esen re advanced security services · 2019. 2. 11. · threat protec on esen re advanced security...
TRANSCRIPT
![Page 1: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/1.jpg)
ac�ve threat protec�on
eSen�re Advanced Security Services The Gartner Con�nuous Advanced Threat Protec�on
Mark Sangster | VP Marke�ng mark.sangster@esen�re.com
Presented to: SecTor 2014
Presented by: eSen�re, Inc.
Date: 22 October 2014
![Page 2: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/2.jpg)
Leaders in Threat Protec�on Services Securing over $2.0 Trillion in Assets
4 November 2014 Slide 2
Founded 2001
450 Clients with Extensive IP in Heavily Regulated
Industries
99.6% Customer Loyalty
Typical Customer A�ributes
» 50-‐25,000 employees
» 1 –20 global offices
» 1-‐25 sensors/customer
» $250M to $160B AuM
High Risk Sensi�vity
Min. in-‐house skills
High value assets
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 3: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/3.jpg)
4 November 2014 Copyright © eSen�re -‐ Confiden�al Slide 3
You Will Be Hacked.
![Page 4: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/4.jpg)
Looking for a New Category
4 November 2014 Slide 4
MSSP EMERGENT TERMINOLOGY
CONVERGENCE INSTABILITITY & JOCKEYING INCUMBENT CATEGORY
Security model is broken
Value dissonance: spend vs. secure
Analyst Defini�ons
Incumbent Vendor
Reposi�oning
New Market Entrants
Device Management
Threat Management
CMaaS/CTP
Opportunity to nudge industry in our direc�on
CONVERGENT POSITIONING
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 5: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/5.jpg)
Gartner Cross-‐silo Architecture
4 November 2014 Slide 5
MSSP EMERGENT TERMINOLOGY
CONVERGENCE INSTABILITITY & JOCKEYING INCUMBENT CATEGORY
Security model is broken
Value dissonance: spend vs. secure
Analyst Defini�ons
Incumbent Vendor
Reposi�oning
New Market Entrants
Device Management
Threat Management
CMaaS/CTP
Opportunity to nudge industry in our direc�on
CONVERGENT POSITIONING
2008-‐2012 2013 2014
MSSP Managed Security Services
CMaaS Con�nuous Monitoring
C-‐ATP Ac�ve Threat Protec�on
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 6: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/6.jpg)
Gartner Architecture: Con�nuous Advanced Threat Protec�on
_2014 Gartner discovers a new security
approach called continuous advanced threat
protection_
4 November 2014 Slide 6 Follow Us @eSen�re Copyright © eSen�re 2014
![Page 7: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/7.jpg)
TARGETS
» Intellectual property (IP)
» Website Brand Damage
» Mergers and acquisi�on (M&A) insider informa�on
» Creden�als to bank accounts
» Industry-‐sensi�ve documents and informa�on
The Risks to Enterprise
4 November 2014 Slide 7
ATTACKS
» Socially engineered emails/calls
» Phishing scams (emails with infected links)
» Infected media
» Stolen mobile devices
THREAT ACTORS
» Hack�vists/Ac�vists
» Terrorists
» Na�on state-‐sponsored
» Organized Criminals
» Smash-‐&-‐Grab Criminals
» Insiders
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 8: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/8.jpg)
14-‐11-‐04 Slide 8
Over the past 12 months, the SOC has iden�fied: -‐ 100% increase in Spear Phishing a�acks -‐ 10% increase in DriveByDownload a�acks -‐ 20% increase in focused Scans/Brute Force a�acks
eSen�re SOC Threat Data and Trends (Q12014, YoY)
SpearPhishing 47%
Focused Scans / BruteForce
29%
DriveByDownload 19%
Other 5%
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 9: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/9.jpg)
A�acks O�en Remain Undetected
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 9
78% Ini�al Intrusions Rates
as LOW Difficulty
69% Discovered by
EXTERNAL Par�es
66% Took MONTHS or More
to Discover
40% Used Some Form of MALWARE
![Page 10: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/10.jpg)
Security Technology Spend Doubled in 10 Years
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 10
$0 $5
$10 $15 $20 $25 $30 $35 $40 $45 $50
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
$46 Billion Globally in 2013
$86B 2016
$60B 2012
$67B 2013
![Page 11: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/11.jpg)
Tradi�onal Security Approaches
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 11
ASSETS & DATA
PERIMETER DEFENSE
![Page 12: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/12.jpg)
Tradi�onal Security Approaches
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 12
Router Firewall
Malware Detec�on User ID and Password
Data
![Page 13: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/13.jpg)
Tradi�onal Security Approaches
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 13
Data Host Virtualiza�on
IDS Router Firewall
VPN PKI
Malware Detec�on User ID and Password
![Page 14: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/14.jpg)
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 14
Data SW & HW Cer�ficates
IPS Packet Inspec�on
SSL Host Virtualiza�on
IDS Router Firewall
Hard Tokens Containeriza�on Virtualiza�on
VPN PKI
Malware Detec�on User ID and Password
![Page 15: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/15.jpg)
Gartner Security Findings
Signatures are dead is misguided hyperbole
Detec�on and Response > Blocking and Preven�on
Incident Response is the wrong mindset
Protec�on is integrated service NOT siloed offerings
Monitoring and Analy�cs are at the core of all next-‐genera�on Security pla�orms
4 November 2014 Slide 15 Follow Us @eSen�re Copyright © eSen�re 2014
![Page 16: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/16.jpg)
Legacy Security Is No Match for Targeted A�acks
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 16
INDISCRIMINATE Malware | SPAM | DoS
Threats are evolving from nuisance to targeted a�acks
TACTICAL Compliance-‐based | Reac�onary
STRATEGIC Intelligence-‐driven | Con�nuous
PHILOSOPHY Perimeter (mul�ple, dislocated) Assume constant compromise
FOCUS Protect all systems Priori�ze high-‐risk assets
DETECTION Signature-‐based technology Behavioral-‐based technology & methods
AWARENESS Headline news Consume real-‐�me threat feeds
RESPONSE Shut down/wipe compromised systems Quaran�ne, gather and preserve forensics
*Architecture a�ributed to IBM
![Page 17: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/17.jpg)
Legacy Security Is No Match for Targeted A�acks
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 17
INDISCRIMINATE Malware | SPAM | DoS
TARGETED Advanced | Persistent | Organized | Mo�vated
Threats are evolving from nuisance to targeted a�acks
TACTICAL Compliance-‐based | Reac�onary
STRATEGIC Intelligence-‐driven | Con�nuous
PHILOSOPHY Perimeter (mul�ple, dislocated) Assume constant compromise
FOCUS Protect all systems Priori�ze high-‐risk assets
DETECTION Signature-‐based technology Behavioral-‐based technology & methods
AWARENESS Headline news Consume real-‐�me threat feeds
RESPONSE Shut down/wipe compromised systems Quaran�ne, gather and preserve forensics
*Architecture a�ributed to IBM
![Page 18: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/18.jpg)
PREDICT PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
Gartner C-‐ATP Architecture
4 November 2014 Slide 18 Follow Us @eSen�re Copyright © eSen�re 2014
CONTINUOUS MONITORING
& ANALYTICS
![Page 19: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/19.jpg)
Gartner C-‐ATP Full Lifecycle Protec�on
4 November 2014 Slide 19 Follow Us @eSen�re Copyright © eSen�re 2014
PREDICT PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
CONTINUOUS MONITORING
& ANALYTICS
DURIN
G
![Page 20: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/20.jpg)
Gartner Five Styles of Defense
4 November 2014 Slide 20 Follow Us @eSen�re Copyright © eSen�re 2014
TIME
WHE
RE TO LOOK REAL-‐TIME/NEAR REAL-‐TIME POST COMPROMISE
NETWORK STYLE 01 Network Traffic Analysis
STYLE 02 Network Forensics
PAYLOAD STYLE 03 Payload Analysis
ENDPOINT STYLE 04 Endpoint Behavior Analysis
STYLE 05 Endpoint Forensics
DETECTION RESPONSE
![Page 21: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/21.jpg)
Con�nuous Monitoring at All Layers
4 November 2014 Slide 21 Follow Us @eSen�re Copyright © eSen�re 2014
NETWORK ENDPOINT
APPLICATION FRONT END
APPLICATION BACK END
PEOPLE
INFORMAITON
![Page 22: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/22.jpg)
Paradigm Shi� in Security
4 November 2014 Slide 22 Follow Us @eSen�re Copyright © eSen�re 2014
OLD MINDSET NEW REALITIES
SIGNATURES ALGORITHMS
POINT SOLUTIONS PLATFORMS -‐ CORRELATE
FIXED PERIMETERS ADAPTIVE PERIMETERS
OWNERSHIP = TRUST REPUTATION SERVICES
SECURITY APPLIANCES SECURITY SOFTWARE
SOLUITION SILOS ADAPTIVE SYSTEMS
SECURITY APPLIANCES SECURITY SOFTWARE
MANUAL POLICY CONFIG AUTOMATION
BLOCK/PREVENT DETECT/RESPOND
INCIDENT RESPONSE CONTINUOUS RESPONSE
PROTECT NETWORK/DEVICES PROTECT INFORMATION
![Page 23: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/23.jpg)
Gartner Recommenda�ons
4 November 2014 Slide 23
Spend less on preven�on and more on detec�on and response »
Follow Us @eSen�re Copyright © eSen�re 2014
Use Gartner’s 12 Cri�cal Capabili�es Framework » Shi� from Incident to Con�nuous Response » Develop a SOC to provide con�nuous monitoring » Con�nuous Monitoring at all layers »
![Page 24: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/24.jpg)
The Case for Ac�ve Threat Protec�on
4 November 2014 Slide 24
» Ever changing threat landscape » ‘Set and forget’ is a myth
» Recrui�ng: scarce talent pool » Retaining: highly compe��ve market
» Infrastructure, process dev/adherence » Costly to build and maintain
»
»
»
TECHNOLOGY
PROCESS
PEOPLE
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 25: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/25.jpg)
A Final Thought…
4 November 2014 Follow Us @eSen�re Copyright © eSen�re 2014 Slide 25
![Page 26: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/26.jpg)
Gartner C-‐ATP | PREVENT
4 November 2014 Slide 26
PREDICT
PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT
HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
CONTINUOUS MONITORING
& ANALYTICS
PREVENT
HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
eSen�re CAPABILITIES
AUTOMATIC BLOCKS BASED ON IOCS
INBOUND PATIENT ZERO PROTECTION
SIGNATURE-‐BASED PREVENTION
DYNAMIC REPUTATION DEFENSE
MANAGED WHITELISTING
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 27: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/27.jpg)
Gartner C-‐ATP | PREVENT
4 November 2014 Slide 27
PREDICT
PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT
HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
CONTINUOUS MONITORING
& ANALYTICS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
eSen�re CAPABILITIES
SANDBOX/MALWARE DETONATION
BEHAVIOR-‐BASED DETECTION ZERO-‐DAY EVENTS
IMMEDIATE AUTOMATIC &
SOC-‐BASED CONTAINMENT AND REPORTING
BEHAVIOR-‐BASED SIGNATURE
UPDATING
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 28: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/28.jpg)
Gartner C-‐ATP | PREVENT
4 November 2014 Slide 28
PREDICT
PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT
HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
CONTINUOUS MONITORING
& ANALYTICS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
eSen�re CAPABILITIES
TARGETED RETROSPECTION
RAPID REMEDIATION
EMBEDDED INCIDENT RESPONSE
OPERATIONALIZED FORENSICS
ACTIONABLE ANALYTICS
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 29: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/29.jpg)
TRAP
4 November 2014 Slide 29
T Targeted
R Retrospec�on A Analy�cs P Pla�orm
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 30: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/30.jpg)
Targeted Retrospec�on
4 November 2014 Slide 30
DISCOVERY DISCLOSURE PATCH AVAILABILITY
PATCH DEPLOYMENT
PATCH COMPLETION
NOW INTRO
MIN
MAX
Follow Us @eSen�re Copyright © eSen�re 2014
![Page 31: eSen re Advanced Security Services · 2019. 2. 11. · threat protec on eSen re Advanced Security Services The Gartner Con nuous Advanced Threat Protec on Mark Sangster | VP Marke](https://reader035.vdocuments.us/reader035/viewer/2022081600/604a3fa51ae3f94aa92b6218/html5/thumbnails/31.jpg)
Gartner C-‐ATP | PREVENT
4 November 2014 Slide 31
PREDICT
PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
RESPOND
REMEDIATE/MAKE CHANGES DESIGN/MODEL CHANGE INVESTIGATE/FORENSICS
PREVENT
HARDEN AND ISOLATE SYSTEMS
DIVERT ATTACKERS
PREVENT INCIDENTS
DETECT
DETECT INCIDENTS
CONFIRM AND PRIORITIZE
CONTAIN INCIDENTS
CONTINUOUS MONITORING
& ANALYTICS
PREDICT
PROACTIVE EXPOSURE ASSESSMENT PREDICT ATTACKS BASELINE SYSTEMS
eSen�re CAPABILITIES
POLICY RISK PROFILING
THREAT INTELLIGENCE/ REPUTATION FEEDS
EVENT LOG ANOMALIES
CONTINUOUS VULNERABILITY
ASSESSMENTS
Follow Us @eSen�re Copyright © eSen�re 2014