FIC automatisation et sécurité_David Grout-VF
Transcription
FIC automatisation et sécurité_David Grout-VF
FIREEYE HIER, AUJOURD’HUI ET DEMAIN Consolidation Evangélisation Précurseur 2004-2013 Leader 2014-2015 Innovateur 2016 ET FUTUR O R C H E S T R AT I O N ET A U T O M AT I S AT I O N 2 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED. L E T E M P S N E S ’ A C H E T E PA S 3 L ’ A U T O M AT I S AT I O N E N S E C U R I T E REDUIRE LES ACTIONS SIMPLES FOCALISER LES RESSOURCES LA MISE EN PLACE DE P L AY B O O K U N E L E M E N T C L E F ORCHESTRATION EN ACTION: Enrichir des alertes FireEye Lookup IP (IPVoid) Yes Lookup IP/Domain/ Hash (VirusTotal) Malware Found? Yes Query Alert Already Seen? (Splunk) Splunk Query Count > 1 FireEye Alert forwarded to ISO No No FireEye alerts on all events. A threshold query can be set to query on the same indicators to avoid duplicate tickets Lookup Domain (Webpulse) * Alerts generated by EX, NX, AX 30 MIN 15 MIN 1 MIN Create Ticket UNE ARCHITECTURE OUVERTE & EXTENSIBLE L’AUTOMATISATION SOURCE DE ROI & D’EFFICACITE Weekly Incidents Time Spent Annually 45 10 390 10 190 10 12 minutes 22 Semi-Automated minutes 1.4 Automated Minutes hours hours hours Time Savings -51% 97% Cost Savings Manual Time to Complete