 33% of respondents cited that ‘insufficient security resources’ was a main concern. 30% of respondents cited ‘lack of automation for IR and investigation’ as a major issue 29% of respondents cited ‘alert overload’ as a major issue What are the main issues facing your organization? 16% 18% 21% 24% 29% 30% 33% MEAN TIME TO RESPOND IS TOO LONG MEAN TIME TO DETECT IS TOO LONG TOO MANY DISPARATE TOOLS FOR IR AND INVESTIGATIONS NONE OF THE ABOVE ALERT OVERLOAD LACK OF AUTOMATION FOR IR AND INVESTIGATIONS INSUFFICIENT SECURITY RESOURCES
  • 8. © Fidelis Cybersecurity CISO/CIO/CTO ARCHITECT 41% 41% 34% ALERT OVERLOAD LACK OF AUTOMATION INSUFFICIENT SECURITY RESOURCES 51% 36% 36% LACK OF AUTOMATION INSUFFICIENT SECURITY RESOURCES TOO MANY DISPARATE TOOLS FOR IR AND… 33% 28% 24% INSUFFICIENT RESOURCES ALERT OVERLOAD LACK OF AUTOMATION ANALYST/RESEARCHER By Job Title
  • 9. © Fidelis Cybersecurity Priorities 62.61% 24.87% 4.52% 8.00% V E RY I MP ORTA NT I MP ORTA NT NOT V E RY I MP ORTA NT DO NOT K NOW / THI S I S N' T MY A RE A OF E XP E RT I S E How important to you is detecting post-breach attacks in the first few minutes and hours? • Oil/Gas/Utilities – 81% • Finance/Banking – 72% • Manufacturing – 43% • State and Local Gov – 56% • Manufacturing – 47% • State and Local Gov – 30% • Balance among other industries • Education – 21% • State and local Gov – 12%
  • 10. © Fidelis Cybersecurity The Knowledge Gap • Mission brief provided key intel on first challenge • Read the brief, averaged ~100 commands • Did not read, used spray and pray efforts • Knowledge before and during phases reduces knowledge gap/commands • Over time hackers become quieter and harder to detect • Early detection is critical • Deception layers need to be automatically kept current and dynamic 10
  • 11. © Fidelis Cybersecurity How are Organizations Detecting Attacks? 15% 20% 28% 38% 55% 63% DECEPTION DEFENSE PLATFORMS DO NOT KNOW/ THIS ISN'T MY AREA OF EXPERTISE USER/ENTITY BEHAVIOR ANALYTICS (UEBA) DATA LOSS PREVENTION (DLP) ENDPOINT DETECTION AND RESPONSE (EDR) SIEM OR LOG/EVENT MONITORING (SIM/SEM)
  • 12. © Fidelis Cybersecurity What About Threat Hunting? First,let’sdefineit Threat Detection Multiple Detection Techniques: Signatures, Patterns, Rules, Statistics, Sandboxing, Emulation, Anomaly Detection, Machine Learning, Behavior Analysis, etc. Matching IoCs, IoAs Real-time and Retrospectively Query, Search, Pivot: Logs, Events, SIEM, Data Lakes, Metadata, etc. Threat Modeling Proactive process to improve applications, systems and network security Assessing potential risks, threats, and vulnerabilities often from an attacker’s perspective Enumerate and prioritize countermeasures to address the effects Increasingly important for Cloud, IoT and autonomous converged IT/OT solutions Threat Hunting Proactive, analyst-centric, iterative and interactive ad hoc process Driven by expert intuitive hypotheses assuming a breach Combines security expertise, data analyst skills and creative thinking upon a knowledgebase across applications, systems and networks
  • 13. © Fidelis Cybersecurity What is NOT Threat Hunting… • Threat hunting is triggered by SIEM or AV alerts… • Investigating the most frequent AV alert for root cause and hunting on it… • Constantly monitoring and investigating any suspicious activity or anomalies… • Non-baseline behavior or triggered events drive analyst investigations… • Reviewing many logs within a SIEM and developing custom queries… • Using Endpoint Detection & Response (EDR) to match TI and IOCs… • Better alert triage or improved investigation capabilities… • Searching through a data lake…
  • 14. © Fidelis Cybersecurity Who is doing it? Does you security team currently engage in threat hunting? 42% 21% 37% NO A ND W E DO NOT HA V E P LA NS TO NO B UT W E HA V E P LA N T O W I THI N T HE NE XT Y E A R Y E S W E CURRE NTLY HA V E THRE A T HUNTE RS
  • 15. © Fidelis Cybersecurity Threat Hunting by Industry 25% 26% 28% 30% 36% 36% 36% 36% 38% 44% 46% MANUFACTURING OTHER STATE & LOCAL GOVERNMENT TECHNOLOGY OIL/GAS/UTILITIES HEALTH CARE EDUCATION SERVICES FEDERAL PUBLIC SECTOR INSURANCE FINANCE/BANKING ORGANIZATIONS WHO ARE THREAT HUNTING
  • 16. © Fidelis Cybersecurity What’s Stopping us from Threat Hunting? 48% 35% 4.40% 12.40% W E DON' T HA V E THE TI ME TE A M DOE S N' T HA V E THE S K I LLS W E DON' T HA V E THE V I S I B I LI TY W E DON' T THI NK I T' S NE CE S S A RY 86% of those who do not threat hunt want to but can’t – due to lack of time, skills and visibility
  • 17. © Fidelis Cybersecurity Hunting Threat Hunting Evolution AV IDS Events/Logs SIEMs Data Lakes ML/Analytics NTA/Sensors EDR METADATA - Indexed Ready to Query - 90% of Content - 20% of Storage Fees Skills Training Internal Threat Intelligence Reactionary Indicators Internal Skills & Resources Services Platforms 3rd Party Threat Intelligence Detection Detection Proactive Hunting
  • 18. © Fidelis Cybersecurity Types of Metadata • Investigation and Response Alert pivots and hunting by switching between content and context of sessions • Automatic Retrospective Application of Threat Intelligence • Cross Session Correlation, plus Security Analytics • Network Visibility & Profiles See patterns not seen in firewall logs or SIEM dashboards • Anomaly Detection Frequent and rare instances of attributes, plus cross session, multi-faceted and behavioral analysis 18 Plus custom tags!
  • 19. © Fidelis Cybersecurity Improving Threat Detection and Hunting in 2019 We suggest 3 areas of focus to improve threat detection capabilities in the coming year: Collect Metadata Develop the Skill Sets for Threat Hunting and Threat Detection 1 Incorporate Internal and 3rd Party Threat Intelligence2 3