Breach Simulation

What do you do when you've been breached?

Your now on the Board of Big Corp

www.slido.com  event code #22207

The Price Goes up every 24 hrs

100

Who do you Inform?

 1. Nobody - This doesn't look real

 2.  Police - perhaps they can help

3.   CEO - The boss needs to know

     4.    DPO - Tell the data privacy officer

     5.    IT TEAM - Were we                Breached? 

6.   Procurement - 3rd Party Breach

       7.  Other - eg. Security,        Insurance, etc.

www.slido.com  event code #22207

www.slido.com  event code #22207

A 2nd message comes in

www.slido.com  event code #22207

When do you tell customers?

 1. Immediately - They need to know now

 2.  In 24 hours

3.   In 48 hours

     4.    In 72 hours

     5.    In 7 days 

6.   In 28 days

           7.  Don't Inform them

www.slido.com  event code #22207

The Hackers are probably still in our system

One of our staff may have helped them

We can stop them if we disconnect for 3 days

What executive action to take?

 1. Disconnect the systems from the internet

 2.  Forensics - What Happened?

3.   Remediation - Close the breach

     4.    Ask the insurer to confirm coverage

     5.    Brief the Board and set Budget

6.   Submit a report to Regulators

       7.  Implement Cyber Crisis Plan

www.slido.com  event code #22207

Where is your Cyber Crisis Plan?

www.slido.com  event code #22207

Rumors are circulating..

www.slido.com  event code #22207

Big Corp doesn't care about my safety or their customers  

Never doing business with them again.

What communications needed?

 1. Stop all comms - such as marketing and ads

 2.  Create a website with Q&A about the breach

3.   Customer advice eg how to prevent fraud

     4.   Provide script - Twitter and Call center

     5.   Pre-brief employees about the situation

6. Identify advocates to speak for the company

       7.  Customer compensation and apology

www.slido.com  event code #22207

Finally, some good(ish) news

www.slido.com  event code #22207

2019 = $124 billion

2022 = $170.4 billion

Growing 12-15% YoY

Security Operations Centers

1/1000 companies have a SOC

Average Cost of a SOC is $2.5M (CapEx)

Scaling depends on availble physical office space

(52% of Fortune 500 have a SOC)

Who works in the Security Operations Center?

1. 1. Security  Analyst
2.  
3. 2. Security Engineer
4.  
5. 3. Security Manager
6.  
7. 4. Chief Information Security Officer

Roles in SOC

Text

 Security  Analyst

(FrontLine Soldiers)

Security analysts are typically the first responders to incidents. They are the soldiers on the front lines fighting against cyber attacks and analyzing threats.

Text

 Security  Engineers

(Engineers & Architects)

Security engineers are responsible for maintaining tools, recommending new tools, and updating systems

Work with development operations teams to ensure that systems are up to date

 Security  Manager

(The Boss)

A security manager is responsible for overseeing operations as a whole. They are in charge of managing team members and coordinating with security engineers.

They serve as the direct boss to all members of the SOC team.

CISO

(The Executive)

The chief information security officer (CISO) is responsible for defining and outlining the organization’s security operations.

Typically, a CISO reports directly to the CEO and has direct contact with all of upper management.

Current Tools being used in a SOC

1)

2)

3)

Internet of things (IoT)

The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Virtual Command 3D

• Building schematics
• Weather conditions
• Live video feeds
• Data analytics
• Maps
• Fast Communication
• Multiplatform support

3Data Operations Center

June 10th 2019

3Data Analytics

Virtual Command

• 3D Graph showing real-time network traffic flow
   
• Machine Learning that scores potential threats based on Anomaly

• ​Drill down to further inspect

• Easy and Fast to communicate remotely

Meet Apollo

Your AI Security Assistant 

Virtual assistant which uses voice response technology to better manage network and cybersecurity events

Codename: Apollo

Prediction, Prevention,  Detection, Response, Monitoring.

Machine learning for Network Protection

Machine learning for User Behavior

Machine learning for Object Detection

• Regression to predict the network packet parameters and compare them with the normal ones; (Historical data Analysis)
•  
• Classification to identify different classes of network attacks such as scanning and spoofing;
•  
• Clustering for forensic analysis.

ML for Network Protection

• Regression to detect anomalies in User actions (e.g., login in unusual time);
•  
• Classification to group different users for peer-group analysis;
•  
• Clustering to separate groups of users and detect outliers.
•  
•  

Machine learning for User Behavior

• Object detection is the process of finding instances of objects in images
•  
• Object detection is a subset of object recognition, where the object is not only identified but also located in an image

Machine learning for Object Recognition

Run correlations across the physical and the Digital

Go to Market

Apollo Engine
 

Cisco Meraki Example

Integrate with Additional Vendors