SlideShare uma empresa Scribd logo

Identifying a Cyber Security Platform that will maximize your investment for years to come. - Seceon.pptx

Transferir como PPTX, PDF
CompanySeceon
CompanySeceon

Chandra is an expert in data center architecture and highly scalable network solutions and a proven business leader with more than twenty years of experience developing and marketing innovative technology solutions. Before founding Seceon in 2014, Chandra was General Manager and Vice President of Platform Solutions at BTI Systems. Call Us: +1 (978)-923-0040

Negócios
1 de 6
Identifying a Cyber Security Platform that will maximize your investment for years to come.
Breaking down a successful cyber-attack in its simplest form; Threat actors use computers as they were designed which is to perform hundreds of millions of operations per second based on dark but creative instructions. Ok, so somewhere on the internet there’s gotta be a disgruntled Microsoft Employee, right? Armed with an idea, like targeting disgruntled employees, Hackers are able to use a combination of training videos, open source tools and high speed internet to harvest a username and an entry point into the target network, by scraping the internet looking for their desired human behavior in the form of text. Asking the average computer to scan through an entire website looking for a particular pattern can be done in minutes on any device including a smartphone with one line of code, like this one: Cewl -e –email_file emaillist.txt https://yourcompanieswebsite.com/. A Web Forum where someone is using all caps or following sentences with more than one exclamation point? Disgruntled user identified! The username found on one forum might allow a threat actor to pivot to additional threat vectors such as email addresses, Facebook or LinkedIn accounts. We all use similar usernames across web services, right? Additional behaviors about the target can be profiled by the threat actor inducing more dark but creative potential exploits which focus on harvesting more potential entry points. Next, befriend this user across multiple platforms and learn about them and how they communicate to peers. Ask them through a private message for the credentials needed in a way that doesn’t raise suspicion. Access to target network achieved. Human vulnerabilities can be turned into real vulnerabilities, and we all know humans are an unpredictable species therefore the attack surface of the human psyche is limitless. This is how Cyber threat actors continue to demonstrate they can execute successful cyber-attacks seemingly everywhere including attacks against large organizations, like Microsoft, who leverage the most advanced Cyber Security defense systems.
Cyber Security Artifacts – Artifacts are tracks that get left behind. When looking from afar at the details of new Cyber threats the most important question to ask is how did the analysts obtain this artifact? Action movie lovers, like myself, imagine a tactical situation where a “highspeed” S.W.A.T. team enters the Hackers location from the roof using ropes and helicopters before smashing through windows and arresting the hacker. While under an intense interrogation the hacker eventually spills their secrets and shows agents the source code. All vulnerabilities are solved this way, right? Joking aside the answer is far less action packed. The most basic networks, including home networks, are littered with millions of artifacts or little digital footprints found inside each device. Analysts obtain details about attacks by logging into devices, pulling artifacts and eventually solve the puzzle by recreating the story by correlating artifacts from different devices. Cyber Security Compliance Based on my experience, artifact collection is driven by Cyber Security compliance. Cyber Security compliance involves meeting various controls usually enacted by a regulatory authority, law, or industry group to protect the confidentiality, integrity, and availability of data. The number of controls that need to be met varies by industry and the number of controls increases based on the sensitivity of the data they intend to protect. The enforcement of asset identification and subsequent storage of asset artifacts in the form of system logs and events are common controls penetrating compliance standards across many industries. Both control requirements work together by getting organizations, through process, to identify and document all its assets and then ensuring asset artifacts are saved to a Security Information Event Management system, or (SIEM) for short. Yes,even that dusty old, networked printer no one uses needs to push its device logs to thean I help you? To summarize the goal of the combined controls is to push
organizations to collect and store as many artifacts from as many devices as possible so when an incident occurs analysts have the best chance to identify the breach. Incident Response and Behavior modeling Incident Response (IR) is a set of information security policies and procedures that identify, contain and eliminate cyberattacks. A good IR plan typically includes notifying authorities when a novel incident is suspected. Organizations like the Federal Bureau of Investigations (F.B.I.) dispatch forensic analysts who immediately obtain access to an organizations SIEM dataset and begin identifying interesting artifacts. Interesting artifacts are buried next to billions of ordinary ones but include firewall connection logs, IPs connected to apps, Extended Detection and Response (EDR) events and user account activity. Combining interesting artifacts from each device eventually leads analysts to identifying Indicators of Compromise (IoC). Flash Number: CU-000163-MW RagnarLocker Ransomware Indicators of Compromise is a recent example of the analysts work in the field. Mined IoC’s from the field are shared digitally with a multinational community of Cyber Warriors. Sharing includes documenting Behavioral models of Novel attacks in knowledge bases like MITRE ATT&CK and then building and uploading a STIX 2.0 statement to the community which can be downloaded and used by Cyber Security defense platforms. Choosing a Cyber Security Platform that will maximize your investment for years to come A platform that will perform the best and provide the most value for years to come will act like a virtual field analyst working at the speed of a computer parsing streams of device artifacts. It will ingest artifacts from apps, network devices and cloud sources from any l H o o c w a t c i o a n n Iinhteolpitysoou?wnSIEM dataset effectively centralizing intelligence inside an open architecture. It will work with existing and new
security layers, not in place of them. Like an analyst, it will correlate artifacts from perimeter security infrastructure and other security telemetry. It will be aware of the most current threat intelligence data by regularly retrieving STIX 2.0 statements and will scan each artifact coming into the system looking for a detail that matches something bad. The platform should push its SIEM dataset through an embedded Machine Learning system so known behaviors about the technology environment can be understood. Artificial Intelligence (AI), a tool most threat actors cannot utilize, should be used to identify, and report suspicious or anomalous behavior. AI should build stories referencing industry standards like the Mitre ATT&CK Framework to be presented to human analysts, when a string of malicious actions are identified in the network. As AI improves it will simply be pushed as a future system update. The end results should be a platform that can consistently identify any creative dark exploits launched by threat actors. A creative dark exploit like; Finding disgruntled employee accounts that are logging into the network for the first time, outside of their normal business hours from another continent and from an IP address that’s currently flagged by an Intelligence Agency. Conclusion The platform classification as described is typically referred to as Extended Detection & Response (xDR) and not to be confused with Endpoint Detection and Response (EDR). Confusing naming convention aside, further diligence around platform log retention period is needed when an xDR platform is identified. Most xDR platforms have a non-compliant artifact retention period around their embedded SIEM datasets. The shortened period is because there are performance challenges with ML and AI when they are asked to look beyond 3 months’ worth of data so many platforms are parsing artifact data well short of the regulatory data retention periods. So, while these xDR platforms are affordable a traditional SIEM solution would also need to be implemented to meet regulatory data retention periods. Thankfully some xDR venders can extend log retention out to 7 years and therefore become truly comprehensive next gen.
Randy Blasik, VP Technology Solutions Randy is a veteran of more than 20 years in the fields of Technology development, Technology Support and Cyber Security. Prior to Seceon, Randy has spent the last 7 years working as the Chief Technology Officer where he played a key role in building the business into a nationally recognized Managed Services Provider. Randy has also held key technology focused roles in small, mid and large market firms dating back to the year 2000. At Seceon Randy provides seasoned leadership, oversees Technology Solutions and is using his wide range of experience to drive both internal and external successes. Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id - sales@seceon.com, info@seceon.com Website https://www.seceon.com/

Recomendados

Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
SIEM vs EDR
SIEM vs EDRSIEM vs EDR
SIEM vs EDRDanielAgent1
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataGiuliano Tavaroli
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfSonaliG6
 
The new era of mega trends securtity
The new era of mega trends securtityThe new era of mega trends securtity
The new era of mega trends securtityAhmed Sallam
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 

Recomendados

Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
SIEM vs EDR
SIEM vs EDRSIEM vs EDR
SIEM vs EDRDanielAgent1
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataGiuliano Tavaroli
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfSonaliG6
 
The new era of mega trends securtity
The new era of mega trends securtityThe new era of mega trends securtity
The new era of mega trends securtityAhmed Sallam
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxSeceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxCompanySeceon
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYCynthia King
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Secureview 3
Secureview 3Secureview 3
Secureview 3Felipe Prado
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.finalAlexisHarvey8
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningVenkat Projects
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...krunal Mendapara
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
UEBA
UEBAUEBA
UEBAChristophe M. Anciaux ☁
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of ThingsThe Security of Things Forum
 
Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USACompanySeceon
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxCompanySeceon
 

Mais conteúdo relacionado

Semelhante a Identifying a Cyber Security Platform that will maximize your investment for years to come. - Seceon.pptx

Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxSeceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxCompanySeceon
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYCynthia King
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Stefan Streichsbier
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersFeisal Nanji
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningVenkat Projects
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...krunal Mendapara
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 

Semelhante a Identifying a Cyber Security Platform that will maximize your investment for years to come. - Seceon.pptx (20)

Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptxSeceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
Seceon's aiXDR_ Automating Cybersecurity Threat Detection in 2023 - Seceon.pptx
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paper
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
A 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care ProvidersA 2020 Security strategy for Health Care Providers
A 2020 Security strategy for Health Care Providers
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
an efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learningan efficient spam detection technique for io t devices using machine learning
an efficient spam detection technique for io t devices using machine learning
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
Sattrix Software Solutions Launched NewEvol, a Comprehensive Data Security Pl...
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
UEBA
UEBAUEBA
UEBA
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 

Mais de CompanySeceon

Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USACompanySeceon
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxCompanySeceon
 
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptxThe Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptxCompanySeceon
 
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptxSeceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptxCompanySeceon
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptxCompanySeceon
 
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptxThe Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptxCompanySeceon
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxCompanySeceon
 
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxLearnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxCompanySeceon
 
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxCompanySeceon
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxCompanySeceon
 
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxHow Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxCompanySeceon
 
XDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptxXDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptxCompanySeceon
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Cyber Security Solutions.pptx
Cyber Security Solutions.pptxCyber Security Solutions.pptx
Cyber Security Solutions.pptxCompanySeceon
 
Threat Detection and Response.pptx
Threat Detection and Response.pptxThreat Detection and Response.pptx
Threat Detection and Response.pptxCompanySeceon
 
What is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptxWhat is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptxCompanySeceon
 
What is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdfWhat is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdfCompanySeceon
 
Top Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptxTop Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptxCompanySeceon
 
Open Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptxOpen Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptxCompanySeceon
 
Cyber Security Company.pptx
Cyber Security Company.pptxCyber Security Company.pptx
Cyber Security Company.pptxCompanySeceon
 

Mais de CompanySeceon (20)

Best Open Threat Management Platform in USA
Best Open Threat Management Platform in USABest Open Threat Management Platform in USA
Best Open Threat Management Platform in USA
 
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptxSeceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
Seceon-Case-Study-Smart-Government-Cybersecurity (1).pptx
 
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptxThe Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
The Ultimate List of Cybersecurity Events and Conferences in 2024 - Seceon.pptx
 
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptxSeceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
Seceon Innovations in 2023 - A Look Back on a Big Year - Seceon.pptx
 
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
[Infographic] The MSP Journey to AI_ML-Powered Detection and Response.pptx
 
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptxThe Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
The Ultimate List of 2024’s Top 23 MSP and MSSP Events.pptx
 
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptxOverview of Ransomware Solutions from Protection to Detection and Response.pptx
Overview of Ransomware Solutions from Protection to Detection and Response.pptx
 
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptxLearnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
Learnings from the IDC South Africa CIO Summit 2023 #IDSACIO (1).pptx
 
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxHow Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
 
XDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptxXDR and Zero-Trust Strategy.pptx
XDR and Zero-Trust Strategy.pptx
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Cyber Security Solutions.pptx
Cyber Security Solutions.pptxCyber Security Solutions.pptx
Cyber Security Solutions.pptx
 
Threat Detection and Response.pptx
Threat Detection and Response.pptxThreat Detection and Response.pptx
Threat Detection and Response.pptx
 
What is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptxWhat is Ransomware Detection - Seceon.pptx
What is Ransomware Detection - Seceon.pptx
 
What is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdfWhat is Ransomware Detection - Seceon.pdf
What is Ransomware Detection - Seceon.pdf
 
Top Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptxTop Cybersecurity Specialist Company in USA.pptx
Top Cybersecurity Specialist Company in USA.pptx
 
Open Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptxOpen Threat Management Platform in USA.pptx
Open Threat Management Platform in USA.pptx
 
Cyber Security Company.pptx
Cyber Security Company.pptxCyber Security Company.pptx
Cyber Security Company.pptx
 

Último

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfbelieveminhh
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareWorkforce Group
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecZurliaSoop
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030tarushabhavsar
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 

Último (20)

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 

Identifying a Cyber Security Platform that will maximize your investment for years to come. - Seceon.pptx

  • 1. Identifying a Cyber Security Platform that will maximize your investment for years to come.
  • 2. Breaking down a successful cyber-attack in its simplest form; Threat actors use computers as they were designed which is to perform hundreds of millions of operations per second based on dark but creative instructions. Ok, so somewhere on the internet there’s gotta be a disgruntled Microsoft Employee, right? Armed with an idea, like targeting disgruntled employees, Hackers are able to use a combination of training videos, open source tools and high speed internet to harvest a username and an entry point into the target network, by scraping the internet looking for their desired human behavior in the form of text. Asking the average computer to scan through an entire website looking for a particular pattern can be done in minutes on any device including a smartphone with one line of code, like this one: Cewl -e –email_file emaillist.txt https://yourcompanieswebsite.com/. A Web Forum where someone is using all caps or following sentences with more than one exclamation point? Disgruntled user identified! The username found on one forum might allow a threat actor to pivot to additional threat vectors such as email addresses, Facebook or LinkedIn accounts. We all use similar usernames across web services, right? Additional behaviors about the target can be profiled by the threat actor inducing more dark but creative potential exploits which focus on harvesting more potential entry points. Next, befriend this user across multiple platforms and learn about them and how they communicate to peers. Ask them through a private message for the credentials needed in a way that doesn’t raise suspicion. Access to target network achieved. Human vulnerabilities can be turned into real vulnerabilities, and we all know humans are an unpredictable species therefore the attack surface of the human psyche is limitless. This is how Cyber threat actors continue to demonstrate they can execute successful cyber-attacks seemingly everywhere including attacks against large organizations, like Microsoft, who leverage the most advanced Cyber Security defense systems.
  • 3. Cyber Security Artifacts – Artifacts are tracks that get left behind. When looking from afar at the details of new Cyber threats the most important question to ask is how did the analysts obtain this artifact? Action movie lovers, like myself, imagine a tactical situation where a “highspeed” S.W.A.T. team enters the Hackers location from the roof using ropes and helicopters before smashing through windows and arresting the hacker. While under an intense interrogation the hacker eventually spills their secrets and shows agents the source code. All vulnerabilities are solved this way, right? Joking aside the answer is far less action packed. The most basic networks, including home networks, are littered with millions of artifacts or little digital footprints found inside each device. Analysts obtain details about attacks by logging into devices, pulling artifacts and eventually solve the puzzle by recreating the story by correlating artifacts from different devices. Cyber Security Compliance Based on my experience, artifact collection is driven by Cyber Security compliance. Cyber Security compliance involves meeting various controls usually enacted by a regulatory authority, law, or industry group to protect the confidentiality, integrity, and availability of data. The number of controls that need to be met varies by industry and the number of controls increases based on the sensitivity of the data they intend to protect. The enforcement of asset identification and subsequent storage of asset artifacts in the form of system logs and events are common controls penetrating compliance standards across many industries. Both control requirements work together by getting organizations, through process, to identify and document all its assets and then ensuring asset artifacts are saved to a Security Information Event Management system, or (SIEM) for short. Yes,even that dusty old, networked printer no one uses needs to push its device logs to thean I help you? To summarize the goal of the combined controls is to push
  • 4. organizations to collect and store as many artifacts from as many devices as possible so when an incident occurs analysts have the best chance to identify the breach. Incident Response and Behavior modeling Incident Response (IR) is a set of information security policies and procedures that identify, contain and eliminate cyberattacks. A good IR plan typically includes notifying authorities when a novel incident is suspected. Organizations like the Federal Bureau of Investigations (F.B.I.) dispatch forensic analysts who immediately obtain access to an organizations SIEM dataset and begin identifying interesting artifacts. Interesting artifacts are buried next to billions of ordinary ones but include firewall connection logs, IPs connected to apps, Extended Detection and Response (EDR) events and user account activity. Combining interesting artifacts from each device eventually leads analysts to identifying Indicators of Compromise (IoC). Flash Number: CU-000163-MW RagnarLocker Ransomware Indicators of Compromise is a recent example of the analysts work in the field. Mined IoC’s from the field are shared digitally with a multinational community of Cyber Warriors. Sharing includes documenting Behavioral models of Novel attacks in knowledge bases like MITRE ATT&CK and then building and uploading a STIX 2.0 statement to the community which can be downloaded and used by Cyber Security defense platforms. Choosing a Cyber Security Platform that will maximize your investment for years to come A platform that will perform the best and provide the most value for years to come will act like a virtual field analyst working at the speed of a computer parsing streams of device artifacts. It will ingest artifacts from apps, network devices and cloud sources from any l H o o c w a t c i o a n n Iinhteolpitysoou?wnSIEM dataset effectively centralizing intelligence inside an open architecture. It will work with existing and new
  • 5. security layers, not in place of them. Like an analyst, it will correlate artifacts from perimeter security infrastructure and other security telemetry. It will be aware of the most current threat intelligence data by regularly retrieving STIX 2.0 statements and will scan each artifact coming into the system looking for a detail that matches something bad. The platform should push its SIEM dataset through an embedded Machine Learning system so known behaviors about the technology environment can be understood. Artificial Intelligence (AI), a tool most threat actors cannot utilize, should be used to identify, and report suspicious or anomalous behavior. AI should build stories referencing industry standards like the Mitre ATT&CK Framework to be presented to human analysts, when a string of malicious actions are identified in the network. As AI improves it will simply be pushed as a future system update. The end results should be a platform that can consistently identify any creative dark exploits launched by threat actors. A creative dark exploit like; Finding disgruntled employee accounts that are logging into the network for the first time, outside of their normal business hours from another continent and from an IP address that’s currently flagged by an Intelligence Agency. Conclusion The platform classification as described is typically referred to as Extended Detection & Response (xDR) and not to be confused with Endpoint Detection and Response (EDR). Confusing naming convention aside, further diligence around platform log retention period is needed when an xDR platform is identified. Most xDR platforms have a non-compliant artifact retention period around their embedded SIEM datasets. The shortened period is because there are performance challenges with ML and AI when they are asked to look beyond 3 months’ worth of data so many platforms are parsing artifact data well short of the regulatory data retention periods. So, while these xDR platforms are affordable a traditional SIEM solution would also need to be implemented to meet regulatory data retention periods. Thankfully some xDR venders can extend log retention out to 7 years and therefore become truly comprehensive next gen.
  • 6. Randy Blasik, VP Technology Solutions Randy is a veteran of more than 20 years in the fields of Technology development, Technology Support and Cyber Security. Prior to Seceon, Randy has spent the last 7 years working as the Chief Technology Officer where he played a key role in building the business into a nationally recognized Managed Services Provider. Randy has also held key technology focused roles in small, mid and large market firms dating back to the year 2000. At Seceon Randy provides seasoned leadership, oversees Technology Solutions and is using his wide range of experience to drive both internal and external successes. Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id - sales@seceon.com, info@seceon.com Website https://www.seceon.com/