Lalit Shinde, Head of Strategic Partnerships, Seceon

FEEL SECURE with revolutionary OTM Solution –

Panel Discussion

Webinar16th Nov, 2017

1

• Sophistication of attacks

• Quick proliferation of attacks

• Continually evolving technologies

Changing Landscape of Cyber Security Attacks

“There are two kinds of organizations: Those who’ve been hacked and know it, and those who’ve been hacked and don’t know

it” – Chad Fulgham, former CIO of FBI

2

• Firewalls, End-Point Solutions, Spam Lists and Filters, SIEM

• Silo point solutions for each new type of attack

• Reactive solutions to Data Breaches

• Threat data overload – Copious amount of false positives

• No real time solution – human factor

Legacy Security Solutions

3

• Proactive approach to identifying both known and unknown threats

• Comprehensive visibility into all kinds of traffic

• Intelligence and data science driven protection

• Holistic solution to protect the enterprise’s entire ecosystem

• Automated remediation

Innovative Security Approach

4

Michael E. Crean, CEO, Solutions Granted

Role of Machine Learning and AI in Cyber Security

5

Webinar16th Nov, 2017

• What is wrong? But knowing just that is not enough.• Why is it wrong?

• How to fix it?

• Anomalous behavior differs from industry to industry requiring use of unsupervised algorithms

• Context matters – Correlation to all factual data is important to reduce false positives

Why Artificial Intelligence and Machine Learning?

6

• Accuracy and confidence of threat detection

• Specificity and correlation of threat vectors with factual data

• Ability to work with variety of data sources – network traffic, host and application logs, DNS logs, DHCP logs, Identity management (AD) logs etc.

• Ability to integrate with and push policies to all types of network devices to stop the threat

Producing Actionable Intelligence

7

Grigoriy Mills, CTO, RFA

Cyber Security – Case for Automation for MSSPs

8

Webinar16th Nov, 2017

Challenges: Operational Cost of Investigations

Flows/Logs Troubleshooting Activity TypeFlow/Log Instances

Comments

NG FW generates events/logs around an instance of an infected device attempting to

connect to a bad web site.

North-South Activity

444NG FW is resetting connections from the device over time and is not correlating these "non critical flagged" instances

Device is also performing IP Sweeps East- West

Activity135

Few separate instances across the internal network

Device is also performing IP Port scansEast- West

Activity92

Few separate instances across the internal network

Device needs to be identified Internal Activity 1What device is it? who or what group it

belongs to?

Total Activity 672 Total instances to investigate

Consider an example where a device is infected with a Malware

9

Challenges: Operational Cost of Investigations

Jr. SOC Analyst

Sr. SOC Analyst

Costs

$75,000 $250,000.00 SOC Analyst Burdened rate

per year

$1,442.31 $4,807.69 cost per week

$36.06 $120.19 cost/hour

$0.60 $2.00 cost/minute

Minutes per instance investigation 1.5

Total minutes of effort per incident 1006.5

$ cost/minute $0.60

Total Cost to correlate one incident $603.90

Typical Incidents per business day investigated at a Mid Sized F5000 (As per Ponemon/Verizon Reports) 3

Total Cost per business day $1,811.70

Total Cost per year $452,925.00

Automation can completely eliminate this total cost

10

Challenges: Cost of MTTI and MTTCMTTI – Mean Time To IdentifyMTTC – Mean Time To Contain

US $M

US $M

US $M

Source: Ponemon 2016 Cost of Data Breach Study Report

11

• Timely response to every attack is necessary to stave off bigger cost of data breach – Automated real-time detection and response

• Reduce the operational cost – SOC team designing and operationalizing security practice rather than investigating every false positive

• Affordable for any size organization – SMBs are as prone to attack as large enterprises and your cyber hygiene affects everyone you are dealing with

Cyber Security – Case for Automation

12

Ron Culler, CTO, Secure Design Inc.

Seceon Open Threat Management Solution

13

Webinar16th Nov, 2017

• Focus: Providing a solution effective at detecting and stopping the most dangerous and costly Cyber threats as soon as they happen, while dramatically lowering IT costs

14

++

See Everything Detect Threats That Matter Stop the Threat

Seceon OTM

Seceon’s Disruptive Approach!

Seceon, Inc. Confidential – NDA Required

15

CCE – Control and Collection Engine

Collects inputs from variety of sourcesExtracts key meta data and sends refined input to APE

APE – Analytics and Policy Engine

Threat Models based on User Behavioral Analytics and Machine LearningFast Big Data Engine

Seceon OTM GUI

User Friendly and Intuitive Adaptive Visualization of assets & threatsExecutive Dashboard & detailed reports

APE

Dynamic Threat Models

Fast Big Data Engine

ML - User Behavioral Analytics

AI with Recommended Remediation

CCE – n

Feature Extraction

Down Sampling

CCE

Feature Extraction

Down Sampling

CCE – 1

Feature Extraction

Down Sampling

Seceon Open Threat Management (OTM)

Seceon OTM uses Micro-Services Architecture and can be deployed in Cloud, VM and Customer Owned or Seceon Supplied Appliances

15

Seceon OTM Platform Overview

16

Adaptive Visualization

• Comprehensive view of all assets and threats• Fully automated solution that is easiest to deploy• Allows drill down of threats with all details

Detect Threats that Matter

• Detects known as well as unknown threats• Provides comprehensive information of the threats• Indicates all compromised assets and potential targets

Contain Threats in Real Time

• Immediate corrective action in real time• Automatic notification through email/text if required• Provides actionable analytics

16

Built-in Security

Threat ModelingParse

Dyn

am

ic

Red

uctio

n

Behavior Analysis

Threat Correlation

Threat Intelligence

Un

iversal C

ollectio

n Bu

s

UnstructuredData

UnstructuredData

Store

Storage Engine

Search

Rapid Search

Agent

Analytics

Analytics Engine

Big Data Store &

Search

Real-time Threat

Detection

Real-time

Analytics

Predictive

Modeling

Outputs

Built-in Advanced

Correlation

Built-in ML

Engine

Built-in Data

Model Engine

Input to output transit - measured in seconds

Platform Security Engine

StructuredData

Parse

Dyn

am

ic

Red

uctio

n

Parse

Dyn

am

ic

Red

uctio

n

Seceon’s Scalable – Fast Analytics Processing Platform

Distributed Data Ingest (CCE)Fast Parallel Processing Architecture (APE)

Closed Loop Threat Containment

Threat

Containment

17

Sunil K. Kotagiri, Co-Founder, Seceon

Compliance and Risk management using Seceon OTM Solution

18

Webinar16th Nov, 2017

• Identity• Network, Host & User inventory and

access monitoring & reports

• Protection• Threat detection & Containment

• Detection• 30 different threat models

• Respond• Automatic remediation

• Recover• Quarantine users & hosts

OTM covers NIST Framework

19

• Detect & contain unauthorized access (Real-time)

• Whitelists (Users & Hosts)

• File copy and transfer

• Reports

• Daily & Weekly reports

• Forensics

• Store & Analyze data for years

OTM covers GDPR Framework

20

Data Privacy Accountability

Responsibility

EvidenceOwnership

• Tracks User account mgmt

• Windows AD & Reports

• Data access rules

• Whitelists & Policy violations

• Integrity Monitoring• Policy violations, permission changes

• Audit Trail

• Reports – DMCA, asset groups, whitelists

OTM covers HIPAA Framework

21

HIPAA

Access Control

Account Mgmt

Credential Mgmt

Priv. Users Mgmt

Integrity Monitoring

ConfigMgmt

Data Governance

Audit Trail

Q & A

22