Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

2015 Security Informatics

No description
by

Prezi Templates by Prezibase

on 27 January 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of 2015 Security Informatics

2015: Automated Response Architecture
Incident Triage and Response
Today
Attack: Inbound Phishing Email
Detect: User Reported
Clean: Wipe code from system and email from mailboxes
Investigate: Triage and Analysis
Threat: Financial Crime
Email disguised as Help Desk
Email received by 200 people before first report
Contains malicious attachment, installs code
Search SIEM and other tools
Analyze attachment and code
Identify victims
Contact IT Messaging, respond
Contact IT Support, respond
Contact Help Desk, respond
Goals:
Objectives:
Reduce response time from days to minutes
Increase knowledge of internal and external threats
Build automatic smart responses for common threats
Integration of Core Technologies
Establish enterprise visibility
Real time threat intelligence
Incident Response Life Cycle
Preparation
Post incident activities
Detection, Analysis
Containment, Eradication, Remediation
Automate commodity vulnerability assessments
Provide customers the capability to reduce risk (at scale)
Focused assessments of critical applications, devices and infrastructure
Mature Core Technologies
Integration into SDLC and Project Life Cycle
Automated, real time, network and host visibility
Goals:
Objectives:
OFFICE OF INFORMATION SECURITY
INFORMATION SECURITY INFORMATICS

Efficient
integration
of information security
people
,
process
, and
technology.

Needs of the
patient
come first; includes the
protection
of our patients, our data, and our brand...
no matter what.

Industry leader of
intelligence
based discovery, detection, and response.
Why?
How?
What?
Mayo Clinic

Health Information
Credit Cards
Intellectual property
Defense contracts
World class leader
for Practice, Research and Education
Information Stored:
Monitor
Detect
Respond
to threats
T
hreat
A
nalysis &
R
esponse
C
enter
Enterprise monitoring, alerting and triage
of potential
security events
Collect logs & relevant system,
network and application data.
Tactically eradicate threats.
Respond & investigate anomalies
in behavior or patterns.
Analyze behaviors and patterns within the data.
TARC
.
.
.
.
.
Incident Response
Advanced analysis and response to large scale intrusions
In depth forensic analysis of systems and devices
Threat Intelligence
Threat classification, attribution, indicators, warnings, and reports
Intelligence on attackers that have interest in Clinic:
Find the Weakness
Vulnerability Management and Penetration Testing
Enterprise wide security testing of systems, networks, devices, and applications
Vulnerability testing of systems, networks, applications and devices
Summary

Integration of people and technology.

Needs of the patient
come first.

Industry leader of discovery, detection and response.
before "they" do
2015: Measuring Success
Critical vulnerabilities discovered
Mean time to remediation
Critical vulnerabilities resolved
Automated Vulnerability Assessment Architecture
Assesses for the most
up to date risks, Automatically
Comprehensive list of vulnerabilities
detection to response
2015: Measuring Success
Mean time from:
remediation to reporting
response to remediation
Consults with the business on remediation
Finds weaknesses before the attacker exploits them and the media hears about them
4-8 Hours
Incident Triage and Response
Tomorrow
Attack: Inbound Phishing Email
Detect: Technology
Clean: Wipe code from system and email from mailboxes
Investigate: Triage and Analysis
Threat: Financial Crime
Email disguised as Help Desk
Email received by 20 people before first report
Contains malicious attachment, installs code
Search SIEM and other tools
Analyze attachment and code
Identify victims
Remove code from system
Remove email from mailboxes
4-8 Minutes
Automated Response Architecture
Endpoint user
Network
"Big Visibility"
- Visibility and Control for
In depth incident investigation and reporting
Reverse engineer malicious code used
Reporting.
Industry knowledge of breaches and exploits;
Informs internal teams of relevant threats;
Attacker techniques, technologies, and processes;
Attribution of attackers;
Active Recon:
Comprehensive list of devices
Mean time to detection
A variety of threats exist - Both internal and external to Mayo. Those threats and their major characteristics are reflected in the table below:
What we are not...
We are not big brother
We don't target individuals or individual communication...
We won't be watching what you browse to on the Internet or what you purchase from Amazon.com
We won't be reading your personal emails
Self Service Vulnerability Assessment Portal
Establish Core Assessment Services
is a single pane of glass (mapped to SDLC): conduct your own assessments, track your remediation progress, and know about the latest threats
and how they impact Mayo Clinic
Threat
Intelligence
Veracode
Rapid 7
TBD
OSVDB
Service
Example
Malware Analysis
File Analysis
Network Analysis
Indicator Search
Attribution
Intelligence Reports
Code Review
Vulnerability Scanning
OS, Network, Internal
External
Web Application
Vulnerability
Scanning
KB of Vulnerabilities and exploits
Search vulnerabilities and exploits
Search latest and greatest
Full transcript