Add to collection(s) Add to saved
  1. Business
  2. Finance

Here`s - Seceon

advertisement 
An overview of how the Seceon OTM platform can quickly and
accurately surface threats within your environment.
Executive Summary
The sophistication and volume of insider threats and targeted cyber-attacks is greater than ever. Despite
significant security investments, companies are increasingly at risk for catastrophic breaches. These
breaches impact business operations and result in both direct and indirect costs. Recent publicized
breaches have shown these costs range in the hundred millions, when mitigation, fines and brand value
impact are considered. As a result, for the first time, CEOs and corporate boards are contemplating issues
historically reserved for CISOs and CIOs.
As e’ e see i ou tless, high-profile rea hes, e’re losi g the fight agai st hackers because our
defe ses are i reasi gl o solete. Traditio al se urit te h ologies are i apa le of addressi g toda ’s
targeted threats. Time and time again adversaries demonstrate their ability to slip past the most
hardened perimeters. Cybercriminals and cyber spies have moved beyond exploiting known
vulnerabilities and using k o
al are. The ’re orphi g ali ious eha ior i e er-before-seen
ways; learning your people, processes, technologies, and supply chains; and impersonating authorized
users - sometimes using no malware at all.
These techniques allow adversaries to pass through perimeter defenses, evade detection technologies
like IDS, IPS and NGFW, and bypass configuration monitoring, compliance, vulnerability and patch
management controls. They can overrun SIEM and log analysis products that fail to prioritize alerts and
frequently miss critical security events, even when they have already occurred.
The silent threat: No e of toda ’s traditional solutions deal with one of the most harmful threats: the
Insider threat. Verizon surveyed large to mid-sized enterprises in their 2015 Threat Report4 and
determined that insiders accounted for 40% of acknowledged threats found. These are just the know
threats ost of these i siders threats go u dete ted. The i sider usi g their o or so eo e else’s
credentials typically knows where to look for data with the most value and if using legitimate credentials
will not be picked up by SIEMs, DLPs, endpoint solutions or other traditional security measures.
Clearly, internal and
er se urit is at a tippi g poi t. To i agai st toda ’s a d to orro ’s threats,
enterprises must employ a new way of thinking. Seceon elie es it’s ti e to tur the game arou d . This
ea s a al zi g the situatio fro the atta ker’s perspe ti e, u dersta di g their goals, ta ti s, a d
techniques, and letting this new vantage point inform your defenses.
This strategy is embodied in the Seceon OTM Platform - the i dustr ’s first behavioral detection and
response platform that delivers early warning, instant detection, and active remediation to all threats.
With its adversary intelligence, state-of-the-art threat detection algorithms, and guided incident
remediation, Seceon OTM Platform instantly detects and actively responds to threats.
This white paper details modern security challenges and describes how the Seceon OTM Platform
enables our customers to surface threats proactively and auto respond to them in real-time.
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
Introduction
While big names such as Anthem, Sony, Scottrade, Erade, Home Depot, JPMorgan Chase, and Target have
garnered national headlines following extensive data breaches, the truth is that more than 80% of U.S.
experienced a successful insider or cyber-attack1 Attacks have become so widespread that virtually no
industry today is immune to this new reality. Banking, manufacturing, retail, healthcare, travel, and other
sectors face compromise and the ensuing reputational and financial damages.
Simply put, adversaries are outpacing security teams and their current security measures. By all accounts,
security experts expect the number of attacks to continue growing. For now and the foreseeable future,
threat actors have the upper hand against many organizations by wielding targeted, sophisticated attacks
that often go undetected by layers of security technologies.
Once considered to be strictly an IT problem, cyber security is now a C-level and board-level concern.
Given the state of heightened attention to cyber-attack risk, CIOs, senior IT decision makers, and CISOs
are now making cyber security a top priority. In fact, a survey by Piper Jaffray shows that is now the top
spending priority for CIOs, with an impressive 75 percent indicating that they would increase spending in
the coming year2 . However, unless this spending is informed by a new philosophy, it will likely just add
another porous layer to the existing pile of ineffective security products.
To be effective, that investment must include the deployment of novel methods for protecting digital
assets from internal as well as external cyber threats. The status quo of traditional, signature-based or
malware-analysis defenses have proven to be woefully inadequate at preventing successful attacks.
Targeted Attacks are on the Rise
In 2015, for the first time, cyber security was a major topic in the annual State of the Union address.
High-profile breaches dominated headlines for the last 18 months, highlighting the reality that
catastrophic cyber-atta ks ha e e o e. At their orst, these atta ks are ’t opportunistic endeavors
that leverage routine malware. They are targeted attacks with the goals of stealing confidential data or
damaging business operations. As a result, the costs inflicted by targeted attacks can be enormous,
spanning financial and reputational damages. According to the Ponemon Institute, the average cost of a
data breach in 2014 was $3.5 million. After its breach was made public, Target projected more than $148
million in damages, which is likely an optimistic estimate3.
Toda ’s ad a ed ad ersaries o stru t atta ks spe ifi all desig ed to bypass the defenses of a chosen
target. These attacks are stealthy and designed to move laterally within an organization for weeks or
months once they penetrate the perimeter. Their presence remains undetected for an average of 200
days, according to breach reports.4
1
CFO Survey June 2015 - http://www.cfosurvey.org/2015q2/press-release-hacking.pdf
Piper Jaffray 2015 CIO Survey
3
“C erse urit Hi dsight a d a Look Ahead at
5, Yoa Leitersdorf a d Ofer “ hrei er, Te hCru h, De e
28, 2014
4
2015 Verizon Threat Report
2
er
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
Bypassing Endpoint Security
Despite wielding the latest AV signatures, performing diligent patch
management, and purchasing the latest malware detection engine, even the
most advanced organizations fall victim to targeted attacks. Why?
The answer is that the sophistication of attackers continues to outpace the
sophistication of so-called next-generation defenses. Techniques that were
once only available to state-sponsored attackers are now easily employed by
criminal syndicates and hacker groups. Malware and exploit kits, which are
growing in popularity and availability, provide attackers with easy methods to
customize and obfuscate signatures to bypass signature-based security
measures and rudimentary malware analysis solutions. Combining this with
quick-turn exploitation of public vulnerabilities, or zero-day exploits, provides
a fully weaponized end-to-end capability to anyone with modest means and
malicious intent.
I reased o ple it a d
frequency of attacks
elevate the need for
enterprise-scale incident
response, APT
investigations and a rapid
fore si pro ess.
---Gartner
This continual permutation of polymorphic signatures allows attackers to remain virtually undetectable
by the majority of conventional security defenses, due to their reliance on legacy detection techniques
such as hashes and IP blacklisting. To avoid detection within sandboxes or virtualized solutions, many
malware.
Turn the Game Around; Think like a Hacker
It’s o o der the that a re e t sur e reports that t o-thirds of respondents are evaluating new
endpoint solutions to augment or replace their existing endpoint defenses. But what new endpoint
defense is really effective against these more sophisticated attacks? How can CISOs and CIOs improve
their o pa ies’ defe ses, dete t threats faster a d ore a uratel , a d o tai atta ks efore real
damage is done?
The answer is to start thinking like an attacker and to take advantage of lessons learned from those who
ha e studied sophisti ated ad ersaries. Whe
ost se urit e perts sa thi k like a atta ker the are
advocating penetration testing activities to identify weaknesses in your security systems. However, to be
truly effective in thwarting targeted attacks, we need to go a step further. We need to get into the mind
of an attacker and understand their goals, tactics, and techniques – in essence their behavior.
Throughout their training and operational experience, military commanders are taught to turn the game
around in order to understand any situation from the perspective of their adversary. By doing so, one can
egi to u dersta d the ad ersar ’s stre gths a d eak esses a d formulate actions and defenses
backed by this insight. In the cyber domain, the same strategy is beneficial when defending digital assets.
B
e turi g o er to the dark side of the I ter et,
er se urit e perts an better understand the
goals, techniques, tools, and targets of bad actors. From underground hacking forums to online markets
hawking cybercrime platforms in China, Russia, or Brazil, these experts learn to think like a hacker.
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
With that i sider i tellige e, a d a etter u dersta di g of the atta ker’s ad a tage, the a help
their organizations identify unknown threats that are missed by legacy defenses and respond more
quickly and effectively to get between the attacker and the asset or between the asset and the exit.
While this approa h is u dou tedl hat’s eeded to ou ter toda ’s targeted atta ks, it’s u realisti to
think that hiring dozens or hundreds of specially trained and experienced cyber security experts is the
answer for enterprises. How then can a retailer, manufacturer, financial services provider,
telecommunications provider, healthcare, energy, or other type of company harness this type of
intelligence to protect its digital assets fro
ad a tors arou d the orld? That’s h there’s the “e eo
OTM Platform.
The Evolution of the Seceon OTM Platform
With the Seceon OTM Platform, you get behavioral based threat detection and response that combines
deep adversarial with advanced analytics to detect sophisticated threats and respond faster to internal
and cyber-attacks.
By thinking like a hacker, Seceon OTM Platform looks for threats in ways other produ ts do ’t, by
anticipating the attackers behavior choices; the solution reduces the hacker’s ad a tage. The result is
instant detection and real-time response with impact indication.
Seceon OTM Platform analyzes hosts, network devices, application and user behavior to rapidly detect
the presence of internal risk and cyber-threats thus accelerating response, preventing damage and loss.
Here’s ho it orks:
1. Collection & Control Engine (CCE): “e eo se sor a reside o
o itored e dpoi ts or o its’
own for remote collecting high-fidelity data, with minimum impact on host, device or application
performance. Seceon CCE Sensors monitor thousands of activities along with attributes, including
user, system, application, file and network connections funneling observations back to the
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
Seceon APE. The CCE also has the ability take action on an internal or cyber threat after receiving
instruction from the APE.
2. Analytic Processing Engine (APE): Seceon’s loud-based analytic engine aggregates application,
network, file, and configuration details from all sensors and devices. Using context-based
behavioral analysis and machine learning modeling, suspicious behavior is quickly identified, and
tracked in real time as it evolves. This includes correlating threat activity that is related and part
of the same chain of activity. Real-time visualization identifies malicious behavior, and
compromised or targeted hosts, applications, and devices, enabling an operator to act in time.
3. Seceon Automated Response: The Seceon OTM Platform guides your security team enabling fast,
effective investigation and response without requiring expert-level skills and knowledge. It
produces guidance that dramatically reduces the signal-to-noise ratio, empowering security
teams to take control in real-time.
4. Seceon Threat Intelligence: Seceon OTM Platform is powered by more than 40 best of breed
threat intelligence feeds. Our platform has the ability in real-time to aggregate and distill the
most critical threat intelligence from these feeds identify evolving threats, giving our customers
the earliest warning of new techniques, and the technology stacks they are targeting, by industry
and geography. This intelligence is used as threat model input by the Seceon Analytics Processing
Engine to identify and prioritize known and unknown threats that evade traditional defenses.
Why Seceon
With the Seceon OTM Platform, you can defend against targeted attacks with:
Organization Wide Situational Visability
Seceon’s approa h starts ith an ability to monitor all activity on the network and on the critical devices
which host or provide access to high value information. “e eo ’s CCE application collects, digests and
turns monitored devices log and network flow data into meaningful information. It summarizes activities
and passes this meta data back to the centralized APE to be put through it threat detection and
prediction analysis processes. The CCE’s lightweight software application can run in virtualized as well as
cloud environments. The CCE can be distributed to monitor thousands of activities and attributes,
including user, system, application, file and network connections, with minimum network performance
impact.
Real-time Detection
“e eo ’s loud-based Analytic Processing Engine aggregates application, network, host, file, user, and
configuration details from all CCE sensor. Using machine learning, which feeds threat models that
correlate activities into context-based behavioral analysis, suspicious behavior is quickly identified and
tracked in real time as it evolves. Visualization identifies malicious behavior, and compromised or
targeted hosts, device, applications and users enabling an operator to act in time.
Real-time Response
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
The Seceon OTM Platform guides your security team enabling fast, effective investigation and response
without requiring expert-level skills and knowledge. It produces guidance that dramatically reduces the
signal-to-noise ratio, empowering security teams to take control in real-time. This is a stark difference
from the volume of meaningless and repetitive alerts generated by traditional security products.
Advanced Threat Intelligence
Seceon OTM Platform is powered by more than 40 best of breed threat intelligence feeds. Our platform
has the ability in real-time to aggregate and distill the most critical threat intelligence from these feeds
identify evolving threats, giving our customers the earliest warning of new techniques, and the
technology stacks they are targeting, by industry and geography. This intelligence is used by the Seceon
Analytics Processing Engine to identify and prioritize known and unknown threats that evade traditional
defenses.
Conclusion
Hackers continue to reach new levels of innovation and resourcefulness as they pursue goals of theft or
disturbance. These attackers are schooled in evasive behavior that eludes the layers of defenses
protecting toda ’s organizations. Signature-based technologies and so-called next-generation defenses
have all proven inadequate. As a result, victims have seen both their reputation and financial
performance threatened or severely damaged. Lastly but most importantly, true insider threats need to
be detected and thwarted before critical information is compromised or exfiltrated. Today more often
than not such loss goes undetected.
To reverse these trends, defenders need better tools that not only detect such threats before real
damage is done, but do so automatically in seconds without the need for expert human analysis to
quantify and determine the scope of such threats. Tools that allow an organization’s security posture to
be greatly improved while allowing staff to spend less time reacting and more time on proactive
activities. By turning the game around organizations will be able to rapidly detect and respond to
adversaries, mitigating loss and damage. Seceon harnesses state-of-the-art behavioral based threat
detection algorithms to detect advanced threats that traditional defenses miss. With the Seceon OTM
Platform you can take total control.
To learn more about the Seceon OTM Platform, visit: www.seceon.com
Seceon and the Seceonl logo are registered trademarks of the Seceon, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2016 Seceon, Inc.
Related documents
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Managing Threats in a Changing World
Managing Threats in a Changing World
Apocalypse Assignment
Apocalypse Assignment
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
Download
advertisement