Threat hunting and incident response with FireEye

Jure Šimundić

CS Computer Systems

RiSK Conference 2019, Laško

Agenda

• About CS Computer Systems

• Security Timeline

• Threat Hunting and Incident Response

• FireEye technology

• FireEye processes & FireEye people

• FireEye EcoSytem

CS Computer Systems

• 30 years on the market

• 150 employees

• 500 certificates

• 18 mil EUR annual revenue

• IT Service Provider and System integrator

• Security Solutions

• Computer Solutions

• Communications Solutions

• Audio and Video Solutions

• CRM and Digital Marketing

Security Customers

• Government

• Finance

• Telco & Communications

• Energy

• Industry

• Media

Vendors

Computer Solutions HP,IBM,NetApp,Lenovo,Microsoft,RedHat,Vmware

Communications Cisco,HP,Juniper,BrandRex

SecurityFireEye,F5,CheckPoint,Imperva, Exabeam,IBM,

TrendMicro,Kaspersky,Forcepoint,CISCO,Tenable,

ReversingLabs

Audio&Video Avid,Harmonic,Evertz, Aviion

CRM, Digital Marketing OracleSiebel

Securitytimeline

Capability

Time

SIEM

monitoring

Response

Capability

ThreatIntel&

DataAnalytics

Antivirus

Firewall

IDS/IPS

NextGenFirewall

SIEM

AdvancedThreatProtection

ThreatDetectionandResponse

LogAnalytics

On-DemandCIRTservices

Forensics

IncidentResponse

ThreatIntelSubscription

APThunting

Threat Hunting and Incident Response

People

Processes

Technology

with …

FireEye

FireEye Technology

FireEye People & Processes

AXHX

CM

IA

SOC

Threat

Intelligence

Managed

Defense

Education

& Processes

Security

operations

platform

FaaS

Mandiant Helix

iSight

FireEye EcoSystem

Questions, vprašanja, pitanja

FaaS

Mandiant

Helix

iSight

Conclusion

• Have a complete view of security:

§ educate and train peple

§ detection & prevention phase is important, but not everything

§ breaches are inevitable, sooner or later it can happen

§ be prepared for forensic analysis and incident response

§ work with a vendor that offers both detection and prevention, but can also help with forensic analysis and incident response

§ work with a partner that has the capability to help you solve the security incident, not just resell / install the technology

Visit @ RiSK 2019 …

FireEye Detecting and hunting lateral movement

• Anca Holban, Senior Systems Engineer CEE

• Red Hall workshop, March 21st, 11:30 – 12:00

PeopleTechnology

Processes

El fin

CSComputerSystemsPrečko1a|HR-10110Zagreb

T. +38513855855

F. +38513882555

W. www.cs.hr

E. info@cs.hr