maintaining cyber readiness in an evolving threat landscape...evolving threat landscape brent benson...
TRANSCRIPT
MaintainingCyberReadinessinanEvolvingThreatLandscape
TheModernCyberThreatPandemic 3,930Breachesin2015
953Breachesin2010
321Breachesin2006
736millionrecordswereexposedin2015,comparedto96millionrecordsin2010
Thesecurityindustryisfacingserioustalentandtechnologyshortages
Selected
DataBreaches
Source:World’sBiggestDataBreaches,InformaKonisBeauKful
NoEndInSight
MoKvatedThreatActors
Cyber-crimeSupplyChain
ExpandingAQackSurface
MoIvatedThreatActors
Cyber-crimeSupplyChain
ExpandingANackSurface
ModernthreatstaketheirKmeandleveragetheholisKcaQacksurface
TheCyberaNackLifecycle
Recon.&Planning
IniKalCompromise
Command&Control
LateralMovement
TargetAQainment
ExfiltraKon,CorrupKon,DisrupKon
ProtecIonThroughFasterDetecIon&Response
HighVulnerability LowVulnerability
Months
Days
Hours
Minutes
Weeks
MTTD&M
TTR
MEANTIMETODETECT(MTTD)TheaverageKmeittakestorecognizeathreatrequiringfurtheranalysisandresponseeffortsMEANTIMETORESPOND(MTTR)TheaverageKmeittakestorespondandulKmatelyresolvetheincident
Asorganiza+onsimprovetheirabilitytoquicklydetectandrespondtothreats,theriskofexperiencingadamagingbreachisgreatlyreduced
ExposedtoThreats ResilienttoThreats
ObstaclesToFasterDetecIon&Response
AlarmFaKgue
SwivelChairAnalysis
ForensicDataSilos
FragmentedWorkflow
LackofAutomaKon
ObstaclesToFasterDetecIon&Response
AlarmFaKgue
SwivelChairAnalysis
ForensicDataSilos
FragmentedWorkflow
LackofAutomaKon
EffecKveThreatLifecycleManagementü Addressestheseobstaclesü EnablesfasterdetecKonand
responsetothreats
ThreatLifecycleManagement(TLM)
• SeriesofalignedsecurityoperaKonscapabiliKes
• Beginswithabilityto“see”broadlyanddeeplyacrossdistributedITenvironment
• Finisheswithabilitytoquicklyneutralizeandrecoverfromsecurityincidents
Goal:reducemeanKmetodetect(MTTD)andmeanKmetorespond(MTTR),withoutrequiringincreasedstaffinglevels
StepsToFasterDetecIon&Response
UnderstandingWhatYouHave
HolisKcVisibility
DecepKonBasedDefenses
RoundTheClockMonitoring
SecurityAwareness
End-to-EndThreatLifecycleManagementWorkflow
TIMETODETECT TIMETORESPOND
ForensicDataCollecIon
InvesIgateQualifyDiscover RecoverNeutralize
Securityeventdata
Log&machinedata
Forensicsensordata
SearchanalyKcs
MachineanalyKcs
Assessthreat
Determinerisk
IsfullinvesKgaKonnecessary?
Analyzethreat
Determinenatureand
extentofincident
Implementcounter-measures
MiKgatethreat&associatedrisk
Cleanup
Report
Review
Adapt
ThisApproachIsNotEffecIve
NetworkMonitoring&Forensics LogManagement SIEM User&EnKty
BehavioralAnalyKcs
EndpointMonitoring&Forensics
SecurityAutomaKon&OrchestraKon
NetworkBehavioralAnalyKcs
SecurityAnalyKcs
HolisIcApproach
ForensicData
CollecKonDiscover Qualify InvesKgate Neutralize Recover
13|©2016LogRhythm