SlideShare a Scribd company logo

Detect & Respond: Ten Common Pitfalls

Download as PPTX, PDF
Frode Hommedal, profile picture
Frode Hommedal

Frode Hommedal from PwC presents on the 10 most common pitfalls that can undermine the effectiveness of a security program. These pitfalls include failing to properly assess risks and assets, not creating a security strategy, not clearly defining the scope of the security operations center and incident response team, not investing in centralized logging, not continuously improving data quality, blindly trusting vendor detection tools, not integrating security solutions in a centralized view, failing to seek out knowledge, not learning from insights, and not considering dependencies between systems. Addressing these pitfalls is important for protecting an organization from internal and external threats.

Technology
Related topics:
Incident Response
1 of 15
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Detect & Respond Frode Hommedal Technical Director PwC.no/Cyber ISF – August 2019 10 common pit that will sabotage the effectiveness of your security program
Frode Hommedal – PwC.no/Cyber When designing a strategy for detection and response there are numerous pitfalls you can fall into. This presentation will highlight some of them. [Based on my own experience and discussions with peers] DateDetect & Respond: 10 common pitfalls 2
Frode Hommedal – PwC.no/Cyber If you fall into too many of these, your security program will likely be ineffective at protecting your organization from internal and external threats.
Frode Hommedal – PwC.no/Cyber #whoami Technical analyst turned strategic advisor within the field of detection and response and … security. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Risk comes from not knowing what you're doing.– Warren Buffett Pitfall #1 Guessing risk, not basing it on asset valuation and threat and vulnerability assessments. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Strategy without tactics is the longest route to victory, tactics without strategy is the noise before defeat. – Sun Tzu Pitfall #2 Not creating an actual security strategy. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber I learned that focus is key. Not just in your running a company, but in your personal life as well. – Tim Cook Pitfall #3 Not clearly defining the scope and mission of your SOC and CSIRT. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber The only thing that you absolutely have to know, is the location of the library.–Albert Einstein Pitfall #4 Not investing in centralized logging. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Information is a source of learning. But unless it is organized, processed, and available to the right people in a format for decision making, it is a burden, not a benefit. – William Pollard Pitfall #5 Not continuously investing in data quality. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber You can use all the quantitative data you can get, but you still have to distrust it and use your own intelligence and judgment. – Alvin Toffler Pitfall #6 Blindly trusting that vendor detection logic will discover your threats. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Efficiency is the foundation for survival. Effectiveness is the foundation for success. – John C. Maxwell Pitfall #7 Not integrating all your security solutions in one centralized cockpit. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Learning is not attained by chance, it must be sought for with ardor and attended to with diligence. – Abigail Adams Pitfall #8 Failing to take the necessary time to seek out available knowledge. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber No one can whistle a symphony. It takes a whole orchestra to play it. – H.E. Luccock Pitfall #9 Not systematically learn from the insigths offered by your SOC and CSIRT. Detect & Respond: 10 common pitfalls
Frode Hommedal – PwC.no/Cyber Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. – John Lambert Pitfall #10 Not thinking in terms of dependencies. Detect & Respond: 10 common pitfalls
pwc.no/Cyber Thank you Frode Hommedal Technical Director ISF – August 2019 frode.hommedal@pwc.com Feel free to reach out if you have any questions or comments.

More Related Content

PPTX
Taking the Attacker Eviction Red Pill [updated]
Frode Hommedal
 
PPTX
Taking the Attacker Eviction Red Pill (v2.0)
Frode Hommedal
 
PDF
Click and Dragger: Denial and Deception on Android mobile
grugq
 
PDF
Analogic Opsec 101
vicenteDiaz_KL
 
PDF
Opsec for security researchers
vicenteDiaz_KL
 
PDF
The Internet is on fire – don't just stand there, grab a bucket!
Frode Hommedal
 
PDF
2020 FRsecure CISSP Mentor Program - Class 1
FRSecure
 
PDF
2018 CISSP Mentor Program Session 1
FRSecure
 
Taking the Attacker Eviction Red Pill [updated]
Frode Hommedal
 
Taking the Attacker Eviction Red Pill (v2.0)
Frode Hommedal
 
Click and Dragger: Denial and Deception on Android mobile
grugq
 
Analogic Opsec 101
vicenteDiaz_KL
 
Opsec for security researchers
vicenteDiaz_KL
 
The Internet is on fire – don't just stand there, grab a bucket!
Frode Hommedal
 
2020 FRsecure CISSP Mentor Program - Class 1
FRSecure
 
2018 CISSP Mentor Program Session 1
FRSecure
 

What's hot (9)

PDF
2018 CISSP Mentor Program Session 3
FRSecure
 
PDF
2019 FRSecure CISSP Mentor Program: Class Ten
FRSecure
 
PPTX
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
PDF
2019 FRSecure CISSP Mentor Program: Class Three
FRSecure
 
PDF
[AVTOKYO 2017] What is red team?
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
PDF
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
 
PDF
2020 FRSecure CISSP Mentor Program - Class 6
FRSecure
 
PPTX
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
PDF
2019 FRSecure CISSP Mentor Program: Class Nine
FRSecure
 
2018 CISSP Mentor Program Session 3
FRSecure
 
2019 FRSecure CISSP Mentor Program: Class Ten
FRSecure
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
2019 FRSecure CISSP Mentor Program: Class Three
FRSecure
 
[AVTOKYO 2017] What is red team?
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
EC-Council
 
2020 FRSecure CISSP Mentor Program - Class 6
FRSecure
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
2019 FRSecure CISSP Mentor Program: Class Nine
FRSecure
 
Ad

Similar to Detect & Respond: Ten Common Pitfalls (20)

PDF
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
PDF
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Plus Consulting
 
PDF
Marcus Ranum on Bad Idea Zombies
David Strom
 
PDF
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
PDF
Why Executives Underinvest In Cybersecurity
HackerOne
 
PPTX
Intro to a Data-Driven Computer Security Defense
Roger Grimes
 
PDF
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
 
PDF
Journal of Physical Security 8(1)
Roger Johnston
 
PDF
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
PDF
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Accenture Technology
 
PDF
Sexy defense
Iftach Ian Amit
 
PPTX
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Steve Werby
 
PDF
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
PDF
7 Critical Factors To Grow Your Business By Managing Innovation and Risk
Hector Del Castillo, CPM, CPMM
 
PDF
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
PDF
Cybersecurity report-vol-8
Mohamed Abdelhakim
 
DOCX
Risk is for wimps
LouAnn Conner
 
PPTX
BSidesSF talk: Overcoming obstacles in operationalizing security
Rafae Bhatti
 
PPTX
CyberSecurity Strategy For Defendable ROI
Siemplify
 
PPTX
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
Cyber-Security Threats: Why We are Losing the Battle (and Probably Don't Even...
Plus Consulting
 
Marcus Ranum on Bad Idea Zombies
David Strom
 
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Why Executives Underinvest In Cybersecurity
HackerOne
 
Intro to a Data-Driven Computer Security Defense
Roger Grimes
 
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
 
Journal of Physical Security 8(1)
Roger Johnston
 
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Accenture Technology
 
Sexy defense
Iftach Ian Amit
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Steve Werby
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
Raleigh ISSA
 
7 Critical Factors To Grow Your Business By Managing Innovation and Risk
Hector Del Castillo, CPM, CPMM
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
Cybersecurity report-vol-8
Mohamed Abdelhakim
 
Risk is for wimps
LouAnn Conner
 
BSidesSF talk: Overcoming obstacles in operationalizing security
Rafae Bhatti
 
CyberSecurity Strategy For Defendable ROI
Siemplify
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Ad

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
A Presentation on Artificial Intelligence
memembruh336
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Cloud computing and distributed systems.
kkkkkhan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Encapsulation theory and applications.pdf
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 

Detect & Respond: Ten Common Pitfalls

  • 1. Detect & Respond Frode Hommedal Technical Director PwC.no/Cyber ISF – August 2019 10 common pit that will sabotage the effectiveness of your security program
  • 2. Frode Hommedal – PwC.no/Cyber When designing a strategy for detection and response there are numerous pitfalls you can fall into. This presentation will highlight some of them. [Based on my own experience and discussions with peers] DateDetect & Respond: 10 common pitfalls 2
  • 3. Frode Hommedal – PwC.no/Cyber If you fall into too many of these, your security program will likely be ineffective at protecting your organization from internal and external threats.
  • 4. Frode Hommedal – PwC.no/Cyber #whoami Technical analyst turned strategic advisor within the field of detection and response and … security. Detect & Respond: 10 common pitfalls
  • 5. Frode Hommedal – PwC.no/Cyber Risk comes from not knowing what you're doing.– Warren Buffett Pitfall #1 Guessing risk, not basing it on asset valuation and threat and vulnerability assessments. Detect & Respond: 10 common pitfalls
  • 6. Frode Hommedal – PwC.no/Cyber Strategy without tactics is the longest route to victory, tactics without strategy is the noise before defeat. – Sun Tzu Pitfall #2 Not creating an actual security strategy. Detect & Respond: 10 common pitfalls
  • 7. Frode Hommedal – PwC.no/Cyber I learned that focus is key. Not just in your running a company, but in your personal life as well. – Tim Cook Pitfall #3 Not clearly defining the scope and mission of your SOC and CSIRT. Detect & Respond: 10 common pitfalls
  • 8. Frode Hommedal – PwC.no/Cyber The only thing that you absolutely have to know, is the location of the library.–Albert Einstein Pitfall #4 Not investing in centralized logging. Detect & Respond: 10 common pitfalls
  • 9. Frode Hommedal – PwC.no/Cyber Information is a source of learning. But unless it is organized, processed, and available to the right people in a format for decision making, it is a burden, not a benefit. – William Pollard Pitfall #5 Not continuously investing in data quality. Detect & Respond: 10 common pitfalls
  • 10. Frode Hommedal – PwC.no/Cyber You can use all the quantitative data you can get, but you still have to distrust it and use your own intelligence and judgment. – Alvin Toffler Pitfall #6 Blindly trusting that vendor detection logic will discover your threats. Detect & Respond: 10 common pitfalls
  • 11. Frode Hommedal – PwC.no/Cyber Efficiency is the foundation for survival. Effectiveness is the foundation for success. – John C. Maxwell Pitfall #7 Not integrating all your security solutions in one centralized cockpit. Detect & Respond: 10 common pitfalls
  • 12. Frode Hommedal – PwC.no/Cyber Learning is not attained by chance, it must be sought for with ardor and attended to with diligence. – Abigail Adams Pitfall #8 Failing to take the necessary time to seek out available knowledge. Detect & Respond: 10 common pitfalls
  • 13. Frode Hommedal – PwC.no/Cyber No one can whistle a symphony. It takes a whole orchestra to play it. – H.E. Luccock Pitfall #9 Not systematically learn from the insigths offered by your SOC and CSIRT. Detect & Respond: 10 common pitfalls
  • 14. Frode Hommedal – PwC.no/Cyber Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. – John Lambert Pitfall #10 Not thinking in terms of dependencies. Detect & Respond: 10 common pitfalls
  • 15. pwc.no/Cyber Thank you Frode Hommedal Technical Director ISF – August 2019 frode.hommedal@pwc.com Feel free to reach out if you have any questions or comments.