As any security practitioner can tell you, things change quickly in the world of IT security, particularly with respect to new and evolving threats. As a result, organizations need to continuously adapt their security strategies to defend against new threats and take advantage of the latest capabilities for responding quickly when there is a breach. In this session, Mike Rothman, President of Security Analyst firm Securosis, and Jaime Blasco, Director of AlienVault Labs, will give an overview of key changes in the information security world in 2013 and considerations for adapting your 2014 strategy to stay ahead of threats.
In this session, Mike and Jaime will cover:
*New attack methods and vulnerabilities exploited in 2013
*New options for defending against these and other threats, including use of crowd-sourced threat intelligence
*Best practices to ensure you can respond and recover quickly in the event of a breach
You'll come away with key insights to ensure your 2014 security strategy is up to date
3. AGENDA
•
•
•
•
New attack methods and
vulnerabilities exploited in 2013
How to respond and recover
quickly from a breach
Security technologies to
consider going into 2014
Q&A
4. •
Independent analysts with backgrounds on both
the user and vendor side.
•
Focused on deep technical and industry expertise.
•
We like pragmatic.
•
We are security guys - that‟s all we do.
About Securosis
6. •
Attacks > Defenses
•
Advanced Attackers > You
•
Attack surface is (pretty much) infinite.
•
This isn‟t going to change…
Advanced Malware is Advanced
7. •
300+ Gbps network attacks
•
Availability attacks on the applications
•
Favorite tactic of hacktivists
http://www.flickr.com/photos/astanhope/3592189/
Denial of Service hits the mainstream
11. •
Depends on the maturity of your security
program…
•
Determine:
•
Where you are
•
Where you want to be
•
Do you understand what that really means?
•
But the first job is to…
http://www.flickr.com/photos/clintw/6051081177
/
“Best Practices” Moving Forward
13. •
You can‟t stop all the attacks, so you better
detect them faster.
•
And respond better.
•
This involves monitoring, forensics, and
incident response.
•
Most enterprises don‟t do this very well.
React Faster and Better
14. •
Malware/Attack Detection
•
Evolving Network Security
•
Endpoint/Server Hygiene
•
Logging and Simple Alerting
http://www.flickr.com/photos/bibbit/6187662743/
Less Mature Programs: Blocking and
Tackling
19. •
Continued investment in monitoring
technologies
•
Aggregation of information across the entire
technology stack
•
Alerting, Visualization, Reporting
•
Threat Intelligence Driven
Security Monitoring/Management
21. OTX IN ACTION
Continuous updates
Updates provided every 30 minutes
200,000-350,000 validated malicious IP‟s at any point
Active and open threat sharing
Since March 2012, OSSIM & USM users have flagged 196
million events as malicious
Average of ~11 million a month (365,000 a day)
Effective against targeted attacks
20% of „live‟ APT1 domains were in OTX at time of Mandiant
report
218 domains were „live‟ at time of report (the rest were added
later the same day), 44 IPs found in OTX
23. ALIENVAULT IN ACTION
Step 1: Immediately
identify known
malicious IPs
targeting your
network.
Step 2: Dig deeper
by clicking on bad
IP to continue
investigation.
24. DIG DEEPER
ON BAD IP
ADDRESSES
SHARE AND
REVIEW
COMMENTS ON
ACTIVE THREAT S
27. UNIFIED MONITORING, PRESCRIPTIVE
GUIDANCE, AND PREVENTATIVE RESPONSE
AlienVault USM delivers unified and coordinated
security monitoring for incident response and
compliance management.
AlienVault Labs provides coordinated intelligence and
analysis of the latest threats, and prescriptive
guidance on how to respond.
AlienVault Open Threat Exchange offers real-time
insights on incidents affecting others that may impact
you, so you can deploy a preventative response.
29. NOW FOR SOME Q&A
More from Securosis…
More from AlienVault…
Follow Mike on Twitter: @securityincite
Securosis blog:
http://securosis.com/blog
exchange
Securosis research:
http://securosis.com/research
Join OTX:http://www.alienvault.com/open-threat-
AlienVault Labs blog:
http://www.alienvault.com/open-threat-exchange/blog
Download a Free 30-Day Trial of
USM:http://www.alienvault.com/free-trial
Securosis publishes (almost) everything
for free. Contribute. Make it better.
Join us for a LIVE Demo of
USM:http://www.alienvault.com/marketing/alienvaultusm-live-demo
Real-time, detailed information about incidents that may impact you, allowing you to learn from and work with others who have already experienced them.Unlike… Closed, invitation-only information sharing and analysis networks (FS-ISAC, Infragard, ISAC)OTX…Provides real-time, actionable information that is open to anyone who chooses to participate. This allows IT practitioners to achieve preventative response by learning about how others are targeted, and employing the right defenses, to avoid becoming a target themselves.
AlienVault training page – from Terra Verde websiteEd to send me the URL to add here as a CTA