As any security practitioner can tell you, things change quickly in the world of IT security, particularly with respect to new and evolving threats. As a result, organizations need to continuously adapt their security strategies to defend against new threats and take advantage of the latest capabilities for responding quickly when there is a breach. In this session, Mike Rothman, President of Security Analyst firm Securosis, and Jaime Blasco, Director of AlienVault Labs, will give an overview of key changes in the information security world in 2013 and considerations for adapting your 2014 strategy to stay ahead of threats. In this session, Mike and Jaime will cover: *New attack methods and vulnerabilities exploited in 2013 *New options for defending against these and other threats, including use of crowd-sourced threat intelligence *Best practices to ensure you can respond and recover quickly in the event of a breach You'll come away with key insights to ensure your 2014 security strategy is up to date

1. THREAT DETECTION AND INCIDENT
RESPONSE
WHAT‟S NEW FOR 2014?

2. INTRODUCTIONS
Meet today‟s speakers
Mike Rothman
President, Securosis
@securityincite
mrothman@securosis.com
Jaime Blasco
Director, AlienVault Labs
@jaimeblascob
2

3. AGENDA
•
•
•
•
New attack methods and
vulnerabilities exploited in 2013
How to respond and recover
quickly from a breach
Security technologies to
consider going into 2014
Q&A

4. •
Independent analysts with backgrounds on both
the user and vendor side.
•
Focused on deep technical and industry expertise.
•
We like pragmatic.
•
We are security guys - that‟s all we do.
About Securosis

5. http://www.flickr.com/photos/imlichenit/5532476683/
The Pendulum Swings Back to Security

6. •
Attacks > Defenses
•
Advanced Attackers > You
•
Attack surface is (pretty much) infinite.
•
This isn‟t going to change…
Advanced Malware is Advanced

7. •
300+ Gbps network attacks
•
Availability attacks on the applications
•
Favorite tactic of hacktivists
http://www.flickr.com/photos/astanhope/3592189/
Denial of Service hits the mainstream

8. http://www.flickr.com/photos/52859023@N00/644335254
The Cloud - Not If, But WHEN

9. Technology Problems are easy…

10. http://www.flickr.com/photos/morton/2305095296/
Biggest emerging problem is the
security skills gap

11. •
Depends on the maturity of your security
program…
•
Determine:
•
Where you are
•
Where you want to be
•
Do you understand what that really means?
•
But the first job is to…
http://www.flickr.com/photos/clintw/6051081177
/
“Best Practices” Moving Forward

12. http://www.flickr.com/photos/61063852@N00/5088741119
/

13. •
You can‟t stop all the attacks, so you better
detect them faster.
•
And respond better.
•
This involves monitoring, forensics, and
incident response.
•
Most enterprises don‟t do this very well.
React Faster and Better

14. •
Malware/Attack Detection
•
Evolving Network Security
•
Endpoint/Server Hygiene
•
Logging and Simple Alerting
http://www.flickr.com/photos/bibbit/6187662743/
Less Mature Programs: Blocking and
Tackling

15. http://www.flickr.com/photos/crowt59/2217016729/
More Mature Programs:
Deeper Detection
•
•
•
Network-based Malware Detection
Incident Response Focus/Forensics
Threat Intelligence

16. Shopping List 2014

17. •
Network-based Malware Detection
•
Next Generation Firewall
•
Perimeter Re-architecture
•
Perimeter Security Gateway
Network Security

18. •
Advanced Malware Protection
•
•
Isolation (browser & kernel)
•
White Listing
•
•
Application HIPS
Endpoint Activity Monitoring
Whither traditional AV?
http://flic.kr/p/9kC2Q1
Endpoint Security

19. •
Continued investment in monitoring
technologies
•
Aggregation of information across the entire
technology stack
•
Alerting, Visualization, Reporting
•
Threat Intelligence Driven
Security Monitoring/Management

20. ALIENVAULT OPEN THREAT EXCHANGE (OTX)
COLLABORATIVE THREAT INTELLIGENCE
20

21. OTX IN ACTION
Continuous updates
Updates provided every 30 minutes
200,000-350,000 validated malicious IP‟s at any point
Active and open threat sharing
Since March 2012, OSSIM & USM users have flagged 196
million events as malicious
Average of ~11 million a month (365,000 a day)
Effective against targeted attacks
20% of „live‟ APT1 domains were in OTX at time of Mandiant
report
218 domains were „live‟ at time of report (the rest were added
later the same day), 44 IPs found in OTX

22. ALIENVAULT UNIFIED SECURITY MANAGEMENT (USM)
WITH THREAT INTELLIGENCE POWERED BY OTX

23. ALIENVAULT IN ACTION
Step 1: Immediately
identify known
malicious IPs
targeting your
network.
Step 2: Dig deeper
by clicking on bad
IP to continue
investigation.

24. DIG DEEPER
ON BAD IP
ADDRESSES
SHARE AND
REVIEW
COMMENTS ON
ACTIVE THREAT S

25. ALIENVAULT IN ACTION
Step 3: Follow step-by-step guidance in
responding to the threat.

26. ALIENVAULT IN ACTION
Optional:
Provide contextual
feedback to OTX
so others can
avoid becoming
targets of the
same threat.

27. UNIFIED MONITORING, PRESCRIPTIVE
GUIDANCE, AND PREVENTATIVE RESPONSE



AlienVault USM delivers unified and coordinated
security monitoring for incident response and
compliance management.
AlienVault Labs provides coordinated intelligence and
analysis of the latest threats, and prescriptive
guidance on how to respond.
AlienVault Open Threat Exchange offers real-time
insights on incidents affecting others that may impact
you, so you can deploy a preventative response.

28. http://www.flickr.com/photos/alanenglish/6027912804/
Critical Success Factor 2014:
Invest in Your People
•
•
You can‟t find them, so you need to grow them
Training, Internships

29. NOW FOR SOME Q&A
More from Securosis…
More from AlienVault…



Follow Mike on Twitter: @securityincite
Securosis blog:
http://securosis.com/blog

exchange

Securosis research:
http://securosis.com/research
Join OTX:http://www.alienvault.com/open-threat-
AlienVault Labs blog:
http://www.alienvault.com/open-threat-exchange/blog

Download a Free 30-Day Trial of
USM:http://www.alienvault.com/free-trial
Securosis publishes (almost) everything
for free. Contribute. Make it better.

Join us for a LIVE Demo of
USM:http://www.alienvault.com/marketing/alienvaultusm-live-demo

30. View Webcast On-Demand
View a recorded version of this
webcast On-Demand here.