Copyright © 2015 EiQ Networks, Inc. All rights reserved. Justin Pennock EiQ Networks SANS 2015
Aug 15, 2015
Copyright © 2015 EiQ Networks, Inc. All rights reserved.
Justin PennockEiQ Networks
SANS 2015
Copyright © 2015 EiQ Networks, Inc. All rights reserved.2
• Threat Landscape
• The Evolving Security Model
• Critical Security Controls
• EiQ Security Monitoring Solutions
Agenda
Copyright © 2015 EiQ Networks, Inc. All rights reserved.3
• Open-source tools and exploit kits make it easy to get into the cyberattack business
• Cyber crime pays
Motivated attackers
$1 per credit card1 X 42M cards2 = $42,000,000
$20 per health insurance credential1
X 11M records3 = $220,000,000
1. “Managing Cyber Risks in an Interconnected World”, PwC, September 30, 2014
2. Target data breach, 20133. Premera Blue Cross data breach, 2015
Copyright © 2015 EiQ Networks, Inc. All rights reserved.4
• Average cost to a company = $3.5 Million per incident
• An increase of 15% over the previous year
Costly Security Incidents
”2014 Cost of Data Breach Study: Global Analysis”, Ponemon Institute
Copyright © 2015 EiQ Networks, Inc. All rights reserved.5
Prevention
Perimeter SecuritySignature-based Detection
Reactive
Behavior-based DetectionCorrelation & Analytics
Security Controls
Proactively strengthen security posture
Evolving Security Model
Copyright © 2015 EiQ Networks, Inc. All rights reserved.6
• Perimeter defense strategy is no longer effective – they’re probably already inside
• By definition there is no signature for a zero-day exploit
Signature-Based Detection
Copyright © 2015 EiQ Networks, Inc. All rights reserved.7
• Evolved to detect advanced threats using – Correlation– Analytics
• Can effectively reduce– Detection time– Investigation time– Response time
• Reactive by nature
SIEM
Copyright © 2015 EiQ Networks, Inc. All rights reserved.8
• Proactively improving security posture
• Allows you to build a process that is:– Automated & Continuous– Measurable
• Focused on risk reduction– Can’t eliminate threats but…– Reduce the attack surface– Contain the damage
Critical Security Controls
Copyright © 2015 EiQ Networks, Inc. All rights reserved.9
• Inventory of Authorized and Unauthorized Devices
•Why it’s important:– New and unprotected systems on the network can be
easy targets for attackers– Unauthorized devices could already be compromised
before they connect (BYOD)
• Applicable tools:– Network scanning– DHCP server logging– Network access control
Device Inventory
Copyright © 2015 EiQ Networks, Inc. All rights reserved.10
• Inventory of Authorized and Unauthorized Software
•Why it’s important:– Attackers scan for versions of software that contain
known vulnerabilities that can be exploited– The use of malware can allow an attacker to compromise
systems or send data out of the network
• Applicable tools:– Application whitelisting– Software inventory systems– Endpoint security
Software Inventory
Copyright © 2015 EiQ Networks, Inc. All rights reserved.11
• Secure Configurations for Hardware and Software
•Why it’s important:– Default settings for OS’s, applications and devices are not
always secure– Falling behind on the latest vulnerabilities, updates and
patches can leave systems open to attack
• Applicable tools:– Configuration monitoring– Automated patching– Secure standards – CIS Benchmarks/DISA STIGs
Secure Configurations
Copyright © 2015 EiQ Networks, Inc. All rights reserved.12
• First platform to combine SIEM & CSCs– Both reactive and proactive security monitoring
EiQ SecureVue
Security Controls
Are there unauthorized nodes on our network?
Is any unauthorized software running on our network?
Are hosts and devices configured securely?
Are there nodes with vulnerabilities on our network?
Are proper malware defense in place on our network?
Are there any unauthorized wireless access points on our network?
Are there any unauthorized ports & protocols on our network?
Is proper event logging in place?
Copyright © 2015 EiQ Networks, Inc. All rights reserved.13
• Save time & money, improve security posture
Subscription license to SecureVue SIEM/LMInstalled, managed & monitored 24/7 by EiQ SOCIncident notification & guidanceContinuous visibility into critical security controls
EiQ SOCVue Managed Service
Copyright © 2015 EiQ Networks, Inc. All rights reserved.14
SOCVue Security Portal
Copyright © 2015 EiQ Networks, Inc. All rights reserved.15
Please visit www.eiqnetworks.com to learn more
Request a Demo of SecureVue
Request a Free Trial of SOCVue Monitoring Service
Thank You