Using automation to improve the effectiveness of security operations
-
Upload
tier-3-huntsman -
Category
Data & Analytics
-
view
203 -
download
0
description
Transcript of Using automation to improve the effectiveness of security operations
![Page 1: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/1.jpg)
Using Automated Technologies to Improve Security Efficiency
Piers Wilson Tier-‐3 Huntsman® -‐ Head of Product Management
![Page 2: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/2.jpg)
Se#ng the Scene
2 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Cyber aBacks conEnue to increase
• Even closed networks are vulnerable
• Every organisaEon is at risk
![Page 3: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/3.jpg)
More for Less
3 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Increasing drive towards data assurance & compliance
• More is being asked of the same number of security people
![Page 4: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/4.jpg)
How can technology help?
4 © 2014 Tier-‐3 Pty Limited. All rights reserved.
AutomaEon adds accuracy and efficiency to the security operaEons process:
• Behavioural Anomaly DetecEon to automaEcally detect suspicious acEvity – without the need for Eme consuming rules
• Threat Intelligence for faster and more accurate threat detecEon – “shorten the window” of invesEgaEon
• Standardised process workflows – for collecEon, analysis, reporEng and response processes
![Page 5: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/5.jpg)
Behavioural Anomaly DetecEon
5 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Machine learning to create a dynamic baseline of system behaviour
• ConEnuously updated baseline as the environment changes
• Real-‐&me alerts on any acEviEes that diverge from the “normal” baseline
![Page 6: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/6.jpg)
Benefits of Behavioural Anomaly DetecEon
6 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Alerts can be invesEgated & remediated as they are detected
• Removes the need to know the network or constantly re-‐write rules
• No need to second guess the aBack; start invesEgaEon from the indicator of compromise: incl APTs, zero-‐day & insider threats -‐ unknowables
![Page 7: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/7.jpg)
Threat Intelligence
7 © 2014 Tier-‐3 Pty Limited. All rights reserved.
Referenceable informaEon for situaEonal awareness: • External sources of known threats or risks
• Internal risk factors -‐ technical and non-‐technical
• “Correlatable” informaEon from environmental, physical, technical, geopoliEcal sources etc.
![Page 8: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/8.jpg)
Benefits of Threat Intelligence
Intelligent SIEM
“TradiEonal” Log Sources
Vulnerability InformaEon
Geographic InformaEon
Security, Malware, ABack Context
External Threat Sources
Internal Context Databases
![Page 9: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/9.jpg)
Workflow Management
9 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Established procedures for threat resoluEon (with ad hoc intervenEon)
• Integrated sequence of detecEon, analysis & resoluEon processes • Automated compliance monitoring and reporEng (e.g. GPG13)
![Page 10: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/10.jpg)
Benefits of Workflow Management
10 © 2014 Tier-‐3 Pty Limited. All rights reserved.
• Standardised repeatable and measurable processes
• Support for workflow throughout the incident lifecycle
• Consistent approach to achieving compliance
![Page 11: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/11.jpg)
Benefits of AutomaEon
11 © 2014 Tier-‐3 Pty Limited. All rights reserved.
BeBer detecEon
Faster, easier diagnosis
Improved decision making
Contextual feedback
ReducEon in losses
Detect
Analyse
Respond
• Real-time Behavioural Anomaly Detection • Reduced administration through machine learning • Faster and more accurate identification of threats
• Incorporation of Threat Intelligence • Contextualisation for faster triage and assessment • Shortening the window of investigation
• End-to-end workflow • Repeatable and auditable processes • Automated reporting and metrics
![Page 12: Using automation to improve the effectiveness of security operations](https://reader034.fdocuments.in/reader034/viewer/2022051609/546c3927af79596c298b4ed1/html5/thumbnails/12.jpg)
Copyright © Tier-3 Pty Ltd, 2014. All rights reserved. 12
Questions ?
Visit the Tier-3 stand
Contact us at: [email protected]
+44 (0) 208 433 6790 www.tier-3.com twitter.com/Tier3huntsman
More information at:
http://www.tier-3.com/sm-ab-threat-intelligence.php