Using automation to improve the effectiveness of security operations

48 %
52 %
Information about Using automation to improve the effectiveness of security operations
Data & Analytics

Published on March 28, 2014

Author: Tier3Huntsman

Source: slideshare.net

Description

IA Practitioners 2014 event presentation on security automation using advanced technologies, threat intelligence, behavioural anomaly detection and incident response workflows

Using AutomatedTechnologies to Improve Security Efficiency Piers  Wilson   Tier-­‐3  Huntsman®  -­‐  Head  of  Product  Management  

Se#ng  the  Scene   2  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Cyber  aBacks  conEnue  to  increase     •  Even  closed  networks  are  vulnerable     •  Every  organisaEon  is  at  risk  

More  for  Less   3  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Increasing  drive  towards  data   assurance  &  compliance   •  More  is  being  asked  of  the  same   number  of  security  people  

How  can  technology  help?   4  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     AutomaEon  adds  accuracy  and  efficiency  to  the  security  operaEons  process:       •  Behavioural  Anomaly  DetecEon  to  automaEcally  detect  suspicious  acEvity  –   without  the  need  for  Eme  consuming  rules   •  Threat  Intelligence  for  faster  and  more  accurate  threat  detecEon  –     “shorten  the  window”  of  invesEgaEon   •  Standardised  process  workflows  –     for  collecEon,  analysis,  reporEng  and  response  processes  

Behavioural  Anomaly  DetecEon   5  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Machine  learning  to  create  a  dynamic  baseline  of  system   behaviour   •  ConEnuously  updated  baseline  as  the  environment  changes   •  Real-­‐&me  alerts  on  any  acEviEes  that  diverge  from  the  “normal”   baseline  

Benefits  of  Behavioural  Anomaly  DetecEon   6  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Alerts  can  be  invesEgated  &  remediated  as  they  are  detected   •  Removes  the  need  to  know  the  network  or  constantly  re-­‐write   rules   •  No  need  to  second  guess  the  aBack;  start  invesEgaEon  from   the  indicator  of  compromise:  incl  APTs,  zero-­‐day  &  insider   threats  -­‐  unknowables    

Threat  Intelligence   7  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     Referenceable  informaEon  for  situaEonal  awareness:   •  External  sources  of  known  threats  or  risks   •  Internal  risk  factors  -­‐  technical  and  non-­‐technical   •  “Correlatable”  informaEon  from  environmental,  physical,  technical,   geopoliEcal  sources  etc.  

Benefits  of  Threat  Intelligence   Intelligent   SIEM   “TradiEonal”   Log  Sources   Vulnerability   InformaEon   Geographic   InformaEon   Security,   Malware,   ABack   Context   External   Threat   Sources   Internal   Context   Databases  

Workflow  Management   9  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Established  procedures  for  threat  resoluEon  (with  ad  hoc   intervenEon)   •  Integrated  sequence  of  detecEon,  analysis  &  resoluEon  processes   •  Automated  compliance  monitoring  and  reporEng  (e.g.  GPG13)  

Benefits  of  Workflow  Management     10  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     •  Standardised  repeatable  and  measurable  processes   •  Support  for  workflow  throughout  the  incident  lifecycle   •  Consistent  approach  to  achieving  compliance  

Benefits  of  AutomaEon   11  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.     BeBer   detecEon   Faster,  easier   diagnosis   Improved   decision   making   Contextual   feedback   ReducEon  in   losses   Detect   Analyse   Respond   •  Real-time Behavioural Anomaly Detection •  Reduced administration through machine learning •  Faster and more accurate identification of threats •  Incorporation of Threat Intelligence •  Contextualisation for faster triage and assessment •  Shortening the window of investigation •  End-to-end workflow •  Repeatable and auditable processes •  Automated reporting and metrics

Copyright © Tier-3 Pty Ltd, 2014. All rights reserved. 12 Questions ? Visit theTier-3 stand Contact us at: info@tier-3.com +44 (0) 208 433 6790 www.tier-3.com twitter.com/Tier3huntsman More information at: http://www.tier-3.com/sm-ab-threat-intelligence.php

Add a comment

Related presentations

Research/ Dissertation on “How online selling has changed the marketing perspectiv...

مشروع قانون يتعلق بالقضاء على كل أشكال العنف ضد المرأة

Remedial geo

Remedial geo

November 6, 2014

nnn

This brief examines 2013 demographic data recently released by the U.S. Census Bur...

Introduction into Big data

Introduction into Big data

October 22, 2014

This presentation shows you the advantages and the importance of Big Data in these...

Info om powerpoint

Info om powerpoint

November 10, 2014

Powerpoint

Related pages

A Few Thoughts on Automating Security to Improve ...

... the automation of security operations might improve ... can help improve security effectiveness. ... using automation to improve ...
Read more

Using automation to improve the effectiveness of security ...

... on security automation using ... improve the effectiveness of security operations. ... Using PCM to improve the effectiveness and ...
Read more

Automation IT: Potential to improve operations and ...

The International Society of Automation ... Potential to improve operations and ... available to increase the effectiveness of maintenance to ...
Read more

Using Real-time Visibility to Improve ... - automation.com

... constantly trying to cut costs and improve ... Automation; Manufacturing Operations; ... to Improve Overall Equipment Effectiveness ...
Read more

Measure and Improve code quality. Using automation. - Software

Reducing invoice and payment processing time to 9 days through process elimination and using automation to improve ... effectiveness of security operations.
Read more

Evolving the Security Operations Center: A Three Step ...

Evolving the Security Operations Center: A Three Step Roadmap to Improve Security Operations Effectiveness and Efficiency
Read more

How to Improve Production Efficiency and Reliability with ...

How to Improve Production Efficiency and Reliability with ... connect Qatalum’s facilities and operations was ... Automation Skills Improve Industry ...
Read more

Improve Field Service Productivity and Cost-Effectiveness ...

Improve Field Service Productivity and Cost-Effectiveness ... mobility-enabled operations can improve field ... field operations. Mobile automation ...
Read more

How to increase operational effectiveness in process ...

ABB automation offering to ... Solutions to help increase operational effectiveness. ... Our solutions enable integrated operations while guaranteeing ...
Read more