Weitere ähnliche Inhalte Ähnlich wie Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014 (20) Kürzlich hochgeladen (20) Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 20141. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
OperationalizingSecurity
IntelligencefortheMid-
Market
Rafal M. Los
Principal, Strategic Security Services
HP Enterprise Security Services
RSAConference-2014
2. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
whatis“securityintelligence”?
3. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“collective set of activities, and
artifacts to make intelligence-
driven decisions”
4. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
detect,respond,resolvemore
effectivelyintheattacklifecycle
5. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Whenyouthinkof
“SecurityIntelligence”…
6. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“somethingbigenterprisesdo”
7. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
whynotyou?
8. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
thistalkisaframeworkforyou
9. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
..togetyouthinking,motivated
10. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
requirements
11. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
highqualityinternal&external
data+telemetry
12. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internalprocesses+workstreams
13. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
qualifiedpersonnel
14. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
intelligent,optimizedtechnology
15. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
let’sbreakthatdown…
16. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internalinformation/data–
knowyourenterpriseattacksurface
17. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
forexample–
• internal business plans
• internal IT technology stack
• known vulnerabilities
• known, accepted risks
• strict change management
• configuration awareness
• unauthorized change detection
• employee activities, habits
18. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
externalinformation/data-
besituationallyaware
19. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
forexample–
• sentiment against your brand/organization
• threat climate of your business vertical
• attacks against similar organizations, vertical
• specific threats against your staff/resources
• geopolitical issues pertaining to your enterprise
• 3rd party reported vulnerabilities
• 3rd party reported exploits
• weaknesses in your external technologies
• reported abused enterprise assets
20. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internalprocesses+workstreams
21. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
convertinformationintoaction
22. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
forexample–
• handling of inbound, external data sources
• formats: csv, pdf, dashboards and text
• distilling data for relevance
• collating and categorizing with internal data
• prioritizing alerts based on prescribed formulas
• alerting appropriate internal & external entities
• creating actionable items from trusted data
• triage of event(s)
• incident management and handling
• incident response, dfir
23. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
qualifiedpersonnel
24. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
difficultto“addon”responsibility
25. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOCanalyst
SecurityIntelligenceanalyst..no
26. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
highlyspecializedskillset
27. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
forexample–
• ability to quickly parse different log types
• ability to quickly make sense of disparate data
• ability to collate and correlate unstructured data
• ability to write code on-the-fly (script)
• proficient in many different security technologies
• able to perform collaborative tasks effectively
• ability to triage incidents quickly, effectively
• proficiency with forensics tools
• strong decision-making capabilities
28. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
intelligent,optimizedtechnology
29. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
techthatworkstogether
30. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
preferintegratedoverdisparate
31. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
techthatmakesanalysismore
efficient,addscertainty
32. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
wemayknowalittlesomethingaboutthis…
33. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
quickrecap
34. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“SecurityIntelligence”is..
the capability to
detect, respond, and resolveyour
security incidents though an
information-driven approach.
35. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Youcandothis.
Youneedtodothis.
36. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Knowmore.
Defendsmarter.