SlideShare a Scribd company logo

TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and Cybraics, Inc

S
SaraPia5

Threat Management, what it means, how Customers struggle with it, and your entry point for the discussion to be your Customer’s hero in solving their Threat Management problems. Even if you think you know what SIEM means, and especially if you don’t, this Webinar will educate you on the real world problem every Organization faces around Threat Management and the challenges with solutions. Esteemed experts from Cybraics, an industry leader in advanced Threat analytics, will walk us through the problem space, and clearly help you understand how they are differentiated in, and a disruption to, the Threat Management marketplace. Please have your questions ready for this dedicated time with Telarus VP of Biz DEV-Cybersecurity, Dominique Singer and Pete Nicoletti and Nate Grinnell of Cybraics, Inc

Technology
1 of 41
Download to read offline
Cybraics Confidential 2016 1 Man & Machine – Working Together to Solve the Cyber Security Problem Pete Nicoletti Chief Information Security Officer, Cybraics, Inc.
• What is the Cybersecurity Problem? • Top Contributing Factors • How to Leverage AI/ML to Target and Reduce Contributing Factors • How to Test and Measure Success with AI/ML Projects • The Future 2 Agenda
The Cybersecurity Problem 3 Figure 1 – Publicly Reported Cyber Breaches in North America 2005 - 2017 Number of breaches and records exposed per year is escalating despite billions of dollars of investment in cyber tools and the best efforts of security professionals • “Up and to the right” - NOT success on a cybersecurity breach graphic • Breaches in North America have almost increased by an order of magnitude in the last 10 years.
The Cybersecurity Problem 4 First, what is the cybersecurity problem? The cybersecurity problem is best explained by Figure 1, which illustrates the number of breaches reported in North America over the last 12 years. The number of breaches and records exposed per year is escalating despite billions of dollars of investment in cyber tools and the best efforts of security professionals. Figure 1 – Publicly Reported Cyber Breaches in North America “Up and to the right” is not what one considers success on a cybersecurity breach graphic! Breaches in North America have almost increased by an order of magnitude in the last 10 years. 4
Top Contributors To “The Problem:” 5 • Conventional tools only combat known attacks • Incredible increasing volume of data • Alert Overload • Lack of Security Skills and Security Professionals • Efficacy of Conventional Security tools averages only 85% • Funding/Budget: There is never enough • Too many tool options and they don’t talk to each other • Lack of Effort on Security Framework • Statistics Stink: o Average time to fully contain a breach is lengthening o Cost of a breach remains very expensive o Length of time to identify a breach is barely improving
Conventional Tools Only Combat Known Attacks 6 • Most conventional security tools use: o signature matching o baselining o rule matching o threshold levels • They have helped analysts better understand attack surface activity • However, tools only understand known threats They cannot identify or prevent unknown attacks
Advanced Tools Can Combat Unknown Attacks 7 Behavior Severity Rating Analytic Confidence Network Priority Asset Priority SOC Feedback 82 Asset Score 70 90% • Cybraics’ AI/ML based analytics scoring engine performs: o Hunting o Detecting o Identifying anomalous behaviors • Identifies known and unknown attacks • No: o signatures need be updated o rules created o configuration efforts are necessary. • SOC or orchestration engine make immediate decisions • Provides configurable features
Incredible Increasing Volume of Data • Volume of log/security/application data collected growing exponentially • Insights derived from this data is fundamentally limited • Data experts and tools are expensive and in high demand • Insights required by business outstripping the small group of trained experts • No experts available in small companies 8
AI/ML – Deals with Huge Volumes of Data 9 • Humans can not work at Thousands/Million/ Billions/Trillions scale • Humans can not make connections between disparate systems and events • Humans can not “scale” well Cases (should) be in parts per billion
Alert Overload 10 • Advanced threat detection -- point solutions scrutinizing network traffic in traditional ways o signature matching o baselining • Alerts generated -- thousands or 10s of thousands daily • Alerts overwhelming cybersecurity analysts • Analysts struggle to validate and escalate • Almost half of security operation managers report o receiving over 5,000 alerts per day o over 50% of alerts = false positives o average time to research each alert ~ 20 minutes o average 4.35 days for Mean time to Respond for fully resolving cases (IBM/Ponemon 2018) o rule matching o threshold breaches
Lack of Skills/Security Professionals 11 • Huge problem • Predictions of 3.5 million unfilled positions by 2021. • ~6 months to fill positions • ~8 months to train • 25% change organizations within 2 years (CSO Mag “Cybersecurity skills shortage getting worse”)
12 Empower your current Security Analysts! Cybraics Confidential 2016 • Evolve from “Alert” to “Case” Capability • Turn Level 1 Analysts into Level 2 • Machine Learning does the “Hunting” • Know what cases are important using Network and Server Context • Add appropriate 3rd Party Information • Threat feeds, IOC Info, Articles • Give Recommended Remediation Steps • Turn Level 2 Analysts into Level 3 • Automatically consolidate all Entity Associated Logs • Auto-create search strings for faster follow-up searching • Support searching through all logs used for analytics and context • Make White Listing Faster And: MAKE THE JOB MORE FUN AND REWARDING!
Difficult to Implement a Security Framework 13 • Security experts strongly advocate adopting cybersecurity framework • Most common frameworks: o PCI o CIS: Critical Security Controls o NIST o ISO 27000 o FINRA • Frameworks designed to reduce risks but most small and medium companies challenged to implement and maintain
14 Get Started on a Framework: Cybraics Confidential 2016 • Get Executive Sponsorship and Budget Commitment First • Determine all the use cases for a compliance framework • Self Audit to start • Call in the Expensive Consultant since no one will believe you • Engage the business • Report on progress • Hold everyone accountable • Brag Everywhere… but remember: Every large Breached Company subscribed to a compliance Framework • Compliance Does Not Equal REAL SECURITY
Efficacy of Conventional Security Tools ~85% 15 • 1 of every 130 emails contain malware • Distributed workforce and BYOD • Connections to unprotected business partners • Applications and Servers not maintained or patched • Firewall Configuration failures • Signature based Tools not updated or Signature Arrives too late • No centralized monitoring • Tools don’t work together = 85% efficiency (Verizon NSS Labs Reports) Virtually no way to keep all security tools updated and managed to protect a global enterprise with data center and cloud deployments.
More Funding for Cybersecurity Needed 16 Typical Challenges: • Anything “new” must replace something • Executive relationships with vendors • No Breach = no additional budget Organizations spending more than ever on security • 7 in 10 want at least 25% more $ • 17% want a 50% increase • ~12% believe will receive budget increase >25%
17 Don’t Waste Money on More Tools Cybraics Confidential 2016 • Make your existing tools more efficient with ML Intelligence • Consolidate logs with SIEM to see issues across all sources and platforms • Log the right stuff • Usually no need for “Verbose” • Check logging levels for each source • Ensure that logs enable analytics and analysis and forensics • Oh yeah…and compliance • Acquire logs from Data Center to Cloud • Don’t use two separate systems • Get more Life out of Current Firewalls and End Point solutions
Breach Statistics Stink 18 Average time to contain a breach is lengthening • Average -- 66 days (Verizon Breach Report 2018) Average Cost per Breach Cost = very expensive • Average cost ~ $3-4M • Lost and stolen records cost ~ $140 -$150 per record in 2017 • Average number of compromised records per breach - 24,000 (IBM/Ponemon) Length of time to identify a breach is barely improving • 2018 - 191 days; a 5% improvement from 2016 (Verizon Breach Report 2018)
Use Real Data to avoid being a Statistic Cybraics Confidential - Subject to NDA 19Cybraics Confidential 2018 19
Too Many Tools & They Don’t Talk to Each Other 20 • Over 1600 vendors • 70 Tools at average large company • No coordination of tools in small/med companies • Very difficult to chair swivel / head swivel between tools • Difficult to have one pane of glass
21 Tie your tools together into a Security Analytics & AI Platform • Ensure Full coverage of threat space • Get feeds from all sources • Leverage custom analytics focused on cyber • Benefits to a Fully-managed platform Human Analysts in a Cyber Threat Center
Historical Data Pool AI/ML Model Training Models Updated in Platform Process Live Customer Data CTC Implicitly Labels Data (driven by AI/ML) CTC* implicitly labels data by making decisions on model results in real environments (driven by AI/ML) Labeled data is added back to historical pool Data pool is updated and made available to analytics core AI/ML models are trained on available historic data and open source data Models are programmatically and continuously updated in platform Models are applied to live data; results are delivered to CTC* by the Machine Analyst Detection Engine: Analytics Core (AI/ML) *CTC = Cyber Threat Center 22
Leverage Machine Learning Endpoint AD Firewall DNS Proxy Raw Data Examples Analytics Core • Machine Learning • Artificial Intelligence • Statistical Models • Natural Language Processing Phishing Malware Scanning DGA DLP Detection Engine Behavior Examples JSmith Malware, DLP 10.1.1.1 Scanning 10.1.2.1 Phishing, DGA Findings Aggregation 90 25 67 Scoring Engine & Machine Analyst Scoring engine result. Scale = 1 – 100 based on priority (to investigate or remediate) Mathematical equation that weights multiple inputs and provides a score ranging from 0 – 100, with a maximum score of 100, that corresponds to malicious activity on the highest priority asset at the organization. Alerts 23
Machine Learning Outlier Detection Details Cybraics Confidential - Subject to NDA 24 • Illustration of outlier distribution looks for statistically significant deviations representing the most interesting IPs/users • Cybraics uses outlier detection algorithms to isolate significant anomalies on the “tails” of the curve – drives false positives down/out
25 The Process – How Does it Work….? Ingestion Analysis Scoring Context Remediation Environmental Logs NetFlow Active Directory Firewalls IDS/IPS Web Proxy DNS Servers Secure Gateway Web App Firewalls OT/IOT Device Logs Threat Intel Feeds Anti-Virus No custom sensors or agents required Multiple Factors Behavior Severity Rating Analytic Confidence Network Priority Asset Priority SOC Feedback Business Priorities Customer Configurable And Trainable 82 Multi-Modal AI/ML 40+ Algorithms Ecosystem Baseline Biased vs Unbiased Decision Models Anomaly Detection “Normal” Deviations Behavior Triggers Known Threats/IOC sAutomated, advanced detection Evidence Case Files Summary Data Risk Guidance Associated Entities Supporting Evidence Outlier Summary Entity Details External Sources Previous Instances Associated IPs Action Guidance Remove Host Block IP/Domain/URL IP Access Blocked Forensic Investigation Exfiltration Analysis Remove P2P App User/Service Acct Investigation Acceptable Use Guidance Activity Validation Activity Incident Escalation Credential Cancellation
AI/ML Findings and Case Details 26 Wire Transfer PC communicating with Latvia, Russia, Cyprus
Case Details: Associated Entities 27 Outliers automatically grouped into Entities
Case Details: Risk Assessment Created 28 Risk Assessment Value Popped up when Analytics fired Time Line of Machine learning scores changing and Analyst efforts are all automatically created
Case Details: Outliers Analytics Details 29 Details on unauthorized C&C communication to one of the 4 C&C servers
Case Details: Risk Score 30 Easy to understand multifaceted Spider Web Risk Visual
Case Details: External Case Information CTC adds external commentary offering research and context 31
Case Details: Remediation & Recommendation Details 32 Remediation Details Recommendation Details
Case Details: Log Details & Global Search Capability 33 Log Search Function finds all related logs easily
Case Details: Log GEO IP Details 34 GEOIP shows Latvia C&C Location Connections were made to 4 other locations of dubious reputation
35 Test your AI/ML Based System • Determine use cases, compliance requirements • Architect integration requirements • Validate data transfer • Document log lifecycle process • Validate network, devices and hosts impact within acceptable operational ranges • Validate entire lifecycle of representative test events • Validate findings of system with appropriate tools and processes • Validate use cases • Determine ROI for time savings, tool savings, response time reduction
36 Tools to Estimate and Validate Impact
• Leverage combination of unsupervised ML and behavioral analytics to identify previously unknown threats • Use ML techniques, coupled with AI to provide context and automation to the findings and workflow • ML and AI together will find threats and related info faster and enable SOC analyst efficiency and help reverse the alarming trend in data breaches 37 The Future: Fix the Security Problem! Trust Me! I command You!
Breaking the Ransomware Lifecycle by using the World’s Most Advanced Analytics Platform July 2019
Criminal Enterprise Set up Domain and WWW site Created Malware delivery method selected Bitcoin Account established Anonymous Email Account Set up The ‘Net Emails sent Cloud & Premises Based User Clicks On Email URL or other infection method Firewall Proxy DNS Outbound Connections The ‘Net Criminals Criminal WWW Site Firewall Proxy IPS End User Computer Infected Email Delivered to Inbox The ‘Net Criminal WWW Site Outbound FAILURE 1 Email Passes Cloud and Traditional Protection FAILURE 2 End User Training Fails FAILURE 3 Desk Top AV Fails FAILURE 4 DNS Allows Resolution FAILURE 7 IPS Allows Traffic FAILURE 6 Firewall Allows Traffic FAILURE 5 Proxy Does Not Block FAILURE 10 Desk Top AV Fails Again FAILURE 9 Firewall Allows Traffic FAILURE 8 Proxy Does Not Block FAILURE 11 East West Traffic Not Inspected FAILURE 14 Host Based AV/HIPS Fail FAILURE 13 No E-W Firewall Stopping attacks FAILURE 15 Outbound FW Traffic Not Stopped FAILURE 12 Unpatched Servers Vulnerable FAILURE 17 IPS Allows Traffic Microsoft ATP And All others Email Protections: FAILURE 20 SOC Analysts have Alert Overload FAILURE 19 SIEM’s log but don’t prioritize Network Attached Users & Servers Scanned, Attacked, Encrypted FAILURE 18 Proxy Does Not Block FAILURE 16 DNS Allows Resolution Servers Are Encrypted, Backups Corrupted, Logs Deleted Ransomware Interrupts Business Pay Criminals Bitcoin for Key Happy Criminals Funded and Emboldened Criminals Attack More Users Worldwide The Lifecycle of Successful Ransomware Traditional Defenses Have Multiple Failure Points
FAILURE 20 SOC Analysts have Alert Overload FAILURE 19 SIEM’s log but don’t prioritize BREAK the Lifecycle of Successful Ransomware Empower Your Traditional Defenses with nLighten!Criminal Enterprise Set up Domain and WWW site Created Malware delivery method selected Bitcoin Account established Anonymous Email Account Set up The ‘Net Emails sent Cloud & Premises Based User Clicks On Email URL or other infection method Firewall Proxy DNS Outbound Connections The ‘Net Criminals Criminal WWW Site Firewall Proxy IPS End User Computer Infected Email Delivered to Inbox The ‘Net Criminal WWW Site Outbound • Analytics Find & Alert on Unauthorized Activities in DNS, Firewall, Proxy, AV, IPS & AD Logs • Security Analysts Alerted - can see every stage of attack; typically stop attack at End User Level before costly damage FAILURE 1 Email Passes Protection Logs Created Logs Created FAILURE 2 End User Training Fails FAILURE 3 Desk Top AV Fails FAILURE 4 DNS Allows Resolution FAILURE 7 IPS Allows Traffic FAILURE 6 Firewall Allows Traffic FAILURE 5 Proxy Does Not Block FAILURE 10 Desk Top AV Fails Again FAILURE 9 Firewall Allows Traffic FAILURE 8 Proxy Does Not Block Logs Created FAILURE 11 East West Traffic Not Inspected FAILURE 14 Host Based AV/HIPS Fail FAILURE 13 No E-W Firewall Stopping attacks FAILURE 15 Outbound FW Traffic Not Stopped FAILURE 12 Unpatched Servers Vulnerable SUCCESS: Stop Ransomware before business interruptions / costly recovery efforts FAILURE 17 IPS Allows Traffic Logs Created Microsoft ATP And all others Email Protections: Network Attached Users & Servers Scanned, Attacked, Encrypted FAILURE 18 Proxy Does Not Block FAILURE 16 DNS Allows Resolution Logs Created Logs Created
Pete Nicoletti pete@Cybraics.com • CISO for Hertz Global, Virtustream/RSA/EMC/DELL, VP Security Engineering Terremark • Gartner’s “most secure cloud design” #1 and #2 • Whitehouse.gov, FBI.Gov, DOT.gov, VA, Library of Congress and more Federal Projects • Managed two clouds through FEDRAMP and eventually to EAL 5 • Book Author/Contributor: “An Intel Reference Design for Secure Cloud” • 20 years Security, Red Team leader, Incident Response leader • Chief Data Officer at Cybraics focused on Security Operations, NIST 800-53 certification and product development • Secret Service Miami Electronic Crime Task Force, FBI Infragard Contributor • Awarded Top 100 Global CISO in 2017 Pete has 31 years of impressive success and responsibility in the deployment, marketing, sales, product development, engineering design, project implementation and operation of information technology, IaaS/SaaS/PaaS, cloud, data center operations, the entire spectrum of security technologies, compliance frameworks, Global Security Deployments and operations and Managed Security Service Provider services and operations. Prior Experience:Skills IR, Product Management, Cyber Security, MSSP, Operations Education/Certifications/Presentations BS University of Tennessee CCSK, CISA,CISSP,SANS GIAC, FCNSP, CCSE “Opensource Security Concerns” Security Mag. 11/17 “How to Sell Cybersecurity to your Team” CSO Mag. “Not Obscured by Clouds, Forensics and Cloud Visibility,” Netscout Global Conference, April, 2017 “Cloud Forensics, A practitioners View,” CS World 2016 “Cloud Security, Latest Developments,” ISSA Conf 2016 “Auditing the Cloud Challenges,” ISACA Conference, 2017 “Best Practices and the Latest Advances in Cloud Security,” THANK YOU!

Recommended

DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
Interset
 
Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-Hunting
Interset
 
User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management
Black Duck by Synopsys
 

Recommended

DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics[Webinar] Supercharging Security with Behavioral Analytics
[Webinar] Supercharging Security with Behavioral Analytics
Interset
 
Machine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-HuntingMachine Learning + AI for Accelerated Threat-Hunting
Machine Learning + AI for Accelerated Threat-Hunting
Interset
 
User and Entity Behavioral Analytics
User and Entity Behavioral AnalyticsUser and Entity Behavioral Analytics
User and Entity Behavioral Analytics
Interset
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
Interset
 
New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management New Security Legislation & It's Implications for OSS Management
New Security Legislation & It's Implications for OSS Management
Black Duck by Synopsys
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
Conférence CISCO ACSS 2018
Conférence CISCO ACSS 2018Conférence CISCO ACSS 2018
Conférence CISCO ACSS 2018
African Cyber Security Summit
 
The Case for Continuous Open Source Management
The Case for Continuous Open Source ManagementThe Case for Continuous Open Source Management
The Case for Continuous Open Source Management
Black Duck by Synopsys
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
Interset
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
Interset
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
Manish Kumar
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Interset
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
Jon Papp
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Interset
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Interset
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
Interset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
Black Duck by Synopsys
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
Symantec
 
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Innovators
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
centralohioissa
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
Fidelis Cybersecurity
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
Joel Cardella
 

More Related Content

What's hot

The Case for Continuous Open Source Management
The Case for Continuous Open Source ManagementThe Case for Continuous Open Source Management
The Case for Continuous Open Source Management
Black Duck by Synopsys
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
Jon Papp
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
Black Duck by Synopsys
 

What's hot (18)

IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
 
Conférence CISCO ACSS 2018
Conférence CISCO ACSS 2018Conférence CISCO ACSS 2018
Conférence CISCO ACSS 2018
 
The Case for Continuous Open Source Management
The Case for Continuous Open Source ManagementThe Case for Continuous Open Source Management
The Case for Continuous Open Source Management
 
The Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning CybersecurityThe Myths + Realities of Machine-Learning Cybersecurity
The Myths + Realities of Machine-Learning Cybersecurity
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
FINAL_SCFm50000_JonPapp_CAA_The_Practical_Benefits_of_a_Behavioral_Solution_f...
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
 
Lead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less WorkLead On: When More Data Becomes Less Work
Lead On: When More Data Becomes Less Work
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Community IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT ManagerCommunity IT Webinar: Working with an Outsourced IT Manager
Community IT Webinar: Working with an Outsourced IT Manager
 
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No ShoesCarolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoes
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 

Similar to TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and Cybraics, Inc

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
Software Guru
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
Precisely
 

Similar to TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and Cybraics, Inc (20)

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Final 5_4(10-37PM)
Final 5_4(10-37PM)Final 5_4(10-37PM)
Final 5_4(10-37PM)
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Perfect Profilers Final Presentation
Perfect Profilers Final PresentationPerfect Profilers Final Presentation
Perfect Profilers Final Presentation
 
El contexto de la integración masiva de datos
El contexto de la integración masiva de datosEl contexto de la integración masiva de datos
El contexto de la integración masiva de datos
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
 
Keynote: Graphs in Government_Lance Walter, CMO
Keynote: Graphs in Government_Lance Walter, CMOKeynote: Graphs in Government_Lance Walter, CMO
Keynote: Graphs in Government_Lance Walter, CMO
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 

More from SaraPia5

TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
SaraPia5
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 

More from SaraPia5 (20)

Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique SingerLet's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
Let's TOC: Navigate the Cybersecurity Conversation with Dominique Singer
 
AppGate Getting Started Resources for Telarus Partners
AppGate Getting Started Resources for Telarus PartnersAppGate Getting Started Resources for Telarus Partners
AppGate Getting Started Resources for Telarus Partners
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
 
Return to Work Beyond Contact Tracing with Everbridge
Return to Work Beyond Contact Tracing with EverbridgeReturn to Work Beyond Contact Tracing with Everbridge
Return to Work Beyond Contact Tracing with Everbridge
 
TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
TIC-TOC: How to Manage Critical Events and Return to Work After a Pandemic wi...
 
TIC-TOC: Using employee satisfaction to drive customer satisfaction with Olum...
TIC-TOC: Using employee satisfaction to drive customer satisfaction with Olum...TIC-TOC: Using employee satisfaction to drive customer satisfaction with Olum...
TIC-TOC: Using employee satisfaction to drive customer satisfaction with Olum...
 
TIC-TOC: How to Safely Send People Back to Work in an Office Setting
TIC-TOC: How to Safely Send People Back to Work in an Office SettingTIC-TOC: How to Safely Send People Back to Work in an Office Setting
TIC-TOC: How to Safely Send People Back to Work in an Office Setting
 
TIC-TOC: How to Safely Send People Back to Work in an Office Setting
TIC-TOC: How to Safely Send People Back to Work in an Office SettingTIC-TOC: How to Safely Send People Back to Work in an Office Setting
TIC-TOC: How to Safely Send People Back to Work in an Office Setting
 
How to be a Security Wingman by Dominique Singer
How to be a Security Wingman by Dominique Singer How to be a Security Wingman by Dominique Singer
How to be a Security Wingman by Dominique Singer
 
Creating Your Top Team - How to Find Your Goose by Richard Murray
Creating Your Top Team - How to Find Your Goose by Richard MurrayCreating Your Top Team - How to Find Your Goose by Richard Murray
Creating Your Top Team - How to Find Your Goose by Richard Murray
 
The Strategy of Platforms
The Strategy of PlatformsThe Strategy of Platforms
The Strategy of Platforms
 
How to Create a VoIP-Ready Network.
How to Create a VoIP-Ready Network.How to Create a VoIP-Ready Network.
How to Create a VoIP-Ready Network.
 
Finding Work Life Balance with Ron McNab
Finding Work Life Balance with Ron McNabFinding Work Life Balance with Ron McNab
Finding Work Life Balance with Ron McNab
 
Amy Bailey, VP of Marketing, presenting Telarus Loyalty Program
Amy Bailey, VP of Marketing, presenting Telarus Loyalty ProgramAmy Bailey, VP of Marketing, presenting Telarus Loyalty Program
Amy Bailey, VP of Marketing, presenting Telarus Loyalty Program
 
Security Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor HersomSecurity Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor Hersom
 
TIC-TOC: Legal Issues you may not be thinking about with Telarus legal counse...
TIC-TOC: Legal Issues you may not be thinking about with Telarus legal counse...TIC-TOC: Legal Issues you may not be thinking about with Telarus legal counse...
TIC-TOC: Legal Issues you may not be thinking about with Telarus legal counse...
 
Growing your Cloud Practice by Josh Lupresto VP Engineering
Growing your Cloud Practice by Josh Lupresto VP EngineeringGrowing your Cloud Practice by Josh Lupresto VP Engineering
Growing your Cloud Practice by Josh Lupresto VP Engineering
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Linkedin Tips and Tricks by Sara Piña, and Patrick Oborn | Telarus
Linkedin Tips and Tricks by Sara Piña, and Patrick Oborn | TelarusLinkedin Tips and Tricks by Sara Piña, and Patrick Oborn | Telarus
Linkedin Tips and Tricks by Sara Piña, and Patrick Oborn | Telarus
 
The Role of AI in CX by Sam Nelson, Sr. Director, Channels | Talkdesk
The Role of AI in CX by Sam Nelson, Sr. Director, Channels | TalkdeskThe Role of AI in CX by Sam Nelson, Sr. Director, Channels | Talkdesk
The Role of AI in CX by Sam Nelson, Sr. Director, Channels | Talkdesk
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and Cybraics, Inc

  • 1. Cybraics Confidential 2016 1 Man & Machine – Working Together to Solve the Cyber Security Problem Pete Nicoletti Chief Information Security Officer, Cybraics, Inc.
  • 2. • What is the Cybersecurity Problem? • Top Contributing Factors • How to Leverage AI/ML to Target and Reduce Contributing Factors • How to Test and Measure Success with AI/ML Projects • The Future 2 Agenda
  • 3. The Cybersecurity Problem 3 Figure 1 – Publicly Reported Cyber Breaches in North America 2005 - 2017 Number of breaches and records exposed per year is escalating despite billions of dollars of investment in cyber tools and the best efforts of security professionals • “Up and to the right” - NOT success on a cybersecurity breach graphic • Breaches in North America have almost increased by an order of magnitude in the last 10 years.
  • 4. The Cybersecurity Problem 4 First, what is the cybersecurity problem? The cybersecurity problem is best explained by Figure 1, which illustrates the number of breaches reported in North America over the last 12 years. The number of breaches and records exposed per year is escalating despite billions of dollars of investment in cyber tools and the best efforts of security professionals. Figure 1 – Publicly Reported Cyber Breaches in North America “Up and to the right” is not what one considers success on a cybersecurity breach graphic! Breaches in North America have almost increased by an order of magnitude in the last 10 years. 4
  • 5. Top Contributors To “The Problem:” 5 • Conventional tools only combat known attacks • Incredible increasing volume of data • Alert Overload • Lack of Security Skills and Security Professionals • Efficacy of Conventional Security tools averages only 85% • Funding/Budget: There is never enough • Too many tool options and they don’t talk to each other • Lack of Effort on Security Framework • Statistics Stink: o Average time to fully contain a breach is lengthening o Cost of a breach remains very expensive o Length of time to identify a breach is barely improving
  • 6. Conventional Tools Only Combat Known Attacks 6 • Most conventional security tools use: o signature matching o baselining o rule matching o threshold levels • They have helped analysts better understand attack surface activity • However, tools only understand known threats They cannot identify or prevent unknown attacks
  • 7. Advanced Tools Can Combat Unknown Attacks 7 Behavior Severity Rating Analytic Confidence Network Priority Asset Priority SOC Feedback 82 Asset Score 70 90% • Cybraics’ AI/ML based analytics scoring engine performs: o Hunting o Detecting o Identifying anomalous behaviors • Identifies known and unknown attacks • No: o signatures need be updated o rules created o configuration efforts are necessary. • SOC or orchestration engine make immediate decisions • Provides configurable features
  • 8. Incredible Increasing Volume of Data • Volume of log/security/application data collected growing exponentially • Insights derived from this data is fundamentally limited • Data experts and tools are expensive and in high demand • Insights required by business outstripping the small group of trained experts • No experts available in small companies 8
  • 9. AI/ML – Deals with Huge Volumes of Data 9 • Humans can not work at Thousands/Million/ Billions/Trillions scale • Humans can not make connections between disparate systems and events • Humans can not “scale” well Cases (should) be in parts per billion
  • 10. Alert Overload 10 • Advanced threat detection -- point solutions scrutinizing network traffic in traditional ways o signature matching o baselining • Alerts generated -- thousands or 10s of thousands daily • Alerts overwhelming cybersecurity analysts • Analysts struggle to validate and escalate • Almost half of security operation managers report o receiving over 5,000 alerts per day o over 50% of alerts = false positives o average time to research each alert ~ 20 minutes o average 4.35 days for Mean time to Respond for fully resolving cases (IBM/Ponemon 2018) o rule matching o threshold breaches
  • 11. Lack of Skills/Security Professionals 11 • Huge problem • Predictions of 3.5 million unfilled positions by 2021. • ~6 months to fill positions • ~8 months to train • 25% change organizations within 2 years (CSO Mag “Cybersecurity skills shortage getting worse”)
  • 12. 12 Empower your current Security Analysts! Cybraics Confidential 2016 • Evolve from “Alert” to “Case” Capability • Turn Level 1 Analysts into Level 2 • Machine Learning does the “Hunting” • Know what cases are important using Network and Server Context • Add appropriate 3rd Party Information • Threat feeds, IOC Info, Articles • Give Recommended Remediation Steps • Turn Level 2 Analysts into Level 3 • Automatically consolidate all Entity Associated Logs • Auto-create search strings for faster follow-up searching • Support searching through all logs used for analytics and context • Make White Listing Faster And: MAKE THE JOB MORE FUN AND REWARDING!
  • 13. Difficult to Implement a Security Framework 13 • Security experts strongly advocate adopting cybersecurity framework • Most common frameworks: o PCI o CIS: Critical Security Controls o NIST o ISO 27000 o FINRA • Frameworks designed to reduce risks but most small and medium companies challenged to implement and maintain
  • 14. 14 Get Started on a Framework: Cybraics Confidential 2016 • Get Executive Sponsorship and Budget Commitment First • Determine all the use cases for a compliance framework • Self Audit to start • Call in the Expensive Consultant since no one will believe you • Engage the business • Report on progress • Hold everyone accountable • Brag Everywhere… but remember: Every large Breached Company subscribed to a compliance Framework • Compliance Does Not Equal REAL SECURITY
  • 15. Efficacy of Conventional Security Tools ~85% 15 • 1 of every 130 emails contain malware • Distributed workforce and BYOD • Connections to unprotected business partners • Applications and Servers not maintained or patched • Firewall Configuration failures • Signature based Tools not updated or Signature Arrives too late • No centralized monitoring • Tools don’t work together = 85% efficiency (Verizon NSS Labs Reports) Virtually no way to keep all security tools updated and managed to protect a global enterprise with data center and cloud deployments.
  • 16. More Funding for Cybersecurity Needed 16 Typical Challenges: • Anything “new” must replace something • Executive relationships with vendors • No Breach = no additional budget Organizations spending more than ever on security • 7 in 10 want at least 25% more $ • 17% want a 50% increase • ~12% believe will receive budget increase >25%
  • 17. 17 Don’t Waste Money on More Tools Cybraics Confidential 2016 • Make your existing tools more efficient with ML Intelligence • Consolidate logs with SIEM to see issues across all sources and platforms • Log the right stuff • Usually no need for “Verbose” • Check logging levels for each source • Ensure that logs enable analytics and analysis and forensics • Oh yeah…and compliance • Acquire logs from Data Center to Cloud • Don’t use two separate systems • Get more Life out of Current Firewalls and End Point solutions
  • 18. Breach Statistics Stink 18 Average time to contain a breach is lengthening • Average -- 66 days (Verizon Breach Report 2018) Average Cost per Breach Cost = very expensive • Average cost ~ $3-4M • Lost and stolen records cost ~ $140 -$150 per record in 2017 • Average number of compromised records per breach - 24,000 (IBM/Ponemon) Length of time to identify a breach is barely improving • 2018 - 191 days; a 5% improvement from 2016 (Verizon Breach Report 2018)
  • 19. Use Real Data to avoid being a Statistic Cybraics Confidential - Subject to NDA 19Cybraics Confidential 2018 19
  • 20. Too Many Tools & They Don’t Talk to Each Other 20 • Over 1600 vendors • 70 Tools at average large company • No coordination of tools in small/med companies • Very difficult to chair swivel / head swivel between tools • Difficult to have one pane of glass
  • 21. 21 Tie your tools together into a Security Analytics & AI Platform • Ensure Full coverage of threat space • Get feeds from all sources • Leverage custom analytics focused on cyber • Benefits to a Fully-managed platform Human Analysts in a Cyber Threat Center
  • 22. Historical Data Pool AI/ML Model Training Models Updated in Platform Process Live Customer Data CTC Implicitly Labels Data (driven by AI/ML) CTC* implicitly labels data by making decisions on model results in real environments (driven by AI/ML) Labeled data is added back to historical pool Data pool is updated and made available to analytics core AI/ML models are trained on available historic data and open source data Models are programmatically and continuously updated in platform Models are applied to live data; results are delivered to CTC* by the Machine Analyst Detection Engine: Analytics Core (AI/ML) *CTC = Cyber Threat Center 22
  • 23. Leverage Machine Learning Endpoint AD Firewall DNS Proxy Raw Data Examples Analytics Core • Machine Learning • Artificial Intelligence • Statistical Models • Natural Language Processing Phishing Malware Scanning DGA DLP Detection Engine Behavior Examples JSmith Malware, DLP 10.1.1.1 Scanning 10.1.2.1 Phishing, DGA Findings Aggregation 90 25 67 Scoring Engine & Machine Analyst Scoring engine result. Scale = 1 – 100 based on priority (to investigate or remediate) Mathematical equation that weights multiple inputs and provides a score ranging from 0 – 100, with a maximum score of 100, that corresponds to malicious activity on the highest priority asset at the organization. Alerts 23
  • 24. Machine Learning Outlier Detection Details Cybraics Confidential - Subject to NDA 24 • Illustration of outlier distribution looks for statistically significant deviations representing the most interesting IPs/users • Cybraics uses outlier detection algorithms to isolate significant anomalies on the “tails” of the curve – drives false positives down/out
  • 25. 25 The Process – How Does it Work….? Ingestion Analysis Scoring Context Remediation Environmental Logs NetFlow Active Directory Firewalls IDS/IPS Web Proxy DNS Servers Secure Gateway Web App Firewalls OT/IOT Device Logs Threat Intel Feeds Anti-Virus No custom sensors or agents required Multiple Factors Behavior Severity Rating Analytic Confidence Network Priority Asset Priority SOC Feedback Business Priorities Customer Configurable And Trainable 82 Multi-Modal AI/ML 40+ Algorithms Ecosystem Baseline Biased vs Unbiased Decision Models Anomaly Detection “Normal” Deviations Behavior Triggers Known Threats/IOC sAutomated, advanced detection Evidence Case Files Summary Data Risk Guidance Associated Entities Supporting Evidence Outlier Summary Entity Details External Sources Previous Instances Associated IPs Action Guidance Remove Host Block IP/Domain/URL IP Access Blocked Forensic Investigation Exfiltration Analysis Remove P2P App User/Service Acct Investigation Acceptable Use Guidance Activity Validation Activity Incident Escalation Credential Cancellation
  • 26. AI/ML Findings and Case Details 26 Wire Transfer PC communicating with Latvia, Russia, Cyprus
  • 27. Case Details: Associated Entities 27 Outliers automatically grouped into Entities
  • 28. Case Details: Risk Assessment Created 28 Risk Assessment Value Popped up when Analytics fired Time Line of Machine learning scores changing and Analyst efforts are all automatically created
  • 29. Case Details: Outliers Analytics Details 29 Details on unauthorized C&C communication to one of the 4 C&C servers
  • 30. Case Details: Risk Score 30 Easy to understand multifaceted Spider Web Risk Visual
  • 31. Case Details: External Case Information CTC adds external commentary offering research and context 31
  • 32. Case Details: Remediation & Recommendation Details 32 Remediation Details Recommendation Details
  • 33. Case Details: Log Details & Global Search Capability 33 Log Search Function finds all related logs easily
  • 34. Case Details: Log GEO IP Details 34 GEOIP shows Latvia C&C Location Connections were made to 4 other locations of dubious reputation
  • 35. 35 Test your AI/ML Based System • Determine use cases, compliance requirements • Architect integration requirements • Validate data transfer • Document log lifecycle process • Validate network, devices and hosts impact within acceptable operational ranges • Validate entire lifecycle of representative test events • Validate findings of system with appropriate tools and processes • Validate use cases • Determine ROI for time savings, tool savings, response time reduction
  • 36. 36 Tools to Estimate and Validate Impact
  • 37. • Leverage combination of unsupervised ML and behavioral analytics to identify previously unknown threats • Use ML techniques, coupled with AI to provide context and automation to the findings and workflow • ML and AI together will find threats and related info faster and enable SOC analyst efficiency and help reverse the alarming trend in data breaches 37 The Future: Fix the Security Problem! Trust Me! I command You!
  • 38. Breaking the Ransomware Lifecycle by using the World’s Most Advanced Analytics Platform July 2019
  • 39. Criminal Enterprise Set up Domain and WWW site Created Malware delivery method selected Bitcoin Account established Anonymous Email Account Set up The ‘Net Emails sent Cloud & Premises Based User Clicks On Email URL or other infection method Firewall Proxy DNS Outbound Connections The ‘Net Criminals Criminal WWW Site Firewall Proxy IPS End User Computer Infected Email Delivered to Inbox The ‘Net Criminal WWW Site Outbound FAILURE 1 Email Passes Cloud and Traditional Protection FAILURE 2 End User Training Fails FAILURE 3 Desk Top AV Fails FAILURE 4 DNS Allows Resolution FAILURE 7 IPS Allows Traffic FAILURE 6 Firewall Allows Traffic FAILURE 5 Proxy Does Not Block FAILURE 10 Desk Top AV Fails Again FAILURE 9 Firewall Allows Traffic FAILURE 8 Proxy Does Not Block FAILURE 11 East West Traffic Not Inspected FAILURE 14 Host Based AV/HIPS Fail FAILURE 13 No E-W Firewall Stopping attacks FAILURE 15 Outbound FW Traffic Not Stopped FAILURE 12 Unpatched Servers Vulnerable FAILURE 17 IPS Allows Traffic Microsoft ATP And All others Email Protections: FAILURE 20 SOC Analysts have Alert Overload FAILURE 19 SIEM’s log but don’t prioritize Network Attached Users & Servers Scanned, Attacked, Encrypted FAILURE 18 Proxy Does Not Block FAILURE 16 DNS Allows Resolution Servers Are Encrypted, Backups Corrupted, Logs Deleted Ransomware Interrupts Business Pay Criminals Bitcoin for Key Happy Criminals Funded and Emboldened Criminals Attack More Users Worldwide The Lifecycle of Successful Ransomware Traditional Defenses Have Multiple Failure Points
  • 40. FAILURE 20 SOC Analysts have Alert Overload FAILURE 19 SIEM’s log but don’t prioritize BREAK the Lifecycle of Successful Ransomware Empower Your Traditional Defenses with nLighten!Criminal Enterprise Set up Domain and WWW site Created Malware delivery method selected Bitcoin Account established Anonymous Email Account Set up The ‘Net Emails sent Cloud & Premises Based User Clicks On Email URL or other infection method Firewall Proxy DNS Outbound Connections The ‘Net Criminals Criminal WWW Site Firewall Proxy IPS End User Computer Infected Email Delivered to Inbox The ‘Net Criminal WWW Site Outbound • Analytics Find & Alert on Unauthorized Activities in DNS, Firewall, Proxy, AV, IPS & AD Logs • Security Analysts Alerted - can see every stage of attack; typically stop attack at End User Level before costly damage FAILURE 1 Email Passes Protection Logs Created Logs Created FAILURE 2 End User Training Fails FAILURE 3 Desk Top AV Fails FAILURE 4 DNS Allows Resolution FAILURE 7 IPS Allows Traffic FAILURE 6 Firewall Allows Traffic FAILURE 5 Proxy Does Not Block FAILURE 10 Desk Top AV Fails Again FAILURE 9 Firewall Allows Traffic FAILURE 8 Proxy Does Not Block Logs Created FAILURE 11 East West Traffic Not Inspected FAILURE 14 Host Based AV/HIPS Fail FAILURE 13 No E-W Firewall Stopping attacks FAILURE 15 Outbound FW Traffic Not Stopped FAILURE 12 Unpatched Servers Vulnerable SUCCESS: Stop Ransomware before business interruptions / costly recovery efforts FAILURE 17 IPS Allows Traffic Logs Created Microsoft ATP And all others Email Protections: Network Attached Users & Servers Scanned, Attacked, Encrypted FAILURE 18 Proxy Does Not Block FAILURE 16 DNS Allows Resolution Logs Created Logs Created
  • 41. Pete Nicoletti pete@Cybraics.com • CISO for Hertz Global, Virtustream/RSA/EMC/DELL, VP Security Engineering Terremark • Gartner’s “most secure cloud design” #1 and #2 • Whitehouse.gov, FBI.Gov, DOT.gov, VA, Library of Congress and more Federal Projects • Managed two clouds through FEDRAMP and eventually to EAL 5 • Book Author/Contributor: “An Intel Reference Design for Secure Cloud” • 20 years Security, Red Team leader, Incident Response leader • Chief Data Officer at Cybraics focused on Security Operations, NIST 800-53 certification and product development • Secret Service Miami Electronic Crime Task Force, FBI Infragard Contributor • Awarded Top 100 Global CISO in 2017 Pete has 31 years of impressive success and responsibility in the deployment, marketing, sales, product development, engineering design, project implementation and operation of information technology, IaaS/SaaS/PaaS, cloud, data center operations, the entire spectrum of security technologies, compliance frameworks, Global Security Deployments and operations and Managed Security Service Provider services and operations. Prior Experience:Skills IR, Product Management, Cyber Security, MSSP, Operations Education/Certifications/Presentations BS University of Tennessee CCSK, CISA,CISSP,SANS GIAC, FCNSP, CCSE “Opensource Security Concerns” Security Mag. 11/17 “How to Sell Cybersecurity to your Team” CSO Mag. “Not Obscured by Clouds, Forensics and Cloud Visibility,” Netscout Global Conference, April, 2017 “Cloud Forensics, A practitioners View,” CS World 2016 “Cloud Security, Latest Developments,” ISSA Conf 2016 “Auditing the Cloud Challenges,” ISACA Conference, 2017 “Best Practices and the Latest Advances in Cloud Security,” THANK YOU!