What Hackers Know that you Don't FINAL - Webinars and videos for

2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.

WHAT HACKERS KNOW THAT YOU DON’T

2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 2

Welcome!• Type in questions using the Ask A Question button

• All audio is streamed over your computer– Having technical issues? Click the ? button

• Click Attachments button to find a printable copy of this presentation

• After the webinar, ISACA members may earn 1 CPE credit– Find a link to the Event Home Page on the Attachments button– Click the CPE Quiz link on the Event Home Page to access the quiz– Once you pass the quiz, you’ll receive a link to a printable CPE

Certificate

• Question or suggestion? Email them to [email protected]


Introductions

Joe Gottlieb, Head of Global Security Solutions Sector

Ed Jaehne, Chief Strategy Officer


Just One Click…



Move fast! They can build code and test it in the real world – while we have to maintain rigor of standards, policies and processesShare! They share tips, tools, and ways in – while we hesitate to share intelligence between internal – much less external teams

• Automate! To scale quickly to meet the economic rewards, their tool chain is heavily automated and optimize – one or two humans can control thousands to tens of thousands, collecting from hundreds to thousands of networks

What They Do that We Don’t


Patterns! They understand that most security teams have not established patterns that would point to anomalies like excessive download volumes, unusual log‐in behaviors, etc.Vulnerabilities! They know many organizations are behind in their vulnerability scans, patches, etc.Security testing! While we may put a lot of layers of security into our infrastructure, we rarely have time to make sure it all works as it should.

What They Know We Don’t Know


• Behavior! Hackers know some truths about the behaviors of your workforce that management and leadership may not want to acknowledge (levels of understanding/education, internal frictions, shopping/eating/social networking habits)

• Awareness! The victor in the security game is the one who has the best awareness – they are constantly refining and refreshing what they know. When they win, it proves that we are not actively testing and probing, building our awareness off stale data or data that has lost its fidelity

MORE Things They Know We Don’t Know


Check-Box Security Practices are NOT the Answer

Sameer Bhalotra, Cybersecurity adviser

Government alone won’t dramatically increase their role in defending the social Web from cyber attacks in the near termIndividual users aren’t in a position to adequately defend themselves against organized criminals

The burden of protection falls on organizations of

every size


Polling Question #1


You Can’t Defend What You Can’t See

21%27%

52%

5%

16%

79%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

N/A No Yes

Does your organization need better data access and analysis?

2011 2012

SOURCE: Sensage Annual Security Data Management Survey conducted at RSA Conference in 2010, 2011 and 2012 (n=355, 383 and 399)


No Matter What You are Doing


27%31% 29%

23%26%

20%

13%

42% 44% 46%51%

46%

37%

22%

0%

10%

20%

30%

40%

50%

60%

To betterunderstand a

real-timeconsole alert

To betterunderstand acomplianceexception

To determinehow a certain

metric waschanging over

time

To analyze abreach in orderto mitigate thechances of it

repeating

To demonstratesecurity

effectiveness toothers (e.g.,executives)

To comparesecurity

effectivenessacross different

groups orenvironments

To justify asecurity

technologyacquisition

Why did you need better data access and analysis?

2011 2012


So…How are We Doing?


13%

48%

28%

12%10%

47%

33%

8%

13%

57%

26%

5%

0%

10%

20%

30%

40%

50%

60%

Ineffective Somewhat effective Effective Very effective

Among internal customer/stakeholder groups, what is the opinion/perception of the effectiveness of these processes?


Another View of Effectiveness…or Lack Thereof


61%

40%

57%

41%

70%

31%

0%

10%

20%

30%

40%

50%

60%

70%

80%

Ineffective OR Somewhat effective Effective or Very effective

2010 2011 2012



Process, Coordination, Measurement and Improvement…

All Correlate with Effectiveness










Polling Question #2


• Powerful real‐time correlation• Scenario‐based analysis• Integrated with historical correlation

• Easy to create and deploy template‐based rules

• Dozens of common out‐of‐the‐box rules

Real-time Monitoring Forensic Investigation Security Intelligence

• Ability to analyze and report on years worth of data

• High‐speed filtering and searching

• Wizard driven report creation• Automated drill‐down for forensic investigation

• 100s of out‐of‐the‐box reports

• High‐level graphical aggregation reporting

• Easy to show and analyze trend data, anomalies

• Business analyst friendly interface

• One‐click drill down from high‐level to report details

Gaining Confidence through Visibility


Understand what “secure” looks likeEstablish baselines and acceptable thresholds Create policies that drive appropriate behaviorsDevelop informed alerts when variances occurReduce reactive security investigationsContinuously improve security management based on logical metrics/ measurements

Use History to Improve Your Visibility


Ten Tips for the Metrics-Minded Security Team• Pre‐requisites:

– Collect and store all event data– Know your organization’s MQ– Don’t reinvent the wheel

1. Enroll stakeholders early2. Define event system of record3. Emphasize user/asset directories4. Let your service catalog guide you5. Land, then expand6. Be consistent or die7. Be ready to change8. Engage experts, ignite managers9. Test yourself with an MPT10. Innovate for depth but prune as you go

www.sensage.com/content/solutions


Who is Sensage

Big data capability Proven purpose‐built, flexible, clustered, compressed, columnar‐based event data warehouse technology

Precise analytics to address advanced security information management to solve complex insider threats, cyber‐crime and cyber‐terrorism

Open architecture for integrationSensage supports standard SQL through ODBC/JDBC

Extent of packaged application support

Over 500 customers, including top government agencies, telcos, banks and health care organizations

01

02

03

04

05


Polling Question #3


Proactive, multi‐disciplined cyber security black belts in the CloudMission‐grade expertise in defending, exploiting, and leveraging technology to accomplish intelligence missionNot afraid of big data – especially with their customers

Centralized event data storeUnparalleled scalability, loading and storing petabytes a day if neededFlexibility to collect from existing sensors – regardless of sourceSophisticated analytics for rapid access to security intelligence

Big Data Management Meets Cyber Superiority


Summary

Our customers have questionsThey want answersCompliance is not enoughMonitoring is not enoughThey want to improveThey’re willing to crunch data and pay attention to what it says

2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.

www.sensage.com

Questions?

Documents

What Hackers Know that you Don't FINAL - Webinars and videos for