Innovations in Integration: Achieving Holistic Rapid Detection and Response

Innovations in Integration: Achieving Holistic Rapid Detection and Response

 

Available On Demand
Duration 60min
Speakers
Kevin Whartenby
Practice Lead - Digital Investigation Services (DIS) Americas
HP Enterprise Security Services Security Consulting
Kevin Whartenby
Kevin Whartenby is the Practice Lead of Digital Investigation Services (DIS) Americas within the HP Enterprise Security Services Security Consulting organization. In his current role, Kevin drives an organization which is responsible for the delivery of security incident response, computer forensics, e-Discovery and a variety of consultative information security services for trade clients. Kevin has been with HP Enterprise Services for over seventeen years and has held a variety of technical, consulting and managerial positions in United States Public Sector, US Solution Centers and Global Information Security.

Kevin began as an Information Security Specialist providing consultation to HP Clients in the areas of security policy development, security solution design and analysis, and security analysis and risk assessments. While working for the Information Security Americas organization, Kevin led the development of the HP ESS Security Incident Response Team (SIRT). Under Kevin’s direction, this service delivery organization has grown into a global capability providing incident response services for over 1,000,000 endpoints. While leading the SIRT organization, Kevin established and built the first US-based Global Information Security (GIS) – Security Operations Center (GSOC). The establishment of the organization changed the paradigm in how security alert-related customers were provided services.
Jason Mical
Vice President of Cyber Security
AccessData Group
Jason Mical
Jason Mical is probably best known as the “Father of the SilentRunner® technology”, the first full packet capture, network forensics solution of its kind, developed by the NSA and Raytheon. Jason Mical and the SilentRunner technology now reside at AccessData where Jason serves as the Vice President of Cyber Security. He is responsible for the global management of AccessData’s cyber security solutions and assists AccessData clients in such areas as electronic intercepts, intrusion analysis, incident response, security standards and guidelines. Jason also offers his expertise and consulting services to clients and other audiences on issues of electronic, computer, and physical security investigations.

Jason has more than 25 years of experience in telecommunications fraud prevention, physical security management and network security investigations, and was one of the original CALEA Tiger Team members. During his career, he has developed and implemented overall network security, physical security, forensic investigation and fraud control programs for several global organizations and managed lawful interception operations to support federal agencies. He has developed security and fraud awareness training seminars for employees in private industry, as well as federal, state and local law enforcement. Jason has been a member of the FBI Infraguard, United States Secret Service Electronic Crimes Task Force, ISSA, HTCIA, ASIS, ANSIR and CTIA Fraud Task Forces.

Detection and response times are a joke. According to the 2013 Data Breach Investigations Report, 66% of reported incidents weren’t discovered until months after the fact, 69% were actually discovered by third-parties, 14% of incidents took weeks or more to contain and 22% took months or more to contain.

Lofty talk of people, processes and information sharing has its place, but we won’t see our security posture improve until weaknesses in the underlying cyber security infrastructure are addressed. Whether an organization relies on incident response services professionals or an in-house security and response team, the challenges are typically the same. The traditional cyber security infrastructure is riddled with detection, analysis and remediation gaps. This is because the industry is largely comprised of niche companies producing niche tools, and these disparate tools are juggled by several disparate teams that have no means of collaborating in real time. Such a piecemeal approach hamstrings people and their processes, inhibits information sharing, and makes rapid detection and response impossible.

Join Kevin Whartenby of HP and Jason Mical of AccessData as they review new technological advancements that make holistic rapid detection and response a reality. Whartenby and Mical will discuss how organizations and more advanced service providers are filling detection, analysis and remediation gaps by integrating critical analysis capabilities, implementing a “virtual war room” environment to enable real-time collaboration, and leveraging bi-directional integration between an integrated rapid detection and response platform and SIEM solutions, such as ArcSight ESM.

Topics discussed in this presentation include…

  • Detecting more and responding faster with integrated network, host and malware analysis
  • Automating response with bi-directional SIEM integration that provides 360-degree “threatscape” visibility
  • Using new host-based packet capture capabilities to expand your visibility into off-network laptops
  • Creating a “virtual war room environment” to achieve real-time collaboration among teams (NetSec, SOC, Malware, Forensics, Information Assurance…)
  • Assessing your service providers’ capabilities to ensure they’re able to provide holistic response services
Already a member? Login