Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The Right Roles for SIEM and EDR
Hosted by
Sam Curry - Chief Security Officer, Cybereason
Tom Field - SVP Editorial, Information Security Media Group
Agenda
3:30pm - Introductions and Opening Remarks
3:45pm - Roundtable Discussion
4:45pm - Closing Remarks and Questions
5:00pm - Program Concludess
Executive Roundtable Series
Sponsored by Cybereason
Introduction
Cybersecurity leaders know that if they haven’t already, they need to get
into the incident response and threat hunting business with a Security
Operations Center. Still, many are uncertain about how to do so with little
risk, high efficiency and with confidence in a safer future for the IT stack.
In particular, the wisdom of “just get a SIEM” rings hollow, and the current
wave of hype around EDR is leading to cognitive dissonance.
What are the complementary uses of SIEM and EDR technologies? What are the unique use cases
for each, and how can they coexist without either being thrown out or used incorrectly? Ultimately,
what is an autonomous SOC?
This exclusive executive roundtable on The Right Roles for SIEM and EDR will provide answers to
these and other important questions.
Guided by insights from Sam Curry, chief security officer at event sponsor Cybereason, this
invitation-only virtual roundtable will also draw upon the experiences of the attendees. Attendees
will learn the essential components of a successful strategy to address complementary roles for
SIEM and EDR and create a truly autonomous SOC.
Among the discussion topics:
• What are the qualities of an autonomous SOC?
• What are the unique use cases both for SIEM and EDR?
• How can they be optimized in a complementary fashion?
• What role does security orchestration, automation and response play?
You’ll have the opportunity to discuss SOC strategies with a handful of senior executives and
market leaders in an informal, closed-door setting, from which you will emerge with new strategies
and solutions you can immediately put to work.
The Right Roles for SIEM and EDR2
Discussion Points
Among the questions to be presented for open discourse:
• What are the foundations of your incident response and threat hunting operations?
• Do you have either or both: SIEM and EDR?
• How do you currently use these tools?
• What role does security orchestration, automation and response play?
• What are your biggest current gaps in incident response and threat hunting?
• How will you look to fill these gaps in 2020?
The Right Roles for SIEM and EDR 3
About the Expert
Joining our discussion today to share the latest insights and case studies:
Sam Curry
CSO, Cybereason
Curry has over 25 years of experience in security with a focus on deep
technology and solving practitioner problems. He was previously CTO
and CSO at Arbor Networks, senior vice president of engineering and
CISO at Microstrategy and held senior roles at RSA, the Security Division
of EMC as general manager, senior vice president of products and CTO.
He has done work on national defense, public policy and establishing
standards and protocols in security. He also held a number of senior,
leadership roles at McAfee and CA, founded two successful startups
and now serves on three security organization boards. He is a frequent
speaker on BBC, CNN, MSNBC and other media outlets, a published
author and a patented inventor.
About Cybereason
Cybereason gives the advantage back to the defender through a completely new approach to
cybersecurity: the Cybereason Defense Platform. Cybereason offers managed, as-a-service,
and on-premise prevention, detection and response solutions. Cybereason technology delivers
multi-layer endpoint prevention by leveraging signature and signatureless techniques to prevent
known and unknown threats in conjunction with behavioral and deception techniques to prevent
ransomware and fileless attacks. Cybereason is privately held and is headquartered in Boston,
MA with offices around the globe.
The Right Roles for SIEM and EDR4
About the Moderator
Leading our discussion today is:
Tom Field
Senior Vice President, Editorial, ISMG
Field is an award-winning journalist with over 30 years of experience
in newspapers, magazines, books, events and electronic media. A
veteran journalist with extensive business/technology and international
reporting experience, Field joined ISMG in 2007 and currently oversees
the editorial operations for all of ISMG’s global media properties. An
accomplished public speaker, Field has developed and moderated
scores of podcasts, webcasts, roundtables and conferences and has
appeared at the RSA Conference and on various C-SPAN, The History
Channel and Travel Channel television programs.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely
to information security and risk management. Each of our 28 media properties provides education,
research and news that is specifically tailored to key vertical sectors including banking, healthcare
and the public sector; geographies from the North America to Southeast Asia; and topics such
as data breach prevention, cyber risk assessment and fraud. Our annual global summit series
connects senior security professionals with industry thought leaders to find actionable solutions
for pressing cybersecurity challenges.
The Right Roles for SIEM and EDR 5
Sam Curry
CSO, Cybereason
Autonomous SOC
TOM FIELD: Define your vision of an autonomous SOC
SAM CURRY: This is not about an automatic SOC, since that would
introduce vulnerabilities and weaknesses and is not really achievable
yet. One day, we will get there. However, an autonomous SOC is one
that uses automation in silicon to help the real, existing carbon-based
intelligence: the men and women doing the job. Autonomy here is a
place holder for ever-improving efficiency around analysis, decision
making, communication and taking actions. It is, in essence, about the
results of a SOC post telemetry collection or the “D” and the “R” in XDR.
The SOC is a machine for catching Malops sooner and more completely.
This is about making the true positives of detection and wrap up as high
as possible and as soon as possible as a repeatable business process
given the right telemetry (which incidentally is behavioral starting with
but limited to the endpoint).
Wrong Roles for SIEM and EDR
FIELD: We’re talking about the right roles for SIEM and EDR. What are
some of the wrong roles?
CURRY: Take the list of use cases for the SOC, which are currently
squarely on the SIEM. Some should be on the SIEM and some should be
on EDR. SIEM is not the lynchpin for all SOC use cases, nor is EDR.
In advance of this event, ISMG’s Tom Field spoke about SIEM and EDR
with Sam Curry of Cybereason. Here is an excerpt of that conversation.
The Right Roles for SIEM and EDR
Q&A WITH THE EXPERT
The Right Roles for SIEM and EDR6
Failing to Maximize Investments
FIELD: In what ways are enterprises failing to get the most out of their
SIEM and EDR investments?
CURRY: They are still approaching SOC functions as a checklist, even
when they have SOC operations. The opponents are adaptive, which
means simple operations expose weaknesses due to the mirror chess
problem. It’s time to get good in a second order chaos world. See this
blog and its precedent for more.
Cybereason’s Approach
FIELD: How is Cybereason approaching this SOC challenge with
customers?
CURRY: We provide best-in-class EDR and MDR with a vision for
new endpoint types (mobile and IoT/OT to start) and more behavioral
instrumentation in general (like applications, cloud, network and log-
derivation). We have demonstrably the highest ratio of endpoints to
analysts, least lag in detection, no mechanical turks, the best hunting
platform and the least impact on customer environments, employees and
business processes. n
“It’s time to get good in a second order chaos world.” Sam Curry, Cybereason
The Right Roles for SIEM and EDR 7
Notes
The Right Roles for SIEM and EDR8
Notes
The Right Roles for SIEM and EDR 9
902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information security
and risk management. Each of our 28 media properties provides education, research and news that is specifically
tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to
Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit
series connects senior security professionals with industry thought leaders to find actionable solutions for pressing
cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]
CyberEd