threat hunting and incident response with fireeye - …...agenda •about cs computer systems...
TRANSCRIPT
Threat hunting and incident response with FireEye
Jure Šimundić
CS Computer Systems
RiSK Conference 2019, Laško
Agenda
• About CS Computer Systems
• Security Timeline
• Threat Hunting and Incident Response
• FireEye technology
• FireEye processes & FireEye people
• FireEye EcoSytem
CS Computer Systems
• 30 years on the market
• 150 employees
• 500 certificates
• 18 mil EUR annual revenue
• IT Service Provider and System integrator
• Security Solutions
• Computer Solutions
• Communications Solutions
• Audio and Video Solutions
• CRM and Digital Marketing
Security Customers
• Government
• Finance
• Telco & Communications
• Energy
• Industry
• Media
Vendors
Computer Solutions HP,IBM,NetApp,Lenovo,Microsoft,RedHat,Vmware
Communications Cisco,HP,Juniper,BrandRex
SecurityFireEye,F5,CheckPoint,Imperva, Exabeam,IBM,
TrendMicro,Kaspersky,Forcepoint,CISCO,Tenable,
ReversingLabs
Audio&Video Avid,Harmonic,Evertz, Aviion
CRM, Digital Marketing OracleSiebel
Securitytimeline
Capability
Time
SIEM
monitoring
Response
Capability
ThreatIntel&
DataAnalytics
Antivirus
Firewall
IDS/IPS
NextGenFirewall
SIEM
AdvancedThreatProtection
ThreatDetectionandResponse
LogAnalytics
On-DemandCIRTservices
Forensics
IncidentResponse
ThreatIntelSubscription
APThunting
Threat Hunting and Incident Response
People
Processes
Technology
with …
FireEye
FireEye Technology
FireEye People & Processes
AXHX
CM
IA
SOC
Threat
Intelligence
Managed
Defense
Education
& Processes
Security
operations
platform
FaaS
Mandiant Helix
iSight
FireEye EcoSystem
Questions, vprašanja, pitanja
FaaS
Mandiant
Helix
iSight
Conclusion
• Have a complete view of security:
§ educate and train peple
§ detection & prevention phase is important, but not everything
§ breaches are inevitable, sooner or later it can happen
§ be prepared for forensic analysis and incident response
§ work with a vendor that offers both detection and prevention, but can also help with forensic analysis and incident response
§ work with a partner that has the capability to help you solve the security incident, not just resell / install the technology
Visit @ RiSK 2019 …
FireEye Detecting and hunting lateral movement
• Anca Holban, Senior Systems Engineer CEE
• Red Hall workshop, March 21st, 11:30 – 12:00
PeopleTechnology
Processes
El fin
CSComputerSystemsPrečko1a|HR-10110Zagreb
T. +38513855855
F. +38513882555
W. www.cs.hr