Bridging Security In Intelligence: Hacking, g, Threat Hunting, g, AI, I, Behavioral Anomalies, and In Incident Response
Dangerous Toys USB Device Impersonators USB Killers Man in the Middle Faceplates Wireless Pineapples Payload Phone Chargers
Dangerous Toys USB Device Impersonators USB Killers Man in the Middle Faceplates Wireless Pineapples Payload Phone Chargers
Dangerous Toys USB Device Impersonators USB Killers Man in the Middle Faceplates Wireless Pineapples Payload Phone Chargers
Dangerous Toys USB Device Impersonators USB Killers Man in the Middle Faceplates Wireless Pineapples Payload Phone Chargers
Dangerous Toys USB Device Impersonators USB Killers Man in the Middle Faceplates Wireless Pineapples Payload Phone Chargers
https:/ ://censys.io
https:/ ://shodan.io
https://haveibeenpwned.c .com
http://informationisbeautiful.net
http://informationisbeautiful.net
The Song Remains The Same • Defense in depth failures Since 1984 and still not effective • Average separate security solutions 40+ (30% feel right number) • Time to discover Breaches 200 Days • Time to respond to Incidents 56 Days • Cost of a breach $3.9 Million
Organized Threat Actors State Sponsored Actors Sophisticated Talent Anonymous Digital Currencies Highly Funded R&D Collaborative Development Circumventive Tooling Crowd-sourced information sharing
Threats Du Jour
Training Exercises
Protect your information, contain the risk Identify risks Gain control • Discover, classify business • Govern all users and critical data and apps their privileges • Expose over privileges with • Protect data usage identity analytics across enterprise and • Analyze cloud app usage cloud and activity • Improve DevOps • Detect web fraud with real security time alerts • Secure mobile devices and apps Safeguard interactions • Deploy adaptive access and web app protection • Federate to and from the cloud • Maintain data compliance and stop attacks • Secure mobile collaboration
Who are High Performers? Confidence Represent 26% of the 3655 in the study Dedication Highest level of cyber resilience Communication More prepared to respond Skills Less impacted by cyber threats. Industry Awareness Report less attacks, better containment and Streamlined SOC recovery Ponemon Institute Presentation Private and Confidential 19
High Performers Talk to the Board & C Suite Regularly 60% 70% 51% 50% 40% 39% 40% produce either a formal or 30% 30% ‘ad hoc’ report on the 21% 19% 20% organizations Cyber Resilience to their executive 10% level and Board 0% Yes, informal or “ad hoc” Yes, formal report No report High performer Overall 20
Threat Hunting Workflow Cognitive Advanced Analytics INVESTIGATE DETECT ENRICH ORCHESTRATE Incident Response
User Behavior
Local Analysis Investigations IBM CONFIDENTIAL until January 2017
AI Enriched Analysis Investigations IBM CONFIDENTIAL until January 2017
AI Deep Insight Investigations IBM CONFIDENTIAL until January 2017
What is an Unknown Unknown Search Offense Offense Property Property b i Offense Offense Offense Property Property Property a h c Offense Offense Offense Property 1 2 d Offense Property f Offense Offense Property Property Ask the question: “show me which g e offenses share the same property” – you don’t know the subset of offenses, not the subset of properties to search
Investigative Correlations Investigations IBM CONFIDENTIAL until January 2017
Threat Hunting
I ncident R esponse P la latform
In Integrated and In Intelligent Controls
Bridging Security In Intelligence: Hacking, g, Threat Hunting, g, AI, I, Behavioral Anomalies, , and In Incident Response
Recommend
More recommend
