Catch the Bad Adam Gassensmith Manager of Client Guys Red Engagement Handed!
Poll Question Are you using a Security Information and Event Management (SIEM) solution today?
Agenda A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
A Framework for Cyber Security The 5 Stages of the NIST Cyber Security Framework Which Stage is Most Important? How Are you Detecting Suspicious Activity Today?
Introducing the Intrusion Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives
Anatomy of a Cyber Attack 1. Exploit Compromise 2. Reconnaissance and Further Exploitation 3. Launch Attack
What is Dwell Time? Average Dwell Time for Non- Average Dwell Time for Ransomware Ransomware Attacks: 798-869 Days Attacks: 43 Days Sun Mon Tue Wed Thu Fri Sat 1 2 3 4 Dwell Time: The amount of Breach 5 6 7 8 9 10 11 time it takes for an 2+ Years! 12 13 14 15 16 17 18 organization to discover a 19 20 21 22 23 24 25 threat in their environment 26 27 28 29 30 31 1 and remove it. Sun Mon Tue Wed Thu Fri Sat 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Some Questions you Might be Asking Why didn’t my traditional AV Solution stop this?! What about this Next-Gen AV Solution? But what about my other protection measures?
Agenda A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
Detecting Suspicious Behaviors How do you sort out normal activity from OR authentic activity? How do you collect information? How is information correlated?
What is a SIEM? How does a SIEM work? Security Information and Event Management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.
What about ransomware? Mass File Deletion Traffic to Known Bad IPs
Poll Question Which of the following regulatory standards does your organization adhere to?
Will a SIEM Make Me Compliant? SIEMs help to achieve the following compliance and regulatory standards: • PCI • FERPA • HIPAA • FISMA • DFARS
Agenda A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
Simplifying Security Management Responding to Threats Managing the SIEM Platform Completing the Security Picture
Responding to Threats PU PULSE LSE Alarm rm 24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse …
Managing the SIEM Platform PU PULSE LSE Alarm rm 24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse Updates Weekl kly y Report t Analysis lysis for Su Suspicious icious Activity tivity …
Completing the Security Picture PU PULSE LSE Alarm rm 24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse Weekl kly y Report t Analysis lysis for Su Suspicious icious Activity tivity Quarterl terly y External nal Vuln lner erab abil ility ity Sc Scan
What’s Next? Schedule a Free External Vulnerability Scan Schedule a Security One-Day Get Started with PULSE Alarm
Q&A
Contact us: Email us at: Call us at: Chat with us over info@peters.com 630.832.0075 coffee
Thank You!
Recommend
More recommend