FIC automatisation et sécurité_David Grout-VF

FIREEYE HIER, AUJOURD’HUI ET
DEMAIN
Consolidation
Evangélisation
Précurseur
2004-2013
Leader
2014-2015
Innovateur
2016 ET
FUTUR
O R C H E S T R AT I O N
ET
A U T O M AT I S AT I O N
2
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.
L E T E M P S N E S ’ A C H E T E PA S
3
L ’ A U T O M AT I S AT I O N E N S E C U R I T E
REDUIRE LES ACTIONS SIMPLES
FOCALISER LES RESSOURCES
LA MISE EN PLACE DE
P L AY B O O K U N E L E M E N T C L E F
ORCHESTRATION EN ACTION: Enrichir des alertes FireEye
Lookup IP
(IPVoid)
Yes
Lookup IP/Domain/
Hash
(VirusTotal)
Malware Found?
Yes
Query
Alert Already Seen?
(Splunk)
Splunk Query
Count > 1
FireEye Alert
forwarded to ISO
No
No
FireEye alerts on all events. A threshold
query can be set to query on the same
indicators to avoid duplicate tickets
Lookup Domain
(Webpulse)
* Alerts
generated by
EX, NX, AX
30
MIN
15
MIN
1
MIN
Create Ticket
UNE ARCHITECTURE
OUVERTE & EXTENSIBLE
L’AUTOMATISATION
SOURCE DE ROI
& D’EFFICACITE
Weekly
Incidents
Time Spent
Annually
45
10
390
10
190
10
12
minutes
22
Semi-Automated
minutes
1.4
Automated
Minutes
hours
hours
hours
Time
Savings
-51%
97%
Cost Savings
Manual
Time to
Complete