focus recap 2015 - sander
TRANSCRIPT
![Page 1: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/1.jpg)
1
Golden Hour
“Time to react !”
![Page 2: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/2.jpg)
2
The challenge…
Detect and remediate threats quickly to
minimize the effect on your organization
Source: Verizon DBIR 2015
Average time to resolution
32 DAYS
Average cost per day
$32,469
Hours Weeks Months
DISCOVERY CONTAINMENTATTACK COMPROMISE
![Page 3: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/3.jpg)
3
Minimize loss by situational awareness
Attack time
Data,
financial,
reputationIrregularity
undetectedAttack
initiated
Breach
impact
Again, detect and remediate threats quickly before the costs
explode in time.
![Page 4: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/4.jpg)
4
Minimize loss by situational awarenessBreach
impact
Attack time
detected
in real time minimal or no loss
verified
irregularity
escalated
✔ threat
mitigated
Attack
initiated
Again, detect and remediate threats quickly before the costs
explode in time. The managed security service detects threats
designed to evade companies defensive capabilities.
![Page 5: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/5.jpg)
5
The value of stolen data
Creditcards and other payment information
the most common stolen data
+ date of birth, billing address and/or U/P
⏏ login credentials payment accounts
⏏ login premium content (online/tv)
Acces to companies⏏
Source: https://blogs.mcafee.com/executive-perspectives/customer-data-worth/#sf15096012 (vision CTO Intel Security Raj Samani)
Personalised data (e-mail and/or zombie pc)
![Page 6: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/6.jpg)
6
Information and exploit trading
![Page 7: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/7.jpg)
7
![Page 8: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/8.jpg)
8
![Page 9: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/9.jpg)
9
![Page 10: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/10.jpg)
10
Minimize loss by situational awareness
“Situational awareness involves being aware of
what is happening in the vicinity to understand
how information, events, and one's own
actions will impact goals and objectives, both
immediately and in the near future.”
![Page 11: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/11.jpg)
11
Minimize loss by situational awareness
Aware: bewust zijn van
Happening: wat er gebeurt
Vicinity: in, van en richting je omgeving
Understand: snappen, kennis hebben
Impact: gevolgen
Immediately: nu, real time, altijd
near future: straks, real time, altijd
![Page 12: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/12.jpg)
12
De ‘Kill Chain’
‘Stappen van een aanvaller’
Attack Scenarios - aanvallen begrijpen om antwoord te bieden
Mitigation Scenarios - juiste security maatregelen gebruiken
Detection scenarios – ‘connecting the dots’
Doorgronden Kill Chain kan tot betere “Security Posture” leiden
Start
Stap 1 Stap 2 Stap 3 Stap 4 Stap 5 Stap 6 Stap 7
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Act on Objectives
![Page 13: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/13.jpg)
13
![Page 14: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/14.jpg)
14
DearBytes
Managed Security Services
![Page 15: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/15.jpg)
15
![Page 16: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/16.jpg)
16
Business drivers security monitoring
“I don’t know what is going on within my infrastructure, but I should”
“Our customer data is highly confidential”
“Trust is of the utmost importance to our customers”
“We have been hacked / I don’t want to get hacked”
“…ICT business drivers….”
“We are working on our PCI compliancy”
“We are working on our SOX compliancy”
“We are working on our … compliancy”
![Page 17: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/17.jpg)
17
Key objectives SIEM security monitoring
1. Identify threats and detect possible breaches
2.Collect audit logs for security and compliance
3.Conduct investigations and provide evidence
4.Hunt for the needles in the haystack
![Page 18: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/18.jpg)
18
Eyes and ears on your infrastructure
Provides unprecedented insight in the infrastructure and user behavior within your company
What assets are within my organization, what is their status and what are they up against ?
In the past, present and future
Dashboard available for customer–
–
![Page 19: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/19.jpg)
19
‘Be in control’, stages SIEM maturity process
Anticipate
Prevent
Detect
Respond
Correct
![Page 20: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/20.jpg)
20
Productivity gains
Stand-alone solution
Supports also cloud and/or BYOD
Users/ administrators don’t experience production loss in their environment
Provides in-depth knowledge of (bandwidth) usages of the several network segments
Optimize the protective measurements lowering the responsive tasks of system administrators
Able to handle actionable intelligence based on STIX/TAXII
Can generate input for ‘Active Response’
![Page 21: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/21.jpg)
21
(Digital) fraud resilienceness
(pro)actively interact with security administration
Involve MERT quickly and effectively
Forensic readiness by centralized data retention
Providing evidence in case of a court procedure
Connecting dots and filling the gaps between core infrastructural components, security products/ functionality, system data and actionable intel
Holistic approach combining policy-based verification with technology-driven detection
![Page 22: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/22.jpg)
22
R
P
E M
I
Routine
Products
Expertise Manpower
Intelligence
Key elements SOC
![Page 23: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/23.jpg)
23
Expert Security Analysts
Observing your infrastructure 24x7
Available daily, also evening/night/weekend
Four eyes on screen
Log-, system-, network forensic skillset
Latest cyber threat research
Neutral 3rd party
Regular meetings with your personal security analyst to discuss incidents, trends and security highlights
![Page 24: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/24.jpg)
24
![Page 25: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/25.jpg)
25
Building more mature security posture
Optimizing preventive measures and/or
spotting the gaps within to take
appriopriate countermeasures
Defending current security budgets or
creating new ones by analyzing tactical and
stratigical trends
![Page 26: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/26.jpg)
26
Helps compliancy objectives
Having detection controls in place
ticks a box in itself
Centralized tamperproof logvault
Dashboard/ reporting functionality
is used by some customers for
compliancy
![Page 27: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/27.jpg)
27
Incident reporting
Within 30 minutes you are alerted
24x7
Mitigation tactics
Root cause analysis
Involved assets
Technical details
![Page 28: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/28.jpg)
28
Reporting functionality
Summary and recommendations
Actionable reporting of true positives only
General indication about the security level
Incident and event statistics
Trend analysis of most common attacks
Compliancy reports (SOX, PCI, FISMA, GLBA, HIPAA)
![Page 29: FOCUS Recap 2015 - Sander](https://reader033.vdocuments.site/reader033/viewer/2022051708/587fa8d01a28ab825e8b77ab/html5/thumbnails/29.jpg)
29
Questions ?