SLIDE 1
Catch the Bad Guys Red Handed!
Adam Gassensmith
Manager of Client Engagement
Catch the Bad Adam Gassensmith Manager of Client Guys Red - - PowerPoint PPT Presentation
Catch the Bad Adam Gassensmith Manager of Client Guys Red - - PowerPoint PPT Presentation
Catch the Bad Adam Gassensmith Manager of Client Guys Red Engagement Handed! Poll Question Are you using a Security Information and Event Management (SIEM) solution today? Agenda A Framework for Cyber Security Detecting Suspicious
SLIDE 2
SLIDE 3
A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
Agenda
SLIDE 4
A Framework for Cyber Security
The 5 Stages of the NIST Cyber Security Framework Which Stage is Most Important? How Are you Detecting Suspicious Activity Today?
SLIDE 5
Introducing the Intrusion Kill Chain
Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives
SLIDE 6
Anatomy of a Cyber Attack
- 1. Exploit Compromise
- 2. Reconnaissance and
Further Exploitation
- 3. Launch Attack
SLIDE 7
What is Dwell Time?
Dwell Time: The amount of time it takes for an
- rganization to discover a
threat in their environment and remove it.
Sun Mon Tue Wed Thu Fri Sat 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 1 Sun Mon Tue Wed Thu Fri Sat 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Breach
Average Dwell Time for Ransomware Attacks: 43 Days Average Dwell Time for Non- Ransomware Attacks: 798-869 Days
2+ Years!
SLIDE 8
Some Questions you Might be Asking
Why didn’t my traditional AV Solution stop this?! What about this Next-Gen AV Solution? But what about my other protection measures?
SLIDE 9
A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
Agenda
SLIDE 10
Detecting Suspicious Behaviors
How do you sort out normal activity from authentic activity? How do you collect information? How is information correlated?
OR
SLIDE 11
What is a SIEM?
Security Information and Event Management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources. How does a SIEM work?
SLIDE 12
What about ransomware?
Mass File Deletion Traffic to Known Bad IPs
SLIDE 13
Poll Question
Which of the following regulatory standards does your organization adhere to?
SLIDE 14
Will a SIEM Make Me Compliant?
SIEMs help to achieve the following compliance and regulatory standards:
- PCI
- FERPA
- HIPAA
- FISMA
- DFARS
SLIDE 15
A Framework for Cyber Security Detecting Suspicious Activity Simplifying Security Management
Agenda
SLIDE 16
Simplifying Security Management
Responding to Threats Managing the SIEM Platform Completing the Security Picture
SLIDE 17
Responding to Threats
PU PULSE LSE Alarm rm
24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse …
SLIDE 18
Managing the SIEM Platform
Updates
PU PULSE LSE Alarm rm
24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse Weekl kly y Report t Analysis lysis for Su Suspicious icious Activity tivity …
SLIDE 19
Completing the Security Picture
PU PULSE LSE Alarm rm
24x7 Se Security urity Monitorin itoring, Aler erting ting, and Response nse Weekl kly y Report t Analysis lysis for Su Suspicious icious Activity tivity Quarterl terly y External nal Vuln lner erab abil ility ity Sc Scan
SLIDE 20
What’s Next?
Schedule a Free External Vulnerability Scan Schedule a Security One-Day Get Started with PULSE Alarm
SLIDE 21
Q&A
SLIDE 22
Email us at: info@peters.com Call us at: 630.832.0075 Chat with us over coffee
Contact us:
SLIDE 23