RQP3 2019 Recap: Plan, Partner, Propel

ReliaQuest’s RQP3 (Plan, Partner, Propel) conference kicked off this week with two days of speakers, panel discussions and training sessions. Here’s a recap with highlights from the conference:

Security Model Management

ReliaQuest CEO and Founder Brian Murphy

ReliaQuest CEO and Founder Brian Murphy explained how today’s organizations continuously hear promises from technology vendors, platforms and providers about tools that will allegedly solve all their problems. When these promises aren’t realized, organizations suffer from what Murphy described as “promise fatigue.” He went on to say that a new vision was needed, and that vision was Security Model Management.

Murphy highlighted how Security Model Management focuses on optimizing an organization’s existing people, process and technology to achieve their desired business outcomes. ReliaQuest’s platform, GreyMatter, increases visibility while automating threat detection and response. It does this by unifying and integrating existing SIEM, EDR, multi-cloud and third-party apps to deliver a centralized, transparent view across your environment. Security teams can recognize and communicate success through the platform’s analytics metrics that measure ongoing improvement of the security program benchmarked against past performance and industry peers.

Mindset: Changing Behaviors to Yield New Outcomes

Limitless Minds CEO and Founder Trevor Moawad
Sports Illustrated’s 2017 “Brain Trainer of the Year”, and CEO and Founder of Limitless Minds Trevor Moawad has worked with ReliaQuest for over three years, helping the company’s employees use mindset as a tool to improve personally and professionally. At RQP3, ReliaQuest’s customers and partners were introduced to Moawad, who engaged the crowd as he spoke about modifying and adjusting behaviors to reach the life goals you want to achieve.

Security Beyond 2025

Gartner VP of Research Augusto Barros
Augusto Barros, VP of Research at Gartner, presented on his forward-thinking view of the coming years of Cyber Security. Barros conveyed how new technologies may revolutionize the way organizations work, but these new technologies also present their adversaries with new, and even easier methods for gaining access to an organization’s crown jewels. Barros also warned organizations to be cautious of vendors claiming that Artificial Intelligence (AI) is going to solve all security challenges, and described Gartner’s current view of AI within the security landscape.

CISO Lessons Learned

CISO Panel
ReliaQuest CEO Brian Murphy hosted a panel of some of the most influential CISOs in the security industry today. They provided RQP3 attendees with lessons they have learned throughout their careers, from various scenarios they have faced. The group spoke about moments where they were underprepared for meetings, how they failed to adequately socialize key strategies early in their formation, and how they have learned to effectively manage their boards, with each of these moments teaching them important lessons that have continued to change how they approach their roles.

HUNT: From Myth to Reality

ReliaQuest VP of Product Management Jason Pfeiffer and Director of SOC Ireland Jason Smith
ReliaQuest Vice President of Product Management Jason Pfeiffer and Director of SOC Ireland Jason Smith broke down the value of cyber threat hunting. Pfeiffer explained that to hunt effectively, you must focus on a clear and achievable mission, and to see each mission as an opportunity to understand your security environment, applications, and users.

While not every hunt will result in the finding of an advanced persistent threat, discovering issues that you would not have otherwise known about allows you to correct potential gaps. Pfeiffer went on to talk about three key methodologies for hunting including retroactive IOC analysis, behavior analysis and baselining. Smith provided several examples of real-world use cases leveraging the baselining methodology and how ReliaQuest GreyMatter’s Hunt capability, was able to uncover significant “hygiene” issues and threats lurking within a customer’s environment.

Building a Multi-Business Security Service

Danaher Corporation CISO Chris Lugo
Chris Lugo, CISO of Danaher Corporation, described his organization’s security model and how it incorporates a multi-industry portfolio of 30 total companies. To keep these entities secure, Lugo explained the approach and methodology Danaher uses. His keys to success and lessons learned included:

  • Set expectations early, often, & repeatedly
  • Avoid a one-size fits all approach
  • Dedicated project management is critical
  • Utilize repeatable processes wherever possible
  • Communicate, communicate, communicate!

Big Data in Security

ReliaQuest CTO Joe Partlow
ReliaQuest Chief Technology Officer Joe Partlow presented on “Big Data in Security.” Joe explained how security teams are managing more tools than ever, and environments are much more complex. While SIEM technologies are valuable to organizations, the volume of data in most environments has outpaced the technology. One solution could be Big Data, and as Joe pointed out, the advancements for data handling could improve efficiency, scale with organizations, and decrease cost. Still, in order for Big Data to be successful, Joe recommended the following criteria:

  • Get buy-in from C-Suite
  • Show value to other data owners
  • Define clear measures of success
  • Hosted options – they may allow quicker adoption
  • Don’t assume security tool providers have the use case relevant for you
  • Know your data and inventory
  • Has to be timely and easy to search

Advanced Security Metrics

ReliaQuest COO Colin O’Connor and Donnelley Financial Solutions CISO Dannie Combs
ReliaQuest Chief Operating Officer Colin O’Connor described how ReliaQuest helps its customers evaluate performance. Colin, alongside Dannie Combs, CISO of Donnelley Financial Solutions, discussed how organizations can define “what good looks like.” Colin introduced the RQ Model Index, a comprehensive and effective way to measure the impact ReliaQuest has in helping customers increase visibility, while clearly articulating the value of security across their enterprises. The Model Index provides metrics focusedon visibility, tool efficacy, and team performance, identifying risks and providing detailed recommendations to improve the security model.

Uncommon Use Cases

CISO Panel
On this panel, ReliaQuest CTO Joe Partlow moderated a group of CISOs discussing examples of uncommon use cases in security and how they were able to find and implement unique solutions to those uncommon problems.

Damon Becknel, CISO of Horizon Blue Cross Blue Shield of New Jersey, focused on measuring security posture to improve processes for vulnerability management, notable event analysis, SLA’s and more.

John Kelly, CISO of Elsevier, discussed how they are tackling content protection through analytics and machine learning, fraud detection and automated responses.
Retired Army Colonel, John Burger, CISO of ReliaQuest, discussed content testing in production to detect flaws that could impede an organization’s ability to detect threats.
Some conclusions from the panel included:

  • Use focused testing
  • Determine troubleshooting frameworks up front
  • Uncommon use cases require uncommon performance

Visibility: In a Serverless World

Nielsen VP of Global Security Wes Mullins
Wes Mullins, VP of Global Cyber Security at Nielsen, spoke about gaining visibility in a serverless world. He discussed the benefits and drawbacks to leveraging serverless technologies and implications to an organization’s security model, and how this impacts the visibility needed to ensure adequate detection and response capabilities. He demonstrated which questions organizations must be able to answer in order to obtain the level of visibility needed to monitor these solutions, and went on to outline some of the key logs that are needed to adequately identify threats across various serverless architectures. In closing, Mullins had the following suggestions for security teams:

  • Use a factory blueprint for account creations
  • Use templates to automate everything
  • Avoid on-prem connectivity if possible

Leveraging EDR for Continual Hunting

ReliaQuest SOC Manager Chris Weckerly and Senior Tier 2 Analyst Chris Pardo
Expanding on Pfeiffer and Smith’s talk on “Hunt: From Myth to Reality,” ReliaQuest SOC Manager Chris Weckerly and Senior Tier 2 Analyst Chris Pardo discussed ways to leverage EDR for continual hunting. Their focus was behavior-based threat detection and hunting, in which Pardo explained that while behavioral detection using other security technologies exists, it’s often more difficult, requiring multiple devices or log sources. Leveraging the MITRE ATT&CK framework as a baseline, crafting detection logic to continually identify behaviors often used by attackers, including such examples as process injection, side loading, etc., organizations can leverage their EDR solutions in a more proactive manner, instead of simply relying on them for response actions.

Making Quality Decisions with Limited Information

Former Commanding Officer of Seal Team 5 Captain Tom Chaby
Captain Tom Chaby, former Commanding Officer of Seal Team 5, works with elite organizations and teams around the country. His keynote at RQP3 highlighted that even on the best teams and in the best organizations, people need to make quality decisions with incomplete information. Chaby explained that as professionals we are going to fail, but it’s how we respond to that failure that determines how successful we can be. Taking accountability of our failures or missteps allows us to learn from them, and improve for the future.

ReliaQuest University Training

RQP3 gave attendees a chance to learn leading SIEM and EDR technologies, some of the most widely used tools in security today. The abridged training sessions were based on ReliaQuest University’s full training curriculum, which is designed to help ReliaQuest customers get the full value out of their technology investments. Close to 100 people received training during the event.

Demo Stations & RQ Bar

After completing an RQU training session, security pros at RQP3 could head over to the RQ Tech Bar and speak with ReliaQuest engineers and developers about the different SIEM and EDR technologies and how these integrate with ReliaQuest GreyMatter.ReliaQuest solutions architects and developers were also available at the Demo Stations to demonstrate how ReliaQuest GreyMatter unifies and integrates existing SIEM, EDR, multi-cloud, and third-party apps to deliver a centralized, transparent view across the environment.

Contact us to learn more.