Published on March 28, 2014
Using AutomatedTechnologies to Improve Security Efficiency Piers Wilson Tier-‐3 Huntsman® -‐ Head of Product Management
Se#ng the Scene 2 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Cyber aBacks conEnue to increase • Even closed networks are vulnerable • Every organisaEon is at risk
More for Less 3 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Increasing drive towards data assurance & compliance • More is being asked of the same number of security people
How can technology help? 4 © 2014 Tier-‐3 Pty Limited. All rights reserved. AutomaEon adds accuracy and eﬃciency to the security operaEons process: • Behavioural Anomaly DetecEon to automaEcally detect suspicious acEvity – without the need for Eme consuming rules • Threat Intelligence for faster and more accurate threat detecEon – “shorten the window” of invesEgaEon • Standardised process workﬂows – for collecEon, analysis, reporEng and response processes
Behavioural Anomaly DetecEon 5 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Machine learning to create a dynamic baseline of system behaviour • ConEnuously updated baseline as the environment changes • Real-‐&me alerts on any acEviEes that diverge from the “normal” baseline
Beneﬁts of Behavioural Anomaly DetecEon 6 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Alerts can be invesEgated & remediated as they are detected • Removes the need to know the network or constantly re-‐write rules • No need to second guess the aBack; start invesEgaEon from the indicator of compromise: incl APTs, zero-‐day & insider threats -‐ unknowables
Threat Intelligence 7 © 2014 Tier-‐3 Pty Limited. All rights reserved. Referenceable informaEon for situaEonal awareness: • External sources of known threats or risks • Internal risk factors -‐ technical and non-‐technical • “Correlatable” informaEon from environmental, physical, technical, geopoliEcal sources etc.
Beneﬁts of Threat Intelligence Intelligent SIEM “TradiEonal” Log Sources Vulnerability InformaEon Geographic InformaEon Security, Malware, ABack Context External Threat Sources Internal Context Databases
Workﬂow Management 9 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Established procedures for threat resoluEon (with ad hoc intervenEon) • Integrated sequence of detecEon, analysis & resoluEon processes • Automated compliance monitoring and reporEng (e.g. GPG13)
Beneﬁts of Workﬂow Management 10 © 2014 Tier-‐3 Pty Limited. All rights reserved. • Standardised repeatable and measurable processes • Support for workﬂow throughout the incident lifecycle • Consistent approach to achieving compliance
Beneﬁts of AutomaEon 11 © 2014 Tier-‐3 Pty Limited. All rights reserved. BeBer detecEon Faster, easier diagnosis Improved decision making Contextual feedback ReducEon in losses Detect Analyse Respond • Real-time Behavioural Anomaly Detection • Reduced administration through machine learning • Faster and more accurate identification of threats • Incorporation of Threat Intelligence • Contextualisation for faster triage and assessment • Shortening the window of investigation • End-to-end workflow • Repeatable and auditable processes • Automated reporting and metrics
Copyright © Tier-3 Pty Ltd, 2014. All rights reserved. 12 Questions ? Visit theTier-3 stand Contact us at: firstname.lastname@example.org +44 (0) 208 433 6790 www.tier-3.com twitter.com/Tier3huntsman More information at: http://www.tier-3.com/sm-ab-threat-intelligence.php
Research/ Dissertation on “How online selling has changed the marketing perspectiv...
مشروع قانون يتعلق بالقضاء على كل أشكال العنف ضد المرأة
This brief examines 2013 demographic data recently released by the U.S. Census Bur...
This presentation shows you the advantages and the importance of Big Data in these...
... the automation of security operations might improve ... can help improve security effectiveness. ... using automation to improve ...
... on security automation using ... improve the effectiveness of security operations. ... Using PCM to improve the effectiveness and ...
The International Society of Automation ... Potential to improve operations and ... available to increase the effectiveness of maintenance to ...
... constantly trying to cut costs and improve ... Automation; Manufacturing Operations; ... to Improve Overall Equipment Effectiveness ...
Reducing invoice and payment processing time to 9 days through process elimination and using automation to improve ... effectiveness of security operations.
Evolving the Security Operations Center: A Three Step Roadmap to Improve Security Operations Effectiveness and Efficiency
How to Improve Production Efficiency and Reliability with ... connect Qatalum’s facilities and operations was ... Automation Skills Improve Industry ...
Improve Field Service Productivity and Cost-Effectiveness ... mobility-enabled operations can improve field ... field operations. Mobile automation ...
ABB automation offering to ... Solutions to help increase operational effectiveness. ... Our solutions enable integrated operations while guaranteeing ...