Automating Google Workspace (GWS) & more with Apps Script
Cyber Security for Digital-Era
1. 1
Cyber Security for Digital-Era
AI, Machine Learning, Dynamic Threat Models for Proactive
Threat Detection and Elimination
Erich Berger
Executive, Secure Design
Kevin Stillman
CISO, State University of NY
Lalit Shinde
EVP Security, Seceon
2. Outline of the Presentation
2
Why should CxOs pay particular attention to Cyber Security
Seceon’s Approach, Key Features/Technologies and Complete Solution
Real world Examples, Benefits, Value Proposition to Enterprises
Challenges faced by Cyber Security Experts, Tools and Solutions
3. Why should CxO’s pay attention to Cyber Security?
Cost of Data Breach is not just lost Data, but the impact on Reputation,
Brand and Business Revenue
Cyber attack puts not just you, but your customers, partners and
employees at risk
Breaches have hefty cost associated with them – it’s a financial burden
Your Cyber hygiene affects everyone that you connect with
Legal aspects of Cyber Regulations – Compliance is one of the most
important aspect in several regulated industries
3Source: Ponemon 2016 Cost of Data Breach Study Report
4. Cost of Data Breach at a glance – 2016
$4 million is the average total cost of data breach
29% increase in total cost of data breach since 2013
$158 is the average cost per lost or stolen record – For Healthcare industry,
it’s $355, most among all, for Education it’s $246 and for Banking it’s $221
per stolen record
Regulated industries, such as healthcare and financial services, have the
most costly data breaches because of fines and the higher than average
rate of lost business and customers.
15% increase in per capita cost since 2013
4Source: Ponemon 2016 Cost of Data Breach Study Report
6. Challenges: Cost of MTTI and MTTC
6
MTTI – Mean Time To Identify
MTTC – Mean Time To Contain
US $M
US $M
Source: Ponemon 2016 Cost of Data Breach Study Report
7. Challenges: Most Security Products Fall Short
7Source: Verizon 2016 Data Breach Investigation Report
Stealing Credentials happens
in minutes
95% Data Extraction happens
within 24 hours
Data Breaches – Why Automated Real-Time solution is a must?
Today’s approaches are reactive than proactive
Despite the investment and focus over past 3 years organizations are losing ground
The attacks are smarter and faster
The smart people based centric approach is too slow, too complicated and too expensive
A new fully automated comprehensive threat detect and response system is required
One that Detects threats in Minutes, Fully deploys & protects in a few hours and does not need rule or signature updates
8. Challenges: Operational Cost of Investigations
8
Flows/Logs Troubleshooting
Activity
Type
Flow/Log
Instances
Comments
NG FW generates events/logs around
an instance of an infected device
attempting to connect to a bad web site.
North-South
Activity
444
NG FW is resetting connections from
the device over time and is not
correlating these "non critical flagged"
instances
Device is also performing IP Sweeps
East- West
Activity
135
Few separate instances across the
internal network
Device is also performing IP Port scans
East- West
Activity
92
Few separate instances across the
internal network
Device needs to be identified Internal Activity 1
What device is it? who or what group it
belongs to?
Total Activity 672 Total instances to investigate
Consider an example where a device is infected with a Malware
9. 9
Seceon’s Approach to Cyber Security
Traditional Security Approach Seceon OTM Security Approach
Reactive Approach
Tools are highly specialized, but work in
Silos with no comprehensive visibility
High CapEx with 20+ Security Tools
High OpEx with 1M+ events/logs per day –
almost 80% require follow up
Investigation and Incident Response
90% take an hour or longer to identify
90% take a day or longer (many times
months) to respond
Challenges
Lack of Integration among Tools
Knowledge/Skill of investigation and
Response is costly
Proactive Approach
Moving from Point Tools to Complete
Predictive Analysis Solution
Comprehensive Visibility across all Asset
Groups – Devices, Applications, Network,
Employees, Customers etc.
Automated Detection and Remediation
Predictive Threat Detection using AI, ML
and Behavioral Threat Models
Automated Remediation within near Real
Time
Automated Correlation
Contextual based Single Line Alerts
Rapid Deployment with Automated DevOps
model and Open API
10. Seceon OTM Platform Overview
10
Adaptive Visualization
• Comprehensive view of all assets and threats
• Fully automated solution that is easiest to deploy
• Allows drill down of threats with all details
Detect Threats that Matter
• Detects known as well as unknown threats
• Provides comprehensive information of the threats
• Indicates all compromised assets and potential targets
Contain Threats in Real Time
• Immediate corrective action in real time
• Automatic notification through email/text if required
• Provides actionable analytics
11. Built-in Security
Threat Modeling
Parse
Dynamic
Reduction
Behavior Analysis
Threat Correlation
Threat Intelligence
UniversalCollectionBus
Unstructured
Data
Unstructured
Data
Store
Storage Engine
Search
Rapid Search
Agent
Analytics
Analytics Engine
Big Data Store &
Search
Real-time Threat
Detection
Real-time
Analytics
Predictive
Modeling
Outputs
Built-in Advanced
Correlation
Built-in ML
Engine
Built-in Data
Model Engine
Platform Security Engine
Structured
Data
Parse
Dynamic
Reduction
Parse
Dynamic
Reduction
Seceon’s Scalable – Fast Analytics Processing
Platform
Distributed Data Ingest (CCE) Fast Parallel Processing Architecture (APE)
Closed Loop Threat Containment
Threat
Containment
12. Use Case – Compromised Credentials
12
• Compromised Credentials Account for 75% of data theft
• Most traditional security solutions are blind to almost all forms of compromised credentials
• Seceon detects all forms of compromised credential use in real-time for external or insider source
verify
User “A”
Credentials
Directory
User: “A”
“Credentials – User A”
Host Name: “Bob’s PC”
No threat
No threat Threat Indicator
No threat
User: “A”
“Credentials – User A”
Host Name: “Joe’s PC”
DB
High Value
Assets
SIEM
Learn User behavior based on geolocation, computer
Used, time of logins, assets accessed, etc.. etc.
13. Use Case – Ransomware
13
• Criminal Malware like Ransomware made it to top cyber security concern in 2016
• Ransomware had millions of different strains and families affecting large enterprises, as well as SMBs
• Seceon detects all forms of Ransomware using layered approach of predictive analytics in real-time
User “A” receives Email and cl
icks on a innocuous link
Threat Indicator 1
No threat
Bad Reputation URL
Malware Downloaded
Command and Control
Network Scan for other v
ulnerable hosts
Threat Indicator 2
High Value
Assets
Infection Propagation
Threat Indicator 3
14. Stops threats – automatically
Disable compromised credentials
Set filters on firewalls and switches
Block, rate limit or redirect traffic
Detects a full range of threats
Compromised Credentials
Insider threats
Brute force attacks
DDoS attack (all forms)
Malware, BOTs, APTs Ransomware…
14
Seceon OTM Key Features
Policy monitoring and enforcement
Protect critical resources
Restricting access to only select groups
Alert and stop upon attempt
Visualizes impact of attacks
On applications, users
On the network
Provides traffic trend monitoring