maintaining cyber readiness in an evolving threat landscape - cyber security … · 2017-11-02 ·...
TRANSCRIPT
![Page 2: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/2.jpg)
TheModernCyberThreatPandemic 3,930Breachesin2015
953Breachesin2010
321Breachesin2006
736millionrecordswereexposedin2015,comparedto96millionrecordsin2010
Thesecurityindustryisfacingserioustalentandtechnologyshortages
Selected
DataBreaches
Source:World’sBiggestDataBreaches,InformaKonisBeauKful
![Page 3: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/3.jpg)
NoEndInSight
MoKvatedThreatActors
Cyber-crimeSupplyChain
ExpandingAQackSurface
MoIvatedThreatActors
Cyber-crimeSupplyChain
ExpandingANackSurface
![Page 4: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/4.jpg)
ModernthreatstaketheirKmeandleveragetheholisKcaQacksurface
TheCyberaNackLifecycle
Recon.&Planning
IniKalCompromise
Command&Control
LateralMovement
TargetAQainment
ExfiltraKon,CorrupKon,DisrupKon
![Page 5: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/5.jpg)
ProtecIonThroughFasterDetecIon&Response
HighVulnerability LowVulnerability
Months
Days
Hours
Minutes
Weeks
MTTD&M
TTR
MEANTIMETODETECT(MTTD)TheaverageKmeittakestorecognizeathreatrequiringfurtheranalysisandresponseeffortsMEANTIMETORESPOND(MTTR)TheaverageKmeittakestorespondandulKmatelyresolvetheincident
Asorganiza+onsimprovetheirabilitytoquicklydetectandrespondtothreats,theriskofexperiencingadamagingbreachisgreatlyreduced
ExposedtoThreats ResilienttoThreats
![Page 6: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/6.jpg)
ObstaclesToFasterDetecIon&Response
AlarmFaKgue
SwivelChairAnalysis
ForensicDataSilos
FragmentedWorkflow
LackofAutomaKon
![Page 7: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/7.jpg)
ObstaclesToFasterDetecIon&Response
AlarmFaKgue
SwivelChairAnalysis
ForensicDataSilos
FragmentedWorkflow
LackofAutomaKon
EffecKveThreatLifecycleManagementü Addressestheseobstaclesü EnablesfasterdetecKonand
responsetothreats
![Page 8: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/8.jpg)
ThreatLifecycleManagement(TLM)
• SeriesofalignedsecurityoperaKonscapabiliKes
• Beginswithabilityto“see”broadlyanddeeplyacrossdistributedITenvironment
• Finisheswithabilitytoquicklyneutralizeandrecoverfromsecurityincidents
Goal:reducemeanKmetodetect(MTTD)andmeanKmetorespond(MTTR),withoutrequiringincreasedstaffinglevels
![Page 9: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/9.jpg)
StepsToFasterDetecIon&Response
UnderstandingWhatYouHave
HolisKcVisibility
DecepKonBasedDefenses
RoundTheClockMonitoring
SecurityAwareness
![Page 10: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/10.jpg)
End-to-EndThreatLifecycleManagementWorkflow
TIMETODETECT TIMETORESPOND
ForensicDataCollecIon
InvesIgateQualifyDiscover RecoverNeutralize
Securityeventdata
Log&machinedata
Forensicsensordata
SearchanalyKcs
MachineanalyKcs
Assessthreat
Determinerisk
IsfullinvesKgaKonnecessary?
Analyzethreat
Determinenatureand
extentofincident
Implementcounter-measures
MiKgatethreat&associatedrisk
Cleanup
Report
Review
Adapt
![Page 11: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/11.jpg)
ThisApproachIsNotEffecIve
NetworkMonitoring&Forensics LogManagement SIEM User&EnKty
BehavioralAnalyKcs
EndpointMonitoring&Forensics
SecurityAutomaKon&OrchestraKon
NetworkBehavioralAnalyKcs
SecurityAnalyKcs
![Page 12: Maintaining Cyber Readiness in an Evolving Threat Landscape - Cyber Security … · 2017-11-02 · Maintaining Cyber Readiness in an Evolving Threat Landscape Brent Benson Brent.benson@](https://reader035.vdocuments.us/reader035/viewer/2022062602/5f020a1e7e708231d40246a0/html5/thumbnails/12.jpg)
HolisIcApproach
ForensicData
CollecKonDiscover Qualify InvesKgate Neutralize Recover