Bringing a Business Perspective to Cybersecurity Operations I
Facebook Twitter LinkedIn

Opening Pandora's Box with FAIR + ATT&CK + SOAR = An Improved Cyber Security Response Strategy

Combined Session
Tuesday, October 08, 2019 13:15—14:15
Location: Holeman Lounge

When I meet with CISOs and Cyber Security Directors, they usually ask what use cases should they target first. I generally proceed with a few simple questions and immediately recommend going after general use cases or low hanging fruit or a strategy based on how mature their organization is.

During this session, you’ll find out what questions I ask, what answers I get, and why I propose approaching a cyber security response using FAIR + ATT&CK + SOAR.

Risk and compliance managers and disaster recovery experts have been applying a variety of risk models to organizations and businesses for many years and they have just begun the complex process of truly understanding cyber risk. Part of the reason that cyber security insurance exists for corporations is that risk and compliance managers have a way of protecting the organization from liabilities which may be out of their control or because they simply do not understand the cyber security problem domain. One of the core reasons behind this is that risk and compliance managers focus on corporate risks such as disaster recovery or compliance risks like GDPR, PCI, SOX, HIPPA, which do not really protect or reduce the risk of cyber threats to the organization. While useful, these risks are a somewhat different realm than protecting the organization from cyber security threats or reducing risk on a continuous basis in their cyber security program. The result and outcome of all of this is a lack of focus around improving their cyber security response strategies for potential or real breaches to their organization when or if they occur.

When developing cyber security response strategies it’s obvious to CSOs, incident responders and security operations staff members that they should specifically develop solutions based on either a quantity of alerts, the cyber threat event frequency, responding to known vulnerabilities, or simply going after and protecting against low hanging fruit or things that take the most time within the organization.

However, cyber security response activities generally do not align with the overarching goals for risk managers or compliance officers nor do risk management teams necessarily understand cyber security risks. The primary reason is that risk managers and compliance managers are thinking of loss of financial or reputational value to the organization. It is much easier for risk managers to understand what the expected financial or reputational loss will be if a building burns down than the financial or reputational loss to the organization if a breach to an intern’s laptop.

So how can we improve this Wackamole? This is where potentially combining the FAIR (Factor analysis of information risk) model, with the Mitre ATT&CK and a SOAR (Security Orchestration and Automated Response) strategy can improve and enable organizations to prioritize their cyber security response strategies and process. In this talk, I will discuss the basics around the FAIR model and ATT&CK framework, as well as address how the combination of these with SOAR to prioritize an organizations response capability can attempt to reduce the risk for the organization. In order to reduce real cyber risks to an organization, it requires an active commitment to risk management combined with a continuous approach to cyber security response by not just the CISO or Directors of Security within the organization, but by the risk management staff who stand beside them.

Key take-aways:

Opening Pandora's Box with FAIR + ATT&CK + SOAR = An Improved Cyber Security Response Strategy
Presentation deck
Opening Pandora's Box with FAIR + ATT&CK + SOAR = An Improved Cyber Security Response Strategy
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Tyler Rorabaugh
Tyler Rorabaugh
Demisto at Palo Alto Networks
16+ years of experience in cyber security including offensive, defensive, product engineering, consulting and for the last 3 years in SOARLandia. I've worked for a number of large and small cyber...

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address