SlideShare uma empresa Scribd logo

Cyber Defense Matrix: Revolutions

Transferir como PPTX, PDF
S
Sounil Yu

The Cyber Defense Matrix helps people organize and understand gaps in their overall security program. These slides describe several additional use cases of the Cyber Defense Matrix, including how to map the latest startup vendors and security trends, anticipate gaps, develop program roadmaps, capture metrics, reconcile inventories, improve situational awareness, and create a board-level view of their entire program. See the 2016 version at: http://bit.ly/cyberdefensematrix See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded

Tecnologia
1 de 35
SESSION ID: #RSAC Sounil Yu Cyber Defense Matrix: Revolutions CISO & Head of Research JupiterOne @sounilyu STR-M01
#RSAC @sounilyu Disclaimer RSA’s disclaimers Presentations are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the presenters individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be audio- or video-recorded and may be published in various media, including print, audio and video formats without further notice. The presentation template and any media capture are subject to copyright protection. ©2022 RSA Security LLC or its affiliates. All rights reserved. RSA Conference logo, RSA and other trademarks are trademarks of RSA Security LLC or its affiliates. Sounil’s Disclaimers • Vendors shown are representative only • No usage or endorsement should be construed because they are shown here 2 All models are wrong, but some are useful - George E. P. Box
#RSAC @sounilyu Ready for a week of buzzword madness? 3
#RSAC @sounilyu One simple way to organize these buzzwords is by aligning them against five asset classes and the NIST CSF 4 Operational Functions Inventorying assets and vulns, measuring attack surface, prioritizing, baselining normal, threat modeling, risk assessment Preventing or limiting impact, patching, containing, isolating, hardening, managing access, vuln remediation Discovering events, triggering on anomalies, hunting for intrusions, security analytics Acting on events, eradicating intrusion, assessing damage, forensic reconstruction Returning to normal operations, restoring services, documenting lessons learned, resiliency Asset Classes Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc. Software, interactions, and application flows on the devices Connections and traffic flowing among devices and apps Information at rest, in transit, or in use by the resources above The people using the resources listed above 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DEVICES APPS NETWORKS DATA USERS IDENTIFY PROTECT DETECT RESPOND RECOVER
#RSAC @sounilyu The Cyber Defense Matrix 5 Operational Functions Inventorying assets and vulns, measuring attack surface, prioritizing, baselining normal, threat modeling, risk assessment Preventing or limiting impact, patching, containing, isolating, hardening, managing access, vuln remediation Discovering events, triggering on anomalies, hunting for intrusions, security analytics Acting on events, eradicating intrusion, assessing damage, forensic reconstruction Returning to normal operations, restoring services, documenting lessons learned, resiliency Asset Classes Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc. Software, interactions, and application flows on the devices Connections and traffic flowing among devices and apps Information at rest, in transit, or in use by the resources above The people using the resources listed above 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DEVICES APPS NETWORKS DATA USERS IDENTIFY PROTECT DETECT RESPOND RECOVER Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover
#RSAC @sounilyu Aligning the buzzwords against the Cyber Defense Matrix… 6 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover
#RSAC @sounilyu …can help bring some order to the chaos… 7 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Asset Mgt, Vuln Scanning, Vuln Mgt, Certificate Mgt AV, Anti-Malware, EPP, FIM, HIPS, Whitelisting, Patch Mgt Endpoint Detection, UEBA, XDR EP Response, EP Forensics SAST, DAST, SW Asset Mgt, Fuzzers RASP, WAF, ZT App Access Source Code Compromise, Logic Bomb Discovery, App IDS, XDR Netflow, Network Vuln Scanner FW, IPS/IDS, Microseg, ESG, SWG, ZTNA DDoS Detection, Net Traf Analysis, UEBA, XDR DDoS Response, NW Forensics Data Audit, Discovery, Classification Encryption, Tokenization, DLP, DRM, DBAM, DB Access Proxy Deep Web, Data Behavior Analytics, FBI, Brian Krebs, XDR DRM, Breach Response Backup Phishing Sim, Background Chk, MFA Security Training & Awareness Insider Threat, User Behavior Analytics, XDR
#RSAC @sounilyu …and help you understand what some of these vendors do! (sorry, this slide is really out of date) 8 Identify Protect Detect Respond Recover Technology People Process Devices Applications Networks Data Users Degree of Dependency
#RSAC @sounilyu Use Cases of the Cyber Defense Matrix… 9 Primary Use Case: Vendor Mapping Differentiating Primary & Supporting Capabilities Defining Security Design Patterns Maximizing Deployment Footprint Understanding the New Perimeter Calculating Defense-in-Breadth Balancing Your Portfolio Budget Planning for Obsolescence Disintermediating Security Components Comparing Point Products vs Platforms Finding Opportunities for Automation Identifying Gaps in People, Process, Tech https://bit.ly/cyberdefensematrix
#RSAC @sounilyu Other Use Cases of the Cyber Defense Matrix… 10 https://bit.ly/cyberdefensematrixreloaded Optimizing Budgets and Resource Allocation Mapping Organizational Handoffs Aligning Roles and Responsibilities Understanding Why Products are Not Used Visualizing Attack Surfaces Aligning Generalized vs Specialized Needs Measurements and Metrics Business Aligned Security Patterns Vuln Scan vs PenTest vs BAS vs Red Team Mapping Zero Trust Capabilities Mapping to the Kill Chain Mapping to MITRE ATT&CK
#RSAC @sounilyu Remember Left and Right of Boom 11 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Structural Awareness •Occuring pre-event •Gathers information about state •Discovering weaknesses from vulnerability assessments •Baselining expected behaviors and interactions •Conducting risk management Situational Awareness • Occurring post-event • Gathering information about events and activity • Discovering evidence of vulnerability exploitation and investigating • Triggering on unexpected state or behavioral changes • Conducting event and incident management
#RSAC @sounilyu Use Case 21: Prioritization Using CIS Critical Security Controls 12 1.1, 1.4 3.6, 4.4, 4.5, 4.8, 4.9, 4.11, 4.12, 10.1, 10.2, 10.3, 10.5, 10.6, 12.7, 12.8, 13.5, 13.7, 13.9 1.3, 1.5, 8.8, 10.4, 10.7, 13.2 1.2, 4.10 2.1, 2.2, 7.5, 7.6, 15.1, 15.2, 15.3, 15.5, 18.6, 18.7, 18.8 2.5, 2.6, 2.7, 4.1, 7.1, 7.3, 7.4, 9.1, 9.4, 15.4, 16.1, 16.2, 16.3, 16.4, 16.5, 16.6, 16.7, 16.8, 16.9, 16.10, 16.11, 16.12, 16.13, 16.14, 18.9, 18.10 2.4 2.3, 7.2, 7.7 12.4, 18.1, 18.2, 18.5 3.12, 4.2, 4.6, 8.1, 8.3, 8.4, 8.10, 9.2, 9.3, 9.5, 9.6, 9.7, 12.1, 12.2, 12.3, 12.5, 12.6, 13.4, 13.8, 13.10, 18.3, 18.4 8.2, 8.5, 8.6, 8.7, 8.9, 8.11, 13.1, 13.3, 13.6, 13.11 3.1, 3.2, 3.7, 3.8 3.3, 3.4, 3.5, 3.9, 3.10, 3.11, 3.13, 6.8, 11.3, 14.6, 15.7, 18.11 3.14, 8.12, 15.6 11.1, 11.2, 11.4, 11.5 5.1, 5.5, 6.6 4.3, 4.7, 5.2, 5.4, 5.6, 6.1, 6.2, 6.3, 6.4, 6.5, 6.7, 14.1, 14.2, 14.3, 14.4, 14.5, 14.7, 14.8, 14.9 5.3 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover 17.1, 17.2, 17.3, 17.4, 17.5, 17.6, 17.9 17.7, 17.8 Implementation Group 3 Implementation Group 1 Implementation Group 2
#RSAC @sounilyu Use Case 5: Calculating Defense-in-Breadth Using CIS’ Control Assessment Specification (https://controls-assessment-specification.readthedocs.io) 13 Identify Protect Detect Respond Recover 15 ( 8 / 7 / 0 ) 84 ( 30 / 36 / 18 ) 26 ( 0 / 21 / 5 ) 9 ( 5 / 4 / 0 ) 0 134 ( 43 / 68 / 23 ) 56 ( 18 / 34 / 4 ) 125 ( 33 / 72 / 20 ) 5 ( 0 / 5 / 0 ) 11 ( 7 / 4 / 0 ) 0 197 ( 58 / 115 / 24 ) 14 ( 0 / 10 / 4 ) 94 ( 21 / 53 / 20 ) 32 ( 3 / 28 / 1 ) 0 0 140 ( 24 / 91 / 25 ) 22 ( 9 / 13 / 0 ) 67 ( 32 / 21 / 14 ) 12 ( 0 / 0 / 12 ) 0 17 ( 13 / 4 / 0 ) 118 ( 54 / 38 / 26 ) 24 ( 9 / 15 / 0 ) 90 ( 84 / 6 / 0 ) 0 ( 0 / 0 / 0 ) 6 ( 6 / 0 / 0 ) 0 120 ( 99 / 21 / 0) 134 ( 44 / 79 / 8 ) 460 (200 / 188 / 72 ) 75 (3 / 54 / 18 ) 26 ( 18 / 8 / 0 ) 17 (13 / 4 / 0 ) 709 ( 278 / 333 / 98 ) Devices Applications Networks Data Users Total Total
#RSAC @sounilyu Use Case 22: Measurement Health 14 HARD EASY RELATIVE DIFFICULTY Performance How well does the capability work? B 96% Efficiency How cost effective is the capability? A $$ Presence Does the capability exist? E Coverage Is the capability enabled? D Utilization Are all available features enabled? C 0.25 0.40 0.20 0.20 0.10 0.10 0.15 0.15 0.10 0.20 0.05 0.10 0.20 0.30 0.10 Identify Protect Detect Respond Recover Devices Apps Networks Data Users $50 $100 $50 $50 $100 $50 $100 $100 $100 $50 $50 $50 $50 $50 $50 Identify Protect Detect Respond Recover Devices Apps Networks Data Users E B D E F C B B E F A A E F E E B B F E D C F E F Identify Protect Detect Respond Recover Devices Apps Networks Data Users
#RSAC @sounilyu Use Case 23: Developing a roadmap 15 Grocery Layer 1: Recipes Proven Practices, Frameworks, Reference Architectures Layer 2: Pantry Current State Capabilities Layer 3: Market Commercial Options, Art of the Possible Business/Mission/Technology Constraints, Exceptions Layer 5: Nutritional Needs Risks, Attack Surfaces, Threat Environment The “Stack” Combined Matrices Nutritional and Dietary Needs Foundation Cyber Defense Matrix Layer 4: Allergies Allergies and Dietary Restrictions Pantry
#RSAC @sounilyu Use Case 23: Constructing a roadmap 16 How secure am I? How secure should I be? How do I get there?                        Existing Capabilities (Pantry)                            Best Practices, Architectures (Recipes) Risks (Nutritional Needs) Prospective Capabilities (Market) Mission/Business/Tech Constraints (Allergies/ Dietary Restrictions)
#RSAC @sounilyu Use Case 23: Interpreting the roadmap 17                                               Opportunities to innovate Table stakes / Just do it Risk Management Discussion: • Active attacks underway • Regulatory requirement • Capabilities are available... • … but controls create major mission impact Opportunities to deprecate or capture best practice Risk Management Discussion: • Active attacks underway • No regulatory requirement • Capabilities are available... • … but controls create minor mission impact  Architectural Requirements  Existing Capabilities  Commercial Capabilities Attack Surfaces Business/Mission Constraints
#RSAC @sounilyu Use Case 24: Board Level View 18 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Sufficient Controls Initiatives Underway Additional Effort Required No Attack Surface
#RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 19 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
#RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 20 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
#RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 21 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 22 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Post-Event Situational Awareness Pre-Event Structural Awareness
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 23 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Contextual Awareness Environmental Awareness
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 24 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Contextual Awareness Environmental Awareness Structural Awareness Situational Awareness
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 25 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Structural Awareness Situational Awareness
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 26 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Endpoint acting funny Situational: Machine compromised due to malware installed through client-side attack Contextual: User clicked on a spear phishing email Environmental: User of endpoint failed last phishing simulation test Structural: Fully patched, locked down endpoint, 2FA enabled Environmental: Training and awareness not complete
#RSAC @sounilyu Use Case 26: Improving Situational Awareness 27 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual: No unusual logins or interactions with server Structural: Data is encrypted DLP alerts firing off Environmental: Content originated from server housing sensitive blueprints for new product Environmental: New B2B connection made with a Chinese manufacturing plant Environmental: Regular user of server aligned to new China project Situational: Probably normal business activity Did user get phished?
#RSAC @sounilyu Use Case 27: Mapping Training 28 Identify Protect Detect Respond Recover Technology People Process Devices Applications Networks Data Users Degree of Dependency SEC505: Securing Windows and PowerShell Automation SEC503: Intrusion Detection In- Depth SEC617: Wireless Penetration Testing and Ethical Hacking SEC542: Web App Penetration Testing and Ethical Hacking SEC567: Social Engineering for Penetration Testers SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses DEV543: Secure C/C++ Coding FOR500: Windows Forensic Analysis SEC460: Enterprise Threat and Vulnerability Assessment FOR572: Advanced Network Forensics: Threat Hunting, Analysis & Incident Response SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC530: Defensible Security Architecture and Engineering SEC530: Defensible Security Architecture and Engineering SEC530: Defensible Security Architecture and Engineering SEC450: Blue Team Fundamentals: Security Operations and Analysis SEC450: Blue Team Fundamentals: Security Operations and Analysis SEC460: Enterprise Threat and Vulnerability Assessment SEC506: Securing Linux/Unix SEC534: Secure DevOps: A Practical Introduction
#RSAC @sounilyu Use Case 28: Mapping Cloud (IaaS/PaaS) Security 29 Identify Protect Cloud Security Posture Management (CSPM) Cloud Workload Protection Platform (CWPP) Devices (containers, compute, hosts) Applications (microservices, serverless) Networks (VPC, VPN, CDN, DNS) Data (datastores, databases, files) Users (accounts, user roles) CSPM IAM Configuration PaaS Configuration Network Configuration Storage Configuration CWPP Cloud Workload Protection Platform CWPP CWPP CWPP CWPP CWPP Cloud-Native Security Services ADC, LB, WAF, DoS, FW, etc. Control Plane Data Plane Source: Gartner Market Guide for Cloud Workload Protection Platforms, 2020 (slightly modified) CIEM
#RSAC @sounilyu Use Case 29: Mapping Control Failures 30 1. No asset inventory (CSC01) 2. No software inventory (CSC02) 3. No file integrity monitoring 4. No network segmentation 5. Neglected SSL Inspection (SSLV) Appliance 6. Neglected SSLV failed open 7. SSLV lacked certs for key systems 8. SAST failed to find Struts due to misconfig 9. No anomaly detection on web servers 10. Custom snort rule didn’t work 11. Custom snort rule wasn’t tested 12. Network scanner didn’t find Struts 13. Failed to detect webshells 14. Failed to detect interactive activity 15. Admins stored cleartext creds in open shares 16. Least privilege principles not followed for database access 17. DB adhoc queries restrictions not implemented 18. No DB anomaly monitoring 19. No field-level encryption in DBs 20. No data exfiltration detection 21. DAST scanning failed to detect vulns 22. Ineffective IR plan/procedures 23. No owners assigned to apps or DBs 24. Comms issues due to corp structure 25. Lack of accountability in processes 26. Patching remediation lacked follow up 27. Old audit findings were not addressed 28. Insecure NFS configs 29. Logs retained for less than 30 days
#RSAC @sounilyu Use Case 29: Mapping Control Failures Courtesy of Adrian Sanabria (@sawaba) 31 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20
#RSAC @sounilyu Use Case 29: Mapping Control Failures Courtesy of Adrian Sanabria (@sawaba) 32 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover People Oriented Control Failure Process Oriented Control Failure Tech Oriented Control Failure 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20
#RSAC @sounilyu Use Case 30: Reconciling Inventories 33 With modifications from original source: https://www.philvenables.com/post/taking-inventories-to-the-next-level-reconciliation-and-triangulation • Enable inventory reconciliation using a multi-domain approach using the five asset classes of the Cyber Defense Matrix • Drive better data quality by creating “fast lanes” for security approvals if inventories are up- to-date Authorized data sources can only go to approved vendors from approved applications Applications must run on known systems or be contained in authorized container registries All employees must have a direct manager All data associated with Internet facing applications must be classified/ tagged Data owners must formally hold that role and be part of the organization accountable for that data Vendor Inventory Application Inventory Device Inventory Network Inventory Data Catalog User Directory Role Directory
#RSAC @sounilyu “Apply” Slide 34 Map your security organization to the Cyber Defense Matrix Try out the use cases described here, in the previous briefings, and in the Cyber Defense Matrix book Develop a new use case for the Cyber Defense Matrix Share the new use case with the community!
#RSAC @sounilyu Questions? 35 https://cyberdefensematrix.com @sounilyu https://www.slideshare.net/sounilyu/presentations https://www.linkedin.com/in/sounil @cyberdefmatrix

Recomendados

Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Sounil Yu
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 

Recomendados

Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Sounil Yu
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Sounil Yu
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
Vikas Jain
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
CYBER SENSE
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
Sounil Yu
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
SolarWinds
 

Mais conteúdo relacionado

Mais procurados

IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
CYBER SENSE
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 

Mais procurados (20)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 

Semelhante a Cyber Defense Matrix: Revolutions

Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
SolarWinds
 
Common Sense Guide to Mitigating Insider Threats
Common Sense Guide to Mitigating Insider ThreatsCommon Sense Guide to Mitigating Insider Threats
Common Sense Guide to Mitigating Insider Threats
Sammie Gillaspie
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Andrew Gerber
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
Ryan Faircloth
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
SolarWinds
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docx
anhlodge
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
Tripwire
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 

Semelhante a Cyber Defense Matrix: Revolutions (20)

Information Security
Information SecurityInformation Security
Information Security
 
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...
 
Common Sense Guide to Mitigating Insider Threats
Common Sense Guide to Mitigating Insider ThreatsCommon Sense Guide to Mitigating Insider Threats
Common Sense Guide to Mitigating Insider Threats
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docx
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
3A - Turning Data into Decisions - Implementing a Cloud-based HSE Leading Ind...
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Cyber Defense Matrix: Revolutions

  • 1. SESSION ID: #RSAC Sounil Yu Cyber Defense Matrix: Revolutions CISO & Head of Research JupiterOne @sounilyu STR-M01
  • 2. #RSAC @sounilyu Disclaimer RSA’s disclaimers Presentations are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the presenters individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be audio- or video-recorded and may be published in various media, including print, audio and video formats without further notice. The presentation template and any media capture are subject to copyright protection. ©2022 RSA Security LLC or its affiliates. All rights reserved. RSA Conference logo, RSA and other trademarks are trademarks of RSA Security LLC or its affiliates. Sounil’s Disclaimers • Vendors shown are representative only • No usage or endorsement should be construed because they are shown here 2 All models are wrong, but some are useful - George E. P. Box
  • 3. #RSAC @sounilyu Ready for a week of buzzword madness? 3
  • 4. #RSAC @sounilyu One simple way to organize these buzzwords is by aligning them against five asset classes and the NIST CSF 4 Operational Functions Inventorying assets and vulns, measuring attack surface, prioritizing, baselining normal, threat modeling, risk assessment Preventing or limiting impact, patching, containing, isolating, hardening, managing access, vuln remediation Discovering events, triggering on anomalies, hunting for intrusions, security analytics Acting on events, eradicating intrusion, assessing damage, forensic reconstruction Returning to normal operations, restoring services, documenting lessons learned, resiliency Asset Classes Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc. Software, interactions, and application flows on the devices Connections and traffic flowing among devices and apps Information at rest, in transit, or in use by the resources above The people using the resources listed above 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DEVICES APPS NETWORKS DATA USERS IDENTIFY PROTECT DETECT RESPOND RECOVER
  • 5. #RSAC @sounilyu The Cyber Defense Matrix 5 Operational Functions Inventorying assets and vulns, measuring attack surface, prioritizing, baselining normal, threat modeling, risk assessment Preventing or limiting impact, patching, containing, isolating, hardening, managing access, vuln remediation Discovering events, triggering on anomalies, hunting for intrusions, security analytics Acting on events, eradicating intrusion, assessing damage, forensic reconstruction Returning to normal operations, restoring services, documenting lessons learned, resiliency Asset Classes Workstations, servers, phones, tablets, storage, network devices, IoT infrastructure, etc. Software, interactions, and application flows on the devices Connections and traffic flowing among devices and apps Information at rest, in transit, or in use by the resources above The people using the resources listed above 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DEVICES APPS NETWORKS DATA USERS IDENTIFY PROTECT DETECT RESPOND RECOVER Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover
  • 6. #RSAC @sounilyu Aligning the buzzwords against the Cyber Defense Matrix… 6 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover
  • 7. #RSAC @sounilyu …can help bring some order to the chaos… 7 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Asset Mgt, Vuln Scanning, Vuln Mgt, Certificate Mgt AV, Anti-Malware, EPP, FIM, HIPS, Whitelisting, Patch Mgt Endpoint Detection, UEBA, XDR EP Response, EP Forensics SAST, DAST, SW Asset Mgt, Fuzzers RASP, WAF, ZT App Access Source Code Compromise, Logic Bomb Discovery, App IDS, XDR Netflow, Network Vuln Scanner FW, IPS/IDS, Microseg, ESG, SWG, ZTNA DDoS Detection, Net Traf Analysis, UEBA, XDR DDoS Response, NW Forensics Data Audit, Discovery, Classification Encryption, Tokenization, DLP, DRM, DBAM, DB Access Proxy Deep Web, Data Behavior Analytics, FBI, Brian Krebs, XDR DRM, Breach Response Backup Phishing Sim, Background Chk, MFA Security Training & Awareness Insider Threat, User Behavior Analytics, XDR
  • 8. #RSAC @sounilyu …and help you understand what some of these vendors do! (sorry, this slide is really out of date) 8 Identify Protect Detect Respond Recover Technology People Process Devices Applications Networks Data Users Degree of Dependency
  • 9. #RSAC @sounilyu Use Cases of the Cyber Defense Matrix… 9 Primary Use Case: Vendor Mapping Differentiating Primary & Supporting Capabilities Defining Security Design Patterns Maximizing Deployment Footprint Understanding the New Perimeter Calculating Defense-in-Breadth Balancing Your Portfolio Budget Planning for Obsolescence Disintermediating Security Components Comparing Point Products vs Platforms Finding Opportunities for Automation Identifying Gaps in People, Process, Tech https://bit.ly/cyberdefensematrix
  • 10. #RSAC @sounilyu Other Use Cases of the Cyber Defense Matrix… 10 https://bit.ly/cyberdefensematrixreloaded Optimizing Budgets and Resource Allocation Mapping Organizational Handoffs Aligning Roles and Responsibilities Understanding Why Products are Not Used Visualizing Attack Surfaces Aligning Generalized vs Specialized Needs Measurements and Metrics Business Aligned Security Patterns Vuln Scan vs PenTest vs BAS vs Red Team Mapping Zero Trust Capabilities Mapping to the Kill Chain Mapping to MITRE ATT&CK
  • 11. #RSAC @sounilyu Remember Left and Right of Boom 11 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Structural Awareness •Occuring pre-event •Gathers information about state •Discovering weaknesses from vulnerability assessments •Baselining expected behaviors and interactions •Conducting risk management Situational Awareness • Occurring post-event • Gathering information about events and activity • Discovering evidence of vulnerability exploitation and investigating • Triggering on unexpected state or behavioral changes • Conducting event and incident management
  • 12. #RSAC @sounilyu Use Case 21: Prioritization Using CIS Critical Security Controls 12 1.1, 1.4 3.6, 4.4, 4.5, 4.8, 4.9, 4.11, 4.12, 10.1, 10.2, 10.3, 10.5, 10.6, 12.7, 12.8, 13.5, 13.7, 13.9 1.3, 1.5, 8.8, 10.4, 10.7, 13.2 1.2, 4.10 2.1, 2.2, 7.5, 7.6, 15.1, 15.2, 15.3, 15.5, 18.6, 18.7, 18.8 2.5, 2.6, 2.7, 4.1, 7.1, 7.3, 7.4, 9.1, 9.4, 15.4, 16.1, 16.2, 16.3, 16.4, 16.5, 16.6, 16.7, 16.8, 16.9, 16.10, 16.11, 16.12, 16.13, 16.14, 18.9, 18.10 2.4 2.3, 7.2, 7.7 12.4, 18.1, 18.2, 18.5 3.12, 4.2, 4.6, 8.1, 8.3, 8.4, 8.10, 9.2, 9.3, 9.5, 9.6, 9.7, 12.1, 12.2, 12.3, 12.5, 12.6, 13.4, 13.8, 13.10, 18.3, 18.4 8.2, 8.5, 8.6, 8.7, 8.9, 8.11, 13.1, 13.3, 13.6, 13.11 3.1, 3.2, 3.7, 3.8 3.3, 3.4, 3.5, 3.9, 3.10, 3.11, 3.13, 6.8, 11.3, 14.6, 15.7, 18.11 3.14, 8.12, 15.6 11.1, 11.2, 11.4, 11.5 5.1, 5.5, 6.6 4.3, 4.7, 5.2, 5.4, 5.6, 6.1, 6.2, 6.3, 6.4, 6.5, 6.7, 14.1, 14.2, 14.3, 14.4, 14.5, 14.7, 14.8, 14.9 5.3 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover 17.1, 17.2, 17.3, 17.4, 17.5, 17.6, 17.9 17.7, 17.8 Implementation Group 3 Implementation Group 1 Implementation Group 2
  • 13. #RSAC @sounilyu Use Case 5: Calculating Defense-in-Breadth Using CIS’ Control Assessment Specification (https://controls-assessment-specification.readthedocs.io) 13 Identify Protect Detect Respond Recover 15 ( 8 / 7 / 0 ) 84 ( 30 / 36 / 18 ) 26 ( 0 / 21 / 5 ) 9 ( 5 / 4 / 0 ) 0 134 ( 43 / 68 / 23 ) 56 ( 18 / 34 / 4 ) 125 ( 33 / 72 / 20 ) 5 ( 0 / 5 / 0 ) 11 ( 7 / 4 / 0 ) 0 197 ( 58 / 115 / 24 ) 14 ( 0 / 10 / 4 ) 94 ( 21 / 53 / 20 ) 32 ( 3 / 28 / 1 ) 0 0 140 ( 24 / 91 / 25 ) 22 ( 9 / 13 / 0 ) 67 ( 32 / 21 / 14 ) 12 ( 0 / 0 / 12 ) 0 17 ( 13 / 4 / 0 ) 118 ( 54 / 38 / 26 ) 24 ( 9 / 15 / 0 ) 90 ( 84 / 6 / 0 ) 0 ( 0 / 0 / 0 ) 6 ( 6 / 0 / 0 ) 0 120 ( 99 / 21 / 0) 134 ( 44 / 79 / 8 ) 460 (200 / 188 / 72 ) 75 (3 / 54 / 18 ) 26 ( 18 / 8 / 0 ) 17 (13 / 4 / 0 ) 709 ( 278 / 333 / 98 ) Devices Applications Networks Data Users Total Total
  • 14. #RSAC @sounilyu Use Case 22: Measurement Health 14 HARD EASY RELATIVE DIFFICULTY Performance How well does the capability work? B 96% Efficiency How cost effective is the capability? A $$ Presence Does the capability exist? E Coverage Is the capability enabled? D Utilization Are all available features enabled? C 0.25 0.40 0.20 0.20 0.10 0.10 0.15 0.15 0.10 0.20 0.05 0.10 0.20 0.30 0.10 Identify Protect Detect Respond Recover Devices Apps Networks Data Users $50 $100 $50 $50 $100 $50 $100 $100 $100 $50 $50 $50 $50 $50 $50 Identify Protect Detect Respond Recover Devices Apps Networks Data Users E B D E F C B B E F A A E F E E B B F E D C F E F Identify Protect Detect Respond Recover Devices Apps Networks Data Users
  • 15. #RSAC @sounilyu Use Case 23: Developing a roadmap 15 Grocery Layer 1: Recipes Proven Practices, Frameworks, Reference Architectures Layer 2: Pantry Current State Capabilities Layer 3: Market Commercial Options, Art of the Possible Business/Mission/Technology Constraints, Exceptions Layer 5: Nutritional Needs Risks, Attack Surfaces, Threat Environment The “Stack” Combined Matrices Nutritional and Dietary Needs Foundation Cyber Defense Matrix Layer 4: Allergies Allergies and Dietary Restrictions Pantry
  • 16. #RSAC @sounilyu Use Case 23: Constructing a roadmap 16 How secure am I? How secure should I be? How do I get there?                        Existing Capabilities (Pantry)                            Best Practices, Architectures (Recipes) Risks (Nutritional Needs) Prospective Capabilities (Market) Mission/Business/Tech Constraints (Allergies/ Dietary Restrictions)
  • 17. #RSAC @sounilyu Use Case 23: Interpreting the roadmap 17                                               Opportunities to innovate Table stakes / Just do it Risk Management Discussion: • Active attacks underway • Regulatory requirement • Capabilities are available... • … but controls create major mission impact Opportunities to deprecate or capture best practice Risk Management Discussion: • Active attacks underway • No regulatory requirement • Capabilities are available... • … but controls create minor mission impact  Architectural Requirements  Existing Capabilities  Commercial Capabilities Attack Surfaces Business/Mission Constraints
  • 18. #RSAC @sounilyu Use Case 24: Board Level View 18 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Sufficient Controls Initiatives Underway Additional Effort Required No Attack Surface
  • 19. #RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 19 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
  • 20. #RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 20 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
  • 21. #RSAC @sounilyu Use Case 25: Seeing gaps and opportunities 21 Identify Protect Detect Respond Recover Technology People Process A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z A – B – C – D – E F – G – H – I – J K – L – M – N – O P – Q – R – S – T U – V – W – X – Y – Z Devices Applications Networks Data Users Degree of Dependency
  • 22. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 22 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Post-Event Situational Awareness Pre-Event Structural Awareness
  • 23. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 23 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Contextual Awareness Environmental Awareness
  • 24. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 24 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Contextual Awareness Environmental Awareness Structural Awareness Situational Awareness
  • 25. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 25 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual Awareness Environmental Awareness Structural Awareness Situational Awareness
  • 26. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 26 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Endpoint acting funny Situational: Machine compromised due to malware installed through client-side attack Contextual: User clicked on a spear phishing email Environmental: User of endpoint failed last phishing simulation test Structural: Fully patched, locked down endpoint, 2FA enabled Environmental: Training and awareness not complete
  • 27. #RSAC @sounilyu Use Case 26: Improving Situational Awareness 27 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover Contextual: No unusual logins or interactions with server Structural: Data is encrypted DLP alerts firing off Environmental: Content originated from server housing sensitive blueprints for new product Environmental: New B2B connection made with a Chinese manufacturing plant Environmental: Regular user of server aligned to new China project Situational: Probably normal business activity Did user get phished?
  • 28. #RSAC @sounilyu Use Case 27: Mapping Training 28 Identify Protect Detect Respond Recover Technology People Process Devices Applications Networks Data Users Degree of Dependency SEC505: Securing Windows and PowerShell Automation SEC503: Intrusion Detection In- Depth SEC617: Wireless Penetration Testing and Ethical Hacking SEC542: Web App Penetration Testing and Ethical Hacking SEC567: Social Engineering for Penetration Testers SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses DEV543: Secure C/C++ Coding FOR500: Windows Forensic Analysis SEC460: Enterprise Threat and Vulnerability Assessment FOR572: Advanced Network Forensics: Threat Hunting, Analysis & Incident Response SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling SEC530: Defensible Security Architecture and Engineering SEC530: Defensible Security Architecture and Engineering SEC530: Defensible Security Architecture and Engineering SEC450: Blue Team Fundamentals: Security Operations and Analysis SEC450: Blue Team Fundamentals: Security Operations and Analysis SEC460: Enterprise Threat and Vulnerability Assessment SEC506: Securing Linux/Unix SEC534: Secure DevOps: A Practical Introduction
  • 29. #RSAC @sounilyu Use Case 28: Mapping Cloud (IaaS/PaaS) Security 29 Identify Protect Cloud Security Posture Management (CSPM) Cloud Workload Protection Platform (CWPP) Devices (containers, compute, hosts) Applications (microservices, serverless) Networks (VPC, VPN, CDN, DNS) Data (datastores, databases, files) Users (accounts, user roles) CSPM IAM Configuration PaaS Configuration Network Configuration Storage Configuration CWPP Cloud Workload Protection Platform CWPP CWPP CWPP CWPP CWPP Cloud-Native Security Services ADC, LB, WAF, DoS, FW, etc. Control Plane Data Plane Source: Gartner Market Guide for Cloud Workload Protection Platforms, 2020 (slightly modified) CIEM
  • 30. #RSAC @sounilyu Use Case 29: Mapping Control Failures 30 1. No asset inventory (CSC01) 2. No software inventory (CSC02) 3. No file integrity monitoring 4. No network segmentation 5. Neglected SSL Inspection (SSLV) Appliance 6. Neglected SSLV failed open 7. SSLV lacked certs for key systems 8. SAST failed to find Struts due to misconfig 9. No anomaly detection on web servers 10. Custom snort rule didn’t work 11. Custom snort rule wasn’t tested 12. Network scanner didn’t find Struts 13. Failed to detect webshells 14. Failed to detect interactive activity 15. Admins stored cleartext creds in open shares 16. Least privilege principles not followed for database access 17. DB adhoc queries restrictions not implemented 18. No DB anomaly monitoring 19. No field-level encryption in DBs 20. No data exfiltration detection 21. DAST scanning failed to detect vulns 22. Ineffective IR plan/procedures 23. No owners assigned to apps or DBs 24. Comms issues due to corp structure 25. Lack of accountability in processes 26. Patching remediation lacked follow up 27. Old audit findings were not addressed 28. Insecure NFS configs 29. Logs retained for less than 30 days
  • 31. #RSAC @sounilyu Use Case 29: Mapping Control Failures Courtesy of Adrian Sanabria (@sawaba) 31 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20
  • 32. #RSAC @sounilyu Use Case 29: Mapping Control Failures Courtesy of Adrian Sanabria (@sawaba) 32 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20 Devices Applications Networks Data Users Degree of Dependency Technology People Process Identify Protect Detect Respond Recover People Oriented Control Failure Process Oriented Control Failure Tech Oriented Control Failure 1, 12 26, 28 29 2, 8, 21, 23 26 3, 9, 13, 14 4, 5, 6, 7, 16 10, 11, 20 15, 23 16, 17, 19 17, 18, 20
  • 33. #RSAC @sounilyu Use Case 30: Reconciling Inventories 33 With modifications from original source: https://www.philvenables.com/post/taking-inventories-to-the-next-level-reconciliation-and-triangulation • Enable inventory reconciliation using a multi-domain approach using the five asset classes of the Cyber Defense Matrix • Drive better data quality by creating “fast lanes” for security approvals if inventories are up- to-date Authorized data sources can only go to approved vendors from approved applications Applications must run on known systems or be contained in authorized container registries All employees must have a direct manager All data associated with Internet facing applications must be classified/ tagged Data owners must formally hold that role and be part of the organization accountable for that data Vendor Inventory Application Inventory Device Inventory Network Inventory Data Catalog User Directory Role Directory
  • 34. #RSAC @sounilyu “Apply” Slide 34 Map your security organization to the Cyber Defense Matrix Try out the use cases described here, in the previous briefings, and in the Cyber Defense Matrix book Develop a new use case for the Cyber Defense Matrix Share the new use case with the community!

Notas do Editor

  1. This will be the third and final installment of the Cyber Defense Matrix (CDM) as a standalone presentation. The previous two occurred in 2016 and 2019, so this would be well placed with 3 years of spacing in between. In this last installment, I plan to share more new use cases of the CDM including: How threat hunters can methodically gain increasing levels of situational awareness How planners can anticipate erosion of controls and budget for training and technology refreshes How governance teams can build a metrics and measurements program starting with the CIS Controls Assessment Specification (which is already mapped to the CDM) How application security teams can align security functions into the CI/CD pipeline, DevOps, and the Agile methodology How practitioners can evaluate how thoroughly they have covered their cloud security needs How entrepreneurs and VCs can find new market opportunities and adjacencies to existing products How vulnerability management teams can prioritize vulnerabilities better when they have a more complete view in context with other assets and mitigating controls How CISOs can develop their security program roadmap How the CDM enables a multi-domain approach for inventory and reconciliation How CISOs can leverage the CDM in board briefings to convey a complete view of their entire security program in one slide I will start the session by giving a quick overview of the CDM, showing how we can do the standard mapping of security vendors to the CDM, quickly point out the 20 other use cases previously shown in the 2016 and 2019 briefings, and then launch into the new use cases that I've described. I'll wrap up by mentioning the Learning Lab if people want to learn more.