Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving...

9
Using Security Intelligence To Mitigate Today’s Real Threats Ken Westin Tripwire Inc. Product Marketing Manager [email protected]

Transcript of Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving...

Page 1: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Using Security Intelligence To Mitigate Today’s Real Threats

Ken Westin Tripwire Inc. Product Marketing Manager [email protected]

Page 2: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Why Big SIEM Implementations Fail

•  “Big SIEM” deployments are a massive project, requires management buy-in for the long haul

•  Requires a great deal of “care and feeding”

•  Long time-to-value

•  Lack of out-of-the-box functionality

People + Process + Technology

Page 3: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Walk Before You Run

“Deploy log management functions before you attempt wide-scale implementations of real-time event management” – Dr. Anton Chuvakin

Page 4: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Moving from Log Management to SIEM

•  Monitoring process in place and properly staffed

•  Ability to respond to alerts

•  Tuning and customizing

•  Who has access to information, how will reporting requests be handled?

People + Process + Technology

Page 5: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

VULNERABILITY DATA

HOSTS & SERVER

DATABASE ACTIVITY

USER ACTIVITY

CONFIGURATION DATA

SECURITY DEVICES (IDS – FIREWALLS)

ACTIVE DIRECTORY

APP ACTIVITY

PHYSICAL ACCESS

ACTIONABLE INTELLIGENCE

ANALYTICS, FORENSICS & COMPLIANCE

Page 6: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

LOG INTELLIGENCE

SECURITY CONFIGURATION

MANAGEMENT

VULNERABILITY MANAGEMENT

Which systems are vulnerable? Which systems are being attacked? Which systems have already been compromised? Which systems should we fix first? Have we seen this before? When was it in a trusted state? How can we keep this from happening again?

Security Intelligence

Page 7: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Vulnerable system visits website with active exploit targeting Internet Explorer 1

APT Exploit Server “watering hole”

DETECT & PREVENT IE 0-DAY THREATS WITH TRIPWIRE CVE-2014-1776

VULNERABILITY MANAGEMENT

SECURITY CONFIGURATION MANAGEMENT

3 Real-time intelligence of threat: correlation of vulnerabilities, configuration and business context of target system

Alerts, Automation & Reporting

LOG INTELLIGENCE

Firewall or IDS detects exploit attempt and passes alert to Tripwire Log Center 2

Exploit Alert

Page 8: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Log Intelligence

Are we being attacked? Have we seen it before? Security

Configuration

What has changed? What is the trusted state?

Vulnerability Management

What is vulnerable? What is the risk?

HEARTBLEED AND OTHER REMOTE EXPLOITS WITH TRIPWIRE

!

Page 9: Using Security Intelligence To Mitigate Today’s Real Threats · – Dr. Anton Chuvakin . Moving from Log Management to SIEM ... VULNERABILITY MANAGEMENT SECURITY CONFIGURATION MANAGEMENT

Learn More

•  Visit www.tripwire.com

•  We will be at Black Hat again this year booth #141 Contact Info Ken Westin [email protected] Twitter: @kwestin


PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin

PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin

IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges

IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges

Management and Security Server Administrator Guide · 2020. 7. 2. · 1 About Management and Security Server 9 1About Management and Security Server Host Access Management and Security

Management and Security Server Administrator Guide · 2020. 7. 2. · 1 About Management and Security Server 9 1About Management and Security Server Host Access Management and Security

Network Security Application Security Security Management ...

Network Security Application Security Security Management ...

How to 0wn Log Management · Dr. Anton Chuvakin Chasm Emerges! PCI DSS is TOO EASY! PCI is a joke. It is not security! Playing scope games? PCI makes you buy stuff you don’t need

How to 0wn Log Management · Dr. Anton Chuvakin Chasm Emerges! PCI DSS is TOO EASY! PCI is a joke. It is not security! Playing scope games? PCI makes you buy stuff you don’t need

Security Management - Techcello€¦ · 3 How-To – Security Management 1 Security Management CelloSaaS allows the developers to build security management in their application more

Security Management - Techcello€¦ · 3 How-To – Security Management 1 Security Management CelloSaaS allows the developers to build security management in their application more

How to 0wn Log Management - Hack In The Box Security ...conference.hitb.org/hitbsecconf2010ams/materials... · Security Chasm! Dr. Anton Chuvakin Security Warrior Consulting Hack

How to 0wn Log Management - Hack In The Box Security ...conference.hitb.org/hitbsecconf2010ams/materials... · Security Chasm! Dr. Anton Chuvakin Security Warrior Consulting Hack

RSA Security Brief - HotelNewsNow.com...2010/09/15  · Dr. Anton Chuvakin Principal, Security Warrior Consulting Sam Curry Chief Technology Officer, Global Marketing RSA, The Security

RSA Security Brief - HotelNewsNow.com...2010/09/15  · Dr. Anton Chuvakin Principal, Security Warrior Consulting Sam Curry Chief Technology Officer, Global Marketing RSA, The Security

Oracle Warehouse Management System – Security Enhancements · PDF fileOracle Warehouse Management System – Security Enhancements ... Oracle Warehouse Management System – Security

Oracle Warehouse Management System – Security Enhancements · PDF fileOracle Warehouse Management System – Security Enhancements ... Oracle Warehouse Management System – Security

Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?

Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?

Security Services Lifecycle Management - SALSAHPCsalsahpc.indiana.edu/CloudCom2010/slides/PDF/Security Services... · Security Services Lifecycle Management Slide _ 7 Security Service

Security Services Lifecycle Management - SALSAHPCsalsahpc.indiana.edu/CloudCom2010/slides/PDF/Security Services... · Security Services Lifecycle Management Slide _ 7 Security Service

Information Security Management: Understanding ISO · PDF fileInformation Security Management: Understanding ISO ... Information Security Management: Understanding ISO 17799 ... The

Information Security Management: Understanding ISO · PDF fileInformation Security Management: Understanding ISO ... Information Security Management: Understanding ISO 17799 ... The

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin

Information Security- Perspective for Management Information Security … · 2011-03-18 · 3 Information Security Management Information Security Management “Information security

Information Security- Perspective for Management Information Security … · 2011-03-18 · 3 Information Security Management Information Security Management “Information security

SIEM Simplified - EventTracker...SIEM Simplified SM — Efficiency, Scalability and Intelligence Anton Chuvakin in the Gartner Risk Management Summit 2014 shared these in his presentation

SIEM Simplified - EventTracker...SIEM Simplified SM — Efficiency, Scalability and Intelligence Anton Chuvakin in the Gartner Risk Management Summit 2014 shared these in his presentation

Avira Security Management Center · More Than Security User Manual Avira SMC Security Management Center

Avira Security Management Center · More Than Security User Manual Avira SMC Security Management Center

7th Module: Security Management: Structure: 1.The Need for Security Management? 2.Information Systems Security and Risk Management 3.Security Policy 4.Contingency.

7th Module: Security Management: Structure: 1.The Need for Security Management? 2.Information Systems Security and Risk Management 3.Security Policy 4.Contingency.

Anton Chuvakin SANS GIAC GCFA Certification Document

Anton Chuvakin SANS GIAC GCFA Certification Document

Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin

Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin

Security Incident Log Review Checklist by Anton Chuvakin and Lenny Zeltser

Security Incident Log Review Checklist by Anton Chuvakin and Lenny Zeltser