SlideShare une entreprise Scribd logo

Security Whack-a-Mole: SANS 2017 Threat Landscape Survey

Qualys
Qualys

As quickly as we learn to detect new threats, the threats change — like a game of Whack-a-Mole happening at an ever-increasing pace. A new survey by the SANS Institute focuses on providing valuable intelligence into the types of threats most severely impacting organizations like yours, and how those threats are evolving. In this webcast, Lee Neely, who teaches cyber security courses for SANS, Mark Butler, Chief Information Security Officer at Qualys, and other survey sponsors discuss what threat actors are currently up to and how they’re getting around existing defenses, so that you can anticipate attacks and get ahead of the attackers. Key trends discussed include: • Primary vectors attackers enter through • Methods attackers use most effectively as part of their layered attacks • Impacts of breaches and how to remediate • Best places to apply defenses • Lessons learned by those who have been breached Watch the on-demand webcast: https://www.sans.org/webcasts/105430 Download the complete report: https://goo.gl/rP4KEs

Technologie
1  sur  42
Télécharger pour lire hors ligne
Security Whack-a-Mole 2017 Threat Landscape Survey 1
from the most trusted name in information security • Lee Neely, SANS Analyst and Instructor • Chad Skipper, VP of Industry Relations and Product Testing, Cylance • Robert Leong, Director of Product Management within McAfee Labs, McAfee • Sean Murphy, Senior Manager of Solutions Architecture, FireEye • Mark Butler, Chief Information Security Officer, Qualys Today’s Speakers 2© 2017 The SANS™ Institute – www.sans.org
from the most trusted name in information security SANS 2017 THREAT LANDSCAPE SURVEY Security Whack-a-Mole: Users On the Front Line 3
from the most trusted name in information security Threats Seen with Significant Impact Most seen: • Phishing • Spyware • Ransomware • Trojans Significant: • Phishing • Ransomware • DDoS* • APT 4
from the most trusted name in information security Malware-less with Significant Impact Most seen: • Scripting attacks • Compromised creds • Process exploits Significant: • Compromised creds • Scripting attacks • Process exploits • Malicious binaries 5 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Credentialcompromise orprivilegeescalation Scriptingattacks (PowerShell,… Processexploit(ina browser) Maliciousbinaries HTTPSdowngradeof encryptedconnection Lateralmovementfrom otherdevices Hiddenregistries Processexploitof otherservices Memory-based(file- less)attacks Writingbinarytodisk Other What type of malware-less threats have you just seen in your organization or which you have seen and had the most significant impact? If you have not encountered malware-less threats, please skip this question. Just Seen Seen and Significant Impact
from the most trusted name in information security What Defines Significant? • Availability (DoS) • Cost to respond • Loss of sensitive data • Damage to brand/rep • Financial loss 6 0% 10% 20% 30% 40% 50% 60% Impactonavailability Costtorespondand recover Lossofsensitivedata Damagetobrandor reputation Financiallosstothe organization Triggeredinvestment innewtoolsor… Other What were the top three reasons you consider this incident to be the most significant? First Second Third
from the most trusted name in information security Impact? What Impact? 7 Nuisance 59%, DoS 27%, System damage 26% 0% 10% 20% 30% 40% 50% 60% Loss of intellectual property (IP) or other business-related sensitive… Payments made as result of ransomware Corporate financial accounts breached or drained Other Loss of personal identifying information (PII; Social Security… Customer financial data loss Data destruction, including loss of data integrity System damage Denial of service Nuisance What damages resulted from discovered threats? Select all that apply.
from the most trusted name in information security Zero-Day Threats 8 42.2% 24.0% 9.3% 8.9% 5.8% 3.5% 3.9% 2.3% How many of your significant threats were previously “unknown” threats or zero days? None 1–5% 6–10% 11–25% 26–50% 51–75% 76–99% 100%
from the most trusted name in information security Surprising Threats • Ransomware • Phishing • Targeted attacks • DNS poisoning • Malware on air-gapped laptops • Persistent malware • Accidental DDoS • SSO exploitation • Mobile inside attack 9
from the most trusted name in information security Threat Vectors Used 10 Email 74%, Browser 48%, Application 30%, Web server 26%, USB Media 26% 0% 20% 40% 60% 80% Other ICS system IoT device Cloud application or connection DNS vulnerability Firewall/IDS/UTM misconfiguration or weakness Third-party vendor or contractor connection Remote access service (VPN, RDP) compromise Server-side vulnerabilities User endpoint misconfiguration or configuration not up to date Removable storage device (USB) Web server or web application vulnerability Application vulnerability on user endpoints Web-based drive-by or download Email attachment or link What vector(s) did these threats take to enter your organization? Select those that most apply.
from the most trusted name in information security Discovery Versus Remediation 11 Within 24 hours: 72% Detected 63% Remediate 0% 5% 10% 15% 20% 25% 30% 35% Discovery Remediation On average, how much time do you estimate it took to discover the threats that actually became incidents? How long was it from discovery until you considered remediation complete? Please check both columns as they apply. Unknown < 1 hour 1–5 hours 6–24 hours 2–7 days 8–30 days 1–3 months 4–6 months 7–12 months
from the most trusted name in information security How Are Threats Revealed? Detection/Discovery Help Desk Calls • 42% Network monitoring • 37% UTM/IDS • 37% Help desk calls • 37% SIEM • 34% Log review 12 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Fewerthan10 10to15 16to20 21to50 Morethan50 How many calls per week does your help desk field are investigated as threats? How many calls actually represented actual incidents? Possible Threat Actual Threat
from the most trusted name in information security False Positives = Lost Resources 13 15.8% 24.9% 19.4% 17.4% 11.5% 6.3% 3.6% 1.2% How many threats that you followed up on could be considered “false positives” that don’t apply to your organization? None 1–5% 6–10% 11–25% 26–50% 51–75% 76–99% 100%
from the most trusted name in information security Determine Scope 14 0% 10% 20% 30% 40% 50% 60% 70% 80% Logmanagement Forensicsorincident responsetoolsor platform SIEM Threatintelligence Securityanalytics platform Third-partyincident responseservice Threathunting Other What tools or services do you find most helpful in accurately determining the scope of these events? Please select those that most apply. Tools Both Services
from the most trusted name in information security How Organizations Are Remediating Option Use Reimage/Restore compromised machines from gold baseline image 77.5% Isolate infected machines from the network while remediation is performed 78.4% Shut down system and take it offline 68.8% Quarantine affected hosts 68.8% Block command and control to malicious IP addresses 65.6% Update policies and rules based on IOC findings and lessons learned 57.8% Remove rogue files 58.7% Identify similar systems that are affected 57.8% Kill rogue processes 50.0% Remove file and registry keys related to the compromise without rebuilding or reinstalling the entire machine 43.1% Reboot system to recovery media 38.5% Boot from removable media and repair system remotely 36.2% Remotely deploy custom content or signatures from security vendor 44.5% Other 10.1% 15 Frequency of Remediation: 36% Weekly, 19% Monthly, 18% Daily
from the most trusted name in information security Ability to Respond Overall confidence in meeting challenges: 16 Challenge Confidence Respond to significant threats on the network and endpoints 90% Detect significant threats occurring on your network and endpoints 82% Intercept threats before they cause damage on your network and endpoints 74% Remove all artifacts of significant threats on network and endpoints 73% Detect zero days/unknown threats that could impact your organization 48%
from the most trusted name in information security Prevention & Challenges 17 Prevention: Train Users, Improve OpSec, Better Net/Endpoint Visibility 0% 10% 20% 30% 40% 50% 60% Filteringouttoomuch noiseorfalse-positive activity Distinguishingreal, high-impactthreats Collectingthe appropriatethreat detectiondata Lackofskillsand budgetforprotecting againstthreats Establishingan appropriatebaseline thatdefinesnormal Findingnewunknown threatsourcurrent securityinfrastructure doesn’thave… Visibilityintothreats acrossmultiple systemsandthreat actions Inabilitytofullydeploy newprotectionsfor knownrisksbeforea breach Inabilitytoscope threateffectsoncewe discoverthethreat Other What challenges do you face in protecting against threats in your enterprise? Select all that apply.
from the most trusted name in information security Improvements: Investments 18 User Training, OpSec, Staff Training, Existing Technology Use 0% 5% 10% 15% 20% 25% Improve our application security processes Other Improve our approach to secure development Improve visibility into network and endpoint behavior for… Improve our use of existing endpoint security and… Invest in new network security and detection technology Invest in new endpoint security and detection… Improve our use of existing network security and… Invest in training our staff in existing or new skills, such… Improve our operational security practices (e.g., timely… Train our users to be more aware In the next 18 months, in what area do you intend to make a major investment to protect, detect and respond to threats in your environment?
from the most trusted name in information security Endpoints on the Front Line • 74% of respondents named clicking a link or opening an attachment in an email as the top ways threats enter the organization, and 48% named web drive-by or download, both of which involve user intervention • 21% identified awareness training for users as the top mitigation effort they intend to invest in over the next 18 months • 81% see endpoint security tools as the most helpful for threat detection • 81% noted log management tools and services were helpful in determining threat scope 19
from the most trusted name in information security Conclusions • Few new weaknesses • Zero-day threats exploit same old weaknesses • Endpoints are the primary target • User training • Time to turn on it’s head • Operational procedures • Need to cleanup • Supporting technology needed • Operations, Users and Endpoints 20
Presenter’s Name Presenter's Position Chad Skipper VP Industry Relations & Product Testing SANS Threat Landscape Survey
S I G N I F I C AN C E O F U N K N O W N T H R E AT S Traditional security approach is no match for today’s dynamic threat landscape Respondents had some significant threats within their environment that were previously unknown Achieve a State of Prevention with Cylance 58% • It only takes one small change to an existing threat to make static signature based detection useless • Relying on static detection techniques is highly ineffective, especially with unknown threats • Organizations need security products capable of detecting unknown threats prior to detonation
C H AL L E N G E S FAC E D I N P R O T E C T I N G AG AI N S T T H R E AT S Indicated a key challenge is finding the unknown threats where their current security infrastructure doesn’t have signatures Achieve a State of Prevention with Cylance 60% Big data means big problems for security products • Vast amounts of security data generated daily, much of which is irrelevant • Redundant events from different security products drive down efficiency of security analysts • With expertise shortage organizations need security tools that reduce the noise, introduce automation, and make security analysts more efficient
T H E I M PAC T O F D I S C O V E R E D T H R E AT S Impact of availability Cost to respond & recover Loss of sensitive data Achieve a State of Prevention with Cylance The long tail of security incidents • Recovering from successful breaches and compromises impact employee effectiveness • Imaging of drives, overtime, or contracting outside help to recover makes incident response costs explode • Losing customer data will result in fines, added scrutiny from regulators, as well as impact brand perception
AR E W E L O O K I N G I N T H E W R O N G D I R E C T I O N ? NOT CONFIDENT DETECTING UNKNOWN THREATS Achieve a State of Prevention with Cylance 51% Demand the following from vendors: • First and foremost focus on preventing threats from impacting business, pre execution • Provide capabilities to uncover and prevent unknown threats in real time • Deliver consistent visibility across endpoints to enable easy threat hunting and fast incident response • Security should be silent on the endpoint with low system resources as to not disrupt business
26Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 McAfee Company Confidential, Copyright 2017 Security Whack-a-Mole Threat Landscape Survey How are attackers getting past defenses and what can we do about it? Robert H. Leong | Director, Product Management Version 1.4RC2 McAfee Labs, Office of the CTO
27Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Recreational / Vandals Cybercriminals / Organized Crime Hacktivism / Reputation Attacks State Sponsored Cyberespionage Cyberattacks Sources: McAfee Labs/OCTO 2017 Why Is Whack-a-Mole Occurring?
28Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 What are the Underlying Methods used by these Threats? Malware will change disguises on every PC Malware can see the sandbox Malware ‘Piggybacks’ behind clean applications Malware will misuse clean applications Malware uses “file-less” methods McAfee Labs Threat Research • 44.5 B queries/day to Labs’ GTI • Detects 316 threats per minute, 5 per second • 250 threat researchers worldwide • 300+ million sensors globally • Over 15 billion lines of telemetry per day • 1.2 million files analyzed per day • 750,000 URLs analyzed per day • 300,000 files analyzed in a sandbox per day What “Moles” Are Getting In, and How Do We Know That? Methods attackers use most effectively as part of their layered attacks SANS 2017 Threat Landscape Survey • 40% respondents said phishing was top perceived threat (including spear-phishing and whaling) • 20% identified ransomware • 11% chose DDoS • 11% chose APT
29Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Layered Security: Attacks Must Pass Layers – Layers Speak to Each Other Layer 5 Layer 1 Layer 2 Layer 3 Layer 4 Layer 0 Layer 6 What Did You See? Should Other Layers Know About It or do Something About it? “Have we or anyone else seen this before? How often? How long? Did it do anything bad worldwide?” “Have we run this thing before? Do we know if this is clean or dirty based on what it did then? If we put it in a fake room and let it run right now, does it do anything bad?” “Do the fingerprints match any dirty objects? Does the way it looks match any dirty objects? Does its relationships reveal anything bad?” “If this thing is still suspicious, what should we prevent it from doing? Is it performing bad behaviors right now? When we unmask its blueprints, does it imply bad behavior? “If we put it in a fake room and let it run, does it do anything bad? Has anyone else put it in a fake room and let it run? Did they find anything out?” “Looking at what happened as the object came in to our house, did it do anything suspicious or bad? Did it follow a suspicious path or do something weird across our Networks to get to us? Did a lot of suspicious activities occur? “ “If we look at the overall activity of suspicious stuff on the network, then do we see an attack pattern? Can we figure out what’s bad and then fix it?“ Successful “Whack-a-Mole” Defenses
30Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Change disguises on every PC Can see the sandbox ‘Piggybacks’ behind clean applications Misuse clean applications Uses “file- less” methods Whack-a-Mole Success Statistics… Where is the mole usually slowed or stopped?
Copyright © FireEye, Inc. All rights reserved.31 Copyright © FireEye, Inc. All rights reserved.31 Identifying and Prioritizing Advanced Threats SANS 2017 Threat Landscape Survey Presented by: Sean Murphy, Sr. Manager Americas Solutions Architects Global Services & Intelligence
Copyright © FireEye, Inc. All rights reserved.32 SURVEY SAYS: CHALLENGES REMAIN CONSTANT Security budgets are flat or falling Can’t find Security Expertise Lack of deep visibility into emerging threats Overwhelmed by Data Volumes
Copyright © FireEye, Inc. All rights reserved.33 Frequency-based Based on numbers (includes Global Prevalence) Hunting – Hypothesis-driven analysis Significant ExperienceMinimal Experience Intelligence-based Based on things we have seen before Anomaly-based Based on norms or non-standard characteristics (Or some combination of the above) Discovery Indicators TTPs/Methodologies Signatures Adaptive Detection Proven: Codified into detection products High confidence, low false positives Intelligence researchers integrate IOCs and malware samples Advanced: Experienced analysts search through large data sets to find anomalies or evidence of compromise Broad Hunting Expertise TTP-based Based on methodology of attackers and signals Fidelity Refined: Develop filters to detect attacker TTPs Proactive sweeps across enterprise Scalable, repeatable, & measurableDeliberate Hunting Higher Fidelity Lower Fidelity Hunting is the process of applying our understanding of attackers and malware to raw data in order to find evil in the absence of alerts. Assume evil is happening. Assume we’re missing something.
Copyright © FireEye, Inc. All rights reserved.34 Hunting – Gathering the Evidence and Applying Knowledge Endpoint Visibility: • Registry key creation/modification • File writes • DNS lookups • Network connections • Process execution • User creation/privilege escalation Network Visibility: • Packet capture • Netflow • Network metadata Log Data: • Remote access • Authentication • Native OS or Application event logs • Security alerts (Sandbox, AV, IDS/IPS, Proxy, FW) KNOWLEDGE is the sum of INTELLIGENCE and EXPERIENCE Intelligence: • Atomic indicators/telemetry • Techniques, tactics, procedures • Threat actor history and motivation • Relationships Experience: • Do you know who is targeting you and what they want? • Have you responded to an incident like this before? • Have you encountered this threat actor before?
Copyright © FireEye, Inc. All rights reserved.35 FireEye-as-a-Service provides continuous compromise assessment and response, using FireEye products and intelligence to detect signs of intrusion early, rapidly investigate, and provide the answers you need to respond effectively. In most cases, detection through response occurs within hours, drastically minimizing the scope, impact, and cost of a breach. FireEye-as-a-Service offers answers, not alerts. VISIBILITY Across the threatscape Across your environment SPEED Accelerate detection and response Reduce dwell time LOWER COST Lower dwell time = lower impact IR cost avoidance Integrated Technology Unrivaled Intelligence Proven Expertise Intelligence Detection Validation & Triage Communication Investigation & Response Threat Hunting Gain visibility into emerging attacks and campaigns Know when you are truly compromised and minimize impact Amplify your team with experts to accelerate response Deploy Fortune 50 Security at a fraction of the cost
SANS Threat Landscape Survey Mark Butler CISO, Qualys, Inc.
Threat Landscape Endpoint Prevent & Detect Email & Internet browsing risks = ransomware & file- less malware risks & exposures Existing Account credential takeover Memory based exploits will increase to avoid detection Network Monitor & Restore Traffic Patterns Analysis / Geo Filters / Bandwidth Tuning Threat Intelligence Gaps (lack of context) SSL / Payload Analysis / Connection Tracking DDoS / DNS / Circuit Protection / Resiliency Identity Monitor & Recover Account behaviors not tracked over time Existing Acct Misuse Lack of clearly defined Roles / Functions / Permissions Credential Mgmt. / Token / 2FA / One-time use tokens 37
Observations of Qualys Threat Data Inadequate Patching timing: high severity vulnerabilities are taking 100+ days to patch/configure/correct Exploits and attacks patterns are speeding up and taking < 30 days on average (WannaCry was distributed in 26 days) 38
39 The core IT service areas must be improved: • Risk Identification, Monitoring critical in-scope assets • Alert Speed, Triage Accuracy, Enabling effective response • Asset & Configuration Management / Build Compliance • Effective Vulnerability Remediation over time for real risks targeting individual environments vs. commodity risks • Network Architecture and Segmentation gaps Observations of Qualys Threat Data
Recommendations 40 • Take time to learn instead of wiping / re-imaging systems quickly • Track progress on solving root cause issues System build compliance, administrative access, unapproved software, poor email/internet filters, user security awareness competencies • Increase data analytics skills and capabilities • Figure out how to ask the harder questions (Why / Root Cause) • What vertical specific attacks or malware families are seen? • Why are the threat patterns occurring? Network attacks to capture Health Data – ePHI, DDoS attacks to cover up account fraud, POS attacks for capturing CHD, Diversion attacks
from the most trusted name in information security Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 41
from the most trusted name in information security Acknowledgements Thanks to our sponsors: Cylance, FireEye, McAfee, and Qualys To our special guests: Chad Skipper, Robert Leong, Sean Murphy, and Mark Butler And to our attendees, Thank you for joining us today! 42

Recommandé

Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Web App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationWeb App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationQualys
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 

Recommandé

Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...Qualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Web App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationWeb App Attacks - Stats & Remediation
Web App Attacks - Stats & RemediationQualys
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...Cam Fulton
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareQualys
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mrISSA LA
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 

Contenu connexe

Tendances

How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOsQualys
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...Cam Fulton
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareQualys
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mrISSA LA
 

Tendances (20)

How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Qualys Brochure for CISOs
Qualys Brochure for CISOsQualys Brochure for CISOs
Qualys Brochure for CISOs
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry RansomwareHow to Rapidly Identify Assets at Risk to WannaCry Ransomware
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
Outpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk scoreOutpost24 webinar: Security Analytics: what's in a risk score
Outpost24 webinar: Security Analytics: what's in a risk score
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 

Similaire à Security Whack-a-Mole: SANS 2017 Threat Landscape Survey

EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesSandeep Yadav
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Enterprise Management Associates
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceSolarWinds
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Oscar Romano
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced ThreatsHannah Jenney
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 

Similaire à Security Whack-a-Mole: SANS 2017 Threat Landscape Survey (20)

EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Network Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for EnterprisesNetwork Security Risks and Challenges for Enterprises
Network Security Risks and Challenges for Enterprises
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security Conference
 
Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016Reporte de Seguridad de Cisco 2016
Reporte de Seguridad de Cisco 2016
 
5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats5 Key Findings on Advanced Threats
5 Key Findings on Advanced Threats
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security Threats
 
Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinar
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 

Dernier

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Security Whack-a-Mole: SANS 2017 Threat Landscape Survey

  • 2. from the most trusted name in information security • Lee Neely, SANS Analyst and Instructor • Chad Skipper, VP of Industry Relations and Product Testing, Cylance • Robert Leong, Director of Product Management within McAfee Labs, McAfee • Sean Murphy, Senior Manager of Solutions Architecture, FireEye • Mark Butler, Chief Information Security Officer, Qualys Today’s Speakers 2© 2017 The SANS™ Institute – www.sans.org
  • 3. from the most trusted name in information security SANS 2017 THREAT LANDSCAPE SURVEY Security Whack-a-Mole: Users On the Front Line 3
  • 4. from the most trusted name in information security Threats Seen with Significant Impact Most seen: • Phishing • Spyware • Ransomware • Trojans Significant: • Phishing • Ransomware • DDoS* • APT 4
  • 5. from the most trusted name in information security Malware-less with Significant Impact Most seen: • Scripting attacks • Compromised creds • Process exploits Significant: • Compromised creds • Scripting attacks • Process exploits • Malicious binaries 5 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Credentialcompromise orprivilegeescalation Scriptingattacks (PowerShell,… Processexploit(ina browser) Maliciousbinaries HTTPSdowngradeof encryptedconnection Lateralmovementfrom otherdevices Hiddenregistries Processexploitof otherservices Memory-based(file- less)attacks Writingbinarytodisk Other What type of malware-less threats have you just seen in your organization or which you have seen and had the most significant impact? If you have not encountered malware-less threats, please skip this question. Just Seen Seen and Significant Impact
  • 6. from the most trusted name in information security What Defines Significant? • Availability (DoS) • Cost to respond • Loss of sensitive data • Damage to brand/rep • Financial loss 6 0% 10% 20% 30% 40% 50% 60% Impactonavailability Costtorespondand recover Lossofsensitivedata Damagetobrandor reputation Financiallosstothe organization Triggeredinvestment innewtoolsor… Other What were the top three reasons you consider this incident to be the most significant? First Second Third
  • 7. from the most trusted name in information security Impact? What Impact? 7 Nuisance 59%, DoS 27%, System damage 26% 0% 10% 20% 30% 40% 50% 60% Loss of intellectual property (IP) or other business-related sensitive… Payments made as result of ransomware Corporate financial accounts breached or drained Other Loss of personal identifying information (PII; Social Security… Customer financial data loss Data destruction, including loss of data integrity System damage Denial of service Nuisance What damages resulted from discovered threats? Select all that apply.
  • 8. from the most trusted name in information security Zero-Day Threats 8 42.2% 24.0% 9.3% 8.9% 5.8% 3.5% 3.9% 2.3% How many of your significant threats were previously “unknown” threats or zero days? None 1–5% 6–10% 11–25% 26–50% 51–75% 76–99% 100%
  • 9. from the most trusted name in information security Surprising Threats • Ransomware • Phishing • Targeted attacks • DNS poisoning • Malware on air-gapped laptops • Persistent malware • Accidental DDoS • SSO exploitation • Mobile inside attack 9
  • 10. from the most trusted name in information security Threat Vectors Used 10 Email 74%, Browser 48%, Application 30%, Web server 26%, USB Media 26% 0% 20% 40% 60% 80% Other ICS system IoT device Cloud application or connection DNS vulnerability Firewall/IDS/UTM misconfiguration or weakness Third-party vendor or contractor connection Remote access service (VPN, RDP) compromise Server-side vulnerabilities User endpoint misconfiguration or configuration not up to date Removable storage device (USB) Web server or web application vulnerability Application vulnerability on user endpoints Web-based drive-by or download Email attachment or link What vector(s) did these threats take to enter your organization? Select those that most apply.
  • 11. from the most trusted name in information security Discovery Versus Remediation 11 Within 24 hours: 72% Detected 63% Remediate 0% 5% 10% 15% 20% 25% 30% 35% Discovery Remediation On average, how much time do you estimate it took to discover the threats that actually became incidents? How long was it from discovery until you considered remediation complete? Please check both columns as they apply. Unknown < 1 hour 1–5 hours 6–24 hours 2–7 days 8–30 days 1–3 months 4–6 months 7–12 months
  • 12. from the most trusted name in information security How Are Threats Revealed? Detection/Discovery Help Desk Calls • 42% Network monitoring • 37% UTM/IDS • 37% Help desk calls • 37% SIEM • 34% Log review 12 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Fewerthan10 10to15 16to20 21to50 Morethan50 How many calls per week does your help desk field are investigated as threats? How many calls actually represented actual incidents? Possible Threat Actual Threat
  • 13. from the most trusted name in information security False Positives = Lost Resources 13 15.8% 24.9% 19.4% 17.4% 11.5% 6.3% 3.6% 1.2% How many threats that you followed up on could be considered “false positives” that don’t apply to your organization? None 1–5% 6–10% 11–25% 26–50% 51–75% 76–99% 100%
  • 14. from the most trusted name in information security Determine Scope 14 0% 10% 20% 30% 40% 50% 60% 70% 80% Logmanagement Forensicsorincident responsetoolsor platform SIEM Threatintelligence Securityanalytics platform Third-partyincident responseservice Threathunting Other What tools or services do you find most helpful in accurately determining the scope of these events? Please select those that most apply. Tools Both Services
  • 15. from the most trusted name in information security How Organizations Are Remediating Option Use Reimage/Restore compromised machines from gold baseline image 77.5% Isolate infected machines from the network while remediation is performed 78.4% Shut down system and take it offline 68.8% Quarantine affected hosts 68.8% Block command and control to malicious IP addresses 65.6% Update policies and rules based on IOC findings and lessons learned 57.8% Remove rogue files 58.7% Identify similar systems that are affected 57.8% Kill rogue processes 50.0% Remove file and registry keys related to the compromise without rebuilding or reinstalling the entire machine 43.1% Reboot system to recovery media 38.5% Boot from removable media and repair system remotely 36.2% Remotely deploy custom content or signatures from security vendor 44.5% Other 10.1% 15 Frequency of Remediation: 36% Weekly, 19% Monthly, 18% Daily
  • 16. from the most trusted name in information security Ability to Respond Overall confidence in meeting challenges: 16 Challenge Confidence Respond to significant threats on the network and endpoints 90% Detect significant threats occurring on your network and endpoints 82% Intercept threats before they cause damage on your network and endpoints 74% Remove all artifacts of significant threats on network and endpoints 73% Detect zero days/unknown threats that could impact your organization 48%
  • 17. from the most trusted name in information security Prevention & Challenges 17 Prevention: Train Users, Improve OpSec, Better Net/Endpoint Visibility 0% 10% 20% 30% 40% 50% 60% Filteringouttoomuch noiseorfalse-positive activity Distinguishingreal, high-impactthreats Collectingthe appropriatethreat detectiondata Lackofskillsand budgetforprotecting againstthreats Establishingan appropriatebaseline thatdefinesnormal Findingnewunknown threatsourcurrent securityinfrastructure doesn’thave… Visibilityintothreats acrossmultiple systemsandthreat actions Inabilitytofullydeploy newprotectionsfor knownrisksbeforea breach Inabilitytoscope threateffectsoncewe discoverthethreat Other What challenges do you face in protecting against threats in your enterprise? Select all that apply.
  • 18. from the most trusted name in information security Improvements: Investments 18 User Training, OpSec, Staff Training, Existing Technology Use 0% 5% 10% 15% 20% 25% Improve our application security processes Other Improve our approach to secure development Improve visibility into network and endpoint behavior for… Improve our use of existing endpoint security and… Invest in new network security and detection technology Invest in new endpoint security and detection… Improve our use of existing network security and… Invest in training our staff in existing or new skills, such… Improve our operational security practices (e.g., timely… Train our users to be more aware In the next 18 months, in what area do you intend to make a major investment to protect, detect and respond to threats in your environment?
  • 19. from the most trusted name in information security Endpoints on the Front Line • 74% of respondents named clicking a link or opening an attachment in an email as the top ways threats enter the organization, and 48% named web drive-by or download, both of which involve user intervention • 21% identified awareness training for users as the top mitigation effort they intend to invest in over the next 18 months • 81% see endpoint security tools as the most helpful for threat detection • 81% noted log management tools and services were helpful in determining threat scope 19
  • 20. from the most trusted name in information security Conclusions • Few new weaknesses • Zero-day threats exploit same old weaknesses • Endpoints are the primary target • User training • Time to turn on it’s head • Operational procedures • Need to cleanup • Supporting technology needed • Operations, Users and Endpoints 20
  • 21. Presenter’s Name Presenter's Position Chad Skipper VP Industry Relations & Product Testing SANS Threat Landscape Survey
  • 22. S I G N I F I C AN C E O F U N K N O W N T H R E AT S Traditional security approach is no match for today’s dynamic threat landscape Respondents had some significant threats within their environment that were previously unknown Achieve a State of Prevention with Cylance 58% • It only takes one small change to an existing threat to make static signature based detection useless • Relying on static detection techniques is highly ineffective, especially with unknown threats • Organizations need security products capable of detecting unknown threats prior to detonation
  • 23. C H AL L E N G E S FAC E D I N P R O T E C T I N G AG AI N S T T H R E AT S Indicated a key challenge is finding the unknown threats where their current security infrastructure doesn’t have signatures Achieve a State of Prevention with Cylance 60% Big data means big problems for security products • Vast amounts of security data generated daily, much of which is irrelevant • Redundant events from different security products drive down efficiency of security analysts • With expertise shortage organizations need security tools that reduce the noise, introduce automation, and make security analysts more efficient
  • 24. T H E I M PAC T O F D I S C O V E R E D T H R E AT S Impact of availability Cost to respond & recover Loss of sensitive data Achieve a State of Prevention with Cylance The long tail of security incidents • Recovering from successful breaches and compromises impact employee effectiveness • Imaging of drives, overtime, or contracting outside help to recover makes incident response costs explode • Losing customer data will result in fines, added scrutiny from regulators, as well as impact brand perception
  • 25. AR E W E L O O K I N G I N T H E W R O N G D I R E C T I O N ? NOT CONFIDENT DETECTING UNKNOWN THREATS Achieve a State of Prevention with Cylance 51% Demand the following from vendors: • First and foremost focus on preventing threats from impacting business, pre execution • Provide capabilities to uncover and prevent unknown threats in real time • Deliver consistent visibility across endpoints to enable easy threat hunting and fast incident response • Security should be silent on the endpoint with low system resources as to not disrupt business
  • 26. 26Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 McAfee Company Confidential, Copyright 2017 Security Whack-a-Mole Threat Landscape Survey How are attackers getting past defenses and what can we do about it? Robert H. Leong | Director, Product Management Version 1.4RC2 McAfee Labs, Office of the CTO
  • 27. 27Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Recreational / Vandals Cybercriminals / Organized Crime Hacktivism / Reputation Attacks State Sponsored Cyberespionage Cyberattacks Sources: McAfee Labs/OCTO 2017 Why Is Whack-a-Mole Occurring?
  • 28. 28Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 What are the Underlying Methods used by these Threats? Malware will change disguises on every PC Malware can see the sandbox Malware ‘Piggybacks’ behind clean applications Malware will misuse clean applications Malware uses “file-less” methods McAfee Labs Threat Research • 44.5 B queries/day to Labs’ GTI • Detects 316 threats per minute, 5 per second • 250 threat researchers worldwide • 300+ million sensors globally • Over 15 billion lines of telemetry per day • 1.2 million files analyzed per day • 750,000 URLs analyzed per day • 300,000 files analyzed in a sandbox per day What “Moles” Are Getting In, and How Do We Know That? Methods attackers use most effectively as part of their layered attacks SANS 2017 Threat Landscape Survey • 40% respondents said phishing was top perceived threat (including spear-phishing and whaling) • 20% identified ransomware • 11% chose DDoS • 11% chose APT
  • 29. 29Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Layered Security: Attacks Must Pass Layers – Layers Speak to Each Other Layer 5 Layer 1 Layer 2 Layer 3 Layer 4 Layer 0 Layer 6 What Did You See? Should Other Layers Know About It or do Something About it? “Have we or anyone else seen this before? How often? How long? Did it do anything bad worldwide?” “Have we run this thing before? Do we know if this is clean or dirty based on what it did then? If we put it in a fake room and let it run right now, does it do anything bad?” “Do the fingerprints match any dirty objects? Does the way it looks match any dirty objects? Does its relationships reveal anything bad?” “If this thing is still suspicious, what should we prevent it from doing? Is it performing bad behaviors right now? When we unmask its blueprints, does it imply bad behavior? “If we put it in a fake room and let it run, does it do anything bad? Has anyone else put it in a fake room and let it run? Did they find anything out?” “Looking at what happened as the object came in to our house, did it do anything suspicious or bad? Did it follow a suspicious path or do something weird across our Networks to get to us? Did a lot of suspicious activities occur? “ “If we look at the overall activity of suspicious stuff on the network, then do we see an attack pattern? Can we figure out what’s bad and then fix it?“ Successful “Whack-a-Mole” Defenses
  • 30. 30Robert H. Leong | McAfee Labs / OCTO | June 2017 MCAFEE COMPANY CONFIDENTIAL. COPYRIGHT 2017 Change disguises on every PC Can see the sandbox ‘Piggybacks’ behind clean applications Misuse clean applications Uses “file- less” methods Whack-a-Mole Success Statistics… Where is the mole usually slowed or stopped?
  • 31. Copyright © FireEye, Inc. All rights reserved.31 Copyright © FireEye, Inc. All rights reserved.31 Identifying and Prioritizing Advanced Threats SANS 2017 Threat Landscape Survey Presented by: Sean Murphy, Sr. Manager Americas Solutions Architects Global Services & Intelligence
  • 32. Copyright © FireEye, Inc. All rights reserved.32 SURVEY SAYS: CHALLENGES REMAIN CONSTANT Security budgets are flat or falling Can’t find Security Expertise Lack of deep visibility into emerging threats Overwhelmed by Data Volumes
  • 33. Copyright © FireEye, Inc. All rights reserved.33 Frequency-based Based on numbers (includes Global Prevalence) Hunting – Hypothesis-driven analysis Significant ExperienceMinimal Experience Intelligence-based Based on things we have seen before Anomaly-based Based on norms or non-standard characteristics (Or some combination of the above) Discovery Indicators TTPs/Methodologies Signatures Adaptive Detection Proven: Codified into detection products High confidence, low false positives Intelligence researchers integrate IOCs and malware samples Advanced: Experienced analysts search through large data sets to find anomalies or evidence of compromise Broad Hunting Expertise TTP-based Based on methodology of attackers and signals Fidelity Refined: Develop filters to detect attacker TTPs Proactive sweeps across enterprise Scalable, repeatable, & measurableDeliberate Hunting Higher Fidelity Lower Fidelity Hunting is the process of applying our understanding of attackers and malware to raw data in order to find evil in the absence of alerts. Assume evil is happening. Assume we’re missing something.
  • 34. Copyright © FireEye, Inc. All rights reserved.34 Hunting – Gathering the Evidence and Applying Knowledge Endpoint Visibility: • Registry key creation/modification • File writes • DNS lookups • Network connections • Process execution • User creation/privilege escalation Network Visibility: • Packet capture • Netflow • Network metadata Log Data: • Remote access • Authentication • Native OS or Application event logs • Security alerts (Sandbox, AV, IDS/IPS, Proxy, FW) KNOWLEDGE is the sum of INTELLIGENCE and EXPERIENCE Intelligence: • Atomic indicators/telemetry • Techniques, tactics, procedures • Threat actor history and motivation • Relationships Experience: • Do you know who is targeting you and what they want? • Have you responded to an incident like this before? • Have you encountered this threat actor before?
  • 35. Copyright © FireEye, Inc. All rights reserved.35 FireEye-as-a-Service provides continuous compromise assessment and response, using FireEye products and intelligence to detect signs of intrusion early, rapidly investigate, and provide the answers you need to respond effectively. In most cases, detection through response occurs within hours, drastically minimizing the scope, impact, and cost of a breach. FireEye-as-a-Service offers answers, not alerts. VISIBILITY Across the threatscape Across your environment SPEED Accelerate detection and response Reduce dwell time LOWER COST Lower dwell time = lower impact IR cost avoidance Integrated Technology Unrivaled Intelligence Proven Expertise Intelligence Detection Validation & Triage Communication Investigation & Response Threat Hunting Gain visibility into emerging attacks and campaigns Know when you are truly compromised and minimize impact Amplify your team with experts to accelerate response Deploy Fortune 50 Security at a fraction of the cost
  • 36. SANS Threat Landscape Survey Mark Butler CISO, Qualys, Inc.
  • 37. Threat Landscape Endpoint Prevent & Detect Email & Internet browsing risks = ransomware & file- less malware risks & exposures Existing Account credential takeover Memory based exploits will increase to avoid detection Network Monitor & Restore Traffic Patterns Analysis / Geo Filters / Bandwidth Tuning Threat Intelligence Gaps (lack of context) SSL / Payload Analysis / Connection Tracking DDoS / DNS / Circuit Protection / Resiliency Identity Monitor & Recover Account behaviors not tracked over time Existing Acct Misuse Lack of clearly defined Roles / Functions / Permissions Credential Mgmt. / Token / 2FA / One-time use tokens 37
  • 38. Observations of Qualys Threat Data Inadequate Patching timing: high severity vulnerabilities are taking 100+ days to patch/configure/correct Exploits and attacks patterns are speeding up and taking < 30 days on average (WannaCry was distributed in 26 days) 38
  • 39. 39 The core IT service areas must be improved: • Risk Identification, Monitoring critical in-scope assets • Alert Speed, Triage Accuracy, Enabling effective response • Asset & Configuration Management / Build Compliance • Effective Vulnerability Remediation over time for real risks targeting individual environments vs. commodity risks • Network Architecture and Segmentation gaps Observations of Qualys Threat Data
  • 40. Recommendations 40 • Take time to learn instead of wiping / re-imaging systems quickly • Track progress on solving root cause issues System build compliance, administrative access, unapproved software, poor email/internet filters, user security awareness competencies • Increase data analytics skills and capabilities • Figure out how to ask the harder questions (Why / Root Cause) • What vertical specific attacks or malware families are seen? • Why are the threat patterns occurring? Network attacks to capture Health Data – ePHI, DDoS attacks to cover up account fraud, POS attacks for capturing CHD, Diversion attacks
  • 41. from the most trusted name in information security Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 41
  • 42. from the most trusted name in information security Acknowledgements Thanks to our sponsors: Cylance, FireEye, McAfee, and Qualys To our special guests: Chad Skipper, Robert Leong, Sean Murphy, and Mark Butler And to our attendees, Thank you for joining us today! 42