SlideShare ist ein Scribd-Unternehmen logo

The Security Industry is Suffering from Fragmentation, What Can Your Organization Do About It?

Als PPTX, PDF herunterladen
ThreatConnect
ThreatConnect

This presentation discusses why and how security programs are dying. The fragmentation of people, processes, and technology. How to defrag people, processes, and technology. Then what your organization can do to resolve this.

Technologie
1 von 18
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Uniting Cybersecurity People, Processes, and Technologies Behind an Intelligence-Driven Defense FRAGMENTATION
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Besties with Fragmentation 2
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Oversight Committee 3 https://oversight.house.gov/hearing/federal-cybersecurity-detection-response-and-mitigation/
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Security == Emotion 4
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Detection Deficit The Gap isn’t Closing 5
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary A House Divided 6
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Where Incidents Happen 7
8All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership
9All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat
10All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat IOCs trigger alert in SIEM
11All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Triages event, determines incident IOCs trigger alert in SIEM
12All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Begins response w/affected system IOCs, TIPs to IR team to aid informed response Intel on exploit capability, vulnerability scan Notice of risk- relevant event w/basic intel report
13All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Notice of risk- relevant event w/basic intel report Kicks off risk assessment Risk communication to Sr. Mgmt
14All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Risk communication to Sr. Mgmt
15All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Address exposed vulnerabilities Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Immediate remedial actions to lower risk Corrective actions to treat risk Risk communication to Sr. Mgmt After action review read out to Sr. Mgmt Risk communication & sign-off After-actionreview Incidentand responsereport
16All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Address exposed vulnerabilities Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Immediate remedial actions to lower risk Corrective actions to treat risk Risk communication to Sr. Mgmt After action review read out to Sr. Mgmt Risk communication & sign-off After-actionreview Incidentand responsereport Fragmented Actions Fragmented Teams Fragmented Technologies
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Cohesive Intelligence-Driven Defense 17 ● Unite People & Teams ● Align Processes ● Interoperability between technologies
© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary THANK YOU www.ThreatConnect.com info@threatconnect.com @threatconnect

Empfohlen

Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your Hunts
Sqrrl
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
Gene Gotimer
 

Empfohlen

Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your Hunts
Sqrrl
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
Gene Gotimer
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
Splunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
Netskope
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
Sqrrl
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
Sqrrl
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Hunting
chrissanders88
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
Splunk
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
Splunk
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza Beghal
Null Singapore
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
Splunk
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
Brendon Macaraeg
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Sqrrl
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive ApproachArt into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
chrissanders88
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
Using Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden ThreatsUsing Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden Threats
Satnam Singh
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Multimedia content security in file based environments - sami guirguis
Multimedia content security in file based environments - sami guirguisMultimedia content security in file based environments - sami guirguis
Multimedia content security in file based environments - sami guirguis
samis
 

Weitere ähnliche Inhalte

Was ist angesagt?

Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
Brendon Macaraeg
 

Was ist angesagt? (20)

Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Hunting
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Become a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza BeghalBecome a Threat Hunter by Hamza Beghal
Become a Threat Hunter by Hamza Beghal
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive ApproachArt into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Using Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden ThreatsUsing Deception to Detect and Profile Hidden Threats
Using Deception to Detect and Profile Hidden Threats
 

Ähnlich wie The Security Industry is Suffering from Fragmentation, What Can Your Organization Do About It?

Investigating A Potential Data Breach On Corporation Techs
Investigating A Potential Data Breach On Corporation TechsInvestigating A Potential Data Breach On Corporation Techs
Investigating A Potential Data Breach On Corporation Techs
Kristen Stacey
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
mccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
sleeperharwell
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
 

Ähnlich wie The Security Industry is Suffering from Fragmentation, What Can Your Organization Do About It? (20)

Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Multimedia content security in file based environments - sami guirguis
Multimedia content security in file based environments - sami guirguisMultimedia content security in file based environments - sami guirguis
Multimedia content security in file based environments - sami guirguis
 
Splunk for security
Splunk for securitySplunk for security
Splunk for security
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Investigating A Potential Data Breach On Corporation Techs
Investigating A Potential Data Breach On Corporation TechsInvestigating A Potential Data Breach On Corporation Techs
Investigating A Potential Data Breach On Corporation Techs
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk Programs
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security Posture
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Evidence Collection Process
Evidence Collection ProcessEvidence Collection Process
Evidence Collection Process
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 

Mehr von ThreatConnect

Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017
ThreatConnect
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
ThreatConnect
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
ThreatConnect
 

Mehr von ThreatConnect (9)

Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Threat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a DestinationThreat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a Destination
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
 

Kürzlich hochgeladen

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Kürzlich hochgeladen (20)

How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 

The Security Industry is Suffering from Fragmentation, What Can Your Organization Do About It?

  • 1. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Uniting Cybersecurity People, Processes, and Technologies Behind an Intelligence-Driven Defense FRAGMENTATION
  • 2. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Besties with Fragmentation 2
  • 3. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Oversight Committee 3 https://oversight.house.gov/hearing/federal-cybersecurity-detection-response-and-mitigation/
  • 4. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Security == Emotion 4
  • 5. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Detection Deficit The Gap isn’t Closing 5
  • 6. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary A House Divided 6
  • 7. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Where Incidents Happen 7
  • 8. 8All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership
  • 9. 9All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat
  • 10. 10All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat IOCs trigger alert in SIEM
  • 11. 11All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Triages event, determines incident IOCs trigger alert in SIEM
  • 12. 12All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Begins response w/affected system IOCs, TIPs to IR team to aid informed response Intel on exploit capability, vulnerability scan Notice of risk- relevant event w/basic intel report
  • 13. 13All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Notice of risk- relevant event w/basic intel report Kicks off risk assessment Risk communication to Sr. Mgmt
  • 14. 14All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Risk communication to Sr. Mgmt
  • 15. 15All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Address exposed vulnerabilities Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Immediate remedial actions to lower risk Corrective actions to treat risk Risk communication to Sr. Mgmt After action review read out to Sr. Mgmt Risk communication & sign-off After-actionreview Incidentand responsereport
  • 16. 16All material confidential and proprietary INTELSOCIRVuln Mgmt Risk Mgmt Ldership Receives intel on new threat RFI+ research yields more context Pivot on new info Complete intel report IOCs trigger alert in SIEM Triages event, determines incident Expanded indicator set detects additional affected assets Expanded IOCs, content for monitoring Retroactive search/sweeps aka “hunting” Begins response w/affected system IOCs, TIPs to IR team to aid informed response Investigation artifacts sent to intel Expanded IOCs, context Investigation determines containment, recovery begins Intel on exploit capability, vulnerability scan Search for other exploitable assets Additional exploit target intel Determines potential scope Address exposed vulnerabilities Notice of risk- relevant event w/basic intel report Kicks off risk assessment Decision to involve legal, 3rd parties, etc. Immediate remedial actions to lower risk Corrective actions to treat risk Risk communication to Sr. Mgmt After action review read out to Sr. Mgmt Risk communication & sign-off After-actionreview Incidentand responsereport Fragmented Actions Fragmented Teams Fragmented Technologies
  • 17. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary Cohesive Intelligence-Driven Defense 17 ● Unite People & Teams ● Align Processes ● Interoperability between technologies
  • 18. © 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary THANK YOU www.ThreatConnect.com info@threatconnect.com @threatconnect