SlideShare une entreprise Scribd logo
1  sur  27
OPTIMIZING
SECURITY
OPERATIONS
FIVE KEYS
TO SUCCESS
www.siriuscom.com
Sirius is a national integrator of technology-
based business solutions that span the
enterprise, including the data center and
lines of business. Built on products and
services from the world’s top technology
companies, Sirius solutions are installed,
configured and supported by our dedicated
teams of highly certified experts.
Sponsored by
We are gathering
unprecedented amounts
of data about threats.
This helps with security,
but also exacerbates false
positive and staffing issues. 54 percent of security professionals
ignore alerts that should be
investigated because they don't have
the staff or expertise to deal with them
51 percent of organizations
report a “problematic shortage”
of cybersecurity skills
Source: ESG Research
Too many alerts, too many
technologies, and not
enough people!
THE RESULT…
CYBER FATIGUE
Minimizing the number of times “I
don’t know!” is the answer to
questions about security incidents
is a challenge
LEADS TO MORE
QUESTIONS THAN
ANSWERS
A team and facility dedicated to
detecting, analyzing, responding to,
reporting on and preventing
cybersecurity incidents.
A well-run SOC is the heart of
effective cyber defense.
THE KEY TO
FINDING ANSWERS
IS THE SECURITY
OPERATIONS
CENTER (SOC)
Ask yourself:
WHICH BEST DESCRIBES
YOUR COMPANY’S CURRENT
SECOPs CAPABILITIES?
a) We have a SIEM
b) We have a fully staffed, on-prem SOC
c) We have an on-prem SOC, but it’s not fully staffed
d) We have a small team, and managed services
e) We’re just now building out our operations
5 KEYS TO OPTIMIZING
SECURITY OPERATIONS
Determine the right approach
For your business
ONE
EVALUATE
SOC MODELS
INTERNAL SOC
Dedicated facility
Dedicated team
Fully in-house
Advantages
Provides the most granular visibility
across the environment
Disadvantages
Possible misses in detection
Struggle to recruit and retain talent
Up-front investment costs
Significant time investment
VIRTUAL SOC
No dedicated facility
Part-time team members
Reactive; activated when a critical
alert or incident occurs
Advantages
Quickest, simplest, most scalable,
and cost-effective to implement
Disadvantages
Reduced granular visibility
Some data handled by third party
Longer escalation times
Least customizable
HYBRID SOC
Dedicated and semi-dedicated
team members
Typically 5x8 operations
Co-managed with an MSSP
Advantages
Most secure from a monitoring and
detection perspective
Quick detection & response time
Lower backlog
Knowledge transfer/intel sharing
Disadvantages
Third-party data handling
Ask yourself:
DOES YOUR ORGANIZATION USE
MANAGED SECURITY SERVICES?
a) Yes, we have a managed SOC
b) Yes, but not for SOC
c) No
d) Not sure
Many companies rely heavily on SIEM to
support compliance and threat detection
efforts. While SIEM is a critical tool,
organizations are increasingly
complementing their deployments with
solutions that really take their analytics
capabilities to the next level.
TWO
IMPLEMENT
ADVANCED
ANALYTICS
Consider the following questions:
• What security controls do you have in your environment? When was the last time your technology was evaluated?
• Do you have the visibility you need into your business activities, and the assets that are most likely to be targeted by
cyber adversaries?
• Can your security controls ingest and display threat intelligence delivered in a variety of formats (XML, CSV, and JSON)
in the form of indicators, tags, labels, text, and reports?
The NIST Cybersecurity Framework and special publications on security and privacy controls, as well as the CIS Critical
Security Controls (often referred to as the SANS Top 20) can assist you in establishing a strong foundation.
ENSURE FUNDAMENTALS ARE IN PLACE
Organizations looking to enable sophisticated analytics first need to ensure they have the right fundamentals in place. Many
cyber attacks take advantage of basic, often unnoticed security vulnerabilities, such as poor patch management
procedures, weak passwords, personal email services, and the lack of end-user education and sound security policies. A
mature SOC should make sure they have a complete picture of their infrastructure—what’s deployed, how it’s being used,
who’s using it, and if it’s up to date.
User and entity behavior analytics (UEBA) helps to establish baselines of normal user behavior, and
facilitate the detection of users with high-risk identity profiles as well as high-risk activity, access, and events
associated with insider threats and compromised accounts. Organizations can quickly identify threats based
on actions that stray from normal patterns. SIEM vendors are adding UEBA as a feature, or partnering with
UEBA vendors to deliver behavioral modeling, machine learning, and advanced analytics.
User Behavior
Analytics
COMPLEMENTARY ANALYTICS
Endpoint detection and response (EDR) solutions include all of the components of traditional endpoint
defenses such as anti-virus, host IPS, and heuristics to prevent exploits and malware propagation, but
also enable SOCs and IR teams to leverage additional capabilities such as ransomware detection,
continuous endpoint recording, and live endpoint investigation and remediation. They are typically
broken into four categories: threat prevention, threat detection and response, endpoint monitoring and
management, and digital forensics.
Network analytics enable the analysis of traffic flow and packets. Analysts can collect, process,
correlate, and analyze metadata throughout the Open Systems Interconnection (OSI) stack to
determine what happened, when. Targeted attacks often follow the “cyber kill chain,” and these
controls can be used to block or detect malicious activity within each of its seven phases. While
network security analytics tend to focus on internal data, they can be integrated with threat intelligence
to provide an outside-in perspective as well.
Threat intelligence helps you arm yourself with strategic, tactical, and operational insights to understand
how you are being targeted, and respond accordingly. Threat data is not the same as threat
intelligence; dumping raw information into organizations that are drowning in data exacerbates staffing
and false positive issues. Threat intelligence incorporates the context that makes threat data relevant to
an organization or industry.
Endpoint
Security
Threat
Intelligence
Network Security
Analytics
INTERNAL
Standardized
Highly targeted intelligence | Unrestricted usage
COMMERCIAL
Vendor-specific
Moderately targeted intelligence | Usage is restricted
Some standardization
Moderately targeted intelligence | Usage is restricted
COMMUNITY
Varied formats
Little targeted intelligence | Usage restrictions vary
OPEN SOURCE
INTELLIGENCE
SOURCES
Enable analysts to make better decisions
from better data
THREE
INTEGRATE
CONTROLS &
AUTOMATE
PROCESSES
17
FOUR
BOOST INCIDENT
RESPONSE
Triage detected threats and avoid
bottlenecks in IR processes
19
20
Popular Incident Response Frameworks
NIST 800-61
The National Institute of
Standards and Technology
developed this framework to
help organizations develop their
incident response teams and
processes in order to properly
plan for, assess, respond to, and
recover from potential threats.
CERT (CSIRT)
The Computer Emergency
Response Team created this
handbook, which includes a
popular framework companies
often use to model their own
incident response plans. The
handbook also covers how to set
up an IRT, as well as tools and
workflows to facilitate effective
response to security events.
ISACA
Developed by the Information
Systems Audit and Control
Association (ISACA), this
framework is an incident
response plan companies use
when becoming COBIT
compliant. It models the ways in
which companies can manage
risk and establish controls and
protections over information
systems, technologies, and
intellectual property.
ISO/IEC 270035
The International Organization
for Standardization (ISO)
and the International
Electrotechnical Commission
(IEC) developed this rigid and
formal incident response
framework that organizations
are required to implement when
becoming ISO 27001 compliant;
it establishes specific and
detailed steps to manage and
respond to security threats.
CONSIDER THE FOLLOWING QUESTIONS:
• Is your IR plan based on a framework?
• Is it frequently reviewed and updated?
• Has it ever been tested and validated?
• Do you have a retainer with an IR firm and/or have
cybersecurity insurance?
Ask yourself:
FIVE
MEASURE YOUR
EFFORTS
Report the performance of people,
processes, and technologies
Detect and respond to incidents
Identify threats and vulnerabilities
Document activities
for management,
auditors, and regulators
BUILDING
NEXT-GEN
SECURITY
OPERATIONS
http://focus.forsythe.com/articles/627/5-Keys-to-
Optimizing-Security-Operations
CHECK OUT THE
ORIGINAL ARTICLE:
http://focus.forsythe.com
OR FIND MORE ARTICLES ABOUT
BUSINESS AND TECHNOLOGY
SOLUTIONS AT FOCUS ONLINE:
Author:
Chris Hoke
Managing Director, Security, Sirius
Jose Ferreira
Security Solutions Territory Manager, Sirius
www.siriuscom.com
Sirius is a national integrator of technology-
based business solutions that span the
enterprise, including the data center and
lines of business. Built on products and
services from the world’s top technology
companies, Sirius solutions are installed,
configured and supported by our dedicated
teams of highly certified experts.
Optimizing Security Operations: 5 Keys to Success

Contenu connexe

Tendances

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber  Security Operation Center: du Case  StudyWhat We’ve Learned Building a Cyber  Security Operation Center: du Case  Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations CenterSiemplify
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 

Tendances (20)

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber  Security Operation Center: du Case  StudyWhat We’ve Learned Building a Cyber  Security Operation Center: du Case  Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 

Similaire à Optimizing Security Operations: 5 Keys to Success

Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptxSonuSingh81247
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database SecurityLisa Diaz
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionInfo-Tech Research Group
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault   how to build a security operations center (on a budget) (2017, a...Alienvault   how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...Asep Syihabuddin
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMIvanti
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 

Similaire à Optimizing Security Operations: 5 Keys to Success (20)

Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptxLIBRARY RESEARCH  PROJECT, SECURITY OPERATION CENTER.pptx
LIBRARY RESEARCH PROJECT, SECURITY OPERATION CENTER.pptx
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database Security
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault   how to build a security operations center (on a budget) (2017, a...Alienvault   how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 

Plus de Sirius

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business TransformationSirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetSirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITSirius
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data managementSirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionSirius
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should HaveSirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric SecuritySirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills GapSirius
 

Plus de Sirius (20)

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business Asset
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
 

Dernier

How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 

Dernier (20)

How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 

Optimizing Security Operations: 5 Keys to Success

  • 2. www.siriuscom.com Sirius is a national integrator of technology- based business solutions that span the enterprise, including the data center and lines of business. Built on products and services from the world’s top technology companies, Sirius solutions are installed, configured and supported by our dedicated teams of highly certified experts. Sponsored by
  • 3. We are gathering unprecedented amounts of data about threats. This helps with security, but also exacerbates false positive and staffing issues. 54 percent of security professionals ignore alerts that should be investigated because they don't have the staff or expertise to deal with them 51 percent of organizations report a “problematic shortage” of cybersecurity skills Source: ESG Research
  • 4. Too many alerts, too many technologies, and not enough people! THE RESULT… CYBER FATIGUE
  • 5. Minimizing the number of times “I don’t know!” is the answer to questions about security incidents is a challenge LEADS TO MORE QUESTIONS THAN ANSWERS
  • 6. A team and facility dedicated to detecting, analyzing, responding to, reporting on and preventing cybersecurity incidents. A well-run SOC is the heart of effective cyber defense. THE KEY TO FINDING ANSWERS IS THE SECURITY OPERATIONS CENTER (SOC)
  • 7. Ask yourself: WHICH BEST DESCRIBES YOUR COMPANY’S CURRENT SECOPs CAPABILITIES? a) We have a SIEM b) We have a fully staffed, on-prem SOC c) We have an on-prem SOC, but it’s not fully staffed d) We have a small team, and managed services e) We’re just now building out our operations
  • 8. 5 KEYS TO OPTIMIZING SECURITY OPERATIONS
  • 9. Determine the right approach For your business ONE EVALUATE SOC MODELS
  • 10. INTERNAL SOC Dedicated facility Dedicated team Fully in-house Advantages Provides the most granular visibility across the environment Disadvantages Possible misses in detection Struggle to recruit and retain talent Up-front investment costs Significant time investment VIRTUAL SOC No dedicated facility Part-time team members Reactive; activated when a critical alert or incident occurs Advantages Quickest, simplest, most scalable, and cost-effective to implement Disadvantages Reduced granular visibility Some data handled by third party Longer escalation times Least customizable HYBRID SOC Dedicated and semi-dedicated team members Typically 5x8 operations Co-managed with an MSSP Advantages Most secure from a monitoring and detection perspective Quick detection & response time Lower backlog Knowledge transfer/intel sharing Disadvantages Third-party data handling
  • 11. Ask yourself: DOES YOUR ORGANIZATION USE MANAGED SECURITY SERVICES? a) Yes, we have a managed SOC b) Yes, but not for SOC c) No d) Not sure
  • 12. Many companies rely heavily on SIEM to support compliance and threat detection efforts. While SIEM is a critical tool, organizations are increasingly complementing their deployments with solutions that really take their analytics capabilities to the next level. TWO IMPLEMENT ADVANCED ANALYTICS
  • 13. Consider the following questions: • What security controls do you have in your environment? When was the last time your technology was evaluated? • Do you have the visibility you need into your business activities, and the assets that are most likely to be targeted by cyber adversaries? • Can your security controls ingest and display threat intelligence delivered in a variety of formats (XML, CSV, and JSON) in the form of indicators, tags, labels, text, and reports? The NIST Cybersecurity Framework and special publications on security and privacy controls, as well as the CIS Critical Security Controls (often referred to as the SANS Top 20) can assist you in establishing a strong foundation. ENSURE FUNDAMENTALS ARE IN PLACE Organizations looking to enable sophisticated analytics first need to ensure they have the right fundamentals in place. Many cyber attacks take advantage of basic, often unnoticed security vulnerabilities, such as poor patch management procedures, weak passwords, personal email services, and the lack of end-user education and sound security policies. A mature SOC should make sure they have a complete picture of their infrastructure—what’s deployed, how it’s being used, who’s using it, and if it’s up to date.
  • 14. User and entity behavior analytics (UEBA) helps to establish baselines of normal user behavior, and facilitate the detection of users with high-risk identity profiles as well as high-risk activity, access, and events associated with insider threats and compromised accounts. Organizations can quickly identify threats based on actions that stray from normal patterns. SIEM vendors are adding UEBA as a feature, or partnering with UEBA vendors to deliver behavioral modeling, machine learning, and advanced analytics. User Behavior Analytics COMPLEMENTARY ANALYTICS Endpoint detection and response (EDR) solutions include all of the components of traditional endpoint defenses such as anti-virus, host IPS, and heuristics to prevent exploits and malware propagation, but also enable SOCs and IR teams to leverage additional capabilities such as ransomware detection, continuous endpoint recording, and live endpoint investigation and remediation. They are typically broken into four categories: threat prevention, threat detection and response, endpoint monitoring and management, and digital forensics. Network analytics enable the analysis of traffic flow and packets. Analysts can collect, process, correlate, and analyze metadata throughout the Open Systems Interconnection (OSI) stack to determine what happened, when. Targeted attacks often follow the “cyber kill chain,” and these controls can be used to block or detect malicious activity within each of its seven phases. While network security analytics tend to focus on internal data, they can be integrated with threat intelligence to provide an outside-in perspective as well. Threat intelligence helps you arm yourself with strategic, tactical, and operational insights to understand how you are being targeted, and respond accordingly. Threat data is not the same as threat intelligence; dumping raw information into organizations that are drowning in data exacerbates staffing and false positive issues. Threat intelligence incorporates the context that makes threat data relevant to an organization or industry. Endpoint Security Threat Intelligence Network Security Analytics
  • 15. INTERNAL Standardized Highly targeted intelligence | Unrestricted usage COMMERCIAL Vendor-specific Moderately targeted intelligence | Usage is restricted Some standardization Moderately targeted intelligence | Usage is restricted COMMUNITY Varied formats Little targeted intelligence | Usage restrictions vary OPEN SOURCE INTELLIGENCE SOURCES
  • 16. Enable analysts to make better decisions from better data THREE INTEGRATE CONTROLS & AUTOMATE PROCESSES
  • 17. 17
  • 18. FOUR BOOST INCIDENT RESPONSE Triage detected threats and avoid bottlenecks in IR processes
  • 19. 19
  • 20. 20 Popular Incident Response Frameworks NIST 800-61 The National Institute of Standards and Technology developed this framework to help organizations develop their incident response teams and processes in order to properly plan for, assess, respond to, and recover from potential threats. CERT (CSIRT) The Computer Emergency Response Team created this handbook, which includes a popular framework companies often use to model their own incident response plans. The handbook also covers how to set up an IRT, as well as tools and workflows to facilitate effective response to security events. ISACA Developed by the Information Systems Audit and Control Association (ISACA), this framework is an incident response plan companies use when becoming COBIT compliant. It models the ways in which companies can manage risk and establish controls and protections over information systems, technologies, and intellectual property. ISO/IEC 270035 The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed this rigid and formal incident response framework that organizations are required to implement when becoming ISO 27001 compliant; it establishes specific and detailed steps to manage and respond to security threats.
  • 21. CONSIDER THE FOLLOWING QUESTIONS: • Is your IR plan based on a framework? • Is it frequently reviewed and updated? • Has it ever been tested and validated? • Do you have a retainer with an IR firm and/or have cybersecurity insurance? Ask yourself:
  • 22. FIVE MEASURE YOUR EFFORTS Report the performance of people, processes, and technologies
  • 23. Detect and respond to incidents Identify threats and vulnerabilities Document activities for management, auditors, and regulators BUILDING NEXT-GEN SECURITY OPERATIONS
  • 25. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  • 26. Author: Chris Hoke Managing Director, Security, Sirius Jose Ferreira Security Solutions Territory Manager, Sirius www.siriuscom.com Sirius is a national integrator of technology- based business solutions that span the enterprise, including the data center and lines of business. Built on products and services from the world’s top technology companies, Sirius solutions are installed, configured and supported by our dedicated teams of highly certified experts.