White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "White Paper: Leveraging Web Intelligence to Enhance Cyber Security"

Transcription

1 White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

2 CTOlabs.com Web Intelligence: A new category of actionable information Web Intelligence is the parsing of millions of sources of Internet connected information in a way that is useful to decision-making. It enables the harnessing of the global information grid and adds predictive power to functions such as strategy development, investment decisions and risk assessment/mitigation. This paper, sponsored by Recorded Future, examines this new category of Web Intelligence in a cyber defense context and provides information you can use in deciding the best ways to integrate Web Intelligence into enterprise cyber security operations. Our Insights into Web Intelligence: The lead author of this paper led some of the first contributions of all source intelligence to cyber defense in the US Department of Defense and has been an active contributor to the cyber security and technology communities for two decades. For the last four years, the research team at CTOlabs.com has been contributing to studies and analysis and community events on cyber security operations, security technology and analytical tools. We interact with the community through our blog and newsletters, including daily and weekly newsletters tracking cyber security and analytical tools. We leveraged our background in cyber intelligence and technology in producing this assessment. We also checked our assumptions by asking for inputs from a range of enterprise CISOs in the financial, manufacturing and retail sectors. Web Intelligence and Cyber Security Web Intelligence can significantly enhance enterprise cyber security operations. In a cyber context, web intelligence is being used to track vulnerabilities being discussed in hacker channels and exploited in successful attacks. Web intelligence also portrays information on the nature of malicious code and its mitigation strategies. Further, it is a means of tracking the technologies and tactics being employed by attackers, as well as the proven best practices being applied to mitigate threats. It is in this last category of information that web intelligence is making its most unique contributions to cyber defense. Web intelligence is bringing new insights into the identity, motivation and intentions of threat actors, and it is doing so in ways that can contribute to predictions of future behavior. Since Web Intelligence can provide enhanced information on threat intentions it enables a shifting of cyber defense to more proactive strategies. For example, information on past behaviors of cyber actors associated with real-world events can lead to predictions on future behaviors associated with coming events. This can lead to predictions of when to expect DDoS 2

3 Web Intelligence for Cyber Security Operations attacks or when to expect more focused phishing attacks. In some cases it can also lead to predictions on the nature of the deceptive content that can be used in phishing attacks. With more precise insights, action can be taken to mitigate threats before they strike. Web intelligence also makes critically important contributions to the issue of assessing who is attacking and why. More refined assessments on this critical element can contribute to assessments of an adversary s next step. Web intelligence can help defenders assess whether an attack is hactivism or something more sinister. It can also help in assessments of whether or not others will be targets in particular business partners such as suppliers or customers - and if a more collective defense will need to be mounted. Web Intelligence from Recorded Future Recorded Future is a web intelligence company. Their mission is to harness open web sources that publish open information on the web for analysis. They create insight in support of government missions and business decisions. Recorded Future and their Temporal Analytics Engine organize web information for analysis to yield new insights. Recorded Future specializes in analyzing human writing to detect events, actions and descriptions of actions and then place this information in a time-based (temporal) context. These timelines and topics can be aggregated and correlated to ensure information on the same event can be viewed by multiple angles. This enables analysis in the light of all related information, including historical information. Recorded Future ingests, in real time, over 300,000 real time sources, performing over 50 extractions per second and building a deep history at the same time. They have already amassed a fact based of over 5 billion facts in multiple languages including English, Chinese, Russian, Arabic, Farsi, Spanish, and French. 3

4 CTOlabs.com Background: The Roots of Web Intelligence The origins of web intelligence for cyber security can be traced to the beginning of organized enterprise cyber security activities that began after the famous Morris Worm of November In the worm s aftermath, responders noted shortcomings in their ability to know information from outside their organizations. Since then: - Most major organizations have established dedicated efforts to stay informed on external threats. - There has been an explosion in original content publicly available on the web, including blogging, niche publications, social media, but also vast stores of commercial data that were once locked away and inaccessible to others. - Increasingly, both threat actors and defenders are openly sharing valuable information on open source web channels, making totally new sources of information available The Use of Web Intelligence For Cyber Security Today CISOs who leverage Web Intelligence for Cyber Defense are finding far more utility technical feeds of vulnerabilities and attack signatures. Advanced streams of information on adversaries and their intentions, correlated and assessed, can now be provided in a context ready for use by enterprise cyber security teams Most CISOs we spoke with are in the process of enhancing their ability to use web intelligence, and we believe this will be a high growth segment of the security technology portfolio in all major enterprises. Web Intelligence can contribute to dedicated cyber security efforts by parsing and correlating millions of data sources relevant to computer security. Succinct articulations of threat actors, their capability, history and intentions can be presented along with dynamically updated information on vulnerabilities and methods required to mitigate vulnerabilities. This can all be presented in conjunction with dynamically updated information on international and 4

5 Web Intelligence for Cyber Security Operations regional events that may trigger cyber security events. This automated extraction and presentation of knowledge is already contributing to the situational awareness of several global industries and is now available for general use by cyber defenders everywhere. Web Intelligence and Enterprise Security Management Suites Recorded Future provides a means of interacting directly with data and analysis on global events, including cyber security focused information. However, the capability can be even more impactful when considered in the light of existing enterprise capabilities. We believe most enterprises will want to find the optimal connection between their existing security information management systems and Recorded Future. Fortunately, modern security solutions provide data integration APIs to get data in and out. The following provides some context on how Recorded Future fits in the context of major security suites: Tool Capability Web Intelligence Integration HP-ArcSight Focused on logs and events but connectors to Autonomy and Hadoop show potential for future all source capabilities Information from Recorded Future can be easily moved to ArcSight and feeds from ArcSight can be moved back. This later path is being used by enterprises to establish an analytical SIEM that is strong at correlating SIEM incidents with other threat feeds (including Malware IPs, Vulnerabilities, threat intel etc). This can help rapidly prioritize event response. McAfee ESM DPI and log data. Database monitors. No all source capabilities. Splunk RSA NetWitness IBM-Q1 QRadar Sensage New release provides speed and scale and ability to add external threat feeds, showing potential for integrating Web Intelligence. Dashboarding capabilities important. Leveraged for log based and network data analysis Log and event management with behavior analysis. Netflow data a strength. A purpose-built big data SIEM tool. Ability to take data feeds and integrate other information shows promise. McAfee has always stressed interoperability in their solutions and the ESM architecture allows easy import and export of data. However, we have no examples of the use of ESM as an analytical SIEM or in support of one. Splunk has had strong import and export capabilities in place since their first offering, and these can be automated as desired. The dashboarding capabilities of Splunk can be used as all source displays of information, potentially including interactive connections to Recorded Future. The powerful tools for analysis of ongoing and past events leverage very large datastores and are designed to provide analysts easy ways to export data and analysis. This enables the use of data from NetWitness to power analytical SIEM applications. This can be a powerful contribution to forensic analysis. We are not aware of a smooth way to move information out of the Q1 Radar architecture, however exports based on user-selected criteria can be done. No indications of all source capabilities in future roadmap. Unique clustered columnar database is not designed for use by other systems, but exports of selected information can be made. 5

6 CTOlabs.com Most enterprises are also leveraging link analysis and related investigative tools, including IBM s Analyst Notebook (which is ubiquitous), and the rapidly proliferating Maltego. Some use the advanced capabilities of Palantir. Users of current versions of these systems can rapidly and easily move information to and from advanced web intelligence platforms like Recorded Future. A User Look at Web Intelligence Web Intelligence feeds can be presented in interactive interfaces that enable rapid assessment of dynamic information. Interfaces of Recorded Future offer analysts a means interacting with data and forming hypotheses and conclusions quickly. Analysts are presented with polished and sophisticated ways to interact with large stores of correlated and assessed information. Recorded Future also enables direct access to specialized modeling and visualization of events in time and over geography, while still enabling drill-down into sources of any data. The Cyber Intelligence Application on the Recorded Future Enterprise Platform is delivered via software as a service. This simple account-based access to the platform gives access to the full power of Recorded Future s understanding of Internet connected information 6

7 Web Intelligence for Cyber Security Operations Optimizing the use of Recorded Future for Web Intelligence in Support of Cyber Operations The new field of Web Intelligence is already providing actionable information relevant to cyber security professionals. Recorded Future provides the only automated solution in this space that is capable of ingesting, in real time, the right security related information from the Internet. Their fast and valuable information feeds fill a gap. Our recommendations: 1. Establish your enterprise vision for the use of Web Intelligence in support of your security posture. 2. Launch a proof of concept leveraging Recorded Future s Software as a Service cyber intelligence application. This application enables rapid delivery of capability that can put Web Intelligence to use in your enterprise almost instantly. During the proof of concept formulate evaluations on criteria like: a. Ability to meet your vision for web intelligence support to cyber operations b. Ability to leverage the full spectrum of intelligence information from the Internet and your internal sources c. Ability to enable shared situational awareness across all levels of your organization d. Ability to drive proactive mitigation of threats. 7

8 More Reading For more federal technology and policy issues visit: CTOvision.com- A blog for enterprise technologists with a special focus on Big Data. CTOlabs.com - A reference for research and reporting on all IT issues. FedCyber.com Focused on federal cyber security J.mp/ctonews - Sign up for technology newsletters including the Security Technology Weekly. About the Author Bob Gourley has been active in the cyber defense community since 1998, specializing in intelligence support to cyber operations. He is CTO and founder of Crucial Point LLC and editor and chief of CTOvision.com He is a former federal CTO. His career included service in operational intelligence centers around the globe where his focus was operational all source intelligence analysis. He was the first director of intelligence at DoD s Joint Task Force for Computer Network Defense, served as director of technology for a division of Northrop Grumman and spent three years as the CTO of the Defense Intelligence Agency. Bob serves on numerous government and industry advisory boards. Contact Bob at For More Information If you have questions or would like to discuss this report, please contact me. As an advocate for better IT use in enterprises I am committed to keeping this dialogue up open on technologies, processes and best practices that will keep us all continually improving our capabilities and ability to support organizational missions. CTOlabs.com

White Paper: SAS and Apache Hadoop For Government. Inside: Unlocking Higher Value From Business Analytics to Further the Mission

White Paper: SAS and Apache Hadoop For Government. Inside: Unlocking Higher Value From Business Analytics to Further the Mission White Paper: SAS and Apache Hadoop For Government Unlocking Higher Value From Business Analytics to Further the Mission Inside: Using SAS and Hadoop Together Design Considerations for Your SAS and Hadoop

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

Three Open Blueprints For Big Data Success

Three Open Blueprints For Big Data Success White Paper: Three Open Blueprints For Big Data Success Featuring Pentaho s Open Data Integration Platform Inside: Leverage open framework and open source Kickstart your efforts with repeatable blueprints

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

White Paper: Enhancing Functionality and Security of Enterprise Data Holdings

White Paper: Enhancing Functionality and Security of Enterprise Data Holdings White Paper: Enhancing Functionality and Security of Enterprise Data Holdings Examining New Mission- Enabling Design Patterns Made Possible by the Cloudera- Intel Partnership Inside: Improving Return on

More information

Empowering Analysts With Big Data

Empowering Analysts With Big Data White Paper: Empowering Analysts With Big Data Inside: Balancing your approach to Big Data Criteria for evaluating your enterprise approach Tips for getting started 1 Four Years of Research Into Big Data

More information

White Paper: Datameer s User-Focused Big Data Solutions

White Paper: Datameer s User-Focused Big Data Solutions CTOlabs.com White Paper: Datameer s User-Focused Big Data Solutions May 2012 A White Paper providing context and guidance you can use Inside: Overview of the Big Data Framework Datameer s Approach Consideration

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

IBM Security X-Force Threat Intelligence

IBM Security X-Force Threat Intelligence IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

White Paper: What You Need To Know About Hadoop

White Paper: What You Need To Know About Hadoop CTOlabs.com White Paper: What You Need To Know About Hadoop June 2011 A White Paper providing succinct information for the enterprise technologist. Inside: What is Hadoop, really? Issues the Hadoop stack

More information

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE: WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if

More information

White Paper: The Current State of BYOD

White Paper: The Current State of BYOD CTOlabs.com White Paper: The Current State of BYOD May 2012 A White Paper providing context and guidance you can use Inside: Snapshot of a fast moving trend Summary of recent surveys Considerations for

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015 www.encari.com Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015 www.encari.com 2 The Problem Cyber attacks are not just a risk, they are a reality.

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

High End Information Security Services

High End Information Security Services High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.

More information

All about Threat Central

All about Threat Central All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward

More information

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

THE EVOLUTION OF SIEM

THE EVOLUTION OF SIEM THE EVOLUTION OF SIEM WHY IT IS CRITICAL TO MOVE BEYOND LOGS Despite increasing investments in security, breaches are still occurring at an alarming rate. 43% Traditional SIEMs have not evolved to meet

More information

KEYW uses acquired Sensage technology to form Hexis Cyber Solutions

KEYW uses acquired Sensage technology to form Hexis Cyber Solutions KEYW uses acquired Sensage technology to form Hexis Cyber Solutions Analyst: Javvad Malik 13 Nov, 2013 In the virtual arms race, attack tools and techniques get shared among a wide range of actors with

More information

A Primer on Cyber Threat Intelligence

A Primer on Cyber Threat Intelligence A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly

More information

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Anatomy of Cyber Threats, Vulnerabilities, and Attacks Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,

More information

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable April 2015 1 List of Exhibits Chart Slide Number Executive Summary

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different? REPORT Perimeter Security Defenses State of Perimeter Security Defenses, Time to Think Different? Table of Contents Introduction 3 Key Findings 4 Implications 6 REPORT State of Perimeter Security Defenses

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

White Paper: Evaluating Big Data Analytical Capabilities For Government Use

White Paper: Evaluating Big Data Analytical Capabilities For Government Use CTOlabs.com White Paper: Evaluating Big Data Analytical Capabilities For Government Use March 2012 A White Paper providing context and guidance you can use Inside: The Big Data Tool Landscape Big Data

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC Visualization, Modeling and Predictive Analysis of Internet Attacks Thermopylae Sciences + Technology, LLC Administrative POC: Ms. Jeannine Feasel, jfeasel@t-sciences.com Technical POC: George Romas, gromas@t-sciences.com

More information

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness

More information

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Cyber Security Services: DeepSight Intelligence Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Eight Essential Elements for Effective Threat Intelligence Management May 2015 INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

Raytheon Oakley Systems

Raytheon Oakley Systems Raytheon Oakley Systems Michael Crouse VP, Sales & Marketing Daniel Velez Director, Program Operations Cleared for release. #IIS2013-226. Page 1 Raytheon Oakley Systems About us Founded as Oakley Networks

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information

81% of participants believe the government should share more threat intelligence with the private sector.

81% of participants believe the government should share more threat intelligence with the private sector. Threat Intelligence Sharing & the Government s Role in It Results of a Survey at InfoSec 2015 Section 1 1.1 Executive summary The last few years has seen a rise in awareness regarding security breaches

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

Security Operations Metrics Definitions for Management and Operations Teams

Security Operations Metrics Definitions for Management and Operations Teams Whitepaper Security Operations Metrics Definitions for Management and Operations Teams Measuring Performance across Business Imperatives, Operational Goals, Analytical Processes and SIEM Technologies Research

More information

Threat Information Sharing; Perspectives, Strategies, and Scenarios

Threat Information Sharing; Perspectives, Strategies, and Scenarios Threat Information Sharing; Perspectives, Strategies, and Scenarios 15 June 2015 Tim Grance,, Sarah Brown, Fox-IT, Luc Dandurand, ITU Thomas Millar, US CERT, Pawel Pawlinski, CERT.PL 1 Information Sharing

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

WHITE PAPER: THREAT INTELLIGENCE RANKING

WHITE PAPER: THREAT INTELLIGENCE RANKING WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes

More information

EnCase Endpoint Security Product Overview

EnCase Endpoint Security Product Overview GUIDANCE SOFTWARE EnCase Endpoint Security EnCase Endpoint Security Product Overview Detect Sooner. Respond Faster. Recover Effectively. GUIDANCE SOFTWARE EnCase Endpoint Security EnCase Endpoint Security

More information

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Separating Signal from Noise: Taking Threat Intelligence to the Next Level SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

More information

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events

More information

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Operationalizing Threat Intelligence.

Operationalizing Threat Intelligence. Operationalizing Threat Intelligence. Key Takeaways Time is becoming more and more compressed when it comes to protecting the enterprise Security teams must be able to rapidly and effectively translate

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Hunting for the Undefined Threat: Advanced Analytics & Visualization SESSION ID: ANF-W04 Hunting for the Undefined Threat: Advanced Analytics & Visualization Joshua Stevens Enterprise Security Architect Hewlett-Packard Cyber Security Technology Office Defining the Hunt

More information

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

With Cloud Defender, Alert Logic combines products to deliver outcome-based security With Cloud Defender, Alert Logic combines products to deliver outcome-based security Analyst: Javvad Malik 13 Nov, 2014 Security has typically been a technology-driven area. If a company puts up a website,

More information

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE

More information

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

MANAGED SECURITY SERVICES (MSS)

MANAGED SECURITY SERVICES (MSS) MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The

More information

The Path Ahead for Security Leaders

The Path Ahead for Security Leaders The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

MANAGED SECURITY SERVICES (MSS)

MANAGED SECURITY SERVICES (MSS) MANAGED SECURITY SERVICES (MSS) THE CYBER SECURITY INITIATIVE. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

The Emergence of Security Business Intelligence: Risk

The Emergence of Security Business Intelligence: Risk The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011 Introduction As an industry we are

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security

More information

CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL

CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL OVERVIEW This e-book contains insights on breach readiness, response and resiliency based on in-depth interviews

More information

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility

More information

Worldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares

Worldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares Market Analysis Worldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares Charles J. Kolodgy IN THIS EXCERPT The content for this excerpt was taken directly from IDC Market

More information

2011 Forrester Research, Inc. Reproduction Prohibited

2011 Forrester Research, Inc. Reproduction Prohibited 1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester

More information

Threat Intelligence Platforms: The New Essential Enterprise Software

Threat Intelligence Platforms: The New Essential Enterprise Software Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

End-to-End Application Security from the Cloud

End-to-End Application Security from the Cloud Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed

More information