© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

How to Turbocharge Your Cyber Security Incident

Response With Automation

February 24, 2016starting at

12:00pm EST / 9:00am PST

Today’s webinar will be presented by:

Guy NadiviDirector, Business

Development

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 2

Sharon Cohen, CISM

IT & Security Professional Services Manager

Company Background

• Leading innovator of IT Process Automation Software

• Founded in 2007, Headquarters in New York

• Product first launched in 2009

• Flagship product: eyeShare™ IT Process Automation v4.7.3

• Eric Benhamou, former CEO of 3Com and Palm, BGV currently

slide 3© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Sample of eyeShare Users

slide 4© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Agenda

slide 5© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

#1Why you should

automate Cyber Security

Incident Response

#2The concerns

of running automation in Cyber Security

Incident Response

#3A real life

scenario of automating

Incident Response

What Is A Cyber Security Incident Response?

slide 6© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

An organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident).

The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

source: searchsecurity.techtarget.com/definition/incident-response

An organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident).

The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

What Is A Cyber Security Incident Response?

slide 7© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

source: Gartner - "Top Security Trends for 2016-2017"

Why Automate Cyber Security Incident Response?

slide 8© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

“71% of represented organizations experienced at least one successful cyberattack in the preceding 12 months (up from 62% the year prior)”.

source: 2015 Cyberthreat Defense Report from the CyberEdge Group

205 - median number of days that threat groups were present on a victim’s network before detection (Longest Presence: 2,287 days)

source: "Beyond the Breach" - Mandiant 2015 Malware Report

Malicious cyber attacks cost US$300 Billion to US$1 Trillion a year!

source: "THE ECONOMIC IMPACT OF CYBERCRIME AND CYBER ESPIONAGE Report" - Center for Strategic and International Studies July 2013

Why Automate Cyber Security Incident Response?

slide 9© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

“By 2019, 40% of large enterprises will require specialized, automated tools to meet regulatory obligations in the event of a serious information security incident.”

source: Gartner

Why Automate Cyber Security Incident Response?

slide 10© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Lack of qualified staff Lack of necessary expertisePeople don’t scale very well

Why Automate Cyber Security Incident Response?

slide 11© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

When it comes to remediating security breaches, automation is a force multiplier

Concerns About Automating Cyber Security Incident Response

slide 12© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Too Many False Positives In Security

Concerns About Automating Cyber Security Incident Response

slide 13© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

In Security (& elsewhere) False Positives Are Distressing

Automating Cyber Security Incident Response

slide 14© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Automating Cyber Security Incident Response

slide 15© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

A security playbook is a customizable template for specific cyber security incidents, that streamlines an organization's response procedures using best practices.

Playbook

Ayehu Case Study

slide 16© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Dual Logins By The Same Individual From Different Locations

• A user logs in from one location.

• The same user then logs in 15 minutes later from another location 30 miles away.

• Is the first login legitimate, but the second one fraudulent? Or is it the other way around? Maybe they’re both fraudulent?

• How do you automate the process of determining which login (if any) is legitimate?

Sharon Cohen

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 17

Demo

slide 18© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Top 3 Features

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 19

No Programming !

Top 3 Features

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 20

No Agents !

Top 3 Features

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 21

Top 3 Benefits

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 22

Automation enables better preparation

• Simulate & test multiple scenarios in advance of an attack

• Validates playbooks

• Fast response, errors reduced, documented properly, people notified

Top 3 Benefits

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 23

Automation enables 24/7 Coverage

• SOC's are rarely manned around the clock with security experts

• Enables fast, best practice responses no matter who’s on duty any time of day

Top 3 Benefits

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

slide 24

Rapid Containment, Eradication, & Recovery

• Malware• Evidence• Vulnerabilities• Operational

Ask Us Anything

slide 25© 2016 Ayehu Software Technologies, Ltd. All rights reserved.

Please send any follow up questions to:

Guy Nadiviguy@ayehu.comwww.ayehu.com

slide 26

Go To ayehu.com

Free trial versionof eyeShare!

© 2016 Ayehu Software Technologies, Ltd. All rights reserved.