What is Cyber Threat Intelligence and why do I need it?

Size: px
Start display at page:

Download "What is Cyber Threat Intelligence and why do I need it?"

Transcription

1 What is Cyber Threat Intelligence and why do I need it?

2 Global Cyber Threat Intelligence much ado about something The Information Security market is buzzing about cyber threat intelligence. Following all of the Big Data discussions that gripped the security market in 2013, cyber threat intelligence has become one of the hot topics in the industry for 2014 a natural evolution as mining all of your data and incorporating data from outside sources should result in some form of newfound intelligence. Running a simple Google search will deliver more than 5 million results and walking any security trade show floor will have you running into the word Intelligence at every turn. But why? Is there really a gold mine of value waiting for your organization in the form of Cyber Threat Intelligence? A resounding yes is the answer. But that answer, and the real value derived, depends largely on the definition of cyber threat intelligence. It also depends on how well you integrate cyber threat intelligence into your existing workflows, create new workflows around it and fuse it with new and existing defensive technologies. Leading organizations already know that cyber threat intelligence, from both internal and external sources, can provide value when it is researched, analyzed and disseminated correctly. Benefits include: Changing the security model from reactive to proactive if you understand your adversaries you can develop tactics to combat current attacks and plan better for future threats. Shrinking the security alert problem that is overwhelming most security teams. Driving better, more informed responses to security incidents. Extending the life of aging security technologies and turbo charging new defenses by feeding them real-time intelligence updates to enable blocking of rapidly emerging threats. Enhancing communications between the security team, management and board members. Driving better investment strategies and more directly connecting security priorities with business risk management priorities Definitions matter especially in a rapidly emerging segment of the cyber security industry where vendors often twist the latest terms to fit their marketing efforts. CISO Recommendation: Use a commercial threat intelligence service to develop informed tactics for current threats, and plan for threats that may exist in the midterm future. Rob McMillan & Kelly Kavanagh Technology Overview for Security Threat Intelligence Service Providers We ve put together this brief to help you better understand cyber threat intelligence what it is, why it is important and why you should be considering its use in your security practice. In followon briefs we will discuss methods for integrating cyber threat intelligence into your workflows and provide detailed case studies (including ROI) from our clients across the Global All rights reserved. isight Partners, Inc. 2

3 What is Cyber Threat Intelligence? Filtering the market noise Unfortunately many definitions exist for cyber threat intelligence. Because it is an emerging and very promising new space, security vendors are trying to carve out their lanes and capitalize on the buzz. When considering this space, it is vitally important to know that cyber threat intelligence offerings are not created equal. In fact, many are not intelligence offerings at all. What you will find is that most vendors are equating cyber threat intelligence with raw information for example data feeds with bad IP addresses or other unwashed indicators that are dumped into your environment for machine to machine consumption or for your security team to sort out. These vendors are confusing information with intelligence. More raw information is not what your teams or your security technologies need they re already swimming in data. A data feed with a mountain of raw, unfiltered information will only exacerbate the alarm overload and false positive issues security teams face today. A useful comparison of the difference between information and intelligence is summarized below. It is largely driven from the pioneers in the field of Intelligence the global Military Intelligence and National Intelligence communities where a number of isight s 200+ experts come from: Information versus Intelligence Information Intelligence - Raw, unfiltered feed - Processed, sorted information - Unevaluated when delivered - Evaluated and interpreted by trained Intelligence Analysts - Aggregated from virtually every source - Aggregated from reliable sources and cross - May be true, false, misleading, incomplete, relevant or irrelevant - Not actionable - Actionable correlated for accuracy - Accurate, timely, complete (as possible), assessed for relevancy Many vendors can provide raw information, but there are only a comparative few that provide true intelligence capabilities. Rob McMillan & Kelly Kavanagh Technology Overview for Security Threat Intelligence Service Providers 2014 All rights reserved. isight Partners, Inc. 3

4 Gartner on Threat Intelligence In an October 2013 report on Threat Intelligence, Gartner essentially points out that most vendors are offering Cyber Threat information not cyber threat intelligence and that only a comparative few (vendors) provide true intelligence capabilities. Gartner defines cyber threat intelligence as follows, and we think this is the bar by which all vendors claiming to offer these services should be measured: Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject s response to that menace or hazard. Simply providing a dump of raw data into an already strained organization doesn t help to narrow the security problem, it actually compounds it. Gartner has it right. Cyber threat intelligence needs to include much more than raw data. It requires rich contextual information that can only be created with the application of human analysis. This contextual information includes an understanding of the past, present and future tactics, techniques and procedures (TTPs) of a wide variety of adversaries. It must also include the linkage between the technical indicators (e.g., IP addresses and domains associated with threats or hashes that fingerprint malicious files), adversaries, their motivations and intents, and information about who is being targeted. Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject s response to that menace or hazard. This level of contextual understanding can only be gathered through a research process that involves the identification and on going monitoring of threat actors and the global threat ecosystem. It also requires a fusion center with very experienced analysts using a formal process and sophisticated tools to merge this disparate research information into finished intelligence. This is precisely why isight has located a large team of researchers across 16 countries and built a state-of-the-art fusion center in the Washington DC area. By fusing human gathered intelligence with timely and accurate technical intelligence, you get what you really need rich, accurate and actionable intelligence that can inform your planning efforts, improve decision making, and help you prioritize and respond to existing or emerging 2014 All rights reserved. isight Partners, Inc. 4

5 threats. To get this accurate technical intelligence, a large corpus of data is required. This should include open-source data, indicators scraped from the underground and analysis of various malware toolkits to understand their broad capabilities, information from your own proprietary logs, information shared from various industry groups or sharing platforms, and information collected from a broad network of security and technology partners. When looking for a cyber threat intelligence solution you need to understand that you aren t buying technology so much as engaging with a long term partner that extends the size of your team and strengthens your defenses both from a human and technological perspective. At isight Partners we understand these requirements and we ve spent the past 7+ years developing our Intelligence capabilities around: Threat Actors: Tracking nation-state activities, organized cyber criminals and hacktivists Vulnerabilities and Exploitation: Uncovering zero-days on a daily and weekly basis, monitoring CVEs and tracking exploitations in the wild Mechanisms and Indicators: Analyzing malware family derivatives, tracking DDoS technology and its evolution, monitoring command and control infrastructures, etc. Actionable Advice: Providing clients with ongoing, daily stream reporting to filter the noise and drive decision advantage over the adversaries that confront them 2014 All rights reserved. isight Partners, Inc. 5

6 Actionable Intelligence Signal vs. Noise As further indication that this is a rapidly emerging market that you should be focused on, Forrester Research is also following the cyber threat intelligence space. In their research, they place a heavy emphasis on making sure that cyber threat intelligence is actionable. So does isight. In a pre-rsa 2014 blog post, their lead analyst on the subject Rick Holland laid out seven specific criteria that cyber threat intelligence must address to be considered actionable. Below are excerpts of that blog along with isight s thoughts on how we meet these criteria. Forrester: Actionable intelligence is ACCURATE Credibility is the currency of the CISO. To protect that credibility, isight Partners has built (and refined for nearly a decade) a government-standards, yet commercial-speed, model for intelligence analysis. The result is enduring high fidelity, contextual insight with exceptionally rare inaccuracies. Forrester: Actionable intelligence is ALIGNED WITH YOUR INTELLIGENCE REQUIREMENTS and TAILORED At isight we help our clients identify their requirements as part of our initial consultation process. Many of these requirements already fall into our existing body of research and analysis. Where more specific needs are identified based on a client s unique risk profile we drive our research teams to those requirements and incorporate those needs into the outputs we provide. Forrester: Actionable intelligence is INTEGRATED Actionable Intelligence is: Accurate Aligned with your intelligence requirements Integrated Predictive Relevant Tailored Timely Rick Holland Blog: Actionable Intelligence, Meet Terry Tate, Office Linebacker Published: 11 February 2014 Relevant intelligence demands a response, often by changing existing systems to protect against a specific threat. With manual intelligence evaluation, these changes can be exhaustively time consuming and potentially cost prohibitive (at least from the CFO s perspective). Time and cost saving integrations with existing systems are absolutely critical. isight offers a number of out of the box integrations driven through our Technology Alliance Partnerships. Our ThreatScape API solution enables customer driven integration where out of the box integration is not yet available All rights reserved. isight Partners, Inc. 6

7 Forrester: Actionable intelligence is PREDICTIVE At the very basic level, intelligence must be forward-looking. Forensics and digital dumpster diving can provide pathology, but cyber professionals need to know what the next attack will likely be, not a rear view mirror understanding of what attacks already happened. isight Partners has 200+ people in 16 countries focused on the cyber underground. We see what the threats are before they materialize into active events. Actionable intelligence is RELEVANT Knowing what threat capabilities are out there is critical, but understanding groups, actors and motivations is vitally important also. Most of our clients (and cyber security professionals) have too much unfiltered threat data, so isight Partners segments threat activity by actor, area, industry, intent, etc. We go through the haystack, sending just the needles to the client. Actionable intelligence is TIMELY Recognizing that reality, isight Partners speeds insight to customers, reducing the cost to mitigate and ensuring that threat information beats the onset of an attack. The core truth is that cyber security professionals already have too much unfiltered data causing too many false alarms. What they need is predictive, accurate insights on the real threats relevant to them delivered at a speed and format that enables an efficient, effective response. The bottom line: There is a world of difference between basic cyber threat information and actionable cyber threat intelligence and isight Partners is at the forefront of the cyber threat intelligence market All rights reserved. isight Partners, Inc. 7

8 Cyber Threat Intelligence From the Board Room to the Security Operations Center When correctly implemented in your organization, cyber threat intelligence is a game changer not only for the men and women in the Security Operations Center trenches, but for the business as a whole. Our clients are using cyber threat intelligence to revolutionize and reinvigorate the relationship between security and the business changing their operating models from reactive and threat based to proactive and risk based. Cyber threat intelligence helps them drive rapid response to threats that matter (supporting the mission of the SOC) and helps them get ahead of the curve on threats over the horizon by making the right investments driving the risk-based security decisions that map to the needs of the business. At isight, we provide intelligence in formats geared towards different stakeholders. We provide executive summaries written in layman s language with reporting on adversaries, vulnerabilities and exploitation, and on security trends geared specifically towards business leaders. These intelligence reports help CISOs communicate to the rest of the business providing tools to highlight the need for action and when required even debunk hype in the industry. Our intelligence includes a daily news analysis service that can be shared with senior leadership taking stories that appear in major news outlets and trade publications and applying our analysis. This gets CISOs out in front of the questions they are likely to receive and saves them, and their overtaxed teams, research time that can be better used for protecting the organization. When it comes to driving better day-to-day defenses, we offer deep dive technical reporting and the machine-to-machine integrations described in the section above on actionable intelligence. Our clients have gravitated towards the use of cyber threat intelligence for a wide variety of reasons. Some that stand out are: Driving business level and board level discussions about the risks their adversaries represent Gaining a true understanding of varying adversarial motives and intents and prioritizing policies and security investments around them Moving their organizations from event driven (reactive) to intelligence-led and risk driven (proactive) security models Driving broad-level strategic decisions by improving adversary visibility moving from a nearsighted position to one of 20/20 clarity Extending the life and effectiveness of aging security infrastructure by feeding actionable, real time threat intelligence into those systems Reducing operational chaos and improving tactical response by fusing intelligence with security events 2014 All rights reserved. isight Partners, Inc. 8

9 The isight Partners Difference Like cloud computing or big data, cyber threat intelligence risks becoming a watered-down phrase employed by vendors in an attempt to sell more stuff, just as its purpose and value becomes most clear. That is why we ve put together this primer on cyber threat intelligence to help you set the bar for what to expect from a partner in this space. As we ve explored, there is a significant difference between cyber threat information and cyber threat intelligence. As Gartner highlights, there is a scarcity of vendors offering true Intelligence. When looking to vendors in this space, consider the Gartner definition carefully and evaluate potential partners against it. Also keep in mind the need for actionable intelligence highlighted by Forrester Research. If you keep these issues in mind, you ll find that isight Partners is unique in the market. Having delivered intelligence globally for more than seven years to clients in government and the private sector we pride ourselves on delivering against the criteria we ve discussed in this paper. At isight, we ve invested heavily in building and refining our threat intelligence capability over nearly a decade. We have unmatched experience and reach over 200 experts around the globe with deep historical perspectives in cyber intelligence gathering, analysis and dissemination. We have combined this experience with a well-oiled process and technology platform based on a formal intelligence lifecycle. The result is that we help our clients see the big picture as it relates to the threats they face and we provide the depth and context that drives better decisions. We fuse technology and human intelligence. We are leading the way in cyber threat intelligence providing a bridge between security and the business and supporting some of the most sophisticated government and private organizations in the world. We are also helping others who are starting their journey towards building intelligence -led security programs. Turning Information into Intelligence requires deep technological capabilities and human expertise the type that only isight has developed throughout these years. For more information contact us at isightpartners.com 2014 All rights reserved. isight Partners, Inc. 9

How to Use Cyber Threat Intelligence in my Workflows?

How to Use Cyber Threat Intelligence in my Workflows? How to Use Cyber Threat Intelligence in my Workflows? The Power of Global Cyber Threat Intelligence There is a great deal of power that comes along with knowing your adversary. By mapping his past activities

More information

A Primer on Cyber Threat Intelligence

A Primer on Cyber Threat Intelligence A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly

More information

WHITE PAPER: THREAT INTELLIGENCE RANKING

WHITE PAPER: THREAT INTELLIGENCE RANKING WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes

More information

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research 2 3 6 7 9 9 Issue 1 Welcome From the Gartner Files Definition:

More information

isight Partners The Cyber Threat Intelligence Experts

isight Partners The Cyber Threat Intelligence Experts isight Partners The Cyber Threat Intelligence Experts Understand Your Threat 2 The Mantra If you re good at security response, you will win all of the battles you fight. If you re great, you will know

More information

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Separating Signal from Noise: Taking Threat Intelligence to the Next Level SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges

More information

Operationalizing Threat Intelligence.

Operationalizing Threat Intelligence. Operationalizing Threat Intelligence. Key Takeaways Time is becoming more and more compressed when it comes to protecting the enterprise Security teams must be able to rapidly and effectively translate

More information

Threat Intelligence Platforms: The New Essential Enterprise Software

Threat Intelligence Platforms: The New Essential Enterprise Software Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise

More information

The Business Justification for Cyber Threat Intelligence. How advanced intelligence improves security, operational efficiency and strategic planning

The Business Justification for Cyber Threat Intelligence. How advanced intelligence improves security, operational efficiency and strategic planning The Business Justification for Cyber Threat Intelligence How advanced intelligence improves security, operational efficiency and strategic planning What Executives Need to Know about Cyber Threat Intelligence

More information

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Cyber Security Services: DeepSight Intelligence Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion

More information

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE: WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

Threat Intelligence. Benefits for the enterprise

Threat Intelligence. Benefits for the enterprise Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS

More information

Politics of Security Webcast Summary Cyber Threat News and APT Defenses

Politics of Security Webcast Summary Cyber Threat News and APT Defenses Politics of Security Webcast Summary Cyber Threat News and APT Defenses Introduction Stories about cyber espionage and Advanced Persistent Threats (APTs) are part of the mainstream news cycle. Concerns

More information

Stop DDoS Attacks in Minutes

Stop DDoS Attacks in Minutes PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

More information

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE ANALYST DAY STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE TRAVIS REESE, PRESIDENT, MANDIANT CONSULTING AND ISIGHT INTELLIGENCE COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED. INTELLIGENCE- LED

More information

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who

More information

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant THREAT INTELLIGENCE Rafal Los Director, Solutions Research Office of the CISO, Accuvant James Robinson Director, Information Security, Accuvant Jason Clark Chief Strategy and Security Officer, Accuvant

More information

Overcoming Five Critical Cybersecurity Gaps

Overcoming Five Critical Cybersecurity Gaps Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.

More information

Practical Threat Intelligence. with Bromium LAVA

Practical Threat Intelligence. with Bromium LAVA Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful

More information

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting

More information

Gregg Gerber. Strategic Engagement, Emerging Markets

Gregg Gerber. Strategic Engagement, Emerging Markets Government of Mauritius Gregg Gerber Strategic Engagement, Emerging Markets 2 (Advanced) Persistent Targeted attacks 2010 2011 2012 Time 1986-1991 Era of Discovery 1992-1998 Era of Transition 1999-2005

More information

Anticipating the Breach

Anticipating the Breach Anticipating the Breach What to do before, during and after an attack. CONTENTS Before... 2 During... 3 After... 4 Conclusion... 5 Brought to you compliments of Security incidents may be inevitable, but

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

ESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.

ESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved. ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

The business Side of threat Intelligence. Cyber Squared Inc.

The business Side of threat Intelligence. Cyber Squared Inc. The business Side of threat Intelligence 1 WhoAm I? CEO of CyberSquared Inc., the company behindthreatconnect TM. Founding member of the company, started in 2011. Experience inprogramming, network security,

More information

Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context

Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context Introduction When it comes to cybersecurity, perhaps nothing has been as highly touted as the answer to every executive s prayers

More information

It All Starts with Log Management:

It All Starts with Log Management: : Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll

More information

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance

More information

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In

More information

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events

More information

THE EVOLUTION OF SIEM

THE EVOLUTION OF SIEM THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Future Threat Landscape - How will technology evolve and what does it mean for cyber security? James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE

BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE BREACHES HAPPEN. BE PREPARED. F-SECURE RAPID DETECTION SERVICE TAKE A HOLISTIC APPROACH TO CYBER SECURITY. Sophisticated corporate cyber attacks have become commonplace. They circumvent even the best-defended

More information

The Emergence of Security Business Intelligence: Risk

The Emergence of Security Business Intelligence: Risk The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011 Introduction As an industry we are

More information

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat

More information

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation

More information

PROMOTION // TECHNOLOGY. The Economics Of Cyber Security

PROMOTION // TECHNOLOGY. The Economics Of Cyber Security PROMOTION // TECHNOLOGY The Economics Of Cyber Security Written by Peter Mills Malicious cyber activity, from hacking and identity fraud to intellectual property theft, is a growing problem within the

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations

More information

The Future of the Advanced SOC

The Future of the Advanced SOC The Future of the Advanced SOC Developing a platform for more effective security management and compliance Steven Van Ormer RSA Technical Security Consultant 1 Agenda Today s Security Landscape and Why

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

Security and Privacy Trends 2014

Security and Privacy Trends 2014 2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,

More information

Cyber and Operational Solutions for a Connected Industrial Era

Cyber and Operational Solutions for a Connected Industrial Era Cyber and Operational Solutions for a Connected Industrial Era OPERATIONAL & SECURITY CHALLENGES IN A HYPER-CONNECTED INDUSTRIAL WORLD In face of increasing operational challenges and cyber threats, and

More information

The Path Ahead for Security Leaders

The Path Ahead for Security Leaders The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

More information

Evaluating DMARC Effectiveness for the Financial Services Industry

Evaluating DMARC Effectiveness for the Financial Services Industry Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC

More information

Threat Intelligence Buyer s Guide

Threat Intelligence Buyer s Guide Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Modern Approach to Incident Response: Automated Response Architecture

Modern Approach to Incident Response: Automated Response Architecture SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

All about Threat Central

All about Threat Central All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward

More information

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization WHITEPAPER Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization Understanding Why Automated Machine Learning Behavioral Analytics with Contextualization

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model White Paper Addressing the Full Attack Continuum: Before, During, and After an Attack It s Time for a New Security Model Today s threat landscape is nothing like that of just 10 years ago. Simple attacks

More information

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

FireScope + ServiceNow: CMDB Integration Use Cases

FireScope + ServiceNow: CMDB Integration Use Cases FireScope + ServiceNow: CMDB Integration Use Cases While virtualization, cloud technologies and automation have slashed the time it takes to plan and implement new IT services, enterprises are still struggling

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC WHITE PAPER Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC www.openioc.org OpenIOC 1 Table of Contents Introduction... 3 IOCs & OpenIOC... 4 IOC Functionality... 5

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

White. Paper. Rethinking Endpoint Security. February 2015

White. Paper. Rethinking Endpoint Security. February 2015 White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed

More information

1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS 1 2013 Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS $32.8B 100,000 Cyber Criminals State-Sponsored Spies Hactivists We live in a POST-PREVENTION Amount enterprises are

More information

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Detect, Contain and Control Cyberthreats

Detect, Contain and Control Cyberthreats A SANS Whitepaper Written by Eric Cole, PhD June 2015 Sponsored by Raytheon Websense 2015 SANS Institute Introduction Dwell Time Relates to damage because the longer a system is compromised, the bigger

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already

More information

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value. SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,

More information

Accenture Cyber Security Transformation. October 2015

Accenture Cyber Security Transformation. October 2015 Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Cisco Security Intelligence Operations

Cisco Security Intelligence Operations Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,

More information

RETHINKING CYBER SECURITY

RETHINKING CYBER SECURITY RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor

More information

A Modern Framework for Network Security in Government

A Modern Framework for Network Security in Government A Modern Framework for Network Security in Government 3 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Government: Securing Your Data, However and Wherever Accessed Governments around

More information

IT Security Risk Management

IT Security Risk Management IT Security Risk Adding Insight to Security Gennaro Scalo April 2, 2014 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity Data Breaches Damage

More information

McAfee Network Security Platform

McAfee Network Security Platform McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking

More information