SlideShare ist ein Scribd-Unternehmen logo

Can Security and Automation Work Together

Als PPTX, PDF herunterladen
T
Trish McGinity, CCSK

Security and Automation: Can they work together? Can we survive if they don't?

Technologie
1 von 25
© 2015 ServiceNow All Rights Reserved Security and Automation: Can they work together? Can we survive if they don’t? Rob Randell, CISSP Director, Security and Risk Solutions Consulting
© 2016 ServiceNow All Rights Reserved The Problem Reference: http://ir.finjan.com/all-sec-filings/content/0001628280-15-006727/ex992finjanirpresentatio.htm??TB_iframe=true&height=auto&width=auto&preload=false
© 2016 ServiceNow All Rights Reserved Business Impact: Time to Containment is Key to Reducing Impact and Cost of Breach Source: Ponemon Institute 2016 On average, it took respondents 229 days to spot a breach caused by malicious agents, and 82 days to contain it.
© 2016 ServiceNow All Rights Reserved Why are Defenses Failing? Disparate and Siloes Security Tools SIEMS, Malware, Threat Network Protection Endpoint Solutions Access & Identity Solutions
© 2016 ServiceNow All Rights Reserved Security Teams Are Overwhelmed Manual Tools Too Many Alerts & No Context Siloed from IT Security IT
© 2016 ServiceNow All Rights Reserved Its 1999 Operations Management all over again!!!!! Thousands of events per day… people can’t scale to meet the volume SIEM Firewall/IPS/IDS Identity & Access Threat/Intel Vulnerability Detection Network Security Security Endpoint Detection Security & IT Teams What do we do with all of this?! What do we do with all of this? • Consolidate to a Single System • Understand Business Criticality • Execute Consistent Workflow • Manage Service Levels • Auto Remediate • Capture Metrics • Enable IT, Security, & BU Collaboration • Meet Audit and Regulatory Requirements
© 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Identify/Detect Too many systems and tools Too many events / too much information Not enough context Security Analyst Tier 1 Tier 2 Tier 3
© 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Contain Lack knowledge for containment and resolution steps Too long to respond Proactive response Security Analyst Multiple Round-trips Poor cross-team response times Response Automation
© 2016 ServiceNow All Rights Reserved Sample Response Workflow IDS Alert Generates Incident Analyst needs to prioritize, assign and categorize incident Analyst needs to identify and extract IPs, hashes and indicators Analyst needs to run reputational lookups via threat intel on indicators Analyst needs to get network connections off target machine Analyst needs to run hashes on all running processes Analyst needs to run threat intel lookups on all processes and network connections Analyst needs to confirm threat Analyst needs to get running processes off target machine Analyst starts remediation and containment *Note: Blue boxes indicate data enrichment activities
© 2016 ServiceNow All Rights Reserved Enterprise Security Response The Need: Enterprise Security Response! Security Incident Response Vulnerability Response Threat Intelligence Workflow & Automation Deep IT Integration
© 2016 ServiceNow All Rights Reserved Getting started with automation Objectives – Automation, how and where to begin What you will learn – Some of the definition(s) of Automation – Learn about automating Enterprise Security Response – Crawl, walk, run
© 2016 ServiceNow All Rights Reserved One in ~32 million definitions
© 2016 ServiceNow All Rights Reserved Automation vs Orchestration: What’s the Difference? • Orchestration vs. automation – a lot of people use the terms interchangeably • Automation – Execution of a simple task or action by a machine • Orchestration – Optimization and automated execution of an end-to-end workflow or complex series of processes, tasks and actions Orchestration Automation
© 2016 ServiceNow All Rights Reserved Is it risky? “Automate and/or die” – Anton Chuvakin Yes! But you are probably doing it today
© 2016 ServiceNow All Rights Reserved Most widely known automation • The most common automation story is quarantining an infected system • The auto-blocking tools vendors warn that if you don’t automate you will make the cover of the NY Times • Most folks remember the heydays when IPS was taking down production business applications every Friday at beer o’clock – That of course is when the IPS appliance CPU wasn’t at 100% • Many of these were poorly designed automation tools built with the of best intentions
© 2016 ServiceNow All Rights Reserved Crawl, walk, run, robot
© 2016 ServiceNow All Rights Reserved Security Operations Maturity Levels 1 – Basic Operations Security Operations Maturity 2 – Visibility and Performance 3 - Context and Enrichment 4 - Automated Remediation Value-based Prioritization, Visibility and Reporting Enhanced data enrichment tied to incidents Context-driven detection Automated Response Actions for Proactive Measures and Countermeasures Integrated Change Request and History Circles of Trust for Peer Intel Sharing Dynamic Workflow to Educate and Enable SOC Teams Basic Incident Ticketing, Incident Response Definition Prioritization by Impact KPIs, Reporting and SLAs Noise Reduction Automate data gathering tasks Threat intelligence integrated with IR Time to Detect per event reduced Compress the time to contain and remediate incidents Enable visibility for changes and task fulfillment across teams Easily handle common attacks to improve response closure Integration with core security systems Process and Accountability Defined Security Information Network for intel and attack method updates Automated querying of internal and supplier environments Educational expert systems and best practice sharing EnhancedTimetoDetectandRespond 5 – Networked Intelligence A large percentage of organizations are working at Level 1
© 2016 ServiceNow All Rights Reserved Sooooo….What can you automate? (without getting fired*) * if you are fired for doing everything I outline here you have my sympathy but I surely am not to blame • Start with something simple, repetitive, important - and something that is going to save your analysts’ time • A typical phishing investigation can take about 20-30 minutes and requires a lot of manual steps – When not followed up on it can lead to large costs and infection – When following up you may miss other pressing issues – Initial (triage) research does not require a particular set of skills
© 2016 ServiceNow All Rights Reserved Start passively • Automate process lookups – What is running? • Is this normal? – What is open? • Explode malware in sandbox • Pull asset records – Who owns it? – Where is it? • Threat lookups – Have I seen this before? – Has someone else seen it?
© 2016 ServiceNow All Rights Reserved Grow to human stopgaps • Disable account – Only when confirmed to be compromised • Block on firewall – Only block known infected systems • Reset passwords • Delete phishing email(s) • Push button automation
© 2016 ServiceNow All Rights Reserved Go Active • Move to active after significant testing • Blocking – Can be disruptive but can also be undone quickly • Disabling accounts – Can keep you out of the headlines • Audit everything! – Create Change records for every automated task • Do more with the same! – Automation allows your analysts to operate at lightspeed
© 2016 ServiceNow All Rights Reserved
© 2016 ServiceNow All Rights Reserved 1 2 3 Top Takeaways Start passively Grow to gated automation Move to active (albeit carefully)
© 2016 ServiceNow All Rights Reserved What’s the Ideal Response Process? 1 6 3 4 5 UTILIZE THREAT INTELLIGENCE INTEGRATE YOUR SECURITY PRODUCTS DETERMINE RESPONSE ACTION REMEDIATE THREATS FAST REVIEW POST INCIDENT REPORTS 2 AUTOMATICALLY PRIORITIZE SECURITY INCIDENTS
© 2015 ServiceNow All Rights Reserved 25 Thank you! Director Solutions Consulting - Security ServiceNow Rob Randell

Empfohlen

Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1TECHNOLOGY CONTROL CO.
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityHuntsman Security
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 

Empfohlen

Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1TECHNOLOGY CONTROL CO.
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Security Orchestration and Automation with Hexadite+
Security Orchestration and Automation with Hexadite+Nathan Burke
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityHuntsman Security
 
If We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantIf We Only Had the Time: How Security Teams Can Focus On What’s Important
If We Only Had the Time: How Security Teams Can Focus On What’s ImportantNathan Burke
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
 
Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Ivanti
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOCAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCBIZ, Inc.
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Source Conference
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSecPod Technologies
 

Weitere ähnliche Inhalte

Was ist angesagt?

Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Ivanti
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOCAlienVault
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsDamon Small
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCBIZ, Inc.
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Source Conference
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 

Was ist angesagt? (20)

Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?Application Control - Maintenance Headache or Manageable Solution?
Application Control - Maintenance Headache or Manageable Solution?
 
Practioners Guide to SOC
Practioners Guide to SOCPractioners Guide to SOC
Practioners Guide to SOC
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Cybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness AssessmentCybersecurity: Quick Preparedness Assessment
Cybersecurity: Quick Preparedness Assessment
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breach
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
 

Ähnlich wie Can Security and Automation Work Together

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSecPod Technologies
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsAujas
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017zapp0
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application securityRogue Wave Software
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 

Ähnlich wie Can Security and Automation Work Together (20)

Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
SanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems ManagementSanerNow a platform for Endpoint security and systems Management
SanerNow a platform for Endpoint security and systems Management
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
 
How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus Analytics
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 

Mehr von Trish McGinity, CCSK

Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebToken Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebTrish McGinity, CCSK
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggTrish McGinity, CCSK
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxTrish McGinity, CCSK
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Trish McGinity, CCSK
 
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Trish McGinity, CCSK
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionTrish McGinity, CCSK
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 

Mehr von Trish McGinity, CCSK (16)

Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 
Privacy 101
Privacy 101Privacy 101
Privacy 101
 
Cloud Seeding
Cloud SeedingCloud Seeding
Cloud Seeding
 
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure WebToken Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott HoggPractical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
 
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghxCsa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
 
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
 
Ed Rios - New ncc brief
Ed Rios - New ncc briefEd Rios - New ncc brief
Ed Rios - New ncc brief
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
 

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Can Security and Automation Work Together

  • 1. © 2015 ServiceNow All Rights Reserved Security and Automation: Can they work together? Can we survive if they don’t? Rob Randell, CISSP Director, Security and Risk Solutions Consulting
  • 2. © 2016 ServiceNow All Rights Reserved The Problem Reference: http://ir.finjan.com/all-sec-filings/content/0001628280-15-006727/ex992finjanirpresentatio.htm??TB_iframe=true&height=auto&width=auto&preload=false
  • 3. © 2016 ServiceNow All Rights Reserved Business Impact: Time to Containment is Key to Reducing Impact and Cost of Breach Source: Ponemon Institute 2016 On average, it took respondents 229 days to spot a breach caused by malicious agents, and 82 days to contain it.
  • 4. © 2016 ServiceNow All Rights Reserved Why are Defenses Failing? Disparate and Siloes Security Tools SIEMS, Malware, Threat Network Protection Endpoint Solutions Access & Identity Solutions
  • 5. © 2016 ServiceNow All Rights Reserved Security Teams Are Overwhelmed Manual Tools Too Many Alerts & No Context Siloed from IT Security IT
  • 6. © 2016 ServiceNow All Rights Reserved Its 1999 Operations Management all over again!!!!! Thousands of events per day… people can’t scale to meet the volume SIEM Firewall/IPS/IDS Identity & Access Threat/Intel Vulnerability Detection Network Security Security Endpoint Detection Security & IT Teams What do we do with all of this?! What do we do with all of this? • Consolidate to a Single System • Understand Business Criticality • Execute Consistent Workflow • Manage Service Levels • Auto Remediate • Capture Metrics • Enable IT, Security, & BU Collaboration • Meet Audit and Regulatory Requirements
  • 7. © 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Identify/Detect Too many systems and tools Too many events / too much information Not enough context Security Analyst Tier 1 Tier 2 Tier 3
  • 8. © 2016 ServiceNow All Rights Reserved Security Response Optimization – Time to Contain Lack knowledge for containment and resolution steps Too long to respond Proactive response Security Analyst Multiple Round-trips Poor cross-team response times Response Automation
  • 9. © 2016 ServiceNow All Rights Reserved Sample Response Workflow IDS Alert Generates Incident Analyst needs to prioritize, assign and categorize incident Analyst needs to identify and extract IPs, hashes and indicators Analyst needs to run reputational lookups via threat intel on indicators Analyst needs to get network connections off target machine Analyst needs to run hashes on all running processes Analyst needs to run threat intel lookups on all processes and network connections Analyst needs to confirm threat Analyst needs to get running processes off target machine Analyst starts remediation and containment *Note: Blue boxes indicate data enrichment activities
  • 10. © 2016 ServiceNow All Rights Reserved Enterprise Security Response The Need: Enterprise Security Response! Security Incident Response Vulnerability Response Threat Intelligence Workflow & Automation Deep IT Integration
  • 11. © 2016 ServiceNow All Rights Reserved Getting started with automation Objectives – Automation, how and where to begin What you will learn – Some of the definition(s) of Automation – Learn about automating Enterprise Security Response – Crawl, walk, run
  • 12. © 2016 ServiceNow All Rights Reserved One in ~32 million definitions
  • 13. © 2016 ServiceNow All Rights Reserved Automation vs Orchestration: What’s the Difference? • Orchestration vs. automation – a lot of people use the terms interchangeably • Automation – Execution of a simple task or action by a machine • Orchestration – Optimization and automated execution of an end-to-end workflow or complex series of processes, tasks and actions Orchestration Automation
  • 14. © 2016 ServiceNow All Rights Reserved Is it risky? “Automate and/or die” – Anton Chuvakin Yes! But you are probably doing it today
  • 15. © 2016 ServiceNow All Rights Reserved Most widely known automation • The most common automation story is quarantining an infected system • The auto-blocking tools vendors warn that if you don’t automate you will make the cover of the NY Times • Most folks remember the heydays when IPS was taking down production business applications every Friday at beer o’clock – That of course is when the IPS appliance CPU wasn’t at 100% • Many of these were poorly designed automation tools built with the of best intentions
  • 16. © 2016 ServiceNow All Rights Reserved Crawl, walk, run, robot
  • 17. © 2016 ServiceNow All Rights Reserved Security Operations Maturity Levels 1 – Basic Operations Security Operations Maturity 2 – Visibility and Performance 3 - Context and Enrichment 4 - Automated Remediation Value-based Prioritization, Visibility and Reporting Enhanced data enrichment tied to incidents Context-driven detection Automated Response Actions for Proactive Measures and Countermeasures Integrated Change Request and History Circles of Trust for Peer Intel Sharing Dynamic Workflow to Educate and Enable SOC Teams Basic Incident Ticketing, Incident Response Definition Prioritization by Impact KPIs, Reporting and SLAs Noise Reduction Automate data gathering tasks Threat intelligence integrated with IR Time to Detect per event reduced Compress the time to contain and remediate incidents Enable visibility for changes and task fulfillment across teams Easily handle common attacks to improve response closure Integration with core security systems Process and Accountability Defined Security Information Network for intel and attack method updates Automated querying of internal and supplier environments Educational expert systems and best practice sharing EnhancedTimetoDetectandRespond 5 – Networked Intelligence A large percentage of organizations are working at Level 1
  • 18. © 2016 ServiceNow All Rights Reserved Sooooo….What can you automate? (without getting fired*) * if you are fired for doing everything I outline here you have my sympathy but I surely am not to blame • Start with something simple, repetitive, important - and something that is going to save your analysts’ time • A typical phishing investigation can take about 20-30 minutes and requires a lot of manual steps – When not followed up on it can lead to large costs and infection – When following up you may miss other pressing issues – Initial (triage) research does not require a particular set of skills
  • 19. © 2016 ServiceNow All Rights Reserved Start passively • Automate process lookups – What is running? • Is this normal? – What is open? • Explode malware in sandbox • Pull asset records – Who owns it? – Where is it? • Threat lookups – Have I seen this before? – Has someone else seen it?
  • 20. © 2016 ServiceNow All Rights Reserved Grow to human stopgaps • Disable account – Only when confirmed to be compromised • Block on firewall – Only block known infected systems • Reset passwords • Delete phishing email(s) • Push button automation
  • 21. © 2016 ServiceNow All Rights Reserved Go Active • Move to active after significant testing • Blocking – Can be disruptive but can also be undone quickly • Disabling accounts – Can keep you out of the headlines • Audit everything! – Create Change records for every automated task • Do more with the same! – Automation allows your analysts to operate at lightspeed
  • 22. © 2016 ServiceNow All Rights Reserved
  • 23. © 2016 ServiceNow All Rights Reserved 1 2 3 Top Takeaways Start passively Grow to gated automation Move to active (albeit carefully)
  • 24. © 2016 ServiceNow All Rights Reserved What’s the Ideal Response Process? 1 6 3 4 5 UTILIZE THREAT INTELLIGENCE INTEGRATE YOUR SECURITY PRODUCTS DETERMINE RESPONSE ACTION REMEDIATE THREATS FAST REVIEW POST INCIDENT REPORTS 2 AUTOMATICALLY PRIORITIZE SECURITY INCIDENTS
  • 25. © 2015 ServiceNow All Rights Reserved 25 Thank you! Director Solutions Consulting - Security ServiceNow Rob Randell

Hinweis der Redaktion

  1. <click> Well first, while all of an organization’s security products do a nice job of protecting and detection potential security incidents, they create A LOT of alerts. Some organizations can see hundreds or even thousands of these alerts a day. How do they tell them apart? Which ones do they work on first? The graphic on the screen is an interesting way of visualizing it. All of those alerts look pretty similar. Is the red one most important? Or the darker red or red outline? The alerts are typically missing context or how or if a particular alert will really affect an organization. <click> Then – once a security teams knows they have a problem, the tools they are using for resolution are typically manual. For example, many organizations take the alerts from their systems – whether they are directly from an endpoint security product, firewall or even a SIEM and put them into the best data repository they have – a spreadsheet or Microsoft Excel. And as they work on the process for resolving the problem, the processes are might be on paper as part of a policy or they need to go and speak with another security analyst or team member. And do they teams communicate? Via the same tools they use for other communications – email. <click> And lastly, we are finding that while security and IT teams are all part of the same larger group, they typically act in silos. They use different toolsets. These silos and toolsets are another important factor as when security teams determine what’s needed to fix a problem, it is typically IT that is required to fix the problem. This could be patching or rebooting a server. Or taking a machine off of the network. Or disabling a person’s network or AD credentials. These silos cause resolution to take longer.
  2. “Drinking from the firehose”
  3. So, what this demo is going to highlight is some of the investments that we’ve been making in security operations for Istanbul. It highlights integrations with strategic security vendors, automation of data enrichment to help answer those questions that the security analyst needs to ask, and orchestration and remediation. It’s also a bit rough as we’re still putting the final touches on things, but what I’m going to demo is an integration with Palo Alto Networks, where we receive an alert from their WildFire malware system and we use that information to automatically run reputational lookups to get more information and from there we initiate an orchestration task to block a malicious network site on the Palo Alto Networks firewall. Normally, the enrichment process would take a significant amount of time and the ability to get a change put quickly in place, but what we’re ultimately demonstrating is a compression of the time to identify and time to contain windows.
  4. Note: Highlight why the audience should care to sit through your presentation. For example, if you want to automate your legacy processes, you’ll learn what we did and how we accomplished it. Our experience with compliance/QA challenges can save your company time and headaches.
  5. For me automation could be many things; route a some work, do a lookup, install a patch, block a computer, disable an account, all of the above! Explain the SN instance provisioning process What is automation? It isn’t the same for everyone. Hell, it isn’t even the same across a single business Legacy systems have little to none available Private and Public Clouds may have a fair bit of it
  6. Flip baby image around
  7. 17
  8. Note: Please limit to one slide.
  9. The step-by-step journey diagram from the corporate marketing message