6 Steps to Secure Your Organization from Cybersecurity Threats

John Christly
Global Chief Information Security Officer
Netsurion and EventTracker
• Cybersecurity Evangelist, security blogger, threat researcher, and has participated in
international, regional and national events as a speaker and panelist
• Has taught groups including ISACA, ACFE, and ISSA on topics ranging from forensics to
auditing IT systems for fraud
• Is the former Founder and CEO of OMC Systems, a cybersecurity advisory firm that
developed a custom web based incident management platform used in healthcare
• Is an MSI Senior Fellow™ and has many years of experience in technical and
cybersecurity management both domestically and internationally
• Holds various certifications including the ISC2 CISSP, Certified Fraud Examiner, AccessData
Certified Examiner, PMI PMP, HIPAA Security Specialist, Lean Six Sigma Master Black Belt,
and is a Florida Licensed Private Investigator.
• Experience includes several industry regulations including HIPAA, HITECH, GLBA, FERPA,
FCPA, FIPA, and PCI
Copyright © 2017 Netsurion. All Rights Reserved. Reproduction Prohibited.

About Netsurion and EventTracker
Netsurion is a managed security service provider specializing in the protection of multi-location businesses’
information, payment systems, and Wi-Fi networks from data breaches, network outages, and ever-evolving
cyberthreats.
Netsurion’s patented remote installation process and PCI compliance solutions help simplify the
implementation process and ongoing support. Any sized branch or remote office, franchise, or sole proprietor
operation can use Netsurion without the costs of on-site support.
Our service offering – SIEM-at-the-Edge – is powered by our subsidiary, EventTracker, which helps deliver
comprehensive security benefits to “edge” locations that normally would not have the means to leverage such
a solution.
EventTracker’s advanced security solutions protect enterprises and small businesses from data breaches
and insider fraud, and streamline regulatory compliance. EventTracker’s platform comprises SIEM,
vulnerability scanning, intrusion detection, behavior analytics, a HoneyNet deception network and other
defense-in-depth capabilities within a single management platform.
The company complements its state-of-the-art technology with 24/7 managed services from its global
security operations center (SOC) to ensure its customers achieve desired outcomes—safer networks,
better endpoint security, earlier detection of intrusion, and relevant and specific threat intelligence.
The company serves the retail, hospitality, healthcare, legal, banking and financial services, utilities, and
government sectors.

Humans are the weakest link
Humansaretheweakestlink
According to the Verizon
DBIR 2016, phishing tops
the list of increasing
concerns and
cybercriminals are
exploiting humans as the
weakest link
phishing 63% of confirmed data
breaches involved leveraging
weak/default/stolen
passwords

Best Practice #1: Secure the human
• Provide employees with
cybersecurity awareness training.
• Control access to critical systems
and information.

Absolute security is impossible
SECURITY SPEND
DOES NOT ALWAYS
CORRELATE TO
EFFECTIVENESS

Best Practice #2: Optimize your security
investment
• Conduct IT asset audit and prioritize
assets based on risk.
• Identify events that can cause
interruptions to business processes,
along with the probability and
impact, and their consequences for
information security.**
• Designate your highest level of
protection to your most critical
assets.

Best Practice #3: Start with the basics
Think of it as layers of protection. The basic layer of security, at the bottom, is the
staple of every business network.
• Firewalls
• Up-to-date Anti-virus
• Patch Management
• Vulnerability Management
IDS/IPSPay Attention Patch ManagementAnti-Virus
Vulnerability Scanner
Unified Threat
Mgmt
AuthenticationNextGen Firewall

Best Practice #4: Layer on more advanced
security
HardenedDiligent
IDS/IPSPay Attention Patch ManagementAnti-Virus
Vulnerability Scanner
File Integrity
Monitoring
Vulnerability Assessment
Log Search
PCI-DSS | HIPAA | FFIEC | SEC
FISMA | Gov| Military/RMF|
etc.
Compliance Reports
Review & Annotation
Incidents
Notifications
Centralized Log
Management
International ISO
27001(2) GPG 13
UK
Unified Threat
Mgmt
AuthenticationNextGen Firewall

There’s no such thing as perfect prevention
82%
67% of attackers spent
several days retrieving assets.
25% of organizations
who suffered an incident
were able to discover it
within days.
of attackers were able to
complete a compromise
within “minutes.”
This trend points to an ongoing detection deficit disorder. The suggestion is that
defenders struggle to uncover the indicators of compromise.

Best Practice #5: Detection
You must look for other common
evidence of compromise, such as:
• command and control activity
• suspicious network traffic
• file access
• unauthorized use of valid
credentials

Hurdles to overcome

Best Practice #6: Co-sourcing
Improve Security & Operations
Real-time Visibility & Oversight
Augment Staff & Reduce Costs

 SIEM and event
correlation
 Actionable threat
intelligence
analyzed by SOC
 Unlimited log
management
SIEM and Log
Management
 Honeynet
deception as a
service
 Alert turning and
automated
response rules
 Endpoint USB
Monitoring
Threat Detection
and Response
 Vulnerability
assessment
 Network
vulnerability
scanning
 Network intrusion
detection
Vulnerability
Assessment
 Monitors user
activity and alerts
on anomalous
activity
 Reveals system
misuse or
compromise
 Ensures audit trails
for compliance
Behavior Analysis
 File integrity
monitoring
 Automated log
review
 FISMA, PCI DSS,
HIPAA, NIST, GPG13
and more
Compliance
Management
Firewall and Anti-Virus
Complete Managed Security

 Strategic security initiative roll-out
program
 Communication and change
management expertise
 Educate and encourage adoption
 Generate awareness and support
BrandGuard
Trust in your brand starts with security.
Security Adoption for Franchisees

DETECTRESPOND
PREVENTPREDICT
SIEMphonic (Co-Managed SIEM)
 Prevent: Vulnerability scan, harden, divert via Honeypot, PTaaS
 Detect: 24/7 coverage
 Respond: Forensics, remediation recommendations, on-site retainer
 Predict: Dedicated analyst team, broad threat intel sources, risk register
ANALYZE
MONITOR
24/7
 Full range of technology + services, ideal for small InfoSec teams
 Simplify and reduce the time to implement, administer and scale SIEM++
Advanced Threat Detection and Response
SIEMPHONIC
24/7 Co-Managed SIEM

PECB IT Security Training Courses
 ISO/IEC 27032 Lead Cybersecurity Manager
5 Day Course
 Lead Pen Test Professional
5 Days Course
 ISO/IEC 27034 Application Security
5 Days Course
 ISO/IEC 27035 Information Security Incident Management
5 Days Course
 Computer Forensics Examiner
5 Days Course
Exam and certification fees are included in the training price.
https://www.pecb.com/it-security | www.pecb.com/events

?
jchristly@netsurion.com
www.netsurion.com
www.eventtracker.com
https://www.linkedin.com/in/johnchristly
@christly
@Netsurion @logtalk
THANK YOU

6 Steps to Secure Your Organization from Cybersecurity Threats

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (7)

Plus de PECB

Plus de PECB (20)

Dernier

Dernier (20)

6 Steps to Secure Your Organization from Cybersecurity Threats

Notes de l'éditeur