Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape ....

Post on 09-Mar-2018

216 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Threat Detection & Response - SANS LEAK PASSWORD GUESSING BREACH ... BRAND CREDIBILITY Landscape ....

Threat Detection & Response Control Point Management Developing a Visibility and Measurement Platform that Manages and Improves Operations

Nancy Thompson Director of Operations

CYBER RISK DEFENSE CENTER

1 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Introduction

Log Layer

Correlation

Events

Thompson’s Dashboard

2 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

NETWORK

ANTHEM

LOSS OF MEMBER TRUST

SERVER

CREDENTIALS LOSS OF TRUST

SONY LEAK

PASSWORD GUESSING

BREACH

DATA THEFT COMPROMISE PHISHING

BACK DOOR

PHISHING CRIMINAL

CYBER SECURITY COST

HEART BLEED

PERSONAL INFORMATION STOLEN ATTACK MALWARE IP ADDRESS

TARGET COMPLEXITY BRAND CREDIBILITY

Landscape

© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER

Agenda

Approach Resulting Approach Complexity Solution Challenges Results

4 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Exfiltration Escalation Infiltration Advanced Warning

Approach

System exploitation

Malware

Account hijacking

Privilege escalation

Lateral movement

Data transmission &

theft

External intel

System probes

Phishing

Account hijacking

Privilege escalation

Lateral movement

Addressing the Lockheed Martin Cyber Kill Chain®

5 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Resulting Complexity

6 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Solution Requirements

Process flow flexibility

Ability to add in “control points” where we needed them

Dashboards which manage work, issues & offer visibility to operations

7 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Control (management) Characteristics

Control in management means setting standards, measuring

actual performance and taking corrective actions.

Solution Objective

• Control is a Continuous Process

• Control is Forward Looking

• Control Helps to Achieve the Standard

Control (management) Process

• Setting, Measuring & Comparing Performance Standards

• Analyzing Deviations

• Take Corrective Measures

8 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Solution Challenges

Compliance

Risk

Governance

© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER

Results

10 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Evolution of the Threat Activity Case

December 2014 March 2015 April 2015

11 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Components of Operations

• Input • Team Checklists • Non-Actionable Events • False Positives • Actionable Events • Critical Events • Incident • Child Processes

• Remediation Request • Use Case Request • Tuning Request • Policy Engineering Request

12 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Team Control Point - Checklists

Customized Forms

Help Boxes

Links to Processes (ePO process in sharepoint)

13 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Management Control Point - Team Conflict Escalation

If an escalation is rejected by Incident Handlers 2 or more times, leadership is notified

14 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Audit Control Point - Closure and Feedback

15 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Legal Control Point

16 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Operations Management– Team Focused Dashboards

17 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Operations Management – Leadership Dashboard

18 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

Eye Candy

19 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER

What’s Next

Input Work Integrations

Dispatch System Integration

Dynamic Visualization Tools

© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER

Questions?

“Thompson, great job…you’ve delivered the wedding cake!”

Top related

Intelligent Guessing
 Documents
Guessing and You
 Documents
Mega Fauna Guessing Game
 Documents
Art Guessing Game
 Art & Photos
Romanticism Art Guessing Game
 Education
Color guessing game
 Documents
Guessing Game
 Documents
Movies round i guessing
 Documents
Guessing Games
 Documents
Using Contextual Clues in Guessing Foreign Language ... · guessing the meaning of words from contextual clues or what is called the guessing from context strategy (GFC s). Guessing
 Documents
Assessing Credibility. Assessing Credibility is the substance of most trials. Credibility = Honesty + Reliability.
 Documents
Bone ghost circles guessing game
 Entertainment & Humor
The Guessing Game
 Documents
Vocabulary (Guessing Word)
 Documents
Guessing Game Afternoon
 Education
A Guessing Game
 Documents
Animal guessing game
 Education
Bowl Game Guessing Game[1]
 Documents
GOODMAN_Reading_a Psycholinguistic Guessing Game
 Documents
Period Three reading Guessing Game Is he…? Guessing Game Is he…? drawing.
 Documents

Copyright © 2022 FDOCUMENTS