threat detection & response - sans leak password guessing breach ... brand credibility landscape...
TRANSCRIPT
![Page 1: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/1.jpg)
Threat Detection & Response Control Point Management Developing a Visibility and Measurement Platform that Manages and Improves Operations
Nancy Thompson Director of Operations
CYBER RISK DEFENSE CENTER
![Page 2: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/2.jpg)
1 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Introduction
Log Layer
Correlation
Events
Thompson’s Dashboard
![Page 3: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/3.jpg)
2 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
NETWORK
ANTHEM
LOSS OF MEMBER TRUST
SERVER
CREDENTIALS LOSS OF TRUST
SONY LEAK
PASSWORD GUESSING
BREACH
DATA THEFT COMPROMISE PHISHING
BACK DOOR
PHISHING CRIMINAL
CYBER SECURITY COST
HEART BLEED
PERSONAL INFORMATION STOLEN ATTACK MALWARE IP ADDRESS
TARGET COMPLEXITY BRAND CREDIBILITY
Landscape
![Page 4: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/4.jpg)
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Agenda
Approach Resulting Approach Complexity Solution Challenges Results
![Page 5: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/5.jpg)
4 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Exfiltration Escalation Infiltration Advanced Warning
Approach
System exploitation
Malware
Account hijacking
Privilege escalation
Lateral movement
Data transmission &
theft
External intel
System probes
Phishing
Account hijacking
Privilege escalation
Lateral movement
Addressing the Lockheed Martin Cyber Kill Chain®
![Page 6: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/6.jpg)
5 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Resulting Complexity
![Page 7: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/7.jpg)
6 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Solution Requirements
Process flow flexibility
Ability to add in “control points” where we needed them
Dashboards which manage work, issues & offer visibility to operations
![Page 8: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/8.jpg)
7 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Control (management) Characteristics
Control in management means setting standards, measuring
actual performance and taking corrective actions.
Solution Objective
• Control is a Continuous Process
• Control is Forward Looking
• Control Helps to Achieve the Standard
Control (management) Process
• Setting, Measuring & Comparing Performance Standards
• Analyzing Deviations
• Take Corrective Measures
![Page 9: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/9.jpg)
8 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Solution Challenges
Compliance
Risk
Governance
![Page 10: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/10.jpg)
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Results
![Page 11: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/11.jpg)
10 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Evolution of the Threat Activity Case
December 2014 March 2015 April 2015
![Page 12: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/12.jpg)
11 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Components of Operations
• Input • Team Checklists • Non-Actionable Events • False Positives • Actionable Events • Critical Events • Incident • Child Processes
• Remediation Request • Use Case Request • Tuning Request • Policy Engineering Request
![Page 13: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/13.jpg)
12 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Team Control Point - Checklists
Customized Forms
Help Boxes
Links to Processes (ePO process in sharepoint)
![Page 14: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/14.jpg)
13 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Management Control Point - Team Conflict Escalation
If an escalation is rejected by Incident Handlers 2 or more times, leadership is notified
![Page 15: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/15.jpg)
14 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Audit Control Point - Closure and Feedback
![Page 16: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/16.jpg)
15 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Legal Control Point
![Page 17: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/17.jpg)
16 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Operations Management– Team Focused Dashboards
![Page 18: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/18.jpg)
17 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Operations Management – Leadership Dashboard
![Page 19: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/19.jpg)
18 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Eye Candy
![Page 20: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/20.jpg)
19 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
What’s Next
Input Work Integrations
Dispatch System Integration
Dynamic Visualization Tools
![Page 21: Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape . ... Audit Control Point - Closure and Feedback](https://reader031.vdocuments.site/reader031/viewer/2022030416/5aa2225b7f8b9a84398ca53b/html5/thumbnails/21.jpg)
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Questions?
“Thompson, great job…you’ve delivered the wedding cake!”