Lalit Shinde, Head of Strategic Partnerships, Seceon Webinar … · 2019-06-10 · • Continually...
Transcript of Lalit Shinde, Head of Strategic Partnerships, Seceon Webinar … · 2019-06-10 · • Continually...
Lalit Shinde, Head of Strategic Partnerships, Seceon
FEEL SECURE with revolutionary OTM Solution –
Panel Discussion
Webinar16th Nov, 2017
1
• Sophistication of attacks
• Quick proliferation of attacks
• Continually evolving technologies
Changing Landscape of Cyber Security Attacks
“There are two kinds of organizations: Those who’ve been hacked and know it, and those who’ve been hacked and don’t know
it” – Chad Fulgham, former CIO of FBI
2
• Firewalls, End-Point Solutions, Spam Lists and Filters, SIEM
• Silo point solutions for each new type of attack
• Reactive solutions to Data Breaches
• Threat data overload – Copious amount of false positives
• No real time solution – human factor
Legacy Security Solutions
3
• Proactive approach to identifying both known and unknown threats
• Comprehensive visibility into all kinds of traffic
• Intelligence and data science driven protection
• Holistic solution to protect the enterprise’s entire ecosystem
• Automated remediation
Innovative Security Approach
4
Michael E. Crean, CEO, Solutions Granted
Role of Machine Learning and AI in Cyber Security
5
Webinar16th Nov, 2017
• What is wrong? But knowing just that is not enough.• Why is it wrong?
• How to fix it?
• Anomalous behavior differs from industry to industry requiring use of unsupervised algorithms
• Context matters – Correlation to all factual data is important to reduce false positives
Why Artificial Intelligence and Machine Learning?
6
• Accuracy and confidence of threat detection
• Specificity and correlation of threat vectors with factual data
• Ability to work with variety of data sources – network traffic, host and application logs, DNS logs, DHCP logs, Identity management (AD) logs etc.
• Ability to integrate with and push policies to all types of network devices to stop the threat
Producing Actionable Intelligence
7
Grigoriy Mills, CTO, RFA
Cyber Security – Case for Automation for MSSPs
8
Webinar16th Nov, 2017
Challenges: Operational Cost of Investigations
Flows/Logs Troubleshooting Activity TypeFlow/Log Instances
Comments
NG FW generates events/logs around an instance of an infected device attempting to
connect to a bad web site.
North-South Activity
444NG FW is resetting connections from the device over time and is not correlating these "non critical flagged" instances
Device is also performing IP Sweeps East- West
Activity135
Few separate instances across the internal network
Device is also performing IP Port scansEast- West
Activity92
Few separate instances across the internal network
Device needs to be identified Internal Activity 1What device is it? who or what group it
belongs to?
Total Activity 672 Total instances to investigate
Consider an example where a device is infected with a Malware
9
Challenges: Operational Cost of Investigations
Jr. SOC Analyst
Sr. SOC Analyst
Costs
$75,000 $250,000.00 SOC Analyst Burdened rate
per year
$1,442.31 $4,807.69 cost per week
$36.06 $120.19 cost/hour
$0.60 $2.00 cost/minute
Minutes per instance investigation 1.5
Total minutes of effort per incident 1006.5
$ cost/minute $0.60
Total Cost to correlate one incident $603.90
Typical Incidents per business day investigated at a Mid Sized F5000 (As per Ponemon/Verizon Reports) 3
Total Cost per business day $1,811.70
Total Cost per year $452,925.00
Automation can completely eliminate this total cost
10
Challenges: Cost of MTTI and MTTCMTTI – Mean Time To IdentifyMTTC – Mean Time To Contain
US $M
US $M
US $M
Source: Ponemon 2016 Cost of Data Breach Study Report
11
• Timely response to every attack is necessary to stave off bigger cost of data breach – Automated real-time detection and response
• Reduce the operational cost – SOC team designing and operationalizing security practice rather than investigating every false positive
• Affordable for any size organization – SMBs are as prone to attack as large enterprises and your cyber hygiene affects everyone you are dealing with
Cyber Security – Case for Automation
12
Ron Culler, CTO, Secure Design Inc.
Seceon Open Threat Management Solution
13
Webinar16th Nov, 2017
• Focus: Providing a solution effective at detecting and stopping the most dangerous and costly Cyber threats as soon as they happen, while dramatically lowering IT costs
14
++
See Everything Detect Threats That Matter Stop the Threat
Seceon OTM
Seceon’s Disruptive Approach!
Seceon, Inc. Confidential – NDA Required
15
CCE – Control and Collection Engine
Collects inputs from variety of sourcesExtracts key meta data and sends refined input to APE
APE – Analytics and Policy Engine
Threat Models based on User Behavioral Analytics and Machine LearningFast Big Data Engine
Seceon OTM GUI
User Friendly and Intuitive Adaptive Visualization of assets & threatsExecutive Dashboard & detailed reports
APE
Dynamic Threat Models
Fast Big Data Engine
ML - User Behavioral Analytics
AI with Recommended Remediation
CCE – n
Feature Extraction
Down Sampling
CCE
Feature Extraction
Down Sampling
CCE – 1
Feature Extraction
Down Sampling
Seceon Open Threat Management (OTM)
Seceon OTM uses Micro-Services Architecture and can be deployed in Cloud, VM and Customer Owned or Seceon Supplied Appliances
15
Seceon OTM Platform Overview
16
Adaptive Visualization
• Comprehensive view of all assets and threats• Fully automated solution that is easiest to deploy• Allows drill down of threats with all details
Detect Threats that Matter
• Detects known as well as unknown threats• Provides comprehensive information of the threats• Indicates all compromised assets and potential targets
Contain Threats in Real Time
• Immediate corrective action in real time• Automatic notification through email/text if required• Provides actionable analytics
16
Built-in Security
Threat ModelingParse
Dyn
am
ic
Red
uctio
n
Behavior Analysis
Threat Correlation
Threat Intelligence
Un
iversal C
ollectio
n Bu
s
UnstructuredData
UnstructuredData
Store
Storage Engine
Search
Rapid Search
Agent
Analytics
Analytics Engine
Big Data Store &
Search
Real-time Threat
Detection
Real-time
Analytics
Predictive
Modeling
Outputs
Built-in Advanced
Correlation
Built-in ML
Engine
Built-in Data
Model Engine
Input to output transit - measured in seconds
Platform Security Engine
StructuredData
Parse
Dyn
am
ic
Red
uctio
n
Parse
Dyn
am
ic
Red
uctio
n
Seceon’s Scalable – Fast Analytics Processing Platform
Distributed Data Ingest (CCE)Fast Parallel Processing Architecture (APE)
Closed Loop Threat Containment
Threat
Containment
17
Sunil K. Kotagiri, Co-Founder, Seceon
Compliance and Risk management using Seceon OTM Solution
18
Webinar16th Nov, 2017
• Identity• Network, Host & User inventory and
access monitoring & reports
• Protection• Threat detection & Containment
• Detection• 30 different threat models
• Respond• Automatic remediation
• Recover• Quarantine users & hosts
OTM covers NIST Framework
19
• Detect & contain unauthorized access (Real-time)
• Whitelists (Users & Hosts)
• File copy and transfer
• Reports
• Daily & Weekly reports
• Forensics
• Store & Analyze data for years
OTM covers GDPR Framework
20
Data Privacy Accountability
Responsibility
EvidenceOwnership
• Tracks User account mgmt
• Windows AD & Reports
• Data access rules
• Whitelists & Policy violations
• Integrity Monitoring• Policy violations, permission changes
• Audit Trail
• Reports – DMCA, asset groups, whitelists
OTM covers HIPAA Framework
21
HIPAA
Access Control
Account Mgmt
Credential Mgmt
Priv. Users Mgmt
Integrity Monitoring
ConfigMgmt
Data Governance
Audit Trail
Q & A
22