SlideShare ist ein Scribd-Unternehmen logo

You can't detect what you can't see illuminating the entire kill chain

Fidelis Cybersecurity
Fidelis Cybersecurity

Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions. We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
You Can’t Detect What You Can’t See: Illuminating the Entire Kill Chain
© Fidelis Cybersecurity Today’s Speakers Dr. Chenxi Wang Founder, Rain Capital @chenxiwang Tim Roddy VP Cybersecurity Product Strategy Fidelis Cybersecurity 2
© Fidelis Cybersecurity Today’s IT Environment Is Complex Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 3
© Fidelis Cybersecurity Sensitive Data is Everywhere 4 Enterprise Servers
© Fidelis Cybersecurity Office 365 Adoption 5 Source: https://blog.barracuda.com/2017/10/12/office-365-active-usage-soars-some-still-unclear-on-security/
© Fidelis Cybersecurity AWS Is The Fifth Largest Software Business 6
© Fidelis Cybersecurity Your Visibility Is Fragmented Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 7 CASB Web/Email Gateways EDR/AV ? ? ? ?
© Fidelis Cybersecurity Doesn’t SIEM Handle This? Intelligence? 8 Analysis SIEM
© Fidelis Cybersecurity See patterns in network activity Security Analyst’s Day-to-Day Reality What’s the Solution? Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats 9
© Fidelis Cybersecurity Illuminate the Kill Chain - Follow These Steps Build Core competency 1. Get visibility into network, cloud apps, and endpoints 2. Deploy EDR to endpoints and servers 3. Integrate endpoint and network data to increase SOC efficiency 4. Ensure you have historical visibility … what happened in the past matters 5. Utilize Deception wherever meaningful Don’t forget these 1. Shine a light on IoT and other assets where you can’t deploy an agent 2. Don’t go at it alone - look at MDR to augment your capacity 10
© Fidelis Cybersecurity Look In (All of) the Right Places Existing breach detection and data loss prevention solutions don’t dig deep. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols 11
© Fidelis Cybersecurity Look In (All of) the Right Places Existing detection solutions don’t dig as deep as attackers hide. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols Most Security Solutions Only Look HERE But Attackers Live Here 12
© Fidelis Cybersecurity Unpeel the Content Onion What You Want to SeeWhat FW’s, IPS’s & Network Forensics Systems See 13 Same Information in Motion on the Network
© Fidelis Cybersecurity See Embedded Network Content (Inbound and Outbound) PDF DeflateText Malware ExcelText ZIP PPT MIME HTTP Text Gmail Malicious Inbound Content Classified Sensitive Outbound Content 14
© Fidelis Cybersecurity Gain Greater Endpoint Visibility and Insights to Ensure Faster Response 1 INCREASE visibility to see all endpoint activity and detect threats 2 REDUCE time to respond to threats 3 AUTOMATE Endpoint Response 4 ENHANCE your endpoint protection - in one agent 15
© Fidelis Cybersecurity The Value of Integrating Network and Endpoint Data VISIBILITY Trigger intelligent actions from dynamic analysis; close security lifecycle loop Instantly validate alerts by correlating network/ endpoint data with threat correlation engine Monitor endpoint activity; find compromised systems DETECTION RESPONSE Decrease Theft of Assets & IP Lower Overall Cost of Response Minimize Disruption to Business Mitigate Damage to Reputation/Integrity 16
© Fidelis Cybersecurity Look into the Past as Well as the Present via Rich Metadata Application & Protocol-Level Metadata Collected by Fidelis Content-Level Metadata Collected by Fidelis Web Applications Social Media Email Encrypted Web Access Internal File Share Other Attributes Documents Executable Files Archives (zip, rar, tar, gzip, etc.) Certificates Embedded Objects Other Attributes 17
© Fidelis Cybersecurity See Attackers’ Lateral Movements • Phish/Email • Drive-by Attack • Social Engineer • Open Exploit Human attackers lured to decoys by unstructured data (files, email, docs) Malware lured to decoys with structured data (apps, browsers) Attacks rarely land on desired asset, lateral movement is next step. * - breadcrumb Active Directory * * Automation discovers, creates, deploys and maintains ‘realistic’ deception layers. Active response with automated workflow and investigation. Decoys with interaction services and applications to engage attacks. 18
© Fidelis Cybersecurity Shine a Light on Blind Spots Where You Can’t DeployAgents 19 Gain insight into your resources Passive identification, profiling and classification Assets – Devices (servers, endpoint, IoT, legacy systems) Data – OS, Applications, Ports Communication Channels and Network Server Usage Shadow-IT tools, Home-grown appliances, App servers, Tools Servers: FTP, SSH, DNS, Proxy Discover Automatic processes vs. Human browsing sessions Internal and External activities Visualization graphs of asset connectivity
© Fidelis Cybersecurity Illuminate the SSL Blindspot 20 https proxy ICAP Malware and DLP scanning https 80% of Network traffic is now SSL and 50% of organizations don’t decrypt
© Fidelis Cybersecurity Augment your Staff with 24x7 Managed Detection and Response (MDR) Outsource Your Threat Hunting and Data Leakage Mitigation to Experts Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards 21
© Fidelis Cybersecurity Key Security Capabilities For Your Networks, Endpoints, Cloud and IoT Environments Visibility + Intelligence Visibility: Network Activity and Content; Endpoint Activity; Asset and Data Classification; Decoys Intelligence: From experienced IR and security operations analysts, sandboxing, machine learning, IOC feeds, and research Automated Detection and Response Automated Detection: Applies world-class intelligence to full visibility for contextual perspective Automated Response: Comes from understanding every detection and knowing what an experienced analyst would do next = 22
© Fidelis Cybersecurity Monitor theAttack Lifecycle and Data Exfiltration Identify activity on devices Breadcrumbs lure attackers & malicious insiders into decoys Distract attacker and defend Identify exfiltration Decoys activation & interaction Adversary Tool Usage Identify Exfiltration TTPs Network Network Inside your network DeceptionEndpoint Observe all traffic 23
© Fidelis Cybersecurity Leader inAutomated Detection & Response PROVEN SECURITY EXPERTISE • Established 2002, HQ in Washington, DC • Fortune 100 & DoD enterprise proven • 12 of the Fortune 50 • 24 of the Fortune 100 • Backed by Marlin Equity Partners • Experts in Incident Response and Security Assessments PATENTED INNOVATION • Fidelis Elevate Platform • Network Detection and Response • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Deception • Discovery and Classification of Data and Assets • Gartner Cool Vendor 2017 for Deception • Gartner Visionary 2017 for DLP 24
© Fidelis Cybersecurity Questions and Next Steps 25 Read the Datasheet www.fidelissecurity.com/resources/fidelis-elevate-overview Request a Personalized Demonstration www.fidelissecurity.com/products/security-operations-platform/demo See an On-Demand Fidelis Elevate Demo www.fidelissecurity.com/products/security-operations-platform/demo/video

Empfohlen

Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 

Empfohlen

Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Endpoint® - Live Demonstration
Fidelis Endpoint® - Live Demonstration Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthIceQUICK
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersDragos, Inc.
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthIceQUICK
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 

Was ist angesagt? (20)

Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Trisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS DefendersTrisis in Perspective: Implications for ICS Defenders
Trisis in Perspective: Implications for ICS Defenders
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 

Ähnlich wie You can't detect what you can't see illuminating the entire kill chain

Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Adam Pennington
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2016
 

Ähnlich wie You can't detect what you can't see illuminating the entire kill chain (20)

Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
Information Security
Information SecurityInformation Security
Information Security
 
Secure remote work
Secure remote workSecure remote work
Secure remote work
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

You can't detect what you can't see illuminating the entire kill chain

  • 1. You Can’t Detect What You Can’t See: Illuminating the Entire Kill Chain
  • 2. © Fidelis Cybersecurity Today’s Speakers Dr. Chenxi Wang Founder, Rain Capital @chenxiwang Tim Roddy VP Cybersecurity Product Strategy Fidelis Cybersecurity 2
  • 3. © Fidelis Cybersecurity Today’s IT Environment Is Complex Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 3
  • 4. © Fidelis Cybersecurity Sensitive Data is Everywhere 4 Enterprise Servers
  • 5. © Fidelis Cybersecurity Office 365 Adoption 5 Source: https://blog.barracuda.com/2017/10/12/office-365-active-usage-soars-some-still-unclear-on-security/
  • 6. © Fidelis Cybersecurity AWS Is The Fifth Largest Software Business 6
  • 7. © Fidelis Cybersecurity Your Visibility Is Fragmented Company Hack Attacks Firewalls, IPS, VPN Email Attacks Active Content Flash, Javascript 80 443 25 7 CASB Web/Email Gateways EDR/AV ? ? ? ?
  • 8. © Fidelis Cybersecurity Doesn’t SIEM Handle This? Intelligence? 8 Analysis SIEM
  • 9. © Fidelis Cybersecurity See patterns in network activity Security Analyst’s Day-to-Day Reality What’s the Solution? Monitor for and prevent exfiltration of data See beaconing and block it Identify and stop malicious network behavior See lateral movement Perform real-time and historical analysis See all endpoint activity and respond to threats 9
  • 10. © Fidelis Cybersecurity Illuminate the Kill Chain - Follow These Steps Build Core competency 1. Get visibility into network, cloud apps, and endpoints 2. Deploy EDR to endpoints and servers 3. Integrate endpoint and network data to increase SOC efficiency 4. Ensure you have historical visibility … what happened in the past matters 5. Utilize Deception wherever meaningful Don’t forget these 1. Shine a light on IoT and other assets where you can’t deploy an agent 2. Don’t go at it alone - look at MDR to augment your capacity 10
  • 11. © Fidelis Cybersecurity Look In (All of) the Right Places Existing breach detection and data loss prevention solutions don’t dig deep. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols 11
  • 12. © Fidelis Cybersecurity Look In (All of) the Right Places Existing detection solutions don’t dig as deep as attackers hide. Can’t find malware hidden deep inside content WHAT they see WHEN they see it Initial Compromise Establish Foothold Escalate Privileges Lateral Propagation Data Staging & Exfiltration Don’t see attackers after the initial compromise ATTACK LIFECYCLE Email & Attachment Archive PDF Malicious Binary Blind to attackers operating on non-standard ports WHERE they look HTTP (port 80) HTTPS (port 443) Mail (port 25) Thousands of ports and protocols Most Security Solutions Only Look HERE But Attackers Live Here 12
  • 13. © Fidelis Cybersecurity Unpeel the Content Onion What You Want to SeeWhat FW’s, IPS’s & Network Forensics Systems See 13 Same Information in Motion on the Network
  • 14. © Fidelis Cybersecurity See Embedded Network Content (Inbound and Outbound) PDF DeflateText Malware ExcelText ZIP PPT MIME HTTP Text Gmail Malicious Inbound Content Classified Sensitive Outbound Content 14
  • 15. © Fidelis Cybersecurity Gain Greater Endpoint Visibility and Insights to Ensure Faster Response 1 INCREASE visibility to see all endpoint activity and detect threats 2 REDUCE time to respond to threats 3 AUTOMATE Endpoint Response 4 ENHANCE your endpoint protection - in one agent 15
  • 16. © Fidelis Cybersecurity The Value of Integrating Network and Endpoint Data VISIBILITY Trigger intelligent actions from dynamic analysis; close security lifecycle loop Instantly validate alerts by correlating network/ endpoint data with threat correlation engine Monitor endpoint activity; find compromised systems DETECTION RESPONSE Decrease Theft of Assets & IP Lower Overall Cost of Response Minimize Disruption to Business Mitigate Damage to Reputation/Integrity 16
  • 17. © Fidelis Cybersecurity Look into the Past as Well as the Present via Rich Metadata Application & Protocol-Level Metadata Collected by Fidelis Content-Level Metadata Collected by Fidelis Web Applications Social Media Email Encrypted Web Access Internal File Share Other Attributes Documents Executable Files Archives (zip, rar, tar, gzip, etc.) Certificates Embedded Objects Other Attributes 17
  • 18. © Fidelis Cybersecurity See Attackers’ Lateral Movements • Phish/Email • Drive-by Attack • Social Engineer • Open Exploit Human attackers lured to decoys by unstructured data (files, email, docs) Malware lured to decoys with structured data (apps, browsers) Attacks rarely land on desired asset, lateral movement is next step. * - breadcrumb Active Directory * * Automation discovers, creates, deploys and maintains ‘realistic’ deception layers. Active response with automated workflow and investigation. Decoys with interaction services and applications to engage attacks. 18
  • 19. © Fidelis Cybersecurity Shine a Light on Blind Spots Where You Can’t DeployAgents 19 Gain insight into your resources Passive identification, profiling and classification Assets – Devices (servers, endpoint, IoT, legacy systems) Data – OS, Applications, Ports Communication Channels and Network Server Usage Shadow-IT tools, Home-grown appliances, App servers, Tools Servers: FTP, SSH, DNS, Proxy Discover Automatic processes vs. Human browsing sessions Internal and External activities Visualization graphs of asset connectivity
  • 20. © Fidelis Cybersecurity Illuminate the SSL Blindspot 20 https proxy ICAP Malware and DLP scanning https 80% of Network traffic is now SSL and 50% of organizations don’t decrypt
  • 21. © Fidelis Cybersecurity Augment your Staff with 24x7 Managed Detection and Response (MDR) Outsource Your Threat Hunting and Data Leakage Mitigation to Experts Contextual Perspective, Deep Visibility and Automated Detection and Response across your Network, Endpoints, Cloud and Enterprise IoT Devices Full service solution focused on detection, response and remediation - managed and monitored by security experts Discover and Classify Network Assets Enforce Network Detection and Response Data Leakage Prevention (DLP) Endpoint Detection and Response (EDR) Deception Verifies and enforces your security policies and compliance requirements to ensure the highest standards 21
  • 22. © Fidelis Cybersecurity Key Security Capabilities For Your Networks, Endpoints, Cloud and IoT Environments Visibility + Intelligence Visibility: Network Activity and Content; Endpoint Activity; Asset and Data Classification; Decoys Intelligence: From experienced IR and security operations analysts, sandboxing, machine learning, IOC feeds, and research Automated Detection and Response Automated Detection: Applies world-class intelligence to full visibility for contextual perspective Automated Response: Comes from understanding every detection and knowing what an experienced analyst would do next = 22
  • 23. © Fidelis Cybersecurity Monitor theAttack Lifecycle and Data Exfiltration Identify activity on devices Breadcrumbs lure attackers & malicious insiders into decoys Distract attacker and defend Identify exfiltration Decoys activation & interaction Adversary Tool Usage Identify Exfiltration TTPs Network Network Inside your network DeceptionEndpoint Observe all traffic 23
  • 24. © Fidelis Cybersecurity Leader inAutomated Detection & Response PROVEN SECURITY EXPERTISE • Established 2002, HQ in Washington, DC • Fortune 100 & DoD enterprise proven • 12 of the Fortune 50 • 24 of the Fortune 100 • Backed by Marlin Equity Partners • Experts in Incident Response and Security Assessments PATENTED INNOVATION • Fidelis Elevate Platform • Network Detection and Response • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Deception • Discovery and Classification of Data and Assets • Gartner Cool Vendor 2017 for Deception • Gartner Visionary 2017 for DLP 24
  • 25. © Fidelis Cybersecurity Questions and Next Steps 25 Read the Datasheet www.fidelissecurity.com/resources/fidelis-elevate-overview Request a Personalized Demonstration www.fidelissecurity.com/products/security-operations-platform/demo See an On-Demand Fidelis Elevate Demo www.fidelissecurity.com/products/security-operations-platform/demo/video