Using Automated Technologies to Improve Security Efficiency

Piers  Wilson  Tier-­‐3  Huntsman®  -­‐  Head  of  Product  Management  

Se#ng  the  Scene  

2  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Cyber  aBacks  conEnue  to  increase    

•  Even  closed  networks  are  vulnerable    

•  Every  organisaEon  is  at  risk  

More  for  Less  

3  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Increasing  drive  towards  data  assurance  &  compliance  

•  More  is  being  asked  of  the  same  number  of  security  people  

How  can  technology  help?  

4  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

AutomaEon  adds  accuracy  and  efficiency  to  the  security  operaEons  process:      

•  Behavioural  Anomaly  DetecEon  to  automaEcally  detect  suspicious  acEvity  –  without  the  need  for  Eme  consuming  rules  

•  Threat  Intelligence  for  faster  and  more  accurate  threat  detecEon  –    “shorten  the  window”  of  invesEgaEon  

•  Standardised  process  workflows  –    for  collecEon,  analysis,  reporEng  and  response  processes  

Behavioural  Anomaly  DetecEon  

5  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Machine  learning  to  create  a  dynamic  baseline  of  system  behaviour  

•  ConEnuously  updated  baseline  as  the  environment  changes  

•  Real-­‐&me  alerts  on  any  acEviEes  that  diverge  from  the  “normal”  baseline  

Benefits  of  Behavioural  Anomaly  DetecEon  

6  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Alerts  can  be  invesEgated  &  remediated  as  they  are  detected  

•  Removes  the  need  to  know  the  network  or  constantly  re-­‐write  rules  

•  No  need  to  second  guess  the  aBack;  start  invesEgaEon  from  the  indicator  of  compromise:  incl  APTs,  zero-­‐day  &  insider  threats  -­‐  unknowables    

Threat  Intelligence  

7  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

Referenceable  informaEon  for  situaEonal  awareness:  •  External  sources  of  known  threats  or  risks  

•  Internal  risk  factors  -­‐  technical  and  non-­‐technical  

•  “Correlatable”  informaEon  from  environmental,  physical,  technical,  geopoliEcal  sources  etc.  

Benefits  of  Threat  Intelligence  

Intelligent  SIEM  

“TradiEonal”  Log  Sources  

Vulnerability  InformaEon  

Geographic  InformaEon  

Security,  Malware,  ABack  Context  

External  Threat  Sources  

Internal  Context  Databases  

Workflow  Management  

9  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Established  procedures  for  threat  resoluEon  (with  ad  hoc  intervenEon)  

•  Integrated  sequence  of  detecEon,  analysis  &  resoluEon  processes  •  Automated  compliance  monitoring  and  reporEng  (e.g.  GPG13)  

Benefits  of  Workflow  Management    

10  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

•  Standardised  repeatable  and  measurable  processes  

•  Support  for  workflow  throughout  the  incident  lifecycle  

•  Consistent  approach  to  achieving  compliance  

Benefits  of  AutomaEon  

11  ©    2014  Tier-­‐3  Pty  Limited.    All  rights  reserved.    

BeBer  detecEon  

Faster,  easier  diagnosis  

Improved  decision  making  

Contextual  feedback  

ReducEon  in  losses  

Detect  

Analyse  

Respond  

•  Real-time Behavioural Anomaly Detection •  Reduced administration through machine learning •  Faster and more accurate identification of threats

•  Incorporation of Threat Intelligence •  Contextualisation for faster triage and assessment •  Shortening the window of investigation

•  End-to-end workflow •  Repeatable and auditable processes •  Automated reporting and metrics

Copyright © Tier-3 Pty Ltd, 2014. All rights reserved. 12

Questions ?

Visit the Tier-3 stand

Contact us at: info@tier-3.com

+44 (0) 208 433 6790 www.tier-3.com twitter.com/Tier3huntsman

More information at:

http://www.tier-3.com/sm-ab-threat-intelligence.php