SlideShare ist ein Scribd-Unternehmen logo

CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th

United Technology Group (UTG)
United Technology Group (UTG)

This document provides an agenda and overview for a presentation on cybersecurity game planning for success using Cisco Advanced Malware Protection (AMP). The presentation discusses the industrialization of hacking and growing threats, limitations of traditional point-in-time security solutions, and how AMP provides both point-in-time and retrospective protection across networks, endpoints, email, and web using continuous analysis in the cloud. The presentation demonstrates AMP's threat intelligence capabilities and integration across the Cisco security portfolio.

Technologie
1 von 62
Downloaden Sie, um offline zu lesen
www.utgsolutions.com @utgsolutions 205.413.4274 B u s i n e s s • Dr i ve n • Te c h n o l o g y
Agenda •Intro •Game Planning for Success UTG -Derrick Helms, CISSP •Cisco AMP Cisco – Chris Robb •Q&A •Drawing for ASA 5506-X and 2 $100 Visa Cards!
CyberSecurity - Game Planning for Success Derrick Helms, CISSP
Headlines
There is a multi-billion dollar global industry targeting your prized assets $450 Billion to $1 Trillion Social Security $1 Mobile Malware $150 $Bank Account Info >$1000 depending on account type and balance Facebook Accounts $1 for an account with 15 friends Credit Card Data $0.25-$60 Malware Development $2500 (commercial malware) DDoS DDoS as A Service ~$7/hour Spam $50/500K emails Medical Records >$50 Exploits $1000- $300K Industrialization of Hacking
Cisco Advanced Malware Protection Chris Robb - Cisco
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Spyware & Rootkits 2010 Viruses 2000 Worms 2005 APTs Cyberware Today + Anti-virus (Host) IDS/IPS (Network) Anti-malware (Host+Network) Intelligence and Analytics (Host+Network+Cloud) Enterprise Response The World Has Changed: The Industrialization of Hacking
In the news…what do these all have in common? Home Depot Over 50 UPS Franchises hit by data breach 4.5M Records stolen from US Health Giant Goodwill Russian Hackers steal 4.5B records Meet Me Social Network User’s Passwords Stolen Insider breach at Las Vegas Brain and Spine Surgery Center Florida bank notifies roughly 72,000 customers of breech Los Angeles based health system breached Payment cards used on Wireless Emporium website compromised Albertson’s stores CC data hacked $100,000 bitcoin loss due to hack Microsoft’s Twitter Account Hacked Sony’s Twitter Account Hacked Russian PM’s Twitter hacked – “I resign” NRC Computers hacked 3 times Ferguson police offices computers hacked Norwegian oil industry under attack Saudi TV website hacked by Libyan Sony suffer DOS attack Dairy Queen hacked JP Morgan
What Can We Learn From Sony 12/04/2014: What has happened at Sony Pictures Entertainment over the past week reads like a blockbuster screenplay—or a chief executive’s nightmare: Hackers target a major company, disabling its internal systems and leaking documents revealing long-held secrets, from coming products to executive pay. 12/05/2014: The Sony data breach continues to get worse. First, it was exposed budgets, layoffs and 3,800 SSNs, then it was passwords. Now, it's way more social security numbers—including Sly Stallone's. The Wall Street Journal reports that analysis of the documents leaked so far included the Social Security numbers of 47,000 current and former Sony Pictures workers. That included Sylvester Stallone, Rebel Wilson, and Anchorman director, Judd Apatow. The Journal reports that the SSNs are found alongside salary information, home addresses, and contract details.
What Can We Learn From Traditional Point in Time Solutions
We Tested all of These Solutions “Captive portal” “It matches the pattern” “No false positives, no false negatives” Application Control FW/VPN IDS/IPS UTM NAC A V PKI “Block or Allow” “Fix the Firewall” “No key, no access” Sandboxing “Detect the Unknown” Threat Analytics “Outside looking in” The Best Point in Time Protection Protects you 90 + % of the time
Even Sandboxing Has Holes Antivirus Sandboxing Initial Disposition = Clean Actual Disposition = Bad Too Late!! Not 100% Analysis Stops EventHorizon Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to scope of compromise
Recap of Issues that need to be fixed by security providers • Targeted attacks / advanced persistent threats are hard to detect • Malware’s has an ecosystem of components and it’s important to understand what that ecosystem is and which part of any solution addresses those ecosystem components. • Malware’s intensions are nefarious in nature, but the components are built just like standard software so it can easily hide in your environment • Don’t get caught up in the catch rate game because no security solution protects you 100%. what about the files they missed? The industry average to find a file that got by your defenses is 200 days . • Do traditional point in time solutions like Email ,Content ,Next Gen Firewall, IPS, AV and Sandbox solution give you the visibility you need? Be honest with yourself do they allow you to proactively reduce your attack surface • Regardless of your security solutions always back up your data because no one is 100% !!!!!!!
AMP goes beyond point-in-time detection BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Email & Web ContinuousPoint-in-time Attack Continuum Cloud
Continuous Protection when advanced malware evades point-in-time detection Antivirus Sandboxing Initial Disposition = Clean Point-in-time Detection Initial Disposition = Clean AMP Actual Disposition = Bad = Too Late!! Not 100% Analysis Stops Sleep Techniques Unknown Protocols Encryption Polymorphism Retrospective Detection, Analysis Continues
AMP Everywhere Strategy AMP CONTINUOUSLY RECORD ACTIVITY REGARDLESS OF DISPOSITION
Data we are sending to AMP Cloud AMP CLOUD RECORDING PRIVATE CLOUD
AMP for Endpoint: Device Trajectory / Incident Analysis
AMP for Endpoint: Vulnerability Detection
Low Prevalence
Speed Matters: Time to Detection (TTD) The current industry TTD rate of 100 to 200 days is not acceptable. 17.5200 VS HOURSDAYS Industry Cisco Cisco 2015 Midyear Security Report • Speed of Innovation > ~40% Efficacy • Point products >> weak defenses • Integrated Threat Defense is needed Cisco Minimizes the Time to Detect Breaches
Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600 engineers, technicians, and researchers 35% worldwide email traffic 13 billion web requests 24x7x365 operations 4.3 billion web blocks per day 40+ languages 1.1 million incoming malware samples per day AMP Community Private/Public Threat Feeds Talos Security Intelligence AMP Threat Grid Intelligence AMP Threat Grid Dynamic Analysis 10 million files/month Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities AEGIS Program Email Endpoints Web Networks IPS Devices WWW Automatic updates in real time 101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100 1001 1101 1110011 0110011 101000 0110 00 Cisco® Collective Security Intelligence Cisco Collective Security Intelligence Cloud AMP Advanced Malware Protection 3.5 BILLION SEARCHES TODAY 19.6 BILLION THREATS BLOCKED TODAY
AMP Offers Point-in-Time and Retrospective Protection Point-in-Time Protection File Reputation & Sandboxing Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature
How Cisco Made a Better Sandbox Allow you to Interact with Malware with Glove Box Outside Looking In approach no Hooks Prioritize threats Context-driven Malware Analytics
SAMPLE Glove Box ThreatGrid Video
Sample ThreatGrid Report
THREAT INTELLIGENCE Visibility, Analytics, People. Private WAN FW FW Secure Web IPS ISE AMP AMP AMP AMPVP N ISE Endpoints Data Centers Offices/Plants Secure Email IPS Internet AMP Cisco’s Threat Defense Strategy 77% email phishing malicious web-download 19% 0.3% Network attack 4% Direct Install 99.2% Block Rate (#1) 17 Hour Detection Time (#1) FW
Sample AMP for Endpoints Reports
Introducing Threat Grid Everywhere Suspicious file Analysis report Edge Endpoints Firewalls & UTM Email Security Security Analytics Web Security Endpoint Security Network Security 3rd Party Integration S E C U R I T Y Security monitoring platforms Deep Packet Inspection Gov, Risk, Compliance SIEM Dynamic Analysis Static Analysis Threat Intelligence AMP Threat Grid Cisco Security Solutions Network Security Solutions Suspicious file Premium content feeds Security Teams
Automatically submit suspicious files Automated analysis, from edge to endpoint Submission Analyst or system (API) submits suspicious sample to Threat Grid. Suspicious file Edge Endpoints ASA w/FPS ESA Next Gen IPS WSA AMP for Endpoints AMP for Networks
Easily integrate with partner solutions Security Analytics NessusXPSEnCaseEnterprise 360 API Our robust REST API streamlines partner integration
AMP Threat Grid: Key Differentiators Data Fidelity & Performance Scalability & Flexibility Usability Context & Data Enrichment Integration & Architecture • Proprietary analysis delivers unparalleled insight into malicious activity • High-speed, automated analysis and adjustable runtimes • Does not expose any tags or indicators that malware can use to detect that it is being observed • 100,000s of samples analyzed daily (6-10 million per month) • SaaS delivery (no hardware) or Appliance (as needed) • Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context) • Enable the analyst to better understand the relevancy of sample in question to one’s environment • Clearly presented information for all levels of the IT Security team: - Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts • Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more • Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment) • Create custom threat intelligence feeds with context or leverage automated batch feeds
AMP for Networks AMP Appliance NextGen Firewall ,IPS , URL & AMP The AMP appliance was designed to run all fire power features Nextgen Firewall IPS , URL and Advanced Malware Protection (AMP). The AMP Appliance was built on the FP platform and has had its CPU and memory optimized to run all the security features and maintain performance throughput numbers per the AMP for Networks datasheet. The AMP Appliance also includes a Hardware Storage pack / SSD drive to store files for later analysis must have this for AMP capabilities . Fire Power Appliance NextGEN firewall IPS &URL The Fire Power appliance was designed to run the fire power features Nextgen Firewall IPS & URL filtering If you want to turn on Advanced Malware Protection (AMP) capabilities at a later date you can but you will need to buy and install the hardware Storage pack / SSD drive and the AMP software. Keep in mind when you turn on the AMP features you will see a performance hit so you will need to make sure the FP appliance is sized correctly for the customers environment If a customer wants AMP always try go with the AMP appliance with new purchases ASA X-series with SSD / SW blade Firewall with VPN ,Nextgen Firewall IPS, URL & AMP The ASA X-series with SSD / SW blade was designed to run all fire power features Nextgen Firewall IPS URL and Advanced Malware Protection ( AMP ) you can also run traditional firewall and VPN capabilities Keep in mind when you turn on the more advanced fire power features you will see a performance hit so you will need to size this appliance correctly for the customers environment
Retrospection in Action Correlation with AMP for endpoints would show file was cleaned / Quarantined
How Cisco AMP Works: Network File Trajectory Use Case
An unknown file is present on IP: 10.4.10.183, having been downloaded from Firefox
At 10:57, the unknown file is from IP 10.4.10.183 to IP: 10.5.11.8
Seven hours later the file is then transferred to a third device (10.3.4.51) using an SMB application
The file is copied yet again onto a fourth device (10.5.60.66) through the same SMB application a half hour later
The Cisco® Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.
At the same time, a device with the AMP for Endpoints connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware
Eight hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.
© 2014 Cisco and/or its affiliates. All rights reserved. 53 AMP Threat Intelligence Cloud Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for datacenters AMP on Web & Email Security AppliancesAMP on Cisco® ASA Firewall with Firepower Services AMP Private Cloud Virtual Appliance AMP on Firepower NGIPS Appliance (AMP for Networks) AMP on Cloud Web Security & Hosted Email CWS/CTA Threat Grid Malware Analysis + Threat Intelligence Engine AMP on ISR with Firepower Services TheAMP Everywhere Architecture AMPProtectionacrosstheExtendedNetwork foranIntegratedThreatDefense AMP for Endpoints AMP for Endpoints remote endpoints AMP for Endpoints can be launched from AnyConnect
© 2014 Cisco and/or its affiliates. All rights reserved. 54 Identify Solution Options Customer Need Feature WSA, ESA, CWS Network Endpoint I want to be able to define policies for malware… File Reputation ✔ ✔ ✔ I want to be able to isolate suspected malware for threat analysis… Sandboxing ✔ ✔ ✔ I want to be able to backtrack if malware makes it into my system… Retrospective Security ✔ ✔ ✔ I need to identify compromised devices on my network… Indications of Compromise ✔ ✔ I want to track how a file has been behaving… File Analysis ✔ ✔ I want to track how threats traverse the network… File Trajectory ✔ ✔ I want to see system activities, relationships and events … Device Trajectory ✔ I want to search large sets of data for compromises… Elastic Search ✔ I want to be able to stop the spread of malware with custom tools… Outbreak Control ✔
© 2014 Cisco and/or its affiliates. All rights reserved. 55 Understanding The Different Platforms • Detect and block malware attempting to enter through email or web gateways • Receive extensive reporting, URL/Message tracking and remediation prioritization • Add-on to an existing appliance or in the cloud AMP for Content • Detect and block malware attempting to enter the network • Detect breaches using multi-source indications of compromise • Contain malware and its communications AMP for Networks • Detect breaches by analyzing indications of compromise • Uncover an infection, trace its path, analyze its behavior • Remediate the threat quickly and eliminate the risk of reinfection AMP for Endpoints
Cisco Confidential 56C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco AMP is the Leader in Security Effectiveness Cisco AMP offers superior security effectiveness, excellent performance, and provides security across more attack vectors than any other vendor • 99.2% Security Effectiveness rating in BDS testing, the highest of all vendors tested. • Only vendor to block 100% of evasion techniques during testing. • Excellent performance with minimal impact on network, endpoint, or application latency.
Cisco Confidential 57C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved. “So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.” “Cisco is disrupting the advanced threat defense industry.” “… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.” “Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.” 2014 Vendor Rating for Security: Positive RecognitionMarket “The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Cisco AMP for Network Options Helping you choose the correct appliance for your environment For more info Click the following Link
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Cisco AMP for Networks Dedicated Appliances The AMP appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection) AMP Appliance + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/amp-appliances/datasheet-c78- 733182.html For more info Click the following Link
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 Cisco FP/ FirePower Dedicated Appliances The FP Appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, and Sourcefire IPS ***If you want to run AMP (Advanced Malware Protection) on a New purchase you should always position the AMP Appliance *** AMP Appliance + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series- appliances/datasheet-c78-732955.pdf For more info Click the following Link
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 Cisco ASA Appliances ASA Cisco has added the capability to run Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection) make sure you have the bandwidth conversation with your customers and what they can expect with full functionality turned on ASA + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html
Q & A Derrick Helms – UTG dhelms@utgsolutions.com Chris Robb – Cisco chrrobb@cisco.com

Empfohlen

10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShieldCandan BOLUKBAS
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochureCandan BOLUKBAS
 

Empfohlen

10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
WhyNormShield
WhyNormShieldWhyNormShield
WhyNormShieldCandan BOLUKBAS
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochureCandan BOLUKBAS
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Webinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everWebinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everSophia Price
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurityAlexander Deucalion
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
IRP on a Budget
IRP on a BudgetIRP on a Budget
IRP on a BudgetSean D. Goodwin
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Webinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everWebinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everSophia Price
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 

Was ist angesagt? (20)

Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Webinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day everWebinar notes: Welcome to your worst day ever
Webinar notes: Welcome to your worst day ever
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for Cybersecurity
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
Three trends in cybersecurity
Three trends in cybersecurityThree trends in cybersecurity
Three trends in cybersecurity
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
 
IRP on a Budget
IRP on a BudgetIRP on a Budget
IRP on a Budget
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 

Ähnlich wie CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th

Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionSohanGole1
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
The Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesThe Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesKaseya
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?S&T Consulting Hungary
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 

Ähnlich wie CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th (20)

Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
AMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection PresentatiionAMP_Security_ Malware Protection Presentatiion
AMP_Security_ Malware Protection Presentatiion
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
The Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesThe Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security Breaches
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 

Mehr von United Technology Group (UTG)

Windows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessWindows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessUnited Technology Group (UTG)
 
Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits United Technology Group (UTG)
 

Mehr von United Technology Group (UTG) (7)

Windows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessWindows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern Business
 
12 questions to ask a prospective MSP
12 questions to ask a prospective MSP12 questions to ask a prospective MSP
12 questions to ask a prospective MSP
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
9 Things A Cloud Provider Should Offer
9 Things A Cloud Provider Should Offer9 Things A Cloud Provider Should Offer
9 Things A Cloud Provider Should Offer
 
2015 Microsoft Office 365: Beyond Email
2015 Microsoft Office 365: Beyond Email2015 Microsoft Office 365: Beyond Email
2015 Microsoft Office 365: Beyond Email
 
Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits Five Best Practices for Maximizing Mobility Benefits
Five Best Practices for Maximizing Mobility Benefits
 
Making Sense of the Cloud w/ Office 365
Making Sense of the Cloud w/ Office 365Making Sense of the Cloud w/ Office 365
Making Sense of the Cloud w/ Office 365
 

Kürzlich hochgeladen

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th

  • 1. www.utgsolutions.com @utgsolutions 205.413.4274 B u s i n e s s • Dr i ve n • Te c h n o l o g y
  • 2. Agenda •Intro •Game Planning for Success UTG -Derrick Helms, CISSP •Cisco AMP Cisco – Chris Robb •Q&A •Drawing for ASA 5506-X and 2 $100 Visa Cards!
  • 3. CyberSecurity - Game Planning for Success Derrick Helms, CISSP
  • 5. There is a multi-billion dollar global industry targeting your prized assets $450 Billion to $1 Trillion Social Security $1 Mobile Malware $150 $Bank Account Info >$1000 depending on account type and balance Facebook Accounts $1 for an account with 15 friends Credit Card Data $0.25-$60 Malware Development $2500 (commercial malware) DDoS DDoS as A Service ~$7/hour Spam $50/500K emails Medical Records >$50 Exploits $1000- $300K Industrialization of Hacking
  • 7.
  • 8. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Spyware & Rootkits 2010 Viruses 2000 Worms 2005 APTs Cyberware Today + Anti-virus (Host) IDS/IPS (Network) Anti-malware (Host+Network) Intelligence and Analytics (Host+Network+Cloud) Enterprise Response The World Has Changed: The Industrialization of Hacking
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. In the news…what do these all have in common? Home Depot Over 50 UPS Franchises hit by data breach 4.5M Records stolen from US Health Giant Goodwill Russian Hackers steal 4.5B records Meet Me Social Network User’s Passwords Stolen Insider breach at Las Vegas Brain and Spine Surgery Center Florida bank notifies roughly 72,000 customers of breech Los Angeles based health system breached Payment cards used on Wireless Emporium website compromised Albertson’s stores CC data hacked $100,000 bitcoin loss due to hack Microsoft’s Twitter Account Hacked Sony’s Twitter Account Hacked Russian PM’s Twitter hacked – “I resign” NRC Computers hacked 3 times Ferguson police offices computers hacked Norwegian oil industry under attack Saudi TV website hacked by Libyan Sony suffer DOS attack Dairy Queen hacked JP Morgan
  • 14. What Can We Learn From Sony 12/04/2014: What has happened at Sony Pictures Entertainment over the past week reads like a blockbuster screenplay—or a chief executive’s nightmare: Hackers target a major company, disabling its internal systems and leaking documents revealing long-held secrets, from coming products to executive pay. 12/05/2014: The Sony data breach continues to get worse. First, it was exposed budgets, layoffs and 3,800 SSNs, then it was passwords. Now, it's way more social security numbers—including Sly Stallone's. The Wall Street Journal reports that analysis of the documents leaked so far included the Social Security numbers of 47,000 current and former Sony Pictures workers. That included Sylvester Stallone, Rebel Wilson, and Anchorman director, Judd Apatow. The Journal reports that the SSNs are found alongside salary information, home addresses, and contract details.
  • 15. What Can We Learn From Traditional Point in Time Solutions
  • 16. We Tested all of These Solutions “Captive portal” “It matches the pattern” “No false positives, no false negatives” Application Control FW/VPN IDS/IPS UTM NAC A V PKI “Block or Allow” “Fix the Firewall” “No key, no access” Sandboxing “Detect the Unknown” Threat Analytics “Outside looking in” The Best Point in Time Protection Protects you 90 + % of the time
  • 17. Even Sandboxing Has Holes Antivirus Sandboxing Initial Disposition = Clean Actual Disposition = Bad Too Late!! Not 100% Analysis Stops EventHorizon Sleep Techniques Unknown Protocols Encryption Polymorphism Blind to scope of compromise
  • 18. Recap of Issues that need to be fixed by security providers • Targeted attacks / advanced persistent threats are hard to detect • Malware’s has an ecosystem of components and it’s important to understand what that ecosystem is and which part of any solution addresses those ecosystem components. • Malware’s intensions are nefarious in nature, but the components are built just like standard software so it can easily hide in your environment • Don’t get caught up in the catch rate game because no security solution protects you 100%. what about the files they missed? The industry average to find a file that got by your defenses is 200 days . • Do traditional point in time solutions like Email ,Content ,Next Gen Firewall, IPS, AV and Sandbox solution give you the visibility you need? Be honest with yourself do they allow you to proactively reduce your attack surface • Regardless of your security solutions always back up your data because no one is 100% !!!!!!!
  • 19. AMP goes beyond point-in-time detection BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Email & Web ContinuousPoint-in-time Attack Continuum Cloud
  • 20. Continuous Protection when advanced malware evades point-in-time detection Antivirus Sandboxing Initial Disposition = Clean Point-in-time Detection Initial Disposition = Clean AMP Actual Disposition = Bad = Too Late!! Not 100% Analysis Stops Sleep Techniques Unknown Protocols Encryption Polymorphism Retrospective Detection, Analysis Continues
  • 21. AMP Everywhere Strategy AMP CONTINUOUSLY RECORD ACTIVITY REGARDLESS OF DISPOSITION
  • 22. Data we are sending to AMP Cloud AMP CLOUD RECORDING PRIVATE CLOUD
  • 23. AMP for Endpoint: Device Trajectory / Incident Analysis
  • 24. AMP for Endpoint: Vulnerability Detection
  • 25.
  • 26.
  • 28. Speed Matters: Time to Detection (TTD) The current industry TTD rate of 100 to 200 days is not acceptable. 17.5200 VS HOURSDAYS Industry Cisco Cisco 2015 Midyear Security Report • Speed of Innovation > ~40% Efficacy • Point products >> weak defenses • Integrated Threat Defense is needed Cisco Minimizes the Time to Detect Breaches
  • 29. Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence 1.6 million global sensors 100 TB of data received per day 150 million+ deployed endpoints 600 engineers, technicians, and researchers 35% worldwide email traffic 13 billion web requests 24x7x365 operations 4.3 billion web blocks per day 40+ languages 1.1 million incoming malware samples per day AMP Community Private/Public Threat Feeds Talos Security Intelligence AMP Threat Grid Intelligence AMP Threat Grid Dynamic Analysis 10 million files/month Advanced Microsoft and Industry Disclosures Snort and ClamAV Open Source Communities AEGIS Program Email Endpoints Web Networks IPS Devices WWW Automatic updates in real time 101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100 1001 1101 1110011 0110011 101000 0110 00 Cisco® Collective Security Intelligence Cisco Collective Security Intelligence Cloud AMP Advanced Malware Protection 3.5 BILLION SEARCHES TODAY 19.6 BILLION THREATS BLOCKED TODAY
  • 30. AMP Offers Point-in-Time and Retrospective Protection Point-in-Time Protection File Reputation & Sandboxing Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature
  • 31. How Cisco Made a Better Sandbox Allow you to Interact with Malware with Glove Box Outside Looking In approach no Hooks Prioritize threats Context-driven Malware Analytics
  • 32. SAMPLE Glove Box ThreatGrid Video
  • 34. THREAT INTELLIGENCE Visibility, Analytics, People. Private WAN FW FW Secure Web IPS ISE AMP AMP AMP AMPVP N ISE Endpoints Data Centers Offices/Plants Secure Email IPS Internet AMP Cisco’s Threat Defense Strategy 77% email phishing malicious web-download 19% 0.3% Network attack 4% Direct Install 99.2% Block Rate (#1) 17 Hour Detection Time (#1) FW
  • 35. Sample AMP for Endpoints Reports
  • 36. Introducing Threat Grid Everywhere Suspicious file Analysis report Edge Endpoints Firewalls & UTM Email Security Security Analytics Web Security Endpoint Security Network Security 3rd Party Integration S E C U R I T Y Security monitoring platforms Deep Packet Inspection Gov, Risk, Compliance SIEM Dynamic Analysis Static Analysis Threat Intelligence AMP Threat Grid Cisco Security Solutions Network Security Solutions Suspicious file Premium content feeds Security Teams
  • 37. Automatically submit suspicious files Automated analysis, from edge to endpoint Submission Analyst or system (API) submits suspicious sample to Threat Grid. Suspicious file Edge Endpoints ASA w/FPS ESA Next Gen IPS WSA AMP for Endpoints AMP for Networks
  • 38. Easily integrate with partner solutions Security Analytics NessusXPSEnCaseEnterprise 360 API Our robust REST API streamlines partner integration
  • 39.
  • 40. AMP Threat Grid: Key Differentiators Data Fidelity & Performance Scalability & Flexibility Usability Context & Data Enrichment Integration & Architecture • Proprietary analysis delivers unparalleled insight into malicious activity • High-speed, automated analysis and adjustable runtimes • Does not expose any tags or indicators that malware can use to detect that it is being observed • 100,000s of samples analyzed daily (6-10 million per month) • SaaS delivery (no hardware) or Appliance (as needed) • Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context) • Enable the analyst to better understand the relevancy of sample in question to one’s environment • Clearly presented information for all levels of the IT Security team: - Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts • Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more • Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment) • Create custom threat intelligence feeds with context or leverage automated batch feeds
  • 41. AMP for Networks AMP Appliance NextGen Firewall ,IPS , URL & AMP The AMP appliance was designed to run all fire power features Nextgen Firewall IPS , URL and Advanced Malware Protection (AMP). The AMP Appliance was built on the FP platform and has had its CPU and memory optimized to run all the security features and maintain performance throughput numbers per the AMP for Networks datasheet. The AMP Appliance also includes a Hardware Storage pack / SSD drive to store files for later analysis must have this for AMP capabilities . Fire Power Appliance NextGEN firewall IPS &URL The Fire Power appliance was designed to run the fire power features Nextgen Firewall IPS & URL filtering If you want to turn on Advanced Malware Protection (AMP) capabilities at a later date you can but you will need to buy and install the hardware Storage pack / SSD drive and the AMP software. Keep in mind when you turn on the AMP features you will see a performance hit so you will need to make sure the FP appliance is sized correctly for the customers environment If a customer wants AMP always try go with the AMP appliance with new purchases ASA X-series with SSD / SW blade Firewall with VPN ,Nextgen Firewall IPS, URL & AMP The ASA X-series with SSD / SW blade was designed to run all fire power features Nextgen Firewall IPS URL and Advanced Malware Protection ( AMP ) you can also run traditional firewall and VPN capabilities Keep in mind when you turn on the more advanced fire power features you will see a performance hit so you will need to size this appliance correctly for the customers environment
  • 42. Retrospection in Action Correlation with AMP for endpoints would show file was cleaned / Quarantined
  • 43. How Cisco AMP Works: Network File Trajectory Use Case
  • 44.
  • 45. An unknown file is present on IP: 10.4.10.183, having been downloaded from Firefox
  • 46. At 10:57, the unknown file is from IP 10.4.10.183 to IP: 10.5.11.8
  • 47. Seven hours later the file is then transferred to a third device (10.3.4.51) using an SMB application
  • 48. The file is copied yet again onto a fourth device (10.5.60.66) through the same SMB application a half hour later
  • 49. The Cisco® Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.
  • 50. At the same time, a device with the AMP for Endpoints connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware
  • 51. Eight hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.
  • 52. © 2014 Cisco and/or its affiliates. All rights reserved. 53 AMP Threat Intelligence Cloud Windows OS Android Mobile Virtual MAC OS CentOS, Red Hat Linux for datacenters AMP on Web & Email Security AppliancesAMP on Cisco® ASA Firewall with Firepower Services AMP Private Cloud Virtual Appliance AMP on Firepower NGIPS Appliance (AMP for Networks) AMP on Cloud Web Security & Hosted Email CWS/CTA Threat Grid Malware Analysis + Threat Intelligence Engine AMP on ISR with Firepower Services TheAMP Everywhere Architecture AMPProtectionacrosstheExtendedNetwork foranIntegratedThreatDefense AMP for Endpoints AMP for Endpoints remote endpoints AMP for Endpoints can be launched from AnyConnect
  • 53. © 2014 Cisco and/or its affiliates. All rights reserved. 54 Identify Solution Options Customer Need Feature WSA, ESA, CWS Network Endpoint I want to be able to define policies for malware… File Reputation ✔ ✔ ✔ I want to be able to isolate suspected malware for threat analysis… Sandboxing ✔ ✔ ✔ I want to be able to backtrack if malware makes it into my system… Retrospective Security ✔ ✔ ✔ I need to identify compromised devices on my network… Indications of Compromise ✔ ✔ I want to track how a file has been behaving… File Analysis ✔ ✔ I want to track how threats traverse the network… File Trajectory ✔ ✔ I want to see system activities, relationships and events … Device Trajectory ✔ I want to search large sets of data for compromises… Elastic Search ✔ I want to be able to stop the spread of malware with custom tools… Outbreak Control ✔
  • 54. © 2014 Cisco and/or its affiliates. All rights reserved. 55 Understanding The Different Platforms • Detect and block malware attempting to enter through email or web gateways • Receive extensive reporting, URL/Message tracking and remediation prioritization • Add-on to an existing appliance or in the cloud AMP for Content • Detect and block malware attempting to enter the network • Detect breaches using multi-source indications of compromise • Contain malware and its communications AMP for Networks • Detect breaches by analyzing indications of compromise • Uncover an infection, trace its path, analyze its behavior • Remediate the threat quickly and eliminate the risk of reinfection AMP for Endpoints
  • 55. Cisco Confidential 56C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco AMP is the Leader in Security Effectiveness Cisco AMP offers superior security effectiveness, excellent performance, and provides security across more attack vectors than any other vendor • 99.2% Security Effectiveness rating in BDS testing, the highest of all vendors tested. • Only vendor to block 100% of evasion techniques during testing. • Excellent performance with minimal impact on network, endpoint, or application latency.
  • 56. Cisco Confidential 57C97-732872-00 © 2014 Cisco and/or its affiliates. All rights reserved. “So do any network security vendors understand data center and what’s needed to accommodate network security? Cisco certainly does.” “Cisco is disrupting the advanced threat defense industry.” “… AMP will be one of the most beneficial aspects of the [Sourcefire] acquisition.” “Based on our (Breach Detection Systems) reports, Advanced Malware Protection from Cisco should be on everyone’s short list.” 2014 Vendor Rating for Security: Positive RecognitionMarket “The AMP products will provide deeper capability to Cisco's role in providing secure services for the Internet of Everything (IoE).”
  • 57. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Cisco AMP for Network Options Helping you choose the correct appliance for your environment For more info Click the following Link
  • 58. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Cisco AMP for Networks Dedicated Appliances The AMP appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection) AMP Appliance + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/amp-appliances/datasheet-c78- 733182.html For more info Click the following Link
  • 59. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60 Cisco FP/ FirePower Dedicated Appliances The FP Appliance was purpose built to run to run the following software on one appliance . Nextgen Firewall, and Sourcefire IPS ***If you want to run AMP (Advanced Malware Protection) on a New purchase you should always position the AMP Appliance *** AMP Appliance + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/firepower-8000-series- appliances/datasheet-c78-732955.pdf For more info Click the following Link
  • 60. © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61 Cisco ASA Appliances ASA Cisco has added the capability to run Nextgen Firewall, Sourcefire IPS and AMP ( advanced malware protection) make sure you have the bandwidth conversation with your customers and what they can expect with full functionality turned on ASA + AMP Subscription Bundles http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html
  • 61.
  • 62. Q & A Derrick Helms – UTG dhelms@utgsolutions.com Chris Robb – Cisco chrrobb@cisco.com