Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
WHAT HACKERS KNOW THAT YOU DON’T
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 2
Welcome!• Type in questions using the Ask A Question button
• All audio is streamed over your computer– Having technical issues? Click the ? button
• Click Attachments button to find a printable copy of this presentation
• After the webinar, ISACA members may earn 1 CPE credit– Find a link to the Event Home Page on the Attachments button– Click the CPE Quiz link on the Event Home Page to access the quiz– Once you pass the quiz, you’ll receive a link to a printable CPE
Certificate
• Question or suggestion? Email them to [email protected]
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 3
Introductions
Joe Gottlieb, Head of Global Security Solutions Sector
Ed Jaehne, Chief Strategy Officer
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 4
Just One Click…
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 5
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 6
Move fast! They can build code and test it in the real world – while we have to maintain rigor of standards, policies and processesShare! They share tips, tools, and ways in – while we hesitate to share intelligence between internal – much less external teams
• Automate! To scale quickly to meet the economic rewards, their tool chain is heavily automated and optimize – one or two humans can control thousands to tens of thousands, collecting from hundreds to thousands of networks
What They Do that We Don’t
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 7
Patterns! They understand that most security teams have not established patterns that would point to anomalies like excessive download volumes, unusual log‐in behaviors, etc.Vulnerabilities! They know many organizations are behind in their vulnerability scans, patches, etc.Security testing! While we may put a lot of layers of security into our infrastructure, we rarely have time to make sure it all works as it should.
What They Know We Don’t Know
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 8
• Behavior! Hackers know some truths about the behaviors of your workforce that management and leadership may not want to acknowledge (levels of understanding/education, internal frictions, shopping/eating/social networking habits)
• Awareness! The victor in the security game is the one who has the best awareness – they are constantly refining and refreshing what they know. When they win, it proves that we are not actively testing and probing, building our awareness off stale data or data that has lost its fidelity
MORE Things They Know We Don’t Know
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 9
Check-Box Security Practices are NOT the Answer
Sameer Bhalotra, Cybersecurity adviser
Government alone won’t dramatically increase their role in defending the social Web from cyber attacks in the near termIndividual users aren’t in a position to adequately defend themselves against organized criminals
The burden of protection falls on organizations of
every size
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 10
Polling Question #1
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 11
You Can’t Defend What You Can’t See
21%27%
52%
5%
16%
79%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
N/A No Yes
Does your organization need better data access and analysis?
2011 2012
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 12
No Matter What You are Doing
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
27%31% 29%
23%26%
20%
13%
42% 44% 46%51%
46%
37%
22%
0%
10%
20%
30%
40%
50%
60%
To betterunderstand a
real-timeconsole alert
To betterunderstand acomplianceexception
To determinehow a certain
metric waschanging over
time
To analyze abreach in orderto mitigate thechances of it
repeating
To demonstratesecurity
effectiveness toothers (e.g.,executives)
To comparesecurity
effectivenessacross different
groups orenvironments
To justify asecurity
technologyacquisition
Why did you need better data access and analysis?
2011 2012
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 13
So…How are We Doing?
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
13%
48%
28%
12%10%
47%
33%
8%
13%
57%
26%
5%
0%
10%
20%
30%
40%
50%
60%
Ineffective Somewhat effective Effective Very effective
Among internal customer/stakeholder groups, what is the opinion/perception of the effectiveness of these processes?
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 14
Another View of Effectiveness…or Lack Thereof
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
61%
40%
57%
41%
70%
31%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Ineffective OR Somewhat effective Effective or Very effective
2010 2011 2012
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 15
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
Process, Coordination, Measurement and Improvement…
All Correlate with Effectiveness
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 16
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
Process, Coordination, Measurement and Improvement…
All Correlate with Effectiveness
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 17
SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)
Process, Coordination, Measurement and Improvement…
All Correlate with Effectiveness
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 18
Polling Question #2
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 19
• Powerful real‐time correlation• Scenario‐based analysis• Integrated with historical correlation
• Easy to create and deploy template‐based rules
• Dozens of common out‐of‐the‐box rules
Real-time Monitoring Forensic Investigation Security Intelligence
• Ability to analyze and report on years worth of data
• High‐speed filtering and searching
• Wizard driven report creation• Automated drill‐down for forensic investigation
• 100s of out‐of‐the‐box reports
• High‐level graphical aggregation reporting
• Easy to show and analyze trend data, anomalies
• Business analyst friendly interface
• One‐click drill down from high‐level to report details
Gaining Confidence through Visibility
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 20
Understand what “secure” looks likeEstablish baselines and acceptable thresholds Create policies that drive appropriate behaviorsDevelop informed alerts when variances occurReduce reactive security investigationsContinuously improve security management based on logical metrics/ measurements
Use History to Improve Your Visibility
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 21
Ten Tips for the Metrics-Minded Security Team• Pre‐requisites:
– Collect and store all event data– Know your organization’s MQ– Don’t reinvent the wheel
1. Enroll stakeholders early2. Define event system of record3. Emphasize user/asset directories4. Let your service catalog guide you5. Land, then expand6. Be consistent or die7. Be ready to change8. Engage experts, ignite managers9. Test yourself with an MPT10. Innovate for depth but prune as you go
www.sensage.com/content/solutions
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 22
Who is Sensage
Big data capability Proven purpose‐built, flexible, clustered, compressed, columnar‐based event data warehouse technology
Precise analytics to address advanced security information management to solve complex insider threats, cyber‐crime and cyber‐terrorism
Open architecture for integrationSensage supports standard SQL through ODBC/JDBC
Extent of packaged application support
Over 500 customers, including top government agencies, telcos, banks and health care organizations
01
02
03
04
05
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 23
Polling Question #3
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 24
Proactive, multi‐disciplined cyber security black belts in the CloudMission‐grade expertise in defending, exploiting, and leveraging technology to accomplish intelligence missionNot afraid of big data – especially with their customers
Centralized event data storeUnparalleled scalability, loading and storing petabytes a day if neededFlexibility to collect from existing sensors – regardless of sourceSophisticated analytics for rapid access to security intelligence
Big Data Management Meets Cyber Superiority
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 25
Summary
Our customers have questionsThey want answersCompliance is not enoughMonitoring is not enoughThey want to improveThey’re willing to crunch data and pay attention to what it says
2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.
www.sensage.com
Questions?