threat detection & response - sans leak password guessing breach ... brand credibility landscape...
TRANSCRIPT
Threat Detection & Response Control Point Management Developing a Visibility and Measurement Platform that Manages and Improves Operations
Nancy Thompson Director of Operations
CYBER RISK DEFENSE CENTER
1 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Introduction
Log Layer
Correlation
Events
Thompson’s Dashboard
2 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
NETWORK
ANTHEM
LOSS OF MEMBER TRUST
SERVER
CREDENTIALS LOSS OF TRUST
SONY LEAK
PASSWORD GUESSING
BREACH
DATA THEFT COMPROMISE PHISHING
BACK DOOR
PHISHING CRIMINAL
CYBER SECURITY COST
HEART BLEED
PERSONAL INFORMATION STOLEN ATTACK MALWARE IP ADDRESS
TARGET COMPLEXITY BRAND CREDIBILITY
Landscape
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Agenda
Approach Resulting Approach Complexity Solution Challenges Results
4 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Exfiltration Escalation Infiltration Advanced Warning
Approach
System exploitation
Malware
Account hijacking
Privilege escalation
Lateral movement
Data transmission &
theft
External intel
System probes
Phishing
Account hijacking
Privilege escalation
Lateral movement
Addressing the Lockheed Martin Cyber Kill Chain®
5 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Resulting Complexity
6 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Solution Requirements
Process flow flexibility
Ability to add in “control points” where we needed them
Dashboards which manage work, issues & offer visibility to operations
7 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Control (management) Characteristics
Control in management means setting standards, measuring
actual performance and taking corrective actions.
Solution Objective
• Control is a Continuous Process
• Control is Forward Looking
• Control Helps to Achieve the Standard
Control (management) Process
• Setting, Measuring & Comparing Performance Standards
• Analyzing Deviations
• Take Corrective Measures
8 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Solution Challenges
Compliance
Risk
Governance
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Results
10 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Evolution of the Threat Activity Case
December 2014 March 2015 April 2015
11 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Components of Operations
• Input • Team Checklists • Non-Actionable Events • False Positives • Actionable Events • Critical Events • Incident • Child Processes
• Remediation Request • Use Case Request • Tuning Request • Policy Engineering Request
12 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Team Control Point - Checklists
Customized Forms
Help Boxes
Links to Processes (ePO process in sharepoint)
13 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Management Control Point - Team Conflict Escalation
If an escalation is rejected by Incident Handlers 2 or more times, leadership is notified
14 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Audit Control Point - Closure and Feedback
15 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Legal Control Point
16 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Operations Management– Team Focused Dashboards
17 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Operations Management – Leadership Dashboard
18 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
Eye Candy
19 © 2015 Kaiser Foundation Health Plan, Inc. Technology Risk Office CYBER RISK DEFENSE CENTER
What’s Next
Input Work Integrations
Dispatch System Integration
Dynamic Visualization Tools
© 2015 Kaiser Foundation Health Plan, Inc. CYBER RISK DEFENSE CENTER
Questions?
“Thompson, great job…you’ve delivered the wedding cake!”