maintaining cyber readiness in an evolving threat landscape...evolving threat landscape brent benson...

MaintainingCyberReadinessinanEvolvingThreatLandscape

BrentBensonBrent.benson@logrhythm.com320-492-6011

TheModernCyberThreatPandemic 3,930Breachesin2015

953Breachesin2010

321Breachesin2006

736millionrecordswereexposedin2015,comparedto96millionrecordsin2010

Thesecurityindustryisfacingserioustalentandtechnologyshortages

Selected

DataBreaches

Source:World’sBiggestDataBreaches,InformaKonisBeauKful

NoEndInSight

MoKvatedThreatActors

Cyber-crimeSupplyChain

ExpandingAQackSurface

MoIvatedThreatActors

Cyber-crimeSupplyChain

ExpandingANackSurface

ModernthreatstaketheirKmeandleveragetheholisKcaQacksurface

TheCyberaNackLifecycle

Recon.&Planning

IniKalCompromise

Command&Control

LateralMovement

TargetAQainment

ExfiltraKon,CorrupKon,DisrupKon

ProtecIonThroughFasterDetecIon&Response

HighVulnerability LowVulnerability

Months

Days

Hours

Minutes

Weeks

MTTD&M

TTR

MEANTIMETODETECT(MTTD)TheaverageKmeittakestorecognizeathreatrequiringfurtheranalysisandresponseeffortsMEANTIMETORESPOND(MTTR)TheaverageKmeittakestorespondandulKmatelyresolvetheincident

Asorganiza+onsimprovetheirabilitytoquicklydetectandrespondtothreats,theriskofexperiencingadamagingbreachisgreatlyreduced

ExposedtoThreats ResilienttoThreats

ObstaclesToFasterDetecIon&Response

AlarmFaKgue

SwivelChairAnalysis

ForensicDataSilos

FragmentedWorkflow

LackofAutomaKon

ObstaclesToFasterDetecIon&Response

AlarmFaKgue

SwivelChairAnalysis

ForensicDataSilos

FragmentedWorkflow

LackofAutomaKon

EffecKveThreatLifecycleManagementü  Addressestheseobstaclesü  EnablesfasterdetecKonand

responsetothreats

ThreatLifecycleManagement(TLM)

•  SeriesofalignedsecurityoperaKonscapabiliKes

•  Beginswithabilityto“see”broadlyanddeeplyacrossdistributedITenvironment

•  Finisheswithabilitytoquicklyneutralizeandrecoverfromsecurityincidents

Goal:reducemeanKmetodetect(MTTD)andmeanKmetorespond(MTTR),withoutrequiringincreasedstaffinglevels

StepsToFasterDetecIon&Response

UnderstandingWhatYouHave

HolisKcVisibility

DecepKonBasedDefenses

RoundTheClockMonitoring

SecurityAwareness

End-to-EndThreatLifecycleManagementWorkflow

TIMETODETECT TIMETORESPOND

ForensicDataCollecIon

InvesIgateQualifyDiscover RecoverNeutralize

Securityeventdata

Log&machinedata

Forensicsensordata

SearchanalyKcs

MachineanalyKcs

Assessthreat

Determinerisk

IsfullinvesKgaKonnecessary?

Analyzethreat

Determinenatureand

extentofincident

Implementcounter-measures

MiKgatethreat&associatedrisk

Cleanup

Report

Review

Adapt

ThisApproachIsNotEffecIve

NetworkMonitoring&Forensics LogManagement SIEM User&EnKty

BehavioralAnalyKcs

EndpointMonitoring&Forensics

SecurityAutomaKon&OrchestraKon

NetworkBehavioralAnalyKcs

SecurityAnalyKcs

HolisIcApproach

ForensicData

CollecKonDiscover Qualify InvesKgate Neutralize Recover

13|©2016LogRhythm

BrentBensonBrent.benson@logrhythm.com320-492-6011