SlideShare une entreprise Scribd logo

MT 117 Key Innovations in Cybersecurity

Dell EMC World
Dell EMC World

Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.

1  sur  36
Key Innovations in Cybersecurity THE SHIFT TO DETECTION AND RESPONSE SESSION MT117 BEN SMITH CISSP CRISC @BEN_SMITH
Dell - Internal Use - Confidential Who here is an IT security professional?
Dell - Internal Use - Confidential What you will NOT hear from me today… • “It’s not about if you get breached; it's when you get breached.” • “Even large enterprises that have millions of dollars to spend on security got breached, so everyone is at risk.” • “The breaches we have seen so far are just the beginning – bigger breaches are coming.” • “Legacy security technologies are of limited value in the face of advanced persistent threats.” • “Security incidents can put you out of business.” Gartner, “The Future of Security Sales Revolves Around Digital Risk” (May 2015) [G00278090]
Dell - Internal Use - Confidential Material gaps in detecting, investigating cyber-attacks 24% Organizations satisfied with their current ability to detectand investigate Organizations unable to investigate attacks very quickly using their current data & toolsets 92% Organizations unable to detectattacks very quickly using their current data and toolsets 89% RSA, “Threat Detection Effectiveness Survey” (2016) https://www.rsa.com/en-us/perspectives/resources/threat-detecti on-effectiveness
Dell - Internal Use - Confidential Material gaps in detecting, investigating cyber-attacks < 5% Organizations who know their split of investment between prevention and detection/response Cybersecuritybudgetallocation for rapid detectionand response approaches [2015] 60% Cybersecuritybudgetallocation for rapid detectionand response approaches[2020 prediction] < 20% Gartner, “Shift Cybersecurity Investment to Detection and Response” (Tirosh & Proctor, 2016) [G00292536]
Dell - Internal Use - Confidential Agenda • On the Offense: Cybercrime = a modern business model! • On the Defense: Legacy tools and approaches • The mandatory shift from prevention ► detection & response • Innovation in cybersecurity: technology, processes, procedures • “Business-Driven Security” and the RSA NetWitness Suite
Dell - Internal Use - Confidential The Scrap Value of a Hacked PC Brian Krebs, “The Scrap Value of a Hacked PC, Revisited” (2012), http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
Dell - Internal Use - Confidential Attack sophistication vs. intruder technical knowledge CERT Software Engineering Institute (SEI) at Carnegie Mellon University (2011) [via INSA report: http://www.oss-institute.org/storage/documents/Resources/studies/insa_cyber_intelligence_2011.pdf]
Dell - Internal Use - Confidential Attack Surface • Individual computers (corporate, personal) • Mobile devices • Internet of Things (IoT) • Virtualization • Cloud computing
Dell - Internal Use - Confidential Cybercrime market: not easy to size, but BIG! “The black marketcan be more profitable than the illegal drugtrade:Links to end-users are more direct, and because w orldwide distribution is accomplished electronically, the requirements are negligible. This is because a majority of players, goods, and services areonline-based and can be accessed, harnessed, or controlled remotely, instantaneously. ‘Shipping’ digital goods may only require an email or dow nload, or a username and password to a locked site. This enables greater profitability.” RAND, “Markets for Cybercrime Tools and Stolen Information:Hackers’ Bazaar” (2014), http://www.rand.org/pubs/research_reports/RR610.html;World Economic Forum, “The Global Risks Report” (2016), https://www.weforum.org/reports/the-global-risks-report-2016/; RSA, “Current State of Cybercrime” (2016), https://www.rsa.com/en-us/perspectives/resources/2016-current-state-of-cybercrime "The Internet of Things is a grow ing reality, introducing new efficiencies as wellas new vulnerabilities and interconnected consequences. Recent technological advances have been beneficial in many respects, but have also openedthe door to a growingwave of cyberattacks – including economic espionage, cybercrime, and even state-sponsored exploits – that are increasingly perpetrated against businesses." In a six month study, RSA uncovered more than 500 fraud-dedicated social media groups aroundthe world with an estimated total of more than 220,000 members. More than 60 percent, or approximately 133,000 members, w ere found on Facebook alone. The types of information openly shared in socialmedia include live compromised financialinformation such as credit card numbers w ith PII and authorization codes, cybercrime tutorials, malw are and hacking tools, and cash out and muling services.
Dell - Internal Use - Confidential The industrialization of cybercrime Specialization Division of Labor
Dell - Internal Use - Confidential Cybercrime…is a business! Sophos, “TeslaCrypt ransomware attacks gamers – ‘all your files are belong to us!’” https://nakedsecurity.sophos.com/2015/03/16/teslacrypt-ransomware-attacks-gamers-all-your-files-are-belong-to-us/
Dell - Internal Use - Confidential Different levels of participants in the underground market RAND, “Markets for Cybercrime Tools and Stolen Information: Hackers’ Bazaar” (2014), http://www.rand.org/pubs/research_reports/RR610.html
Dell - Internal Use - Confidential Everything you might need is available “on the market” • Web infrastructure & core applications • Multi-lingual call centers ready to impersonate / support • Application development tools & technical services • Rentable cybercrime infrastructure (including ready-to-use botnets) • Anonymized payment systems (BTC) • Research & development (zero-day research)
Dell - Internal Use - Confidential Organizations face difficult security challenges A real scarcity of skilled security analysts forces enterprises to get creative to combat threats and protect the enterprise. GROWING SHORTAGE OF SKILLED SECURITY STAFF More endpoints in the enterprise, in the field, and in the cloud means more potential entry points for attacks. A GREATLY EXPANDING ATTACK SURFACE The days of simple malware or APTs are gone. Today’s attacks are targeted, lengthy, and multifaceted. MORE SOPHISTICATED ATTACK CAMPAIGNS
Dell - Internal Use - Confidential So they take preventive steps to protect themselves Confidential Data Endpoints NGFW IDS / IPS SIEM NGFW 80% of security staff, budget, and activity is generally dedicated to preventive action
Dell - Internal Use - Confidential But breaches still occur…what’s happening? Confidential Data Endpoints NGFW IDS / IPS SIEM NGFW NGAV misses UNKNOWN, NEW threat NGFW has no rule for / against threat traffic IPS has no signature for the threat packets SIEM captures logs, but will it trigger an alert? NGFW has no rule for/against threat traffic How big is the compromise? How long has it been there? Just how bad is this? What did the attacker do? Missing the little things rapidly adds up to one bigger problem
Dell - Internal Use - Confidential Account lockouts Failed user access attempts Web shell deletions Buffer overflows SQL injections Cross-site scripting Denial-of-service IDS/IPS events Incident-level fixes S E C U R I T Y D E T A I L How bad is it? Who was it? How did they get in? What information was taken? What are the legal implications? Is it under control? What are the damages? What do we tell people? B U S I N E S S R I S K
Dell - Internal Use - Confidential Why does the gap exist? Lack of context & ability to prioritizeAlert fatigue Multiple disconnected point solutions SECURITY EXCLUSION SECURITY INCLUSION BUSINESS / IT RISK MANAGEMENT FW A/V IDS / IPS SIEM NGFW SANDBOX GW 2FA ACCESS MGMT PROV SSO PAM FEDERATION GRC SPREADSHEETS VULN MGMT CMDB
Dell - Internal Use - Confidential Moving from purely prevention ► monitoring & response
Dell - Internal Use - Confidential A more balanced approach is needed! Today’s investment mix Prevention Response Monitoring Prevention Response Ideal mix Monitoring
Dell - Internal Use - Confidential Organizing the innovations Preventive Detective Investigative Response
Dell - Internal Use - Confidential Multi-factor authentication & biometrics hits mainstream Innovation: Preventive
Dell - Internal Use - Confidential The coming maturation of the cyberinsurance industry Innovation: Preventive • ~$3.25B annual premiums – Dominated by AIG, ACE, Chubb, Zurich, and Beazley Group CIAB, “Cyber Insurance Market Watch Survey’” (2016), https://www.ciab.com/uploadedFiles/Resources/Cyber_Survey/2ndCyberMarketWatch_ExecutiveSummary_FINAL.pdf; Insurance Journal, “Where Cyber Insurance Underwriting Stands Today” (2015), http://www.insurancejournal.com/news/national/2015/06/12/371591.htm NIST’s Cybersecurity Framework (CSF)
Dell - Internal Use - Confidential Increase visibility and situational awareness by leveraging more data – not just logs Innovation: Detective Logs Full Network Traffic Endpoint/Host Secondary Sources Primary Sources & Context Events IDS Asset Information Threat Intelligence
Dell - Internal Use - Confidential Behavioral analytics (UBA / UEBA) versus static rules Innovation: Detective LEADING INDICATORS OF A PLANNED C2 (COMMAND AND CONTROL) EXPLOIT Beaconing Behavior Rare Domains Rare User Agents Missing Referrers Domain Age (Whois) • Real-time Analytics – Data Science algorithms – Scores on multiple C2 behavior indicators – Uses streaming HTTP activity • Low False Positives – Learns from ongoing and historical activity – Supervised whitelisting option
Dell - Internal Use - Confidential Humans are great anomaly detectors…people catch people! Innovation: Detective
Dell - Internal Use - Confidential Increasing visibility via public cloud security APIs Innovation: Detective / Investigative AWS CloudTrail MicrosoftAzure Management API
Dell - Internal Use - Confidential Speed & scope of sharing of community-oriented threat intelligence Innovation: Detective / Investigative • InformationSharing and Analysis Center (ISAC)model
Dell - Internal Use - Confidential Security monitoring teams; virtual MSSP SOCs Innovation: Response SOC Manager Tier 2 Analyst Security Architect Tier 1 Analyst Threat Intelligence Analyst
Dell - Internal Use - Confidential RSA is very active innovating across all of these areas Preventive Detective Investigative Response • Authentication capabilities incorporating software tokens & biometrics (more secure and more convenient) • Collaborating with cyber-insurance underwriters to mitigate risk • Behavior-based analytics for smarter detection • Tooling for human hunters • Creating & consuming community threat intelligence • Providing a set of products & services to build SOCs • Security monitoring technology = comprehensive visibility – Logs/event, network traffic, endpoint, threat intelligence, public cloud APIs…
Dell - Internal Use - Confidential Under attack: your data, your endpoints, your network
Dell - Internal Use - Confidential RSA NetWitness Suite [ packets + logs + endpoint ] NetWitness Server master console NetWitness Endpoint agent console NetWitness Logs ingestion & indexing NetWitness Packets ingestion & indexing RSA Live threat intelligence NetWitness SecOps Manager response workflow, orchestration
Dell - Internal Use - Confidential Business-Driven Security C O N T E X T U A L I N T E L L I G E N C E C O N T E X T U A L I N T E L L I G E N C E S EC U R I T Y EX C L U S I O N S EC U R I T Y I N C L U S I O NA N A L Y T I C S O R C H E S T R A T I O N & R E S P O N S E P O W E R & S P E E D O F I N S I G H T R I G H T P I C T U R E R I G H T A C T I O N S B U S I N E S S C O N T E X T R S A S E C U R I D S U I T E R S A C Y B E R A N A L Y T I C S P L A T FO R M R S A N ET W I T N ES S S U I T E R S A A R C H E R S U I T E R S A FRAUD & RISK INTELLIGENCE S U I T E
PORTFOLIO Respond in minutes, not months N E T W I T N ESS S U I T E Reimagine your identity strategy S E C U R I D S U I T E Take command of risk A R C H E R S U I T E Take command of your evolving security posture R I S K & C YB E R S E C U R I T Y P R A C T I C E Expose cybercriminals, protect customers FRAUD & RISK INTELLIGENCE SUITE
MT 117 Key Innovations in Cybersecurity

Recommandé

MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
Dell World
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 

Recommandé

MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
Dell EMC World
 
MT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT InitiativesMT81 Keys to Successful Enterprise IoT Initiatives
MT81 Keys to Successful Enterprise IoT Initiatives
Dell EMC World
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
Dell World
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
centralohioissa
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
Dell World
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
Tripwire
 
Scalar cloud study2016_slideshare
Scalar cloud study2016_slideshareScalar cloud study2016_slideshare
Scalar cloud study2016_slideshare
Scalar Decisions
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
MarcoTechnologies
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in Review
Dragos, Inc.
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Kurt Hagerman
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
James Sutter
 
ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
Priyanka Aash
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
Iftikhar Ali Iqbal
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction
Dragos, Inc.
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
The value of our data
The value of our dataThe value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
 
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
Dell EMC World
 
Seminar CYBER DEFENCE UNSOED 21 September 2014
Seminar CYBER DEFENCE UNSOED 21 September 2014Seminar CYBER DEFENCE UNSOED 21 September 2014
Seminar CYBER DEFENCE UNSOED 21 September 2014
IGN MANTRA
 

Contenu connexe

Tendances

Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
James Sutter
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction
Dragos, Inc.
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 

Tendances (20)

Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Scalar cloud study2016_slideshare
Scalar cloud study2016_slideshareScalar cloud study2016_slideshare
Scalar cloud study2016_slideshare
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in Review
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
ciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overviewciso-platform-annual-summit-2013-Hp enterprise security overview
ciso-platform-annual-summit-2013-Hp enterprise security overview
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
The value of our data
The value of our dataThe value of our data
The value of our data
 

En vedette

MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
Dell EMC World
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC World
Dell EMC World
 

En vedette (20)

MT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game ChangerMT155 Analytics and Cloud Native Apps – Your Business Game Changer
MT155 Analytics and Cloud Native Apps – Your Business Game Changer
 
Seminar CYBER DEFENCE UNSOED 21 September 2014
Seminar CYBER DEFENCE UNSOED 21 September 2014Seminar CYBER DEFENCE UNSOED 21 September 2014
Seminar CYBER DEFENCE UNSOED 21 September 2014
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Stu t18 a
Stu t18 aStu t18 a
Stu t18 a
 
Event Garden Радио напрокат - Creating presentation (marketing, copywriting, ...
Event Garden Радио напрокат - Creating presentation (marketing, copywriting, ...Event Garden Радио напрокат - Creating presentation (marketing, copywriting, ...
Event Garden Радио напрокат - Creating presentation (marketing, copywriting, ...
 
Kiev Tesla Day
Kiev Tesla DayKiev Tesla Day
Kiev Tesla Day
 
Nvidia Hpc Day Kiev Rus
Nvidia Hpc Day Kiev RusNvidia Hpc Day Kiev Rus
Nvidia Hpc Day Kiev Rus
 
Digital promotion новые взгляды на методику
Digital promotion новые взгляды на методикуDigital promotion новые взгляды на методику
Digital promotion новые взгляды на методику
 
The Power of Foursquare: 7 Innovative Ways to Get Your Customers to Check In ...
The Power of Foursquare: 7 Innovative Ways to Get Your Customers to Check In ...The Power of Foursquare: 7 Innovative Ways to Get Your Customers to Check In ...
The Power of Foursquare: 7 Innovative Ways to Get Your Customers to Check In ...
 
Palantir, Quid, RecordedFuture: Augmented Intelligence Frontier
Palantir, Quid, RecordedFuture: Augmented Intelligence FrontierPalantir, Quid, RecordedFuture: Augmented Intelligence Frontier
Palantir, Quid, RecordedFuture: Augmented Intelligence Frontier
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC World
 
Presentation Design Trends 2015
Presentation Design Trends 2015Presentation Design Trends 2015
Presentation Design Trends 2015
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Kickfolio - 500Startups Batch 5
Kickfolio - 500Startups Batch 5Kickfolio - 500Startups Batch 5
Kickfolio - 500Startups Batch 5
 
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
 
How Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeksHow Wealthsimple raised $2M in 2 weeks
How Wealthsimple raised $2M in 2 weeks
 
AdPushup Fundraising Deck - First Pitch
AdPushup Fundraising Deck - First PitchAdPushup Fundraising Deck - First Pitch
AdPushup Fundraising Deck - First Pitch
 
Zenpayroll Pitch Deck Template
Zenpayroll Pitch Deck TemplateZenpayroll Pitch Deck Template
Zenpayroll Pitch Deck Template
 
The deck we used to raise $270k for our startup Castle
The deck we used to raise $270k for our startup CastleThe deck we used to raise $270k for our startup Castle
The deck we used to raise $270k for our startup Castle
 
SteadyBudget's Seed Funding Pitch Deck
SteadyBudget's Seed Funding Pitch DeckSteadyBudget's Seed Funding Pitch Deck
SteadyBudget's Seed Funding Pitch Deck
 

Similaire à MT 117 Key Innovations in Cybersecurity

2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
Susan Darby
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
CIONET
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 

Similaire à MT 117 Key Innovations in Cybersecurity (20)

Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Cyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - ZymrCyber Security Services & Solutions - Zymr
Cyber Security Services & Solutions - Zymr
 
Zymr Cybersecurity
Zymr Cybersecurity Zymr Cybersecurity
Zymr Cybersecurity
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 

Plus de Dell EMC World

MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
Dell EMC World
 
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
Dell EMC World
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
Dell EMC World
 

Plus de Dell EMC World (20)

MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
 
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...
 
MT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussionMT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussion
 
MT54 Better security is better business
MT54 Better security is better businessMT54 Better security is better business
MT54 Better security is better business
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected
 
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization planMT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
 
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
 
MT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real timeMT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real time
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...
 
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the CloudMT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
 
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoTMT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
 
MT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoptionMT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoption
 
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined DatacentreMt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
 
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
 

MT 117 Key Innovations in Cybersecurity

  • 1. Key Innovations in Cybersecurity THE SHIFT TO DETECTION AND RESPONSE SESSION MT117 BEN SMITH CISSP CRISC @BEN_SMITH
  • 2. Dell - Internal Use - Confidential Who here is an IT security professional?
  • 3. Dell - Internal Use - Confidential What you will NOT hear from me today… • “It’s not about if you get breached; it's when you get breached.” • “Even large enterprises that have millions of dollars to spend on security got breached, so everyone is at risk.” • “The breaches we have seen so far are just the beginning – bigger breaches are coming.” • “Legacy security technologies are of limited value in the face of advanced persistent threats.” • “Security incidents can put you out of business.” Gartner, “The Future of Security Sales Revolves Around Digital Risk” (May 2015) [G00278090]
  • 4. Dell - Internal Use - Confidential Material gaps in detecting, investigating cyber-attacks 24% Organizations satisfied with their current ability to detectand investigate Organizations unable to investigate attacks very quickly using their current data & toolsets 92% Organizations unable to detectattacks very quickly using their current data and toolsets 89% RSA, “Threat Detection Effectiveness Survey” (2016) https://www.rsa.com/en-us/perspectives/resources/threat-detecti on-effectiveness
  • 5. Dell - Internal Use - Confidential Material gaps in detecting, investigating cyber-attacks < 5% Organizations who know their split of investment between prevention and detection/response Cybersecuritybudgetallocation for rapid detectionand response approaches [2015] 60% Cybersecuritybudgetallocation for rapid detectionand response approaches[2020 prediction] < 20% Gartner, “Shift Cybersecurity Investment to Detection and Response” (Tirosh & Proctor, 2016) [G00292536]
  • 6. Dell - Internal Use - Confidential Agenda • On the Offense: Cybercrime = a modern business model! • On the Defense: Legacy tools and approaches • The mandatory shift from prevention ► detection & response • Innovation in cybersecurity: technology, processes, procedures • “Business-Driven Security” and the RSA NetWitness Suite
  • 7. Dell - Internal Use - Confidential The Scrap Value of a Hacked PC Brian Krebs, “The Scrap Value of a Hacked PC, Revisited” (2012), http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
  • 8. Dell - Internal Use - Confidential Attack sophistication vs. intruder technical knowledge CERT Software Engineering Institute (SEI) at Carnegie Mellon University (2011) [via INSA report: http://www.oss-institute.org/storage/documents/Resources/studies/insa_cyber_intelligence_2011.pdf]
  • 9. Dell - Internal Use - Confidential Attack Surface • Individual computers (corporate, personal) • Mobile devices • Internet of Things (IoT) • Virtualization • Cloud computing
  • 10. Dell - Internal Use - Confidential Cybercrime market: not easy to size, but BIG! “The black marketcan be more profitable than the illegal drugtrade:Links to end-users are more direct, and because w orldwide distribution is accomplished electronically, the requirements are negligible. This is because a majority of players, goods, and services areonline-based and can be accessed, harnessed, or controlled remotely, instantaneously. ‘Shipping’ digital goods may only require an email or dow nload, or a username and password to a locked site. This enables greater profitability.” RAND, “Markets for Cybercrime Tools and Stolen Information:Hackers’ Bazaar” (2014), http://www.rand.org/pubs/research_reports/RR610.html;World Economic Forum, “The Global Risks Report” (2016), https://www.weforum.org/reports/the-global-risks-report-2016/; RSA, “Current State of Cybercrime” (2016), https://www.rsa.com/en-us/perspectives/resources/2016-current-state-of-cybercrime "The Internet of Things is a grow ing reality, introducing new efficiencies as wellas new vulnerabilities and interconnected consequences. Recent technological advances have been beneficial in many respects, but have also openedthe door to a growingwave of cyberattacks – including economic espionage, cybercrime, and even state-sponsored exploits – that are increasingly perpetrated against businesses." In a six month study, RSA uncovered more than 500 fraud-dedicated social media groups aroundthe world with an estimated total of more than 220,000 members. More than 60 percent, or approximately 133,000 members, w ere found on Facebook alone. The types of information openly shared in socialmedia include live compromised financialinformation such as credit card numbers w ith PII and authorization codes, cybercrime tutorials, malw are and hacking tools, and cash out and muling services.
  • 11. Dell - Internal Use - Confidential The industrialization of cybercrime Specialization Division of Labor
  • 12. Dell - Internal Use - Confidential Cybercrime…is a business! Sophos, “TeslaCrypt ransomware attacks gamers – ‘all your files are belong to us!’” https://nakedsecurity.sophos.com/2015/03/16/teslacrypt-ransomware-attacks-gamers-all-your-files-are-belong-to-us/
  • 13. Dell - Internal Use - Confidential Different levels of participants in the underground market RAND, “Markets for Cybercrime Tools and Stolen Information: Hackers’ Bazaar” (2014), http://www.rand.org/pubs/research_reports/RR610.html
  • 14. Dell - Internal Use - Confidential Everything you might need is available “on the market” • Web infrastructure & core applications • Multi-lingual call centers ready to impersonate / support • Application development tools & technical services • Rentable cybercrime infrastructure (including ready-to-use botnets) • Anonymized payment systems (BTC) • Research & development (zero-day research)
  • 15. Dell - Internal Use - Confidential Organizations face difficult security challenges A real scarcity of skilled security analysts forces enterprises to get creative to combat threats and protect the enterprise. GROWING SHORTAGE OF SKILLED SECURITY STAFF More endpoints in the enterprise, in the field, and in the cloud means more potential entry points for attacks. A GREATLY EXPANDING ATTACK SURFACE The days of simple malware or APTs are gone. Today’s attacks are targeted, lengthy, and multifaceted. MORE SOPHISTICATED ATTACK CAMPAIGNS
  • 16. Dell - Internal Use - Confidential So they take preventive steps to protect themselves Confidential Data Endpoints NGFW IDS / IPS SIEM NGFW 80% of security staff, budget, and activity is generally dedicated to preventive action
  • 17. Dell - Internal Use - Confidential But breaches still occur…what’s happening? Confidential Data Endpoints NGFW IDS / IPS SIEM NGFW NGAV misses UNKNOWN, NEW threat NGFW has no rule for / against threat traffic IPS has no signature for the threat packets SIEM captures logs, but will it trigger an alert? NGFW has no rule for/against threat traffic How big is the compromise? How long has it been there? Just how bad is this? What did the attacker do? Missing the little things rapidly adds up to one bigger problem
  • 18. Dell - Internal Use - Confidential Account lockouts Failed user access attempts Web shell deletions Buffer overflows SQL injections Cross-site scripting Denial-of-service IDS/IPS events Incident-level fixes S E C U R I T Y D E T A I L How bad is it? Who was it? How did they get in? What information was taken? What are the legal implications? Is it under control? What are the damages? What do we tell people? B U S I N E S S R I S K
  • 19. Dell - Internal Use - Confidential Why does the gap exist? Lack of context & ability to prioritizeAlert fatigue Multiple disconnected point solutions SECURITY EXCLUSION SECURITY INCLUSION BUSINESS / IT RISK MANAGEMENT FW A/V IDS / IPS SIEM NGFW SANDBOX GW 2FA ACCESS MGMT PROV SSO PAM FEDERATION GRC SPREADSHEETS VULN MGMT CMDB
  • 20. Dell - Internal Use - Confidential Moving from purely prevention ► monitoring & response
  • 21. Dell - Internal Use - Confidential A more balanced approach is needed! Today’s investment mix Prevention Response Monitoring Prevention Response Ideal mix Monitoring
  • 22. Dell - Internal Use - Confidential Organizing the innovations Preventive Detective Investigative Response
  • 23. Dell - Internal Use - Confidential Multi-factor authentication & biometrics hits mainstream Innovation: Preventive
  • 24. Dell - Internal Use - Confidential The coming maturation of the cyberinsurance industry Innovation: Preventive • ~$3.25B annual premiums – Dominated by AIG, ACE, Chubb, Zurich, and Beazley Group CIAB, “Cyber Insurance Market Watch Survey’” (2016), https://www.ciab.com/uploadedFiles/Resources/Cyber_Survey/2ndCyberMarketWatch_ExecutiveSummary_FINAL.pdf; Insurance Journal, “Where Cyber Insurance Underwriting Stands Today” (2015), http://www.insurancejournal.com/news/national/2015/06/12/371591.htm NIST’s Cybersecurity Framework (CSF)
  • 25. Dell - Internal Use - Confidential Increase visibility and situational awareness by leveraging more data – not just logs Innovation: Detective Logs Full Network Traffic Endpoint/Host Secondary Sources Primary Sources & Context Events IDS Asset Information Threat Intelligence
  • 26. Dell - Internal Use - Confidential Behavioral analytics (UBA / UEBA) versus static rules Innovation: Detective LEADING INDICATORS OF A PLANNED C2 (COMMAND AND CONTROL) EXPLOIT Beaconing Behavior Rare Domains Rare User Agents Missing Referrers Domain Age (Whois) • Real-time Analytics – Data Science algorithms – Scores on multiple C2 behavior indicators – Uses streaming HTTP activity • Low False Positives – Learns from ongoing and historical activity – Supervised whitelisting option
  • 27. Dell - Internal Use - Confidential Humans are great anomaly detectors…people catch people! Innovation: Detective
  • 28. Dell - Internal Use - Confidential Increasing visibility via public cloud security APIs Innovation: Detective / Investigative AWS CloudTrail MicrosoftAzure Management API
  • 29. Dell - Internal Use - Confidential Speed & scope of sharing of community-oriented threat intelligence Innovation: Detective / Investigative • InformationSharing and Analysis Center (ISAC)model
  • 30. Dell - Internal Use - Confidential Security monitoring teams; virtual MSSP SOCs Innovation: Response SOC Manager Tier 2 Analyst Security Architect Tier 1 Analyst Threat Intelligence Analyst
  • 31. Dell - Internal Use - Confidential RSA is very active innovating across all of these areas Preventive Detective Investigative Response • Authentication capabilities incorporating software tokens & biometrics (more secure and more convenient) • Collaborating with cyber-insurance underwriters to mitigate risk • Behavior-based analytics for smarter detection • Tooling for human hunters • Creating & consuming community threat intelligence • Providing a set of products & services to build SOCs • Security monitoring technology = comprehensive visibility – Logs/event, network traffic, endpoint, threat intelligence, public cloud APIs…
  • 32. Dell - Internal Use - Confidential Under attack: your data, your endpoints, your network
  • 33. Dell - Internal Use - Confidential RSA NetWitness Suite [ packets + logs + endpoint ] NetWitness Server master console NetWitness Endpoint agent console NetWitness Logs ingestion & indexing NetWitness Packets ingestion & indexing RSA Live threat intelligence NetWitness SecOps Manager response workflow, orchestration
  • 34. Dell - Internal Use - Confidential Business-Driven Security C O N T E X T U A L I N T E L L I G E N C E C O N T E X T U A L I N T E L L I G E N C E S EC U R I T Y EX C L U S I O N S EC U R I T Y I N C L U S I O NA N A L Y T I C S O R C H E S T R A T I O N & R E S P O N S E P O W E R & S P E E D O F I N S I G H T R I G H T P I C T U R E R I G H T A C T I O N S B U S I N E S S C O N T E X T R S A S E C U R I D S U I T E R S A C Y B E R A N A L Y T I C S P L A T FO R M R S A N ET W I T N ES S S U I T E R S A A R C H E R S U I T E R S A FRAUD & RISK INTELLIGENCE S U I T E
  • 35. PORTFOLIO Respond in minutes, not months N E T W I T N ESS S U I T E Reimagine your identity strategy S E C U R I D S U I T E Take command of risk A R C H E R S U I T E Take command of your evolving security posture R I S K & C YB E R S E C U R I T Y P R A C T I C E Expose cybercriminals, protect customers FRAUD & RISK INTELLIGENCE SUITE