ATP Technology Pillars
1 like1,038 views
The document outlines key components of security architecture, including protection, detection, response, and prediction, particularly in the context of cloud services and the challenges presented by both sanctioned and shadow IT. It discusses the role of Cloud Access Security Brokers (CASBs), the effectiveness of security analytics, and the importance of threat intelligence, while also highlighting innovative technologies for deception and incident response. Additionally, it presents a landscape of various vendors related to these security measures.
ATP Technology Pillars
- 1. 4 Pillars of Architecture
- 2. Three Pillars of Security Architecture • Protection • Detection • Response • Prediction
- 4. Cloud Access Security Brokers
- 5. Challenges with SaaS/Cloud • Sanctioned IT: – Lack of user behavior visibility or audit trail, – Ability to encrypt/secure – Ability to directly prevent threats • Shadow IT: – No visibility – No control
- 6. CASB • Cloud Access Security Brokers (CASBs) are security enforcement points between consumers and service providers that apply security controls to access cloud services – Data Security/Encryption – Visibility – Threat Protection – Compliance Image Source: Cloud Access Security Broker (CASB): A pattern for secure access to cloud services EDUARDO B. FERNANDEZ et al
- 7. CASB • Ciphercloud • Skyhigh • Palerra • Bitglass • Adallom
- 8. Application Control • Bit9 • Avecto • Viewfinity
- 10. RASP and IAST • IAST – Combine SAST and DAST • RASP – Self Defending Applications – Vendors • Arxan • Prevoty • Waratek
- 12. Beyond SIEM • SIEM failed to deliver as per expectation • Domain specific Analytics – User Behavior Analytics – Network Behavior Analytics – Network Sandboxing – RASP – CASB
- 13. Attack Deception
- 14. Turning the table • New type of technologies which deceives the attacker – Isolate attacker – Deceive and Observe • Vendors – Illusive – Topspin – TrapX
- 15. Security Awareness Doesn’t Deliver Beyond a Point. Invest in Habits.
- 16. Insider Threats
- 17. Response
- 18. Micro Segmentation and End Point Isolation
- 19. You will get hacked…but that’s ok • Isolate Browser and Applications • Trusted Container in un-trusted system • Un-trusted Container in trusted system • Microsegmentation Vendors • Illumio • Cloudpassage • Vidder • Catbird • Certes
- 20. • Endpoint Isolation – Bromium – Invincea – Avecto – Armor5 – Menlo Security – Spikes security
- 21. EDR – Endpoint Detection and Response
- 22. EDR • Cybereason • Triumphant • Countertack • Mandiant
- 23. Incident Response Platforms • CSG • DFLabs • Resilient • Hexadite
- 24. Prediction
- 27. Intel 101 • Data vs Intelligence – Context, Intent, Capability • Tactical vs Strategic – How and what? – Who and why? • Atomic vs Composite – IP, packet string, hash – Combine multiple things • TTP- Tactics, Techniques and Procedures
- 28. Taxonomy for Threat Intelligence Threat intelligence Threat Intelligence Platform Threat Intelligence Enrichment Threat Intelligence Integration Open Source Intel Human Intel Technical Intel Adversary Intel Vulnerability Intel Strategic Intel
- 29. Vendor Landscape • Total Vendors studied: 23 • Prominent Vendors – Open Source Intel: Recorded Future, Digital Shadows, Cyveillance – Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Cyveillance – Technical Intel: Norse Corporation , Anubis Networks, Emerging Threats – Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Symantec Deepsight – Vulnerability Intel: iSIGHT Partners, Verisign iDefence – Strategic Intel: , Surfwatch labs, Cytegic
- 32. Thank You