SlideShare uma empresa Scribd logo

Infosecurity Europe 2016 - Low-friction Security

Transferir como PPTX, PDF
Huntsman Security
Huntsman Security

Piers Wilson from Huntsman Security discusses the problem of "frictional" inefficiencies in cyber security operations. As threats and alerts increase, security teams face growing "workloads" that waste time and resources. Automating threat verification and response can help reduce this "friction" by filtering out false positives, providing diagnostic context to prioritize real threats, and handling basic responses, freeing analysts to focus on more strategic work. The goal is to increase "friction" for attackers while decreasing it for defenders through streamlined, certain, industrial-scale security automation.

Tecnologia
1 de 22
Low Friction Security Piers Wilson Huntsman Security
Low Friction Security Piers Wilson Huntsman Security
Introductions Piers Wilson • Head of Product Management • Huntsman Security • piers.wilson@huntsmansecurity.com Cyber security monitoring, security analytics, threat detection and incident management solutions All rights reserved © Tier-3 Pty Limited 2016
Agenda Why “Low Friction” – the problem The reality of cyber security today Using technology and resources more effectively All rights reserved © Tier-3 Pty Limited 2016
“Friction” in Security Operations All rights reserved © Tier-3 Pty Limited 2016 Aerodynamicdragincardesign Workloadinsecurityoperations Technology advancements enhance efficiency In security, the advancements have impacted efficiency
Lowering “friction” Concorde Powerful Aerodynamic shape Very high altitude All rights reserved © Tier-3 Pty Limited 2016 Why? – Air resistance and friction Thin air (altitude) = less resistance, friction Aerodynamic design reduces drag Thrust overcomes drag to achieve speed Drag = Friction = Heat (127o) + Expansion (12”)
“Operational friction” in security Security teams have to deal with: Increased mass • Alerts/noise/control outputs • The “Weight” & “Force” of threats Increased power • More people “pushing” Inefficient (manual) processes • Un-aerodynamic shapes • Rough surfaces We can waste energy and effort All rights reserved © Tier-3 Pty Limited 2016
Problem space increasing • IT & Data more complex to control • Continually emerging vulnerabilities • “Security awareness” appetite of users limited • Business cases based on: • Unrealised risks or “prevented” impacts • Illusory / Estimated costs • Regulatory / Reputational impacts growing All rights reserved © Tier-3 Pty Limited 2016
Technology/Threat Evolution ✗ Trying to add more power / resource ✗ Continually adding more “friction” (security controls) in response to threats ✓ Adopting a “streamlined”, integrated, end-to-end process ✓ Technology that supports operations All rights reserved © Tier-3 Pty Limited 2016
Automation can help reduce friction • Gather all relevant data • Triage / verify alerts • Optimise end-to-end process • Automate routine tasks • Speed up response • Scalable, repeatable, industrialised Removing / Reducing Impediments All rights reserved © Tier-3 Pty Limited 2016 InputsLogs Threat Intelligence Technical Context Risk Status Organisation information Diagnostic data
Reducing Friction : Detecting and Verifying
1) Automate Verification of Threats Handle massive volume of “detections” Industrial-scale problem that has out-grown manual operation Not just for reports, dashboards or analysis Automate Triage and Diagnostics Need data from all sources Be able to answer questions about an incident or breach Gather relevant data at time of alert All rights reserved © Tier-3 Pty Limited 2016
Benefits of Automated Verification Rule out false positives quickly • Alerts with no corroborating signs of infection, attack or loss • Reduces “alert queue” by up to 90% Ensure all information provided for “real threats” • Aim to provide certainty Has infection spread? What data lost? Where to ? All rights reserved © Tier-3 Pty Limited 2016
Reducing Friction : Responding
2) Automating Response Once viewed as “risky” ... because we lacked certainty Automation needs to be “3 laws safe” Pre-defined responses Suspend account, Quarantine system, Reset virtual machine Delegate and simplify routine processes Make decision easier, more certain Enable swifter response Give time / freedom to prioritise activities All rights reserved © Tier-3 Pty Limited 2016
Benefits of Automated Response With increased certainty Diagnosis = Correct Risk of Delay > Risk of Action Automation means understanding • Nature of initial alert • Context of threat impact • Meaning of corroborating data • Impacts of proposed action All rights reserved © Tier-3 Pty Limited 2016
Automation long overdue Automation major part of solution to the friction problem: • Accurate data • Reliable context • Certainty on the situation Optimise handling of alert data from security “layers” • Avoid slowing down skilled resources with routine tasks Reduce friction and time at risk • Without having to increase effort All rights reserved © Tier-3 Pty Limited 2016
“Low Friction security” looks like ... Adding controls / detection capability continues to be necessary Landscape continues to evolve Operational load needs to be manageable Automating threat verification process Minimise false positives Understand real threats Provide greater certainty Automating response In a safe and acceptable way All rights reserved © Tier-3 Pty Limited 2016
We want HIGH FRICTION for attackers • Slow them down / Impede actions • Increase chance of detection / risk • Require more effort / time Increasing “Attacker Friction” means being PROACTIVE • Making attacks harder to mount successfully • This means freeing up time – our earlier point Examples include: • Tightening up controls and vulnerability management • Threat hunting to find possible or active/early stage attacks Note – Friction can be good... All rights reserved © Tier-3 Pty Limited 2016
Our Desired Outcome ATTACKER DEFENDER All rights reserved © Tier-3 Pty Limited 2016
Questions... Any Questions ? Please find me at the conference / get in contact if you want to explore this further Huntsman Security on Stand D160 All rights reserved © Tier-3 Pty Limited 2016
Thank you Piers Wilson piers.wilson@huntsmansecurity.com +44 (0) 7800 508517 +44 (0) 845 222 2010 www.huntsmansecurity.com @tier3huntsman

Recomendados

Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
Trish McGinity, CCSK
 
Security Opeations Center- SOC
Security Opeations Center- SOCSecurity Opeations Center- SOC
Security Opeations Center- SOC
Abhi Kundu
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Security Consulting Methodology
Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodology
ciso_insights
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
zapp0
 
A4 to A10 of security V3.1
A4 to A10 of security V3.1A4 to A10 of security V3.1
A4 to A10 of security V3.1
Jorge Sebastiao
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
xband
 

Recomendados

Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
Trish McGinity, CCSK
 
Security Opeations Center- SOC
Security Opeations Center- SOCSecurity Opeations Center- SOC
Security Opeations Center- SOC
Abhi Kundu
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Security Consulting Methodology
Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodology
ciso_insights
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
zapp0
 
A4 to A10 of security V3.1
A4 to A10 of security V3.1A4 to A10 of security V3.1
A4 to A10 of security V3.1
Jorge Sebastiao
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
xband
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Prahlad Reddy
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
Tyler Carlson
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security Leap
Accenture New Zealand
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Anton Chuvakin
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
Heather Salmons Newswanger
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
zapp0
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
Security Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSecurity Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident Response
Siemplify
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Enterprise Management Associates
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
TicTac Data Recovery
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
NetworkCollaborators
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
ManagedAntiVirus
ManagedAntiVirusManagedAntiVirus
ManagedAntiVirus
James Horvath
 
Protect your Business from Hackers!
Protect your Business from Hackers!Protect your Business from Hackers!
Protect your Business from Hackers!
SkyWireInc
 
V4 graphic photos parm four 4 pillars presentation business development
V4 graphic photos parm four 4 pillars presentation business developmentV4 graphic photos parm four 4 pillars presentation business development
V4 graphic photos parm four 4 pillars presentation business development
Benoit Grenier
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
Eoin Keary
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
tsaiblake
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
Using automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsUsing automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operations
Huntsman Security
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
Fujitsu Middle East
 

Mais conteúdo relacionado

Mais procurados

Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
tsaiblake
 

Mais procurados (20)

Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
The Cyber Security Leap
The Cyber Security LeapThe Cyber Security Leap
The Cyber Security Leap
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Security Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident ResponseSecurity Orchestration, Automation & Incident Response
Security Orchestration, Automation & Incident Response
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
Tictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security ServicesTictaclabs Managed Cyber Security Services
Tictaclabs Managed Cyber Security Services
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
Security policies
Security policiesSecurity policies
Security policies
 
ManagedAntiVirus
ManagedAntiVirusManagedAntiVirus
ManagedAntiVirus
 
Protect your Business from Hackers!
Protect your Business from Hackers!Protect your Business from Hackers!
Protect your Business from Hackers!
 
V4 graphic photos parm four 4 pillars presentation business development
V4 graphic photos parm four 4 pillars presentation business developmentV4 graphic photos parm four 4 pillars presentation business development
V4 graphic photos parm four 4 pillars presentation business development
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Edgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats ReportEdgescan 2021 Vulnerability Stats Report
Edgescan 2021 Vulnerability Stats Report
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 

Semelhante a Infosecurity Europe 2016 - Low-friction Security

Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
Fujitsu Middle East
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
Mark Simos
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
Manish Dixit Ceh
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentation
Vincent Kwon
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
CNSHacking
 
Security and Policing event presentation by Steve lamb from hewlett packard e...
Security and Policing event presentation by Steve lamb from hewlett packard e...Security and Policing event presentation by Steve lamb from hewlett packard e...
Security and Policing event presentation by Steve lamb from hewlett packard e...
Steve Lamb
 
Securing Call Center Recordings Webinar 4 16 09
Securing Call Center Recordings Webinar 4 16 09Securing Call Center Recordings Webinar 4 16 09
Securing Call Center Recordings Webinar 4 16 09
Ginney McAdams
 

Semelhante a Infosecurity Europe 2016 - Low-friction Security (20)

Using automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsUsing automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operations
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Don't risk it presentation
Don't risk it presentationDon't risk it presentation
Don't risk it presentation
 
5 ways to avoid cyber security takedown
5 ways to avoid cyber security takedown5 ways to avoid cyber security takedown
5 ways to avoid cyber security takedown
 
5 ways to avoid cyber security takedown
5 ways to avoid cyber security takedown5 ways to avoid cyber security takedown
5 ways to avoid cyber security takedown
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018
 
Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Security and Policing event presentation by Steve lamb from hewlett packard e...
Security and Policing event presentation by Steve lamb from hewlett packard e...Security and Policing event presentation by Steve lamb from hewlett packard e...
Security and Policing event presentation by Steve lamb from hewlett packard e...
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Developing a 360° view of risk and compliance
Developing a 360° view of risk and complianceDeveloping a 360° view of risk and compliance
Developing a 360° view of risk and compliance
 
Securing Call Center Recordings Webinar 4 16 09
Securing Call Center Recordings Webinar 4 16 09Securing Call Center Recordings Webinar 4 16 09
Securing Call Center Recordings Webinar 4 16 09
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 

Mais de Huntsman Security

Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
Huntsman Security
 

Mais de Huntsman Security (8)

Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)
 
Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)
 
Internet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of thingsInternet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of things
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSP
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Infosecurity Europe 2016 - Low-friction Security

  • 1. Low Friction Security Piers Wilson Huntsman Security
  • 3. Introductions Piers Wilson • Head of Product Management • Huntsman Security • piers.wilson@huntsmansecurity.com Cyber security monitoring, security analytics, threat detection and incident management solutions All rights reserved © Tier-3 Pty Limited 2016
  • 4. Agenda Why “Low Friction” – the problem The reality of cyber security today Using technology and resources more effectively All rights reserved © Tier-3 Pty Limited 2016
  • 5. “Friction” in Security Operations All rights reserved © Tier-3 Pty Limited 2016 Aerodynamicdragincardesign Workloadinsecurityoperations Technology advancements enhance efficiency In security, the advancements have impacted efficiency
  • 6. Lowering “friction” Concorde Powerful Aerodynamic shape Very high altitude All rights reserved © Tier-3 Pty Limited 2016 Why? – Air resistance and friction Thin air (altitude) = less resistance, friction Aerodynamic design reduces drag Thrust overcomes drag to achieve speed Drag = Friction = Heat (127o) + Expansion (12”)
  • 7. “Operational friction” in security Security teams have to deal with: Increased mass • Alerts/noise/control outputs • The “Weight” & “Force” of threats Increased power • More people “pushing” Inefficient (manual) processes • Un-aerodynamic shapes • Rough surfaces We can waste energy and effort All rights reserved © Tier-3 Pty Limited 2016
  • 8. Problem space increasing • IT & Data more complex to control • Continually emerging vulnerabilities • “Security awareness” appetite of users limited • Business cases based on: • Unrealised risks or “prevented” impacts • Illusory / Estimated costs • Regulatory / Reputational impacts growing All rights reserved © Tier-3 Pty Limited 2016
  • 9. Technology/Threat Evolution ✗ Trying to add more power / resource ✗ Continually adding more “friction” (security controls) in response to threats ✓ Adopting a “streamlined”, integrated, end-to-end process ✓ Technology that supports operations All rights reserved © Tier-3 Pty Limited 2016
  • 10. Automation can help reduce friction • Gather all relevant data • Triage / verify alerts • Optimise end-to-end process • Automate routine tasks • Speed up response • Scalable, repeatable, industrialised Removing / Reducing Impediments All rights reserved © Tier-3 Pty Limited 2016 InputsLogs Threat Intelligence Technical Context Risk Status Organisation information Diagnostic data
  • 12. 1) Automate Verification of Threats Handle massive volume of “detections” Industrial-scale problem that has out-grown manual operation Not just for reports, dashboards or analysis Automate Triage and Diagnostics Need data from all sources Be able to answer questions about an incident or breach Gather relevant data at time of alert All rights reserved © Tier-3 Pty Limited 2016
  • 13. Benefits of Automated Verification Rule out false positives quickly • Alerts with no corroborating signs of infection, attack or loss • Reduces “alert queue” by up to 90% Ensure all information provided for “real threats” • Aim to provide certainty Has infection spread? What data lost? Where to ? All rights reserved © Tier-3 Pty Limited 2016
  • 15. 2) Automating Response Once viewed as “risky” ... because we lacked certainty Automation needs to be “3 laws safe” Pre-defined responses Suspend account, Quarantine system, Reset virtual machine Delegate and simplify routine processes Make decision easier, more certain Enable swifter response Give time / freedom to prioritise activities All rights reserved © Tier-3 Pty Limited 2016
  • 16. Benefits of Automated Response With increased certainty Diagnosis = Correct Risk of Delay > Risk of Action Automation means understanding • Nature of initial alert • Context of threat impact • Meaning of corroborating data • Impacts of proposed action All rights reserved © Tier-3 Pty Limited 2016
  • 17. Automation long overdue Automation major part of solution to the friction problem: • Accurate data • Reliable context • Certainty on the situation Optimise handling of alert data from security “layers” • Avoid slowing down skilled resources with routine tasks Reduce friction and time at risk • Without having to increase effort All rights reserved © Tier-3 Pty Limited 2016
  • 18. “Low Friction security” looks like ... Adding controls / detection capability continues to be necessary Landscape continues to evolve Operational load needs to be manageable Automating threat verification process Minimise false positives Understand real threats Provide greater certainty Automating response In a safe and acceptable way All rights reserved © Tier-3 Pty Limited 2016
  • 19. We want HIGH FRICTION for attackers • Slow them down / Impede actions • Increase chance of detection / risk • Require more effort / time Increasing “Attacker Friction” means being PROACTIVE • Making attacks harder to mount successfully • This means freeing up time – our earlier point Examples include: • Tightening up controls and vulnerability management • Threat hunting to find possible or active/early stage attacks Note – Friction can be good... All rights reserved © Tier-3 Pty Limited 2016
  • 20. Our Desired Outcome ATTACKER DEFENDER All rights reserved © Tier-3 Pty Limited 2016
  • 21. Questions... Any Questions ? Please find me at the conference / get in contact if you want to explore this further Huntsman Security on Stand D160 All rights reserved © Tier-3 Pty Limited 2016
  • 22. Thank you Piers Wilson piers.wilson@huntsmansecurity.com +44 (0) 7800 508517 +44 (0) 845 222 2010 www.huntsmansecurity.com @tier3huntsman

Notas do Editor

  1. Have observed from dealing with large enterprises customers, MSSP’s etc.
  2. Recognise the complexity – lots of controls, lot of interfaces, almost back to pre-siem days – EASIER SAID THAN DONE Need security to be effective Technology that supports Operations Interfaces and data models are a means to an end Coping with additional control layers / increasing detections Recognise security analysts and data scientists are scarce
  3. Having data and certainty reduces this risk Value of responding quickly, and in a repeatable way can outweigh downside i.e. risk of inaction > risk of action Data, context, threat data, business impacts and asset values drive this calculation Need data and analytic capability Give examples: Registry keys, network captures, file changes
  4. A robot may not injure a human being or, through inaction, allow a human being to come to harm. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law. A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws. Response in well defined circumstances or a portion of the response – like routine tasks Autopilot – can take back control – example of mature automation
  5. E.g. quarantining machine in secure VLAN, remove from guest wifi
  6. Volume Scalable processing Cope with additional control layers Scale across the expanding threat landscape Respond at speed Repeatable
  7. Not black and white – respond as much as is known to be safe with in the specific circumstances Certainty that it is safe, not based on feelings or hunches
  8. What level of automation would todays certainty give you – what would you automate / adopt today