Innovations in Integration: Achieving Holistic Rapid Detection and Response
Kevin began as an Information Security Specialist providing consultation to HP Clients in the areas of security policy development, security solution design and analysis, and security analysis and risk assessments. While working for the Information Security Americas organization, Kevin led the development of the HP ESS Security Incident Response Team (SIRT). Under Kevin’s direction, this service delivery organization has grown into a global capability providing incident response services for over 1,000,000 endpoints. While leading the SIRT organization, Kevin established and built the first US-based Global Information Security (GIS) – Security Operations Center (GSOC). The establishment of the organization changed the paradigm in how security alert-related customers were provided services.
Jason has more than 25 years of experience in telecommunications fraud prevention, physical security management and network security investigations, and was one of the original CALEA Tiger Team members. During his career, he has developed and implemented overall network security, physical security, forensic investigation and fraud control programs for several global organizations and managed lawful interception operations to support federal agencies. He has developed security and fraud awareness training seminars for employees in private industry, as well as federal, state and local law enforcement. Jason has been a member of the FBI Infraguard, United States Secret Service Electronic Crimes Task Force, ISSA, HTCIA, ASIS, ANSIR and CTIA Fraud Task Forces.
Detection and response times are a joke. According to the 2013 Data Breach Investigations Report, 66% of reported incidents weren’t discovered until months after the fact, 69% were actually discovered by third-parties, 14% of incidents took weeks or more to contain and 22% took months or more to contain.
Lofty talk of people, processes and information sharing has its place, but we won’t see our security posture improve until weaknesses in the underlying cyber security infrastructure are addressed. Whether an organization relies on incident response services professionals or an in-house security and response team, the challenges are typically the same. The traditional cyber security infrastructure is riddled with detection, analysis and remediation gaps. This is because the industry is largely comprised of niche companies producing niche tools, and these disparate tools are juggled by several disparate teams that have no means of collaborating in real time. Such a piecemeal approach hamstrings people and their processes, inhibits information sharing, and makes rapid detection and response impossible.
Join Kevin Whartenby of HP and Jason Mical of AccessData as they review new technological advancements that make holistic rapid detection and response a reality. Whartenby and Mical will discuss how organizations and more advanced service providers are filling detection, analysis and remediation gaps by integrating critical analysis capabilities, implementing a “virtual war room” environment to enable real-time collaboration, and leveraging bi-directional integration between an integrated rapid detection and response platform and SIEM solutions, such as ArcSight ESM.
Topics discussed in this presentation include…
- Detecting more and responding faster with integrated network, host and malware analysis
- Automating response with bi-directional SIEM integration that provides 360-degree “threatscape” visibility
- Using new host-based packet capture capabilities to expand your visibility into off-network laptops
- Creating a “virtual war room environment” to achieve real-time collaboration among teams (NetSec, SOC, Malware, Forensics, Information Assurance…)
- Assessing your service providers’ capabilities to ensure they’re able to provide holistic response services