SlideShare une entreprise Scribd logo

Operationalizing Security Intelligence [ InfoSec World 2014 ]

Rafal Los
Rafal Los

Security intelligence is only worthwhile if a relevant piece of information is obtained and analyzed in a timely manner and able to aide a rapid decision-making process to mitigate an imminent threat – this capability is part of the new school security approach of Detect, Respond, Resolve with greater efficiency and speed which all enterprises should be benefiting from.

TechnologieBusiness
1  sur  107
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. OperationalizingSecurity Intelligence Rafal M. Los Principal, Strategic Security Services HP Enterprise Security Services #InfoSecWorld-2014
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Tosetyourexpectations: Thisisasuper-ultracondensed introductiontoaverycomplex topic.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatis“securityintelligence”?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “collective set ofactivities, and artifacts to make intelligence- drivendecisions”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detect,respond,resolvemore effectivelyintheattacklifecycle
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. didsomeonesay“killchain”?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. reconnaissance weaponization delivery exploitationinstallation command & control (c2) actions on objectives TheLockheedMartin“KillChain”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. youradversariesareorganized
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. youradversariesareadaptable
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. yourdefensesarestatic
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. yourdefensesarepredictable
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. PREVENTIONISAMYTH
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. timeforabetter gameplan
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. oldgoal:don’tgetbreached
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. newgoal:disrupttheattack bonuspointsfordisruptingtheattacker
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. reality: yourdefenseswillbebreached
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. sonowwhat?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thistalkisaframeworkforyou
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ..changeislongoverdue.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thepuzzlepieces
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thetoolbox
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thedata
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. theoperationalprocesses
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. theactions
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. let’sbreakthatdown…
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thetoolbox
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. datastore aggregation andanalyticsengine
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. data data intelligence data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. scalable flexible extensible fast affordable
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. -variousscanningtools -work-streamsystem -collaborationtools
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thingstolookfor: • normalized input/output data format(s) • inter-operability • extensibility • scriptable automation • scalability • maintainability • feature richness • ease-of-use
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. pickatool-setthatmatchesyour companyprofile
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thedata
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. internal: knowyourenterpriseattacksurface
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. startwiththefundamentals
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. mapthenetwork identifyexistingtechnologies identifybusinesscriticalassets
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. createrepresentativedatamodels continuouslyupdatethesemodels
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “currentstate”[snapshot]
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatarewevulnerabletorightnow? whatarewedoingaboutit?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. THISisyourstartingpoint.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. nowaddcontext
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Attribute Data asset_type <asset_type> asset_criticality <criticality_level> OS <os_name> OS-patch-level <major_minor> purpose <text> owner <owner_name> owner-BU <business_unit> owner-contact-email <email> owner-contact-phone <phone> installed-software . change-info . vulnerability-info . … … software version software_name <version> software_name <version> software_name <version> … … change_info data last-change <date> last-change-made <text> last-change-tech <name> … … vuln_info data vulnerability <severity> … … 10.1.2.100
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thereisnosuchthing*as “toomuchinformation” * almost…
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “livedata”[continuousfeeds]
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detectchanges toenvironment inassets
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. determinenewthreats
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatchanged? whatisthepotentialimpact?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. continuousdetectionofchange • new (previously unseen) node on network • unauthorized configuration change • unauthorized change to application, or system • new/modified user, or access rights • new vulnerability or missing patch
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: TVMprogram (threat&vulnerabilitymanagement)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: configurationmanagementDB (manage,authorizeconfigchanges)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: collectivelogging (logkeyitems,onkeyassets)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. logaggregateanalyzeidentify refine
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Keyloggingquestionstoanswer: • what should you be logging? • what assets should you log from? • what should you look for? • how do you define ‘timely’? • how much should I be storing for analysis?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. external: besituationallyaware
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • sentiment against your brand/organization • threat climate of your business vertical • attacks against similar organizations, vertical • specific threats against your staff/resources • geopolitical issues pertaining to your enterprise • 3rd party reported vulnerabilities • 3rd party reported exploits • weaknesses in your external technologies • reported abused enterprise assets
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. refining‘data’purposefully IP address context external info analysis
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. definingandoperationalizing processes
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. gatheringinformation
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. failyourinformationquickly
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. it’sinteresting… butisituseful?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. notallinformationisuseful
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. toolstoparedowninformation • simple scripts • data analysis applications • relational mapping tools • ‘big data’ platforms • structured & unstructured data analyses
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. findinginformationiseasy
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. throwingawayjunkishard
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. refiningcollectedinformation
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. convertinformationtoknowledge
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. extremelydifficult
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. manualprocess,foranalysts
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. aidedbyautomation
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 2 3 4 5 6
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. deliveringintelligence
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. informationnecessary tomakeadecision
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. must.be.repeatable.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. must.be.actionable.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. AnalysisisNOTenough.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. needtoanswer:“Sowhat?”
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. providethoroughanalysis backedbyactualfacts,data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. inatimelyfashion
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. inauseful,consumableformat
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. takingaction
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. rulesofengagement (whatareyouallowedtodo?)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. take‘purposeful’action
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whichprocessisactivated? incidentresponse securityoperations
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. takingaction
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detect
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. beproactive out-maneuverthethreat
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. bereactive counteractivethreat
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. respond
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. mitigatethevulnerability
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. minimizetheimpactofattack
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. shutdownanactiveattack
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. activelyshiftdefenses
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. identifytheattacker
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. resolve
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. restoreservices
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Closed Loop Incident Process
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. adjustsecurityoperations
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. shareIOCs
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. quickrecap
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “SecurityIntelligence”is.. the capability to detect, respond, and resolveyour security incidents though an information-driven approach.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Youcandothis. Youneedtodothis.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Knowmore. Defendsmarter.

Recommandé

Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Rafal Los
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
PivotalOpenSourceHub
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)
Marco Casassa Mont
 

Recommandé

Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Rafal Los
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
PivotalOpenSourceHub
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)
Marco Casassa Mont
 
Iran Presentation
Iran PresentationIran Presentation
Iran Presentation
nycdivestment
 
Teresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docxTeresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docx
Ricardo Calado
 
Situacion de aprendizaje inducción
Situacion de aprendizaje inducciónSituacion de aprendizaje inducción
Situacion de aprendizaje inducción
Gerardo Saavedra Guevara
 
the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)
Yehudi Meshchaninov
 
Brussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado MathsBrussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado Maths
Ricardo Calado
 
Lloyd's List Iran Webinar
Lloyd's List Iran WebinarLloyd's List Iran Webinar
Lloyd's List Iran Webinar
Lloyd's List
 
C:\users\familia\desktop\los aviones
C:\users\familia\desktop\los avionesC:\users\familia\desktop\los aviones
C:\users\familia\desktop\los aviones
guesta76693
 
Toptal roadtrip
Toptal roadtripToptal roadtrip
Toptal roadtrip
Toptal
 
Congkak
CongkakCongkak
Congkak
Mohammud Hanif Dewan M.Phil.
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Certificate DP Maths SL
Certificate DP Maths SLCertificate DP Maths SL
Certificate DP Maths SL
Ricardo Calado
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Toolkit for day of the seafarer 2016
Toolkit for day of the seafarer 2016Toolkit for day of the seafarer 2016
Toolkit for day of the seafarer 2016
Day of the Seafarer | International Maritime Organization
 
Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involved
Matthew Farina
 
How to get one of those Open Source jobs
How to get one of those Open Source jobsHow to get one of those Open Source jobs
How to get one of those Open Source jobs
Mark Atwood
 
A Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional TestingvA Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional Testingv
TechWell
 
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
AdFan
 
Hp nfv movilforum as innovation engine for cs ps
Hp nfv movilforum as innovation engine for cs psHp nfv movilforum as innovation engine for cs ps
Hp nfv movilforum as innovation engine for cs ps
videos
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Jimmy Blake
 
Hybrid Cloud Workloads, Monty Taylor
Hybrid Cloud Workloads, Monty TaylorHybrid Cloud Workloads, Monty Taylor
Hybrid Cloud Workloads, Monty Taylor
Cloud Native Day Tel Aviv
 
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Puppet
 
iKariera 2015
iKariera 2015iKariera 2015
iKariera 2015
Tomáš Muchka
 

Contenu connexe

En vedette

Teresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docxTeresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docx
Ricardo Calado
 
the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)
Yehudi Meshchaninov
 
Brussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado MathsBrussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado Maths
Ricardo Calado
 
C:\users\familia\desktop\los aviones
C:\users\familia\desktop\los avionesC:\users\familia\desktop\los aviones
C:\users\familia\desktop\los aviones
guesta76693
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Certificate DP Maths SL
Certificate DP Maths SLCertificate DP Maths SL
Certificate DP Maths SL
Ricardo Calado
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 

En vedette (13)

Iran Presentation
Iran PresentationIran Presentation
Iran Presentation
 
Teresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docxTeresa Brito Reference Letter.docx
Teresa Brito Reference Letter.docx
 
Situacion de aprendizaje inducción
Situacion de aprendizaje inducciónSituacion de aprendizaje inducción
Situacion de aprendizaje inducción
 
the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)the-prussian-industrial-history-of-public-schooling1 (1)
the-prussian-industrial-history-of-public-schooling1 (1)
 
Brussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado MathsBrussels workshop Ricardo Calado Maths
Brussels workshop Ricardo Calado Maths
 
Lloyd's List Iran Webinar
Lloyd's List Iran WebinarLloyd's List Iran Webinar
Lloyd's List Iran Webinar
 
C:\users\familia\desktop\los aviones
C:\users\familia\desktop\los avionesC:\users\familia\desktop\los aviones
C:\users\familia\desktop\los aviones
 
Toptal roadtrip
Toptal roadtripToptal roadtrip
Toptal roadtrip
 
Congkak
CongkakCongkak
Congkak
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Certificate DP Maths SL
Certificate DP Maths SLCertificate DP Maths SL
Certificate DP Maths SL
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Toolkit for day of the seafarer 2016
Toolkit for day of the seafarer 2016Toolkit for day of the seafarer 2016
Toolkit for day of the seafarer 2016
 

Similaire à Operationalizing Security Intelligence [ InfoSec World 2014 ]

A Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional TestingvA Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional Testingv
TechWell
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to reality
AgileSparks
 

Similaire à Operationalizing Security Intelligence [ InfoSec World 2014 ] (20)

Why OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involvedWhy OpenStack matters and how you can get involved
Why OpenStack matters and how you can get involved
 
How to get one of those Open Source jobs
How to get one of those Open Source jobsHow to get one of those Open Source jobs
How to get one of those Open Source jobs
 
A Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional TestingvA Guide to Cross-Browser Functional Testingv
A Guide to Cross-Browser Functional Testingv
 
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
HP Officejet X Enterprise - Five reasons IT is rethinking ink in the office.
 
Hp nfv movilforum as innovation engine for cs ps
Hp nfv movilforum as innovation engine for cs psHp nfv movilforum as innovation engine for cs ps
Hp nfv movilforum as innovation engine for cs ps
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
 
Hybrid Cloud Workloads, Monty Taylor
Hybrid Cloud Workloads, Monty TaylorHybrid Cloud Workloads, Monty Taylor
Hybrid Cloud Workloads, Monty Taylor
 
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
Infrastructure-as-Code with Puppet Enterprise in the Cloud - PuppetConf 2014
 
iKariera 2015
iKariera 2015iKariera 2015
iKariera 2015
 
eDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to realityeDevOps in HPSW from buzzword to reality
eDevOps in HPSW from buzzword to reality
 
Rediscover Software Development Edward Hieatt Web Summit 2014
Rediscover Software Development Edward Hieatt Web Summit 2014Rediscover Software Development Edward Hieatt Web Summit 2014
Rediscover Software Development Edward Hieatt Web Summit 2014
 
TIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme LabatTIAD : Automation day by Jerôme Labat
TIAD : Automation day by Jerôme Labat
 
Ironic summary @ LCA 2014
Ironic summary @ LCA 2014Ironic summary @ LCA 2014
Ironic summary @ LCA 2014
 
Casablanca a Cloud Security od HP – Miroslav Knapovský
Casablanca a Cloud Security od HP – Miroslav KnapovskýCasablanca a Cloud Security od HP – Miroslav Knapovský
Casablanca a Cloud Security od HP – Miroslav Knapovský
 
Chris Peltz - Transforming Zombies Into Advocates
Chris Peltz - Transforming Zombies Into AdvocatesChris Peltz - Transforming Zombies Into Advocates
Chris Peltz - Transforming Zombies Into Advocates
 
Member Meeting | 31015 | HP
Member Meeting | 31015 | HPMember Meeting | 31015 | HP
Member Meeting | 31015 | HP
 
What Does Your Platform Do For You? by Karun Bakshi
What Does Your Platform Do For You? by Karun BakshiWhat Does Your Platform Do For You? by Karun Bakshi
What Does Your Platform Do For You? by Karun Bakshi
 
Continuous Delivery Summit, Washington D.C., 2015
Continuous Delivery Summit, Washington D.C., 2015Continuous Delivery Summit, Washington D.C., 2015
Continuous Delivery Summit, Washington D.C., 2015
 
TT3161_Afonin
TT3161_AfoninTT3161_Afonin
TT3161_Afonin
 
What Does Your Platform Do For You? by Karun Bakshi
What Does Your Platform Do For You? by Karun BakshiWhat Does Your Platform Do For You? by Karun Bakshi
What Does Your Platform Do For You? by Karun Bakshi
 

Plus de Rafal Los

Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Rafal Los
 

Plus de Rafal Los (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 

Operationalizing Security Intelligence [ InfoSec World 2014 ]

  • 1. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. OperationalizingSecurity Intelligence Rafal M. Los Principal, Strategic Security Services HP Enterprise Security Services #InfoSecWorld-2014
  • 2. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Tosetyourexpectations: Thisisasuper-ultracondensed introductiontoaverycomplex topic.
  • 3. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatis“securityintelligence”?
  • 4. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “collective set ofactivities, and artifacts to make intelligence- drivendecisions”
  • 5. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detect,respond,resolvemore effectivelyintheattacklifecycle
  • 6. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. didsomeonesay“killchain”?
  • 7. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. reconnaissance weaponization delivery exploitationinstallation command & control (c2) actions on objectives TheLockheedMartin“KillChain”
  • 8. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. youradversariesareorganized
  • 9. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. youradversariesareadaptable
  • 10. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. yourdefensesarestatic
  • 11. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. yourdefensesarepredictable
  • 12. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. PREVENTIONISAMYTH
  • 13. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. timeforabetter gameplan
  • 14. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. oldgoal:don’tgetbreached
  • 15. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. newgoal:disrupttheattack bonuspointsfordisruptingtheattacker
  • 16. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. reality: yourdefenseswillbebreached
  • 17. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 18. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. sonowwhat?
  • 19. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thistalkisaframeworkforyou
  • 20. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ..changeislongoverdue.
  • 21. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thepuzzlepieces
  • 22. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thetoolbox
  • 23. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thedata
  • 24. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. theoperationalprocesses
  • 25. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. theactions
  • 26. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. let’sbreakthatdown…
  • 27. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thetoolbox
  • 28. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. datastore aggregation andanalyticsengine
  • 29. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. data data intelligence data
  • 30. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. scalable flexible extensible fast affordable
  • 31. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. -variousscanningtools -work-streamsystem -collaborationtools
  • 32. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thingstolookfor: • normalized input/output data format(s) • inter-operability • extensibility • scriptable automation • scalability • maintainability • feature richness • ease-of-use
  • 33. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. pickatool-setthatmatchesyour companyprofile
  • 34. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thedata
  • 35. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. internal: knowyourenterpriseattacksurface
  • 36. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. startwiththefundamentals
  • 37. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. mapthenetwork identifyexistingtechnologies identifybusinesscriticalassets
  • 38. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. createrepresentativedatamodels continuouslyupdatethesemodels
  • 39. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “currentstate”[snapshot]
  • 40. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatarewevulnerabletorightnow? whatarewedoingaboutit?
  • 41. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. THISisyourstartingpoint.
  • 42. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. nowaddcontext
  • 43. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Attribute Data asset_type <asset_type> asset_criticality <criticality_level> OS <os_name> OS-patch-level <major_minor> purpose <text> owner <owner_name> owner-BU <business_unit> owner-contact-email <email> owner-contact-phone <phone> installed-software . change-info . vulnerability-info . … … software version software_name <version> software_name <version> software_name <version> … … change_info data last-change <date> last-change-made <text> last-change-tech <name> … … vuln_info data vulnerability <severity> … … 10.1.2.100
  • 44. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. thereisnosuchthing*as “toomuchinformation” * almost…
  • 45. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “livedata”[continuousfeeds]
  • 46. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detectchanges toenvironment inassets
  • 47. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. determinenewthreats
  • 48. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 49. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whatchanged? whatisthepotentialimpact?
  • 50. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. continuousdetectionofchange • new (previously unseen) node on network • unauthorized configuration change • unauthorized change to application, or system • new/modified user, or access rights • new vulnerability or missing patch
  • 51. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: TVMprogram (threat&vulnerabilitymanagement)
  • 52. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: configurationmanagementDB (manage,authorizeconfigchanges)
  • 53. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. requirement: collectivelogging (logkeyitems,onkeyassets)
  • 54. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 55. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. logaggregateanalyzeidentify refine
  • 56. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Keyloggingquestionstoanswer: • what should you be logging? • what assets should you log from? • what should you look for? • how do you define ‘timely’? • how much should I be storing for analysis?
  • 57. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. external: besituationallyaware
  • 58. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. forexample– • sentiment against your brand/organization • threat climate of your business vertical • attacks against similar organizations, vertical • specific threats against your staff/resources • geopolitical issues pertaining to your enterprise • 3rd party reported vulnerabilities • 3rd party reported exploits • weaknesses in your external technologies • reported abused enterprise assets
  • 59. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. refining‘data’purposefully IP address context external info analysis
  • 60. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. definingandoperationalizing processes
  • 61. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. gatheringinformation
  • 62. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. failyourinformationquickly
  • 63. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 64. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. it’sinteresting… butisituseful?
  • 65. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. notallinformationisuseful
  • 66. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. toolstoparedowninformation • simple scripts • data analysis applications • relational mapping tools • ‘big data’ platforms • structured & unstructured data analyses
  • 67. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. findinginformationiseasy
  • 68. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. throwingawayjunkishard
  • 69. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. refiningcollectedinformation
  • 70. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. convertinformationtoknowledge
  • 71. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 72. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. extremelydifficult
  • 73. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. manualprocess,foranalysts
  • 74. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. aidedbyautomation
  • 75. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 2 3 4 5 6
  • 76. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. deliveringintelligence
  • 77. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. informationnecessary tomakeadecision
  • 78. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. must.be.repeatable.
  • 79. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. must.be.actionable.
  • 80. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. AnalysisisNOTenough.
  • 81. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. needtoanswer:“Sowhat?”
  • 82. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. providethoroughanalysis backedbyactualfacts,data
  • 83. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. inatimelyfashion
  • 84. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. inauseful,consumableformat
  • 85. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. takingaction
  • 86. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. rulesofengagement (whatareyouallowedtodo?)
  • 87. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. take‘purposeful’action
  • 88. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. whichprocessisactivated? incidentresponse securityoperations
  • 89. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. takingaction
  • 90. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. detect
  • 91. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. beproactive out-maneuverthethreat
  • 92. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. bereactive counteractivethreat
  • 93. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. respond
  • 94. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. mitigatethevulnerability
  • 95. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. minimizetheimpactofattack
  • 96. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. shutdownanactiveattack
  • 97. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. activelyshiftdefenses
  • 98. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. identifytheattacker
  • 99. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. resolve
  • 100. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. restoreservices
  • 101. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Closed Loop Incident Process
  • 102. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. adjustsecurityoperations
  • 103. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. shareIOCs
  • 104. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. quickrecap
  • 105. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. “SecurityIntelligence”is.. the capability to detect, respond, and resolveyour security incidents though an information-driven approach.
  • 106. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Youcandothis. Youneedtodothis.
  • 107. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Knowmore. Defendsmarter.