How to Detect System Compromise & Data Exfiltration
13
Live Demo: How to Detect System Compromise and Data Exfiltration
-
Upload
alienvault -
Category
Technology
-
view
656 -
download
5
description
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault security guru Tom D'Aquino will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way. You'll learn: How attackers exploit vulnerabilities to take control of systems What they do next to find & exfiltrate valuable data How to catch them before the damage is done with AlienVault USM Using a real-world example of a common vulnerability, Tom will show you how USM gives you the evidence you need to stop an attack in its tracks.
Transcript of How to Detect System Compromise & Data Exfiltration
Live Demo: How to Detect System Compromise and Data Exfiltration
@AlienVault
About AlienVault
AlienVault has unified the security products, intelligence and community essential for mid-sized businesses to defend against
today’s modern threats
@AlienVault
• More and more organizations are finding themselves in the crosshairs of various bad actors for a variety of reasons.
• The number of organizations experiencing high profile breaches is unprecedented.
• The “security arms race” cannot continue indefinitely as the economics of securing your organization is stacked so heavily in favor of those launching attacks that incremental security investments are seen as impractical.
Threat landscape: Our new reality
84% of organizations breached
had evidence of the breach in their log files…
@AlienVault
“There are two types of companies that use computers. Victims of crime that know they are victims of crime and victims of crime that don’t
have a clue yet.”- James Routh, 2007
CISO Depository Trust Clearing Corporation
Prevention is elusive
@AlienVault
“How would you change your strategy if you knew for certain that you were going to be
compromised?”- Martin Roesch, 2013
Founder & CTO Sourcefire, Author SNORT
@AlienVault
Prevent Detect & Respond
The basics are in place for most
companies…but this alone is a ‘proven’ failed
strategy.
New capabilities to develop
Get (Very) good at detection & response
@AlienVault
So many security technologies to choose fromGiven the 10 most recommended technologies and the pricing range, an organization could expect to spend anywhere from $225,000 to $1.46m in its first year, including technology and staff.
Source: The Real Cost of Security, 451 Research, April 2013
Factor into this: Initial Licensing Costs Implementation / Optimization Costs Ongoing Management Costs Renewal Costs Integration of all the security technologies Training of personnel/incoming personnel
@AlienVault
Many point solutions…integration anyone?
“Security Intelligence through Integration that we do, NOT you”
USM Platform• Bundled Products - 30 Open-Source
Security tools to plug the gaps in your existing controls
• USM Framework - Configure, Manage, & Run Security Tools. Visualize output and run reports
• USM Extension API - Support for inclusion of any other data source into the USM Framework
• Open Threat Exchange –Provides threat intelligence for collaborative defense
@AlienVault
powered by AV Labs Threat
Intelligence
USMASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability Monitoring
SECURITY INTELLIGENCE• SIEM Event Correlation• Incident Response
THREAT DETECTION• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
USM Product Capabilities
@AlienVault
Unified Security Management
Complete. Simple. Affordable.
Delivery Options: Hardware, Virtual, or Cloud-based appliances
Open-Source version (OSSIM) also available
AlienVault USM provides the five essential security capabilities in one, pre-integrated platform
Unified Security Management (USM) Platform AlienVault Labs Threat Intelligence AlienVault Open Threat Exchange
@AlienVault
AlienVault Labs Threat Intelligence:Coordinated Analysis, actionable Guidance
• Updates every 30 minutes• 200-350,000 IP validated daily• 8,000 Collection points• 140 Countries
@AlienVault
AlienVault Labs threat intelligence
Weekly updates that cover all your coordinated rule sets: Network-based IDS signatures Host-based IDS signatures Asset discovery and inventory database updates Vulnerability database updates Event correlation rules Report modules and templates Incident response templates / “how to” guidance for each alarm Plug-ins to accommodate new data sources
Fueled by the collective power of the AlienVault’s Open Threat Exchange (OTX)
@AlienVault
NOW FOR SOME Q&A…
Three Ways to Test Drive AlienVault
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site
Join us for a live Demo
http
://www.alienvault.com/marketing/alienvault-u
sm-live-
demo
Questions? [email protected]
