Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014
-
Upload
rafal-los -
Category
Technology
-
view
953 -
download
0
description
Transcript of Operationalizing security intelligence for the mid market - Rafal Los - RSA Conference 2014
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Operationalizing Security Intelligence for the Mid-Market
Rafal M. Los
Principal, Strategic Security Services
HP Enterprise Security Services
RSA Conference -2014
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
what is “security intelligence”?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“collective set of activities, and artifacts to make intelligence-driven decisions”
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
detect, respond, resolve more effectively in the attack lifecycle
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
When you think of“Security Intelligence”…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“something big enterprises do”
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
why not you?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
this talk is a framework for you
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
..to get you thinking, motivated
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
requirements
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
high quality internal & external data + telemetry
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internal processes + workstreams
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
qualified personnel
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
intelligent, optimized technology
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
let’s break that down…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internal information/data –know your enterprise attack surface
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
for example –• internal business plans
• internal IT technology stack
• known vulnerabilities
• known, accepted risks
• strict change management
• configuration awareness
• unauthorized change detection
• employee activities, habits
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
external information/data-be situationally aware
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
for example –• sentiment against your brand/organization
• threat climate of your business vertical
• attacks against similar organizations, vertical
• specific threats against your staff/resources
• geopolitical issues pertaining to your enterprise
• 3rd party reported vulnerabilities
• 3rd party reported exploits
• weaknesses in your external technologies
• reported abused enterprise assets
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
internal processes + workstreams
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
convert information into action
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
for example –• handling of inbound, external data sources
• formats: csv, pdf, dashboards and text
• distilling data for relevance
• collating and categorizing with internal data
• prioritizing alerts based on prescribed formulas
• alerting appropriate internal & external entities
• creating actionable items from trusted data
• triage of event(s)
• incident management and handling
• incident response, dfir
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
qualified personnel
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
difficult to “add on” responsibility
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOC analyst Security Intelligence analyst ..no
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
highly specialized skill set
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
for example –• ability to quickly parse different log types
• ability to quickly make sense of disparate data
• ability to collate and correlate unstructured data
• ability to write code on-the-fly (script)
• proficient in many different security technologies
• able to perform collaborative tasks effectively
• ability to triage incidents quickly, effectively
• proficiency with forensics tools
• strong decision-making capabilities
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
intelligent, optimized technology
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
tech that works together
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
prefer integrated over disparate
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
tech that makes analysis more efficient, adds certainty
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
we may know a little something about this…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
quick recap
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“Security Intelligence” is..
the capability todetect, respond, and resolve your security incidents though an information-driven approach.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
You can do this.You need to do this.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Know more.Defend smarter.