prepare to be breached: how to adapt your security controls to the “new normal”
TRANSCRIPT
Introductions
Fran HowarthSenior Analyst with Bloor
Patrick BedwellVP, Product Marketing with AlienVault
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Breach victims
“It’s not if, but when and how often”
Three-fold increase
over previous year
Source: PwC/Infosec Europe 2014, Symantec
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Smaller firms vital for the economy
Source: UK Department for Business, Innovation & Skills
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Challenges in threat detection for SMEs
Source: Ponemon Institute
telling the right storyConfidential © Bloor Research 2015
A more proactive response
A unified security management platform:
Asset discovery
Vulnerability and threat management
Intrusion detection, threat identification and management
Behavioural monitoring
Security intelligence
Centralised management
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Threat identification: the role of threat intelligence
Source: InformationWeek
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Technology investments in event of breach
Source: Ponemon Institute
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Use of SIEM for security intelligence
Source: InformationWeek
telling the right storyConfidential © Bloor Research 2015
Integrate tools into a single operating console
or dashboard
Maintain a continually updated software
inventory
Use continuous vulnerability monitoring
Complete a hardware inventory
Use network mapping
Incorporate log aggregation and correlation
Take threat intelligence feeds for threat
identification and prioritisationSource: SANS Institute
Recommendations
telling the right storyConfidential © Bloor Research 2015 telling the right storyConfidential © Bloor Research 2015
Expected improvements for incident response
Source: SANS Institute
telling the right storyConfidential © Bloor Research 2015
Advantages of security management platforms
Correlation of data from throughout network
Anomaly detection
Comprehensive visibility
Advanced threat protection
Risk prioritisation
Alerting and monitoring
Customise according to business needs
Demonstrate adherence to policies and controls
Protect sensitive data
Limit exposure to breach disclosure
Reduce risk to business partners and customers
Reduce costs
AlienVault USM
ASSET DISCOVERY• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software Inventory
VULNERABILITY
ASSESSMENT• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL
MONITORING• Log Collection
• Netflow Analysis
• Service Availability
Monitoring
SIEM• SIEM Event Correlation
• Incident Response
THREAT DETECTION• Network IDS
• Host IDS
• File Integrity Monitoring
Integrated, Essential Security Controls
Integrated Threat Intelligence
Including Remediation & Response Guidelines
Coordinated Analysis, Actionable Guidance
Integrated Threat Intelligence
Including Remediation & Response Guidelines
Coordinated Analysis, Actionable Guidance
Now for some Q&A…
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Questions?
Twitter: @alienvault