how to turbocharge your cyber security incident response with automation
TRANSCRIPT
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
How to Turbocharge Your Cyber Security Incident
Response With Automation
February 24, 2016starting at
12:00pm EST / 9:00am PST
Today’s webinar will be presented by:
Guy NadiviDirector, Business
Development
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 2
Sharon Cohen, CISM
IT & Security Professional Services Manager
Company Background
• Leading innovator of IT Process Automation Software
• Founded in 2007, Headquarters in New York
• Product first launched in 2009
• Flagship product: eyeShare™ IT Process Automation v4.7.3
• Eric Benhamou, former CEO of 3Com and Palm, BGV currently
slide 3© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Sample of eyeShare Users
slide 4© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Agenda
slide 5© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
#1Why you should
automate Cyber Security
Incident Response
#2The concerns
of running automation in Cyber Security
Incident Response
#3A real life
scenario of automating
Incident Response
What Is A Cyber Security Incident Response?
slide 6© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
An organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident).
The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
source: searchsecurity.techtarget.com/definition/incident-response
An organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident).
The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
What Is A Cyber Security Incident Response?
slide 7© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
source: Gartner - "Top Security Trends for 2016-2017"
Why Automate Cyber Security Incident Response?
slide 8© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
“71% of represented organizations experienced at least one successful cyberattack in the preceding 12 months (up from 62% the year prior)”.
source: 2015 Cyberthreat Defense Report from the CyberEdge Group
205 - median number of days that threat groups were present on a victim’s network before detection (Longest Presence: 2,287 days)
source: "Beyond the Breach" - Mandiant 2015 Malware Report
Malicious cyber attacks cost US$300 Billion to US$1 Trillion a year!
source: "THE ECONOMIC IMPACT OF CYBERCRIME AND CYBER ESPIONAGE Report" - Center for Strategic and International Studies July 2013
Why Automate Cyber Security Incident Response?
slide 9© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
“By 2019, 40% of large enterprises will require specialized, automated tools to meet regulatory obligations in the event of a serious information security incident.”
source: Gartner
Why Automate Cyber Security Incident Response?
slide 10© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Lack of qualified staff Lack of necessary expertisePeople don’t scale very well
Why Automate Cyber Security Incident Response?
slide 11© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
When it comes to remediating security breaches, automation is a force multiplier
Concerns About Automating Cyber Security Incident Response
slide 12© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Too Many False Positives In Security
Concerns About Automating Cyber Security Incident Response
slide 13© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
In Security (& elsewhere) False Positives Are Distressing
Automating Cyber Security Incident Response
slide 14© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Automating Cyber Security Incident Response
slide 15© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
A security playbook is a customizable template for specific cyber security incidents, that streamlines an organization's response procedures using best practices.
Playbook
Ayehu Case Study
slide 16© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Dual Logins By The Same Individual From Different Locations
• A user logs in from one location.
• The same user then logs in 15 minutes later from another location 30 miles away.
• Is the first login legitimate, but the second one fraudulent? Or is it the other way around? Maybe they’re both fraudulent?
• How do you automate the process of determining which login (if any) is legitimate?
Sharon Cohen
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 17
Demo
slide 18© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Top 3 Features
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 19
No Programming !
Top 3 Features
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 20
No Agents !
Top 3 Features
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 21
Top 3 Benefits
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 22
Automation enables better preparation
• Simulate & test multiple scenarios in advance of an attack
• Validates playbooks
• Fast response, errors reduced, documented properly, people notified
Top 3 Benefits
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 23
Automation enables 24/7 Coverage
• SOC's are rarely manned around the clock with security experts
• Enables fast, best practice responses no matter who’s on duty any time of day
Top 3 Benefits
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
slide 24
Rapid Containment, Eradication, & Recovery
• Malware• Evidence• Vulnerabilities• Operational
Ask Us Anything
slide 25© 2016 Ayehu Software Technologies, Ltd. All rights reserved.
Please send any follow up questions to:
slide 26
Go To ayehu.com
Free trial versionof eyeShare!
© 2016 Ayehu Software Technologies, Ltd. All rights reserved.