Cyber Security for Digital-Era
4 likes739 views
The document outlines the importance of cybersecurity for CXOs, highlighting the financial and reputational costs of data breaches, as well as the challenges faced in current threat detection methods. It advocates for Seceon's proactive and automated approach to cybersecurity, which utilizes AI and machine learning for real-time threat detection and response. Key features include predictive analysis, comprehensive visibility into threats, and the ability to contain incidents swiftly, contrasting significantly with traditional reactive solutions.
Cyber Security for Digital-Era
- 1. 1 Cyber Security for Digital-Era AI, Machine Learning, Dynamic Threat Models for Proactive Threat Detection and Elimination Erich Berger Executive, Secure Design Kevin Stillman CISO, State University of NY Lalit Shinde EVP Security, Seceon
- 2. Outline of the Presentation 2 Why should CxOs pay particular attention to Cyber Security Seceon’s Approach, Key Features/Technologies and Complete Solution Real world Examples, Benefits, Value Proposition to Enterprises Challenges faced by Cyber Security Experts, Tools and Solutions
- 3. Why should CxO’s pay attention to Cyber Security? Cost of Data Breach is not just lost Data, but the impact on Reputation, Brand and Business Revenue Cyber attack puts not just you, but your customers, partners and employees at risk Breaches have hefty cost associated with them – it’s a financial burden Your Cyber hygiene affects everyone that you connect with Legal aspects of Cyber Regulations – Compliance is one of the most important aspect in several regulated industries 3Source: Ponemon 2016 Cost of Data Breach Study Report
- 4. Cost of Data Breach at a glance – 2016 $4 million is the average total cost of data breach 29% increase in total cost of data breach since 2013 $158 is the average cost per lost or stolen record – For Healthcare industry, it’s $355, most among all, for Education it’s $246 and for Banking it’s $221 per stolen record Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers. 15% increase in per capita cost since 2013 4Source: Ponemon 2016 Cost of Data Breach Study Report
- 5. 5 Biggest Security Threats to Organizations Source: UBM Ponemon HPE 2016 Cyber Security Trends Report
- 6. Challenges: Cost of MTTI and MTTC 6 MTTI – Mean Time To Identify MTTC – Mean Time To Contain US $M US $M Source: Ponemon 2016 Cost of Data Breach Study Report
- 7. Challenges: Most Security Products Fall Short 7Source: Verizon 2016 Data Breach Investigation Report Stealing Credentials happens in minutes 95% Data Extraction happens within 24 hours Data Breaches – Why Automated Real-Time solution is a must? Today’s approaches are reactive than proactive Despite the investment and focus over past 3 years organizations are losing ground The attacks are smarter and faster The smart people based centric approach is too slow, too complicated and too expensive A new fully automated comprehensive threat detect and response system is required One that Detects threats in Minutes, Fully deploys & protects in a few hours and does not need rule or signature updates
- 8. Challenges: Operational Cost of Investigations 8 Flows/Logs Troubleshooting Activity Type Flow/Log Instances Comments NG FW generates events/logs around an instance of an infected device attempting to connect to a bad web site. North-South Activity 444 NG FW is resetting connections from the device over time and is not correlating these "non critical flagged" instances Device is also performing IP Sweeps East- West Activity 135 Few separate instances across the internal network Device is also performing IP Port scans East- West Activity 92 Few separate instances across the internal network Device needs to be identified Internal Activity 1 What device is it? who or what group it belongs to? Total Activity 672 Total instances to investigate Consider an example where a device is infected with a Malware
- 9. 9 Seceon’s Approach to Cyber Security Traditional Security Approach Seceon OTM Security Approach Reactive Approach Tools are highly specialized, but work in Silos with no comprehensive visibility High CapEx with 20+ Security Tools High OpEx with 1M+ events/logs per day – almost 80% require follow up Investigation and Incident Response 90% take an hour or longer to identify 90% take a day or longer (many times months) to respond Challenges Lack of Integration among Tools Knowledge/Skill of investigation and Response is costly Proactive Approach Moving from Point Tools to Complete Predictive Analysis Solution Comprehensive Visibility across all Asset Groups – Devices, Applications, Network, Employees, Customers etc. Automated Detection and Remediation Predictive Threat Detection using AI, ML and Behavioral Threat Models Automated Remediation within near Real Time Automated Correlation Contextual based Single Line Alerts Rapid Deployment with Automated DevOps model and Open API
- 10. Seceon OTM Platform Overview 10 Adaptive Visualization • Comprehensive view of all assets and threats • Fully automated solution that is easiest to deploy • Allows drill down of threats with all details Detect Threats that Matter • Detects known as well as unknown threats • Provides comprehensive information of the threats • Indicates all compromised assets and potential targets Contain Threats in Real Time • Immediate corrective action in real time • Automatic notification through email/text if required • Provides actionable analytics
- 11. Built-in Security Threat Modeling Parse Dynamic Reduction Behavior Analysis Threat Correlation Threat Intelligence UniversalCollectionBus Unstructured Data Unstructured Data Store Storage Engine Search Rapid Search Agent Analytics Analytics Engine Big Data Store & Search Real-time Threat Detection Real-time Analytics Predictive Modeling Outputs Built-in Advanced Correlation Built-in ML Engine Built-in Data Model Engine Platform Security Engine Structured Data Parse Dynamic Reduction Parse Dynamic Reduction Seceon’s Scalable – Fast Analytics Processing Platform Distributed Data Ingest (CCE) Fast Parallel Processing Architecture (APE) Closed Loop Threat Containment Threat Containment
- 12. Use Case – Compromised Credentials 12 • Compromised Credentials Account for 75% of data theft • Most traditional security solutions are blind to almost all forms of compromised credentials • Seceon detects all forms of compromised credential use in real-time for external or insider source verify User “A” Credentials Directory User: “A” “Credentials – User A” Host Name: “Bob’s PC” No threat No threat Threat Indicator No threat User: “A” “Credentials – User A” Host Name: “Joe’s PC” DB High Value Assets SIEM Learn User behavior based on geolocation, computer Used, time of logins, assets accessed, etc.. etc.
- 13. Use Case – Ransomware 13 • Criminal Malware like Ransomware made it to top cyber security concern in 2016 • Ransomware had millions of different strains and families affecting large enterprises, as well as SMBs • Seceon detects all forms of Ransomware using layered approach of predictive analytics in real-time User “A” receives Email and cl icks on a innocuous link Threat Indicator 1 No threat Bad Reputation URL Malware Downloaded Command and Control Network Scan for other v ulnerable hosts Threat Indicator 2 High Value Assets Infection Propagation Threat Indicator 3
- 14. Stops threats – automatically Disable compromised credentials Set filters on firewalls and switches Block, rate limit or redirect traffic Detects a full range of threats Compromised Credentials Insider threats Brute force attacks DDoS attack (all forms) Malware, BOTs, APTs Ransomware… 14 Seceon OTM Key Features Policy monitoring and enforcement Protect critical resources Restricting access to only select groups Alert and stop upon attempt Visualizes impact of attacks On applications, users On the network Provides traffic trend monitoring
- 15. Thank you For further info about Seceon please write to : meghna.jaiswal@jktech.com