Date post: | 14-Aug-2015 |
Category: |
Technology |
Upload: | resilient-systems |
View: | 553 times |
Download: | 3 times |
Page 2
Introductions: Today’s Speakers
• Ted Julian, Chief Marketing Officer, Co3 Systems• Ted is a serial entrepreneur who has launched four companies during
his ~20 years in the security / compliance industry.
• Andrew Jaquith, Chief Technology Officer & SVP Cloud Strategy, SilverSky• Andy is a thought-leader with ~20 years experience in the security
industry. He has helped shape the security industry as an enterpreneur at SilverSky and @stake and as an industry analyst at Forrester Research and Yankee Group.
Page 3
Agenda
• Introductions• IR: The Next Security Discipline• Enhancing Your IR Capability
• Technology• People• Process
• Final Thoughts / Recommendations• Q&A
Page 4
Co3 Automates Incident Response
PREPARE
Improve Organizational Readiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps
REPORT
Document Results and Track Performance• Document incident results• Track historical performance• Demonstrate organizational
preparedness• Generate audit/compliance reports
ASSESS
Quantify Potential Impact, Support Privacy Impact Assessments• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate Impact Assessments
MANAGE
Easily Generate Detailed Incident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
Page 5
SilverSky simplifies how customers secure information
MANAGEemail,
messaging and collaboration
SECUREdata with our
security software
MONITOR networks for
intrusions 24x7
Exchange
Lync
SharePoint
Email Security
Mobile devicemanagement
Email DLP
Email Encryption
Email Archive
Email Continuity
Log management
Vulnerabiitymanagement
Brand protection
UTM management
Event monitoringand response
Managed BlackBerry
By tirelessly safeguarding our customers’ most important information, SilverSky enables growth-minded leaders to pursue their business ambitions without security worry. SilverSky protects $525 billion in banking and credit union assets. Each month, we analyze 15 billion raw security events and investigate 140,000 alerts.
Page 7By U.S. Navy photo by Mass Communication Specialist David P. Coleman [Public domain], via Wikimedia Commons
Defense
Page 8By U.S. Navy photo by Lt. Cmdr. Scott Allen. [Public domain], via Wikimedia Commons
Special Teams
Page 9
Information security has three phases too
Prevention Detection Response
• Stop malicious threats
• Secure endpoints, networks, and servers
• Maintain secure and compliant configurations
• Identify anomalous behavior
• Detect compromises
• Discover data leaks & potential breaches
• Have a plan
• Assess events
• Escalate to incidents
• Manage
• Report
Page 10
Why Incident Response Matters
Compromisedasset
No damage
Budget
IDS, AV or other control repels an attack
Attacker infects a workstation
Attacker “pivots” to gains control over sensitive systems
Analogy Damage
“Preventativecare”
“Infection”
“Disease”
millions
000s
0
0
000s
millionsMultiple
compromised assets
Chain of events
Page 11
Compromises are the new reality
SilverSky analyzed security incidents based on data from 861 financial institutions for the second half of 2012
We found:
• 1,628 likely and confirmed customer compromises
• 441 institutions affected
• 51% of our financial customers experienced at least one incident
SilverSky blocked 1/3 of incidents
Traffic analysis detected the rest
Size ofinstitution ($assets)
Average # of
incidents
Small (<$25 million) 3
Mid-sized (<$1 Bm) 4
Large (>$1 Bn) 7
Source: SilverSky 2012 2H Financial Institutions Threat Report. (Base: 861 SilverSky customers)
Page 12
Guess where most IT security budgets go?
By victor vic (all in, tapis) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons
Page 13
Prevention + Detection Dominate Security Spend
Segment 2012 revenue
Prevention / Detection Products $27B*
Prevention / Detection Services $29B*
Response Services $6B**
Response Products < $1B***
* Gartner ** ABI Research ***Co3 estimate
89%
11%
Page 14
Public Domain Pictures.net - Eggs In The Grass by Ed Hoskins
There is a metaphor for this strategy…
Page 15
IR Demands Investment
“If you are going to invest in one thing - it should be incident response.”GARTNER – JUNE 2013
“You can’t afford ineffective incident response.”FORRESTER – APRIL 2013
Page 19
The Incident Response Lifecycle
PREPARE
Improve Organizational Readiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps
REPORT
Document Results and Track Performance• Document incident results• Track historical performance• Demonstrate organizational
preparedness• Generate audit/compliance reports
ASSESS
Quantify Potential Impact, Support Privacy Impact Assessments• Track events• Scope regulatory requirements• Calculate $ exposure• Notify team• Generate Impact Assessments
MANAGE
Easily Generate Detailed Incident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
Page 20
IR Is More Than Just Forensics
Forensics
Security Tools
Threat Intelligence
Partners / Providers
Law Enforcement
IT / Security Controls
Service Providers
Law Enforcement
Partner
Perpetrator(s)
Internal Staff
Customers
Detection
Investigation
IT / Security Controls
Service Providers
Law Enforcement
Partners
Internal Staff
Response
IRTeam
Page 22
• IT• Legal• Compliance• Audit• Privacy• Marketing• HR• Senior Executives
INTERNAL
• Legal• Consultants• Audit• Law Enforcement• Partners
EXTERNAL
DON’T FORGET TO:• Communicate• Practice• Train
Incident Response People
Page 23
Incident Response Process
PREPARE
Improve Organizational Readiness• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps
REPORT
Document Results and Track Performance• Document incident results• Track historical performance• Demonstrate organizational
preparedness• Generate audit/compliance reports
ASSESS
Quantify Potential Impact, Support Privacy Impact Assessments• Track events• Scope regulatory requirements• Calculate $ exposure• Notify team• Generate Impact Assessments
MANAGE
Easily Generate Detailed Incident Response Plans• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
BE SURE TO INCLUDE:• Regulatory Requirements
• State, Federal, and Trade• Industry Standard Frameworks
• NIST, CERT, SANS• Organization Standards / Best Practices• Contractual Requirements
Page 25
Incident Response Technology
This?
By Rens ten Hagen. [Public domain], via Wikimedia Commons
Page 27
Incident Response Technology
SYSTEM REQS• Secure• Distinct• Available• Integrated with
related systems
• Prescriptive• Cognizant of regulations,
best practices, threats• Easy to use• Built-in workflow
• Built-in reporting / dashboards
• Always up to date• Linked to threat
intelligence
• Faster response time• Staff augmentation• Consistency• Repeatability• Ensure compliance
• Foster collaboration• Simplify reporting / status updates• Improved threat context /
correlation
OBJECTIVES
FUNCTIONAL REQUIREMENTS
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
Andrew JaquithChief Technology Officer & SVP Cloud [email protected]
“One of the most important startups in security…”
BUSINESS INSIDER – JANUARY 2013
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“an invaluable weapon when responding to security incidents.”
GOVERNMENT COMPUTER NEWS
“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE