the security industry is suffering from fragmentation, what can your organization do about it?

© 2016 ThreatConnect, Inc. All Rights Reserved | All material confidential and proprietary

Uniting Cybersecurity People, Processes, and Technologies Behind an Intelligence-Driven Defense

FRAGMENTATION


Besties with Fragmentation

2


Oversight Committee

3

https://oversight.house.gov/hearing/federal-cybersecurity-detection-response-and-mitigation/




Security == Emotion

4


Detection Deficit The Gap isn’t Closing

5


A House Divided

6


Where Incidents Happen

7

8All material confidential and proprietary

INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p

Receives intel on new threat


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p


IOCs trigger alert in SIEM


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p


RFI+ research yields more

context

Triages event, determines

incident



INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p



context



incident

Expanded indicator set

detects additional

affected assets

Begins response

w/affected system

IOCs, TIPs to IR team to aid informed response

Intel on exploit capability,

vulnerability scan

Notice of risk-relevant event w/basic intel

report


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p



contextPivot on new

info



incident


detects additional

affected assets

Expanded IOCs, content for monitoring

Begins response

w/affected system


Investigation artifacts sent

to intel

Expanded IOCs, context


vulnerability scan

Search for other

exploitable assets

Additional exploit target

intel


report

Kicks off risk assessment

Risk communication

to Sr. Mgmt


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p



contextPivot on new

infoComplete intel

report



incident


detects additional

affected assets


Retroactive search/sweeps aka “hunting”

Begins response

w/affected system



to intel


Investigation determines

containment, recovery begins


vulnerability scan

Search for other

exploitable assets


intelDetermines

potential scope


report


Decision to involve legal,

3rd parties, etc.

Risk communication

to Sr. Mgmt


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p



contextPivot on new

infoComplete intel

report



incident


detects additional

affected assets



Begins response

w/affected system



to intel





vulnerability scan

Search for other

exploitable assets


intelDetermines

potential scope

Address exposed

vulnerabilities


report



3rd parties, etc.

Immediate remedial actions to lower risk

Corrective actions to treat

risk

Risk communication

to Sr. Mgmt

After action review read

out to Sr. Mgmt

Risk communication

& sign-off

Afte

r-act

ion

revi

ew

Incid

ent a

nd

resp

onse

repo

rt


INTE

LSO

CIR

Vuln

M

gmt

Risk

M

gmt

Lder

shi

p



contextPivot on new

infoComplete intel

report



incident


detects additional

affected assets



Begins response

w/affected system



to intel





vulnerability scan

Search for other

exploitable assets


intelDetermines

potential scope

Address exposed

vulnerabilities


report



3rd parties, etc.

Immediate remedial actions to lower risk

Corrective actions to treat

risk

Risk communication

to Sr. Mgmt

After action review read

out to Sr. Mgmt

Risk communication

& sign-off

Afte

r-act

ion

revi

ew

Incid

ent a

nd

resp

onse

repo

rt

Fragmented Actions

Fragmented Teams

Fragmented Technologies


Cohesive Intelligence-Driven Defense

17

● Unite People & Teams

● Align Processes

● Interoperability between technologies


THANK YOU

www.ThreatConnect.com

[email protected] @threatconnect

the security industry is suffering from fragmentation, what can your organization do about it?

Technology