hexis cyber solutions: rules of engagement for cyber security automation
TRANSCRIPT
![Page 1: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/1.jpg)
Automated Threat Removal
Todd Weller VP Corporate Development
June 2015
![Page 2: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/2.jpg)
What is Automated Threat Removal?
An integrated approach to threat detection and response
that leverages flexible, policy-‐based automation to
detect, verify, and remove threats before they do damage.
![Page 3: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/3.jpg)
The Response Problem
Despite deploying lots of security technologies, organizations continue to experience multiple challenges responding to threats.
Not enough skilled people to respond fast enough
AV and Network Perimeter not blocking threats
1
Too many events and false positives to review
2 3
![Page 4: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/4.jpg)
The Response Problem
Despite deploying lots of security technologies, organizations continue to experience multiple challenges responding to threats.
Response Visibility
1
Verification
2 3
![Page 5: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/5.jpg)
Spending Shift to Detection and Response
Detection & Response
Prevention
§ Prevention is not 100% effective
§ Nature of attacks driving need for greater visibility
§ Response more top of mind
![Page 6: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/6.jpg)
Move to Continuous Response
§ Attack environment resulting in increased investment in response
§ Continuous attacks driving shift from incident response to continuous response
§ Continuous response requires increasing use of automation
![Page 7: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/7.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 7
Why Automation is Necessary
![Page 8: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/8.jpg)
Human Assets Are Tough to Find and Scale
![Page 9: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/9.jpg)
Demand for Talent Outstripping Supply
Source: Burning Glass Technologies “Job Market Intelligence: Report on the Growth of Cybersecurity Jobs”
“The talent you’re looking for in incident response is absolutely the hardest I’ve seen to find in security in general”
-‐Christine Gadsby, Manager, Blackberry Product Security Incident response Team
![Page 10: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/10.jpg)
Automated Attacks = Automated Defense
![Page 11: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/11.jpg)
Forrester’s Call for Automated Response
“A call to action for a more automated threat response process based on developing a set of cyber rules of engagement”
![Page 12: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/12.jpg)
“Security Automation is Inevitable”
Source: Forrester Research
Forrester Rules of Engagement Themes Better tools to detect breaches
Defining policy (rules of engagement) to facilitate of adoption of automation
Response index
![Page 13: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/13.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 13
What are essential ingredients?
![Page 14: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/14.jpg)
Automated Response Visibility Verification
1 2 3
![Page 15: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/15.jpg)
§ Ensuring environments are properly instrumented to detect today’s threats
§ Initial focus was network-‐based sandboxing solutions
§ Focus shifting to Endpoint Visibility & Control
Visibility 1
![Page 16: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/16.jpg)
Advanced Threat Detection Frameworks
![Page 17: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/17.jpg)
Takeaways
§ Sandboxing is important but it’s just one component of defense § Malware increasingly sandbox aware and evading sandboxes
§ Visibility on both endpoints and the network is required § Including correlation of activity
![Page 18: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/18.jpg)
§ STRATEGIC: Corroboration and threat fusion to improve detection and prioritize investigation and response
§ TACTICAL: Solving “ghost alert” issue related to network security alerts
Verification 2
![Page 19: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/19.jpg)
§ A collection of countermeasures that can be flexibly deployed based on policy
§ Ability to operate countermeasures in any combination of automated or machine-‐guided modes
§ Manual investigation capabilities
Automated Response 3
![Page 20: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/20.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 20
![Page 21: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/21.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 21
Mix ‘em up so they work together…
![Page 22: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/22.jpg)
Automation Requires Integration
§ Visibility
§ Verification
§ Automated Response
Integration & Orchestration
![Page 23: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/23.jpg)
HawkEye G Solves the Response Problem
1 2 3
Detect Verify Remove
Integrated platform: • Real-‐time endpoint agents • Network edge detection • 3rd party ecosystem
Host and Network correlation confirms the
threat to pinpoint where you really need to respond
Automation and machine-‐guided is a force multiplier to remove the threat before breach
![Page 24: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/24.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 24
HawkEye G Manager
Hexis Threat Feed
HawkEye G Network Sensor
Detect
Endpoints + Network
174 Heuristics 19 Threat Feeds
3rd Party Integration
Third-Party Integrations
FireEye® NX
PAN NGFW + WildFire®
19
HawkEye G Host Sensor
174
![Page 25: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/25.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 25
174
Verify
Introducing ThreatSync™
Hexis Threat Feed Third-Party Integrations
HawkEye G Network Sensor
Threat Fusion Threat Analytics
Indicator Scoring Device Incident Score
ThreatSync
FireEye® NX
PAN NGFW + WildFire®
HawkEye G Host Sensor
19
![Page 26: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/26.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 26
174
Hexis Threat Feed Third-Party Integrations
HawkEye G Network Sensor
Remove
Policy Manager Countermeasures
Kill
Quarantine
Block
Expire
Forensics
Future
ThreatSync
FireEye® NX
PAN NGFW + WildFire®
HawkEye G Host Sensor
Surgical Machine Guided
Automatic
19
![Page 27: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/27.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 27
Hexis Threat Feed Third-Party Integrations
HawkEye G Network Sensor
Report
Policy Manager Countermeasures
Kill
Quarantine
Block
Expire
Forensics
Future
ThreatSync
+
FireEye® NX
PAN NGFW + WildFire®
174
HawkEye G Host Sensor
19
Machine Guided Automatic
![Page 28: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/28.jpg)
§ Detect, Verify, Remove
§ Endpoint + network
§ Improve detection effectiveness
§ Verify endpoint infections
§ Enable automated response
§ U.S. Intelligence Community reference architecture (SHORTSTOP)
§ Integrated Active Cyber Defense (ACD) solution
§ Includes Hexis, Palo Alto, FireEye, and Splunk
How Hexis is Embracing Integration
Architectures Integrated Platform ThreatSync™
![Page 29: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/29.jpg)
Hexis Key Differentiators § Full arsenal of machine-‐guided and automated countermeasures that can be
flexibly deployed based on policy
§ Endpoint sensing capabilities – heuristics, real-‐time eventing
§ Endpoint + network including correlation
§ ThreatSync™ analytics fuses Hexis detection with 3rd party indicators
§ Integrated platform spanning detection, investigation, and response
§ Developed using military-‐grade cyber capabilities and state-‐of-‐the-‐art commercial technologies
![Page 30: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/30.jpg)
Forrester’s Call for Automated Response
“A call to action for a more automated threat response process based on developing a set of cyber rules of engagement”
REVIEW
![Page 31: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/31.jpg)
“Security Automation is Inevitable”
Source: Forrester Research
Forrester Rules of Engagement Themes Better tools to detect breaches
Defining policy (rules of engagement) to facilitate of adoption of automation
Response index
REVIEW
…totally in sync HawkEye G 3.0 vision
![Page 32: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/32.jpg)
Security Automation Adoption
§ Crawl, walk, run
§ Early win automation use cases § Verification of network alerts § Automated removal of nuisance malware
§ Organizations can buy and operate their own automation platforms or consume via a managed service
![Page 33: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/33.jpg)
Security Automation Benefits
§ Increase in response time = improved security posture § Narrow gap between time to detect and time to remediate
§ Automation can serve as a force multiplier for scarce human
security resources § Free up existing resources to focus on more meaningful alerts/issues § Efficiently scale response efforts
![Page 34: Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation](https://reader031.vdocuments.us/reader031/viewer/2022020219/55cccf29bb61eb090d8b47e6/html5/thumbnails/34.jpg)
Copyright © 2015, Hexis Cyber Solutions, Inc. All rights reserved. Page 34
Questions?
Thank You!