Upload
tier-3-huntsman
View
204
Download
0
Embed Size (px)
DESCRIPTION
IA Practitioners 2014 event presentation on security automation using advanced technologies, threat intelligence, behavioural anomaly detection and incident response workflows
Citation preview
Using Automated Technologies to Improve Security Efficiency
Piers Wilson Tier-‐3 Huntsman® -‐ Head of Product Management
Se#ng the Scene
2 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Cyber aBacks conEnue to increase
• Even closed networks are vulnerable
• Every organisaEon is at risk
More for Less
3 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Increasing drive towards data assurance & compliance
• More is being asked of the same number of security people
How can technology help?
4 © 2014 Tier-‐3 Pty Limited. All rights reserved.
AutomaEon adds accuracy and efficiency to the security operaEons process:
• Behavioural Anomaly DetecEon to automaEcally detect suspicious acEvity – without the need for Eme consuming rules
• Threat Intelligence for faster and more accurate threat detecEon – “shorten the window” of invesEgaEon
• Standardised process workflows – for collecEon, analysis, reporEng and response processes
Behavioural Anomaly DetecEon
5 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Machine learning to create a dynamic baseline of system behaviour
• ConEnuously updated baseline as the environment changes
• Real-‐&me alerts on any acEviEes that diverge from the “normal” baseline
Benefits of Behavioural Anomaly DetecEon
6 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Alerts can be invesEgated & remediated as they are detected
• Removes the need to know the network or constantly re-‐write rules
• No need to second guess the aBack; start invesEgaEon from the indicator of compromise: incl APTs, zero-‐day & insider threats -‐ unknowables
Threat Intelligence
7 © 2014 Tier-‐3 Pty Limited. All rights reserved.
Referenceable informaEon for situaEonal awareness: • External sources of known threats or risks
• Internal risk factors -‐ technical and non-‐technical
• “Correlatable” informaEon from environmental, physical, technical, geopoliEcal sources etc.
Benefits of Threat Intelligence
Intelligent SIEM
“TradiEonal” Log Sources
Vulnerability InformaEon
Geographic InformaEon
Security, Malware, ABack Context
External Threat Sources
Internal Context Databases
Workflow Management
9 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Established procedures for threat resoluEon (with ad hoc intervenEon)
• Integrated sequence of detecEon, analysis & resoluEon processes • Automated compliance monitoring and reporEng (e.g. GPG13)
Benefits of Workflow Management
10 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Standardised repeatable and measurable processes
• Support for workflow throughout the incident lifecycle
• Consistent approach to achieving compliance
Benefits of AutomaEon
11 © 2014 Tier-‐3 Pty Limited. All rights reserved.
BeBer detecEon
Faster, easier diagnosis
Improved decision making
Contextual feedback
ReducEon in losses
Detect
Analyse
Respond
• Real-time Behavioural Anomaly Detection • Reduced administration through machine learning • Faster and more accurate identification of threats
• Incorporation of Threat Intelligence • Contextualisation for faster triage and assessment • Shortening the window of investigation
• End-to-end workflow • Repeatable and auditable processes • Automated reporting and metrics
Copyright © Tier-3 Pty Ltd, 2014. All rights reserved. 12
Questions ?
Visit the Tier-3 stand
Contact us at: [email protected]
+44 (0) 208 433 6790 www.tier-3.com twitter.com/Tier3huntsman
More information at:
http://www.tier-3.com/sm-ab-threat-intelligence.php