SlideShare uma empresa Scribd logo

Karunia Wijaya - Proactive Incident Handling

Transferir como PPTX, PDF
Indonesia Honeynet Chapter
Indonesia Honeynet Chapter

Karunia has extensive education and certification in information security and management. He owns several technology companies focused on security and has spoken internationally and nationally on security topics. CryptoRing provides managed security services that integrate security tools and devices, correlate data, and provide real-time alerts and weekly reports to help customers address security challenges cost effectively.

Tecnologia
1 de 28
CryptoRing PROACTIVE INCIDENT HANDLING
Karunia Formal Education: • Master Degrees, September 2003, University of Pelita Harapan, Jakarta • Bachelor’s Degrees, January 1997, University of HKBP Nommensen, Medan • Diploma’s Degree, 1995, International Computer Studies Microskills Singapore - Medan, Certification: • IBM eServer Certified Specialist, March 2002, iSeries Solution Sales V5R1 • Managed Security Specialist, Des 2005, SIMCommander, Hong Kong • Web Security Expert, September 2010, Armorize Technolgy, San Francisco. • MVCN Encryption Specialist, October 2010, Navayo Technologies Inc., Hungary • IRM Specialist, August 2012, Seclore Technology, India • Certified IRCA Lead Auditor ISO27001, February 2013 , BSI, United Kingdom • NRPL MSSR Radar Specialist, May 2013, NRPL, Finland Others: • Executive Vipasanna Meditation, Geulis Mountain, Based on S.N. Goenka Meditation Courses • Emotions Metabolism, By Mahadibya Nurcahyo Chakrasana • Neuro Linguistic Programming, Jogja, Basic Principle of Life Expanding 72 hours By Clear Heart Foundation
International & National Speakers for: • Kemenkoinfo • Kemenakertrans • Kemenhan • Kemenhub • Lembaga Sandi Negara • BP Batam • BPPT • BNN • SGU • Binus • MIEL Academy – (India, Vietnam, Macau, Singapore, Malays ia) Owner of : • PT. Adi Inti Mandiri – Tangerang Selatan • PT. Adi Inti Mandiri Solusi - Jakarta • PT. Global Network Security - Jakarta • PT. Auto Technic Multimedia - Batam • PT. Maxima Innovative Technology - Jakarta • PT. Inti Wira Buana - Jakarta • PT. Indo Mindstrom Wizzard - Jakarta • BPR Pundi Dana Mandiri - Jambi • Vivasoft Pte. Ltd. - Singapore • IMWizz Pte. Ltd. - Singapore • SIMCommander Inc. – Hong Kong • GlobeNet Secure Sdn. Bhd. – Malaysia • MIEL Pte. Ltd. - Singapore
Security Management Challenges • Implementation – Tools to manage security cost millions – Integrating and deploying is challenging – 24 x 365 management requires highly trained staff • Business Imperative – Not core business – does not generate revenue – Investing in security management can be costly and not producing the expected results
The Problems • Too many consoles and different log formats - lack of holistic view on overall security postures - long learning cycle • Huge amount of data - hard to manage and review • Organizational challenges - different team have different responsibility - Long response time • Lack of security professionals in the organization - Security experts are still expensive and scary - Lack of incident response methodology • Don’t know what to do when an incident occurred - Limited resources - budgets and resources are always limited
Customer Expectation • Cost Effective Security • Up-to-date Defense Mechanism • 24x7 Monitoring and Alert • Rapid Emergency Response • Reporting and Analysis • Technical Expertise Business threats Vulnerability Capability for companies to respond
How Managed Security Services Work Cryptotechno SOC  Firewall/VPN  Network IDS/IPS  Host IDS  Unified Threat Management  Routers/Switches  NetFlow Analysis Devices  MAC Address Information  Vulnerability Scanning tools  Windows  Unix  Linux  Mainframe  Antivirus  Applications  Web Servers  Database  Email Servers  Proprietary Applications Security and Networking Devices Systems and Applications
Efficiency of Correlation Based on one month of actual customer data 620 Security Events 2 Events Requiring Immediate Customer Contact • Cryptotechno proactively contacts clients to warn of a serious security threat (SOC Security experts) • Eliminate insignificant events and report valid events (Correlation Engine) • Security threat pattern identification (Normalize and input to Correlation Engine) Events Provided for Client Review 55 9,481,668 Logs and alerts generated by firewalls and IDSs
Supported Devices
Attack Example • Most of attackers use the attack sequence:  First to scanning the network and system for security holes  Then launching a Buffer Overflow and Backdoor to the victim machine and take remote control the machine
Without CryptoRing Solution
With CryptoRing Solution
CryptoRing Service Description • Monitors device availability and collect security events from customers’ devices • Event correlation analysis to distill the true security incidents • Real-time email alerting service for security incident detected • Weekly scheduled security status and summary reports through email • Easy to use reporting web portal for logon anywhere
Benefits • Protection from device availability, best practice attacks identification and advanced organized attack sequence detection • Integrated analysis with other security devices in network for accurately identify real threats • Email alerting to keep customer updated on security status at real-time. • Easy to read summary and details reports for intuitive security posture • Fully Worked with UTM (especially TippingPoint) Appliances
What Customer Will Get • Weekly Standard Reports o Comprehensive reports in PDF format o Deliver to customer automatically through email • Web Portal o Login to generate ad-hoc reports o Anywhere and anytime • Email Alert Messages o Notify customer on security incident in real-time
Topology
Early Warning
Weekly Standard Reports Type Reports Details Alerts • Weekly Security Alert Summary • Alert count by day • Weekly Alert Trend • Alert Count by Alert Category (CAT) • Alert Count by Alert Rule • Alert CAT 3 – Top 10 Destination (with source and Rule) • Alert CAT 2 – Top 10 Destination (with source and Rule) • Alert CAT 1 – Top 10 Destination (with source and Rule) • Alert CAT 0 – Top 10 Destination (with source and Rule) Security Events • Weekly Security Events Summary • Security Event Count by Day (by Device) • Weekly Security Event Trend • Firewall: Top 10 Denied Source • Anti-Virus: Top 10 Virus, Top 10 Infected Host, Top 10 Email Sender • IDS/IPS: Top 10 Alert, Top 10 Attack Destination, Top 10 Attack Source • Web Filtering: Top 10 Blocked Web Domain • Weekly Device Status Summary • Device Up/Down Status by Day • Device Administrative Login by Day Usage • Weekly Device Usage Summary •Bandwidth: Inbound and Outbound, Top 10 Protocol, Top 10 Source, Top 10 Destination • Web Proxy: Top 10 Web Access, Top 10 Source • Email: Top 10 Sender, Top 10 Receiver
Web Portal Reports Type Report Group Details Alerts • Alert Summary • Last 24 Hours Alert Count by Alert Category (CAT) • Last 24 Hours Alert Statistics Security Events • Security Event Summary • Last 24 Hours Security Event Statistics • Last 24 Hours Security Event Statistics by Device • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Firewall • Last 24 Hours Firewall Denied Source IP • Last 24 Hours Firewall Denied Destination IP • Last 24 Hours Firewall Denied Destination Port • Last 24 Hours Top 10 Source by Connection Count • Last 24 Hours Top 10 Destination by Connection Count • Last 24 Hours Top 10 Destination Port by Connection Count • Last 24 Hours Top 10 Email Sender • Last 24 Hours Top 10 Web Client • Last 24 Hours User Login Success • Last 24 Hours User Login Failure
Web Portal Report Type Report Group Details Security Events • IDS/IPS • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Last 24 Hours Top 10 Event • Anti-Virus • Last 24 Hours Top 10 Virus • Last 24 Hours Top 10 Infected Host Usage • Web • FTP • Email • Telnet / SSH • VPN • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Last 24 Hours Top Users
Customer would be assigned a login ID where only her relevant alerts and data would be shown. Customer Portal Login
Portal Dashboard Dashboard would be shown on main display area after login by default to provide security posture information to the customers. Customer can select their desired reports for the portal display as well. Main report display area User selects individual reports from different groups
Alert Summary Reports These reports display the alerts detected by the SIMC, you can understand the alert statistics and distribution of different severities.
Event Summary Reports These reports show the event statistics within a day. The number of events received within the working days should be almost the same. If there is abnormal raise of the event count, you should take further investigation to find out the cause of this abnormal situation.
Virus Reports These reports display the virus activities detected on firewalls. Customer can know the most frequent virus occurred in the firewall. You can also collect the virus information and distribute this information to all the system owners to aware of this virus.
Firewall Reports These reports display the destination IP addresses with the most bandwidth consumption. Usually the IP address listed is the critical servers in the enterprise such as email server, ftp server. Customer may find out any IP address that abuse the Internet link from these reports.
IDS / IPS Reports This report displays the top 10 events detected in IDS/IPS. Customer can understand the most frequent IDS/IPS event occurred and judge if further investigation is required.
Incident Report Samples

Recomendados

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-AdvisorLuigi Perrone
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Secure IT 2014
Secure IT 2014Secure IT 2014
Secure IT 2014ADGP, Public Grivences, Bangalore
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 

Recomendados

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-AdvisorLuigi Perrone
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from SymantecArrow ECS UK
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Secure IT 2014
Secure IT 2014Secure IT 2014
Secure IT 2014ADGP, Public Grivences, Bangalore
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforcesreenivas1591
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & RulesMuhammad Abdel Aal
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCFuad Khan
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-networkhardik soni
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourKasper de Waard
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Be The Excuse?
Be The Excuse?Be The Excuse?
Be The Excuse?MRS. CYNTH'YA REED
 
Osorio antonhy 3 b
Osorio antonhy 3 bOsorio antonhy 3 b
Osorio antonhy 3 bEnrique Hernandez
 

Mais conteúdo relacionado

Mais procurados

Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud projectPetteri Heino
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCFuad Khan
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-networkhardik soni
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourKasper de Waard
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 

Mais procurados (20)

Cheatsheet for your cloud project
Cheatsheet for your cloud projectCheatsheet for your cloud project
Cheatsheet for your cloud project
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOC
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Siem tools-monitor-your-network
Siem tools-monitor-your-networkSiem tools-monitor-your-network
Siem tools-monitor-your-network
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewb
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviour
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 

Destaque

Urbanismo janela-otero-deber
Urbanismo janela-otero-deberUrbanismo janela-otero-deber
Urbanismo janela-otero-deberEnrique Hernandez
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesIndonesia Honeynet Chapter
 
Giving back with GitHub - Putting the Open Source back in iOS
Giving back with GitHub - Putting the Open Source back in iOSGiving back with GitHub - Putting the Open Source back in iOS
Giving back with GitHub - Putting the Open Source back in iOSMadhava Jay
 
Our Journey <3
Our Journey <3Our Journey <3
Our Journey <3Denn Den
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyIndonesia Honeynet Chapter
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureIndonesia Honeynet Chapter
 
Scott Kirby, US Airways President, presentation to the Bank of American Inves...
Scott Kirby, US Airways President, presentation to the Bank of American Inves...Scott Kirby, US Airways President, presentation to the Bank of American Inves...
Scott Kirby, US Airways President, presentation to the Bank of American Inves...aadvantagegeek
 

Destaque (15)

Be The Excuse?
Be The Excuse?Be The Excuse?
Be The Excuse?
 
Osorio antonhy 3 b
Osorio antonhy 3 bOsorio antonhy 3 b
Osorio antonhy 3 b
 
Urbanismo janela-otero-deber
Urbanismo janela-otero-deberUrbanismo janela-otero-deber
Urbanismo janela-otero-deber
 
Ahmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident UpdatesAhmad Alkazimy - Indonesia Malware Incident Updates
Ahmad Alkazimy - Indonesia Malware Incident Updates
 
Lukas - Ancaman E-Health Security
Lukas - Ancaman E-Health SecurityLukas - Ancaman E-Health Security
Lukas - Ancaman E-Health Security
 
Cents-ible Cyber Monday
Cents-ible Cyber MondayCents-ible Cyber Monday
Cents-ible Cyber Monday
 
Giving back with GitHub - Putting the Open Source back in iOS
Giving back with GitHub - Putting the Open Source back in iOSGiving back with GitHub - Putting the Open Source back in iOS
Giving back with GitHub - Putting the Open Source back in iOS
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing Secutity
 
Our Journey <3
Our Journey <3Our Journey <3
Our Journey <3
 
Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013Iwan Sumantri - Cyber Threat Indonesia 2013
Iwan Sumantri - Cyber Threat Indonesia 2013
 
Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter Charles Lim - Honeynet Indonesia Chapter
Charles Lim - Honeynet Indonesia Chapter
 
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security StrategyGildas Deograt - Effective Honeynet in High Grade Security Strategy
Gildas Deograt - Effective Honeynet in High Grade Security Strategy
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
 
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and CountermeasureI.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
 
Scott Kirby, US Airways President, presentation to the Bank of American Inves...
Scott Kirby, US Airways President, presentation to the Bank of American Inves...Scott Kirby, US Airways President, presentation to the Bank of American Inves...
Scott Kirby, US Airways President, presentation to the Bank of American Inves...
 

Semelhante a Karunia Wijaya - Proactive Incident Handling

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2Manish Kumar
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Netpluz Asia Pte Ltd
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Threat Intelligence Ops In-Depth at Massive Enterprise
Threat Intelligence Ops In-Depth at Massive EnterpriseThreat Intelligence Ops In-Depth at Massive Enterprise
Threat Intelligence Ops In-Depth at Massive EnterpriseJeremy Li
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyKevin Lloyd
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technologynerdsonsite
 

Semelhante a Karunia Wijaya - Proactive Incident Handling (20)

Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Threat Intelligence Ops In-Depth at Massive Enterprise
Threat Intelligence Ops In-Depth at Massive EnterpriseThreat Intelligence Ops In-Depth at Massive Enterprise
Threat Intelligence Ops In-Depth at Massive Enterprise
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Karunia Wijaya - Proactive Incident Handling

  • 2. Karunia Formal Education: • Master Degrees, September 2003, University of Pelita Harapan, Jakarta • Bachelor’s Degrees, January 1997, University of HKBP Nommensen, Medan • Diploma’s Degree, 1995, International Computer Studies Microskills Singapore - Medan, Certification: • IBM eServer Certified Specialist, March 2002, iSeries Solution Sales V5R1 • Managed Security Specialist, Des 2005, SIMCommander, Hong Kong • Web Security Expert, September 2010, Armorize Technolgy, San Francisco. • MVCN Encryption Specialist, October 2010, Navayo Technologies Inc., Hungary • IRM Specialist, August 2012, Seclore Technology, India • Certified IRCA Lead Auditor ISO27001, February 2013 , BSI, United Kingdom • NRPL MSSR Radar Specialist, May 2013, NRPL, Finland Others: • Executive Vipasanna Meditation, Geulis Mountain, Based on S.N. Goenka Meditation Courses • Emotions Metabolism, By Mahadibya Nurcahyo Chakrasana • Neuro Linguistic Programming, Jogja, Basic Principle of Life Expanding 72 hours By Clear Heart Foundation
  • 3. International & National Speakers for: • Kemenkoinfo • Kemenakertrans • Kemenhan • Kemenhub • Lembaga Sandi Negara • BP Batam • BPPT • BNN • SGU • Binus • MIEL Academy – (India, Vietnam, Macau, Singapore, Malays ia) Owner of : • PT. Adi Inti Mandiri – Tangerang Selatan • PT. Adi Inti Mandiri Solusi - Jakarta • PT. Global Network Security - Jakarta • PT. Auto Technic Multimedia - Batam • PT. Maxima Innovative Technology - Jakarta • PT. Inti Wira Buana - Jakarta • PT. Indo Mindstrom Wizzard - Jakarta • BPR Pundi Dana Mandiri - Jambi • Vivasoft Pte. Ltd. - Singapore • IMWizz Pte. Ltd. - Singapore • SIMCommander Inc. – Hong Kong • GlobeNet Secure Sdn. Bhd. – Malaysia • MIEL Pte. Ltd. - Singapore
  • 4. Security Management Challenges • Implementation – Tools to manage security cost millions – Integrating and deploying is challenging – 24 x 365 management requires highly trained staff • Business Imperative – Not core business – does not generate revenue – Investing in security management can be costly and not producing the expected results
  • 5. The Problems • Too many consoles and different log formats - lack of holistic view on overall security postures - long learning cycle • Huge amount of data - hard to manage and review • Organizational challenges - different team have different responsibility - Long response time • Lack of security professionals in the organization - Security experts are still expensive and scary - Lack of incident response methodology • Don’t know what to do when an incident occurred - Limited resources - budgets and resources are always limited
  • 6. Customer Expectation • Cost Effective Security • Up-to-date Defense Mechanism • 24x7 Monitoring and Alert • Rapid Emergency Response • Reporting and Analysis • Technical Expertise Business threats Vulnerability Capability for companies to respond
  • 7. How Managed Security Services Work Cryptotechno SOC  Firewall/VPN  Network IDS/IPS  Host IDS  Unified Threat Management  Routers/Switches  NetFlow Analysis Devices  MAC Address Information  Vulnerability Scanning tools  Windows  Unix  Linux  Mainframe  Antivirus  Applications  Web Servers  Database  Email Servers  Proprietary Applications Security and Networking Devices Systems and Applications
  • 8. Efficiency of Correlation Based on one month of actual customer data 620 Security Events 2 Events Requiring Immediate Customer Contact • Cryptotechno proactively contacts clients to warn of a serious security threat (SOC Security experts) • Eliminate insignificant events and report valid events (Correlation Engine) • Security threat pattern identification (Normalize and input to Correlation Engine) Events Provided for Client Review 55 9,481,668 Logs and alerts generated by firewalls and IDSs
  • 10. Attack Example • Most of attackers use the attack sequence:  First to scanning the network and system for security holes  Then launching a Buffer Overflow and Backdoor to the victim machine and take remote control the machine
  • 13. CryptoRing Service Description • Monitors device availability and collect security events from customers’ devices • Event correlation analysis to distill the true security incidents • Real-time email alerting service for security incident detected • Weekly scheduled security status and summary reports through email • Easy to use reporting web portal for logon anywhere
  • 14. Benefits • Protection from device availability, best practice attacks identification and advanced organized attack sequence detection • Integrated analysis with other security devices in network for accurately identify real threats • Email alerting to keep customer updated on security status at real-time. • Easy to read summary and details reports for intuitive security posture • Fully Worked with UTM (especially TippingPoint) Appliances
  • 15. What Customer Will Get • Weekly Standard Reports o Comprehensive reports in PDF format o Deliver to customer automatically through email • Web Portal o Login to generate ad-hoc reports o Anywhere and anytime • Email Alert Messages o Notify customer on security incident in real-time
  • 18. Weekly Standard Reports Type Reports Details Alerts • Weekly Security Alert Summary • Alert count by day • Weekly Alert Trend • Alert Count by Alert Category (CAT) • Alert Count by Alert Rule • Alert CAT 3 – Top 10 Destination (with source and Rule) • Alert CAT 2 – Top 10 Destination (with source and Rule) • Alert CAT 1 – Top 10 Destination (with source and Rule) • Alert CAT 0 – Top 10 Destination (with source and Rule) Security Events • Weekly Security Events Summary • Security Event Count by Day (by Device) • Weekly Security Event Trend • Firewall: Top 10 Denied Source • Anti-Virus: Top 10 Virus, Top 10 Infected Host, Top 10 Email Sender • IDS/IPS: Top 10 Alert, Top 10 Attack Destination, Top 10 Attack Source • Web Filtering: Top 10 Blocked Web Domain • Weekly Device Status Summary • Device Up/Down Status by Day • Device Administrative Login by Day Usage • Weekly Device Usage Summary •Bandwidth: Inbound and Outbound, Top 10 Protocol, Top 10 Source, Top 10 Destination • Web Proxy: Top 10 Web Access, Top 10 Source • Email: Top 10 Sender, Top 10 Receiver
  • 19. Web Portal Reports Type Report Group Details Alerts • Alert Summary • Last 24 Hours Alert Count by Alert Category (CAT) • Last 24 Hours Alert Statistics Security Events • Security Event Summary • Last 24 Hours Security Event Statistics • Last 24 Hours Security Event Statistics by Device • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Firewall • Last 24 Hours Firewall Denied Source IP • Last 24 Hours Firewall Denied Destination IP • Last 24 Hours Firewall Denied Destination Port • Last 24 Hours Top 10 Source by Connection Count • Last 24 Hours Top 10 Destination by Connection Count • Last 24 Hours Top 10 Destination Port by Connection Count • Last 24 Hours Top 10 Email Sender • Last 24 Hours Top 10 Web Client • Last 24 Hours User Login Success • Last 24 Hours User Login Failure
  • 20. Web Portal Report Type Report Group Details Security Events • IDS/IPS • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Last 24 Hours Top 10 Event • Anti-Virus • Last 24 Hours Top 10 Virus • Last 24 Hours Top 10 Infected Host Usage • Web • FTP • Email • Telnet / SSH • VPN • Last 24 Hours Top 10 Source • Last 24 Hours Top 10 Destination • Last 24 Hours Top Users
  • 21. Customer would be assigned a login ID where only her relevant alerts and data would be shown. Customer Portal Login
  • 22. Portal Dashboard Dashboard would be shown on main display area after login by default to provide security posture information to the customers. Customer can select their desired reports for the portal display as well. Main report display area User selects individual reports from different groups
  • 23. Alert Summary Reports These reports display the alerts detected by the SIMC, you can understand the alert statistics and distribution of different severities.
  • 24. Event Summary Reports These reports show the event statistics within a day. The number of events received within the working days should be almost the same. If there is abnormal raise of the event count, you should take further investigation to find out the cause of this abnormal situation.
  • 25. Virus Reports These reports display the virus activities detected on firewalls. Customer can know the most frequent virus occurred in the firewall. You can also collect the virus information and distribute this information to all the system owners to aware of this virus.
  • 26. Firewall Reports These reports display the destination IP addresses with the most bandwidth consumption. Usually the IP address listed is the critical servers in the enterprise such as email server, ftp server. Customer may find out any IP address that abuse the Internet link from these reports.
  • 27. IDS / IPS Reports This report displays the top 10 events detected in IDS/IPS. Customer can understand the most frequent IDS/IPS event occurred and judge if further investigation is required.