Threat Intelligence: Friend of the Enterprise

Size: px
Start display at page:

Download "Threat Intelligence: Friend of the Enterprise"

Transcription

1 SECURELY ENABLING BUSINESS Threat Intelligence: Friend of the Enterprise Danny Pickens Principal Intelligence Analyst MSS FishNet Security

2 DANNY PICKENS Principal Intelligence Analyst, FishNet Security Expertise: Military & Counterterrorism Intelligence Business & Competitive Intelligence Intrusion Detection Incident Handling & Management Cyber Threat Analysis Background: United States Marine Corps & Army Reserve Federal Contractor (supporting Department of Defense and other organizations) Department of Agriculture Security Operations Center FishNet Security

3 WANT ME SOME INTELLIGENCE Our collective ignorance of intelligence has undermined not only our intelligence capabilities, but ultimately the policy makers and citizens served. ~ Henry A. Crumpton The Art of Intelligence: Lessons from a Life in the CIA s Clandestine Service [Many] just think you can buy intelligence or download intelligence and don t realize they need to develop intelligence. ~ Scott Roberts Director of Bad Guy Catching GitHub

4 INTELLIGENCE: DEFINED Intelligence is the result of the collection, analysis and timely dissemination of intelligence information concerning threats and vulnerabilities to an organization. Why Intelligence? Provides localized threat identification. Assists in remediation and countermeasures for critical infrastructure. Improves the overall security posture for the organization.

5 INTELLIGENCE: DOMAINS COLD WAR Targets of Intelligence Efforts Perpetrators Former Soviet Union and its allies Soviet government seen as source of inimical activity Weapons Potential Targets of Attack Focus Strategic and conventional forces Counterforce and countervalue targets in the U.S. and the territories of its allies Large-scale military action

6 INTELLIGENCE: DOMAINS COUNTERTERRORISM Targets of Intelligence Efforts Perpetrators Individuals, small cells and networks, and state sponsors Increasingly anonymous Weapons Potential Targets of Attack Focus Light arms to large-scale weaponry and potentially weapons of mass destruction Vast number of highly symbolic, relatively soft targets Individual incidents and trends

7 INTELLIGENCE: DOMAINS CYBER Targets of Intelligence Efforts Perpetrators Individuals, cells and networks, and states with information warfare capabilities Anonymous only have technical signatures Weapons Potential Targets of Attack Focus Cyberweapons or conventional weapons against critical information and communication nodes Range from individual websites to national critical infrastructure Individual incidents, trends and patterns in attacks and vulnerabilities that can be exploited

8 INTELLIGENCE: DISCIPLINES DISCIPLINES HUMINT SIGINT GEOINT IMINT OSINT TECHINT Intelligence information derived from human sources. Collected from various communications mediums. Geospatial intelligence concerning terrain. Intelligence derived from satellite imagery or aerial reconnaissance. Intelligence data collected via publicly available resources. Technical information collected from internal technologies and platforms.

9 INTELLIGENCE CYCLE: REPEATABLE Requirement Gaps in knowledge surrounding a threat or vulnerability. Collection Research conducted against the requirement. Analysis & Production The process of fusing raw data and information into a finished product. Analytical methodologies used to visualize and validate hypothesis and conclusions. Dissemination & Integration Distribution of the finished product to Operations in a timely fashion. Dissemination & Integration Requirement Analysis & Production Collection

10 REQUIREMENTS Intelligence Cycle Good IRs are structured based on the following criteria: Necessity: Is it necessary to answer this question? Feasibility: Can we feasibly collect this information? Timeliness: Is the intelligence requirement timely? Specificity: Is the requirement specific enough? Primary Intelligence Requirements Intelligence Requirements Requests for Information

11 COLLECTION Intelligence Cycle Areas to consider: Actual collection of data Collections management Collection process: Obtain information needed to answer requirement Internal (logs and events from network appliances) External (commercial or open source intelligence) Collection sources should be: Trustworthy Reliable IP ADDRESSES URLs / DOMAINS NETWORK / HOST ARTIFACTS TOOLS FILE DATA / HASHES TTPs

12 ANALYSIS & PRODUCTION Intelligence Cycle Intelligence Analysis: Examines and evaluates raw data and information. Determines if it is applicable to organization or environment. Produces products and assessments for implementation. The Intelligence Analyst Role: Identify and retrieve pertinent information within collection management system. Correlate information against additional sources. Research while utilizing personal knowledge and expertise. Produce assessment or finished product. Critical thinkers and Subject Matter Experts (SME) in their field. Draw conclusions based off of differing sources of information and to extract the appropriate information within without bias. Link Analysis Timeline Analysis Analytical Approaches Trend Analysis

13 ANALYSIS Intelligence Cycle :00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Account Locked Brute Force Cncrnt Auth From Multi Cities Cncrnt Auth Multi Regions Detected Malware Activity Detected Virus Activity Failed Virus Activity FNS APT 1 Rule FNS Shun List General Antivirus Warning Group Created Multi Unique Attcks Against ihost Recon followed by Attack Temp Accnt Created, Used, Deleted User Account Created

14 ANALYSIS Intelligence Cycle Country Count % Korea % China % United States % Germany % Taiwan % Brazil % Japan % India % RussianFederation % France % Canada % Ukraine % United Kingdom % Australia %

15 ANALYSIS Intelligence Cycle Event Count % FNS APT1 Rule % Accnt Attck:Brt Force Single ohost % FNS Shun List % Detected Trojan Activity % User Logon Failure % Recon Followed By Attck % VPN Session Started % Policy Modified : Firewall/ACL % User Logon %

16 DISSEMINATION & INTEGRATION Intelligence Cycle Key Sections for a Finished Product: Executive Summary Bottom Line Up Front (B.L.U.F.) Main Body Key Points Technical Analysis Rules to Apply Conclusion Recommendations Assessments The best thing an intelligence analyst can provide to his customer is a finished product which is actionable and timely.

17 SCOPING LEVELS OF EFFORT STRATEGIC IPB/Overall Threat Assessments Risk Assessments Categorizing Threats & Threat Groups Intelligence Informs Policy OPERATIONAL Current & Emerging Threat Research Trend & Historical Analysis Preventative Analysis Intelligence Drives Operations TACTICAL Case/Incident Investigation Damage Assessment Attribution Intelligence Leads Response

18 EFFECTIVE INTELLIGENCE Open lines of communication both with and to the enterprise. Channels of communication should be opened up to: Executive staff Internal IT staff User base External sources Allows for greater collection of information and data, more in-depth analysis and trusted dissemination. INTELLIGENCE SENIOR MANAGEMENT IT STAFF USERS EXTERNAL Intelligence must be tasked to meet operational needs, and equally, it is essential that operations implement the output of intelligence.

19 SHARING Uptick in Intelligence sharing frameworks over the past couple of years, from Mandiant s OpenIOC to MITRE s offerings of CyBox, STIX and TAXII. Organizations should be involved and have a willingness to share collected intelligence data with not only the industry, but with parties seen as competitors.

20 THE TAKE AWAY Invest in the proper PEOPLE and TOOLS. Encourage internal development (DEVOPS). Allow for open COMMUNICATION channels. Don t shy away from SHARING. Make it OPERATIONAL.

21 THANK YOU Danny Pickens Principal Intelligence Analyst - MSS FishNet Security Danny.Pickens@fishnetsecurity.com Global Threat Intel Center Managed Security Services - gtic FishNet Security GTIC@fishnetsecurity.com fishnetsecurity.com/6labs

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Separating Signal from Noise: Taking Threat Intelligence to the Next Level SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges

More information

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

More information

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Hunting for the Undefined Threat: Advanced Analytics & Visualization SESSION ID: ANF-W04 Hunting for the Undefined Threat: Advanced Analytics & Visualization Joshua Stevens Enterprise Security Architect Hewlett-Packard Cyber Security Technology Office Defining the Hunt

More information

Unstructured Threat Intelligence Processing using NLP

Unstructured Threat Intelligence Processing using NLP Accenture Technology Labs Elvis Hovor @kofibaron Shimon Modi @shimonmodi Shaan Mulchandani @alabama_shaan Unstructured Threat Intelligence Processing using NLP Enhancing Cyber Security Operations by Automating

More information

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D. 18th Annual Space & Missile Defense Symposium IAMD Evolution and Integration/Key Topic: Predictive Cyber Threat Analysis Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

More information

Dealing with Big Data in Cyber Intelligence

Dealing with Big Data in Cyber Intelligence Dealing with Big Data in Cyber Intelligence Greg Day Security CTO, EMEA, Symantec Session ID: HT-303 Session Classification: General Interest What will I take away from this session? What is driving big

More information

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 3115.10E March 24, 2006 USD(I) SUBJECT: Intelligence Support to Personnel Recovery References: (a) Title 10, United States Code (b) Title 50, United States Code

More information

Espionage and Intelligence. Debra A. Miller, Book Editor

Espionage and Intelligence. Debra A. Miller, Book Editor Espionage and Intelligence Debra A. Miller, Book Editor Intelligence... has always been used by the United States to support U.S. military operations, but much of what forms today s intelligence system

More information

The Third Rail: New Stakeholders Tackle Security Threats and Solutions

The Third Rail: New Stakeholders Tackle Security Threats and Solutions SESSION ID: CXO-R03 The Third Rail: New Stakeholders Tackle Security Threats and Solutions Ted Ross Director, Threat Intelligence HP Security Research @tedross Agenda My brief background An example of

More information

SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS

SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS Samir Saklikar RSA, The Security Division of EMC Session ID: CLE T05 Session Classification: Intermediate Agenda Advanced Targeted

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

81% of participants believe the government should share more threat intelligence with the private sector.

81% of participants believe the government should share more threat intelligence with the private sector. Threat Intelligence Sharing & the Government s Role in It Results of a Survey at InfoSec 2015 Section 1 1.1 Executive summary The last few years has seen a rise in awareness regarding security breaches

More information

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat

More information

All about Threat Central

All about Threat Central All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward

More information

Threat Intelligence Buyer s Guide

Threat Intelligence Buyer s Guide Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!

More information

Intelligence Driven Security

Intelligence Driven Security Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings

More information

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC

Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC WHITE PAPER Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC www.openioc.org OpenIOC 1 Table of Contents Introduction... 3 IOCs & OpenIOC... 4 IOC Functionality... 5

More information

Can We Become Resilient to Cyber Attacks?

Can We Become Resilient to Cyber Attacks? Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment

More information

Unknown threats in Sweden. Study publication August 27, 2014

Unknown threats in Sweden. Study publication August 27, 2014 Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

More information

Cyber Situational Awareness for Enterprise Security

Cyber Situational Awareness for Enterprise Security Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Anatomy of Cyber Threats, Vulnerabilities, and Attacks Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,

More information

US-CERT Year in Review. United States Computer Emergency Readiness Team

US-CERT Year in Review. United States Computer Emergency Readiness Team US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

A Primer on Cyber Threat Intelligence

A Primer on Cyber Threat Intelligence A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly

More information

Ty Miller. Director, Threat Intelligence Pty Ltd

Ty Miller. Director, Threat Intelligence Pty Ltd Ty Miller Director, Threat Intelligence Pty Ltd Security Specialist Creator of Threat Analytics CREST Tech Lead, Assessor, Board of Directors Trained likes of FBI, US DoD, US Mil, International Govt agencies,

More information

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Dave Plzak Security Evangelist Sentinel IPS davep@econet.com * Agenda Review of the current Network

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Modern Approach to Incident Response: Automated Response Architecture

Modern Approach to Incident Response: Automated Response Architecture SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security

More information

WHITE HOUSE OFFICE, OFFICE OF THE SPECIAL ASSISTANT FOR NATIONAL SECURITY AFFAIRS: Records, 1952-61 NSC Series, Briefing Notes Subseries

WHITE HOUSE OFFICE, OFFICE OF THE SPECIAL ASSISTANT FOR NATIONAL SECURITY AFFAIRS: Records, 1952-61 NSC Series, Briefing Notes Subseries WHITE HOUSE OFFICE, OFFICE OF THE SPECIAL ASSISTANT FOR NATIONAL SECURITY AFFAIRS: Records, 1952-61 NSC Series, Briefing Notes Subseries CONTAINER LIST Box No. Contents 1 AEC--Policy on Use of Atomic Weapons

More information

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration Tomas Sander HP Labs Forward Looking Statements Rolling roadmap up to three years and is subject to change without

More information

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS * Agenda! Review of the current Network Security

More information

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense Tony Sager The Center for Internet Security Classic Risk Equation Risk = { Vulnerability, Threat, Consequence } countermeasures

More information

After the Attack: RSA's Security Operations Transformed

After the Attack: RSA's Security Operations Transformed After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians? From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that

More information

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant THREAT INTELLIGENCE Rafal Los Director, Solutions Research Office of the CISO, Accuvant James Robinson Director, Information Security, Accuvant Jason Clark Chief Strategy and Security Officer, Accuvant

More information

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security

More information

MISSION-ESSENTIAL INTELLIGENCE AND CYBER SOLUTIONS

MISSION-ESSENTIAL INTELLIGENCE AND CYBER SOLUTIONS Presentation to the Cyber Security & Critical Infrastructure Protection Symposium March 20, 2013 PREPARED REMARKS BARBARA ALEXANDER, DIRECTOR OF CYBER INTELLIGENCE TASC INFRASTRUCTURE PROTECTION AND SECURITY

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:

FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE: WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if

More information

After the Attack. The Transformation of EMC Security Operations

After the Attack. The Transformation of EMC Security Operations After the Attack The Transformation of EMC Security Operations Thomas Wood Senior Systems Engineer, GSNA CISSP RSA, The Security Division of EMC Thomas.WoodJr@rsa.com 1 Agenda Review 2011 Attack on RSA

More information

ORGANIZADOR: APOIANTE PRINCIPAL:

ORGANIZADOR: APOIANTE PRINCIPAL: ORGANIZADOR: APOIANTE PRINCIPAL: Miguel Gomes 912412885 luismiguel_gomes@symantec.com Alliances Portugal, Africa, Brasil Coverage One of the biggest CSP worlwide Tec. Inovator Strong Cloud Bet and investment

More information

The Strategic Importance, Causes and Consequences of Terrorism

The Strategic Importance, Causes and Consequences of Terrorism The Strategic Importance, Causes and Consequences of Terrorism How Terrorism Research Can Inform Policy Responses Todd Stewart, Ph.D. Major General, United States Air Force (Retired) Director, Program

More information

Defense Security Service

Defense Security Service Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

MANAGED SECURITY SERVICES (MSS)

MANAGED SECURITY SERVICES (MSS) MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The

More information

Open Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team

Open Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team Open Source Threat Intelligence Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team 2 Before we begin All trademarks belong to their respective owners. No association with any other organizations,

More information

WHITE PAPER: THREAT INTELLIGENCE RANKING

WHITE PAPER: THREAT INTELLIGENCE RANKING WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes

More information

Redefining SIEM to Real Time Security Intelligence

Redefining SIEM to Real Time Security Intelligence Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities

More information

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation

More information

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro

ICS, SCADA, and Non-Traditional Incident Response. Kyle Wilhoit Threat Researcher, Trend Micro ICS, SCADA, and Non-Traditional Incident Response Kyle Wilhoit Threat Researcher, Trend Micro 1 $whoami Threat Researcher, FTR, Trend Micro Threat Researcher at Trend Micro- research and blogger on criminal

More information

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

All Information is derived from Mandiant consulting in a non-classified environment.

All Information is derived from Mandiant consulting in a non-classified environment. Disclaimer: All Information is derived from Mandiant consulting in a non-classified environment. Case Studies are representative of industry trends and have been derived from multiple client engagements.

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Gregg Gerber. Strategic Engagement, Emerging Markets

Gregg Gerber. Strategic Engagement, Emerging Markets Government of Mauritius Gregg Gerber Strategic Engagement, Emerging Markets 2 (Advanced) Persistent Targeted attacks 2010 2011 2012 Time 1986-1991 Era of Discovery 1992-1998 Era of Transition 1999-2005

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

Situational Awareness A Discussion

Situational Awareness A Discussion Situational Awareness A Discussion Dean Weber March, 2012 The Current Situation take one spending incidents financial losses overall risk grows resources applied grows but no real progress The situation

More information

Enterprise Capabilities Descriptions

Enterprise Capabilities Descriptions 1 SYSTEMS ENGINEERING & INTEGRATION 6 COMMUNICATIONS SYSTEMS 11 LIFECYCLE SYSTEMS ENGINEERING 12 LIFECYCLE SYSTEMS INTEGRATION 13 MISSION INTEGRATION 14 DISCIPLINES 15 DOMAINS 2 CYBER 21 CYBER STRATEGIC

More information

The New ROI: Results Oriented Intel. David Amsler, Founder

The New ROI: Results Oriented Intel. David Amsler, Founder The New ROI: Results Oriented Intel David Amsler, Founder Foreground Security Dedicated Security services firm Founded in 2000 with offices in Florida, Virginia, and Maryland Federal and commercial clients

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

White Paper: Cyber Hawk or Digital Dove

White Paper: Cyber Hawk or Digital Dove White Paper: Cyber Hawk or Digital Dove Published By: SkillBridge, LLC September 18, 2013 Today s Modern Warfare With the recent debate over whether or not the United States should take military action

More information

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats. Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive

More information

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events

Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Applying Internal Traffic Models to Improve Identification of High Fidelity Cyber Security Events Abstract Effective Security Operations throughout both DoD and industry are requiring and consuming unprecedented

More information

AppGuard. Defeats Malware

AppGuard. Defeats Malware AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits

More information

Risk Management Handbook

Risk Management Handbook Risk Management Handbook 1999 Introduction Risk management is the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost. The analytical risk

More information

Evaluating DMARC Effectiveness for the Financial Services Industry

Evaluating DMARC Effectiveness for the Financial Services Industry Evaluating DMARC Effectiveness for the Financial Services Industry by Robert Holmes General Manager, Email Fraud Protection Return Path Executive Summary Email spoofing steadily increases annually. DMARC

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Threat Intelligence Platforms: The New Essential Enterprise Software

Threat Intelligence Platforms: The New Essential Enterprise Software Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise

More information

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

More information

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Achieving World-Class Security in Today s Cost-Conscious Business Climate

Achieving World-Class Security in Today s Cost-Conscious Business Climate WHITE PAPER Achieving World-Class Security in Today s Cost-Conscious Business Climate Bringing Real InfoSec to Regular Companies 1 About Confer Confer developed the world s first cyberthreat prevention

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

GOOD SECURITY IS A GROUP EFFORT

GOOD SECURITY IS A GROUP EFFORT THE OFFICE OF SECURITY Operations Security (OPSEC) GOOD SECURITY IS A GROUP EFFORT Operations Security (OPSEC) "Even minutiae should have a place in our collection, for things of a seemingly trifling nature,

More information

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner

SR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner SR B17 The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner Director - Engineering, Global Intelligence Network Symantec Intelligence Group Agenda 1 2 3 5 Symantec Intelligence

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION How ThreatBLADES add real-time threat scanning and alerting to the Analytics Platform INTRODUCTION: analytics solutions have become an essential weapon

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

RSA Security Anatomy of an Attack Lessons learned

RSA Security Anatomy of an Attack Lessons learned RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack

More information

Hybrid Warfare & Cyber Defence

Hybrid Warfare & Cyber Defence Hybrid Warfare & Cyber Defence Maj Gen Thomas FRANZ, DEU AF SHAPE DCOS CIS & CD Characteristics of Hybrid Warfare Alternate means to achieve goals Lines blurred between: state-onstate wars, counterinsurgency

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to

More information

Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game.

Endpoint Security - HIPS. egambit, your defensive cyber-weapon system. You have the players. We have the game. egambit Endpoint Security - egambit, your defensive cyber-weapon system. You have the players. We have the game. TEHTRI-Security 2010-2015 www.tehtri-security.com Endpoint Security In this document, we

More information

A New Approach to Assessing Advanced Threat Solutions

A New Approach to Assessing Advanced Threat Solutions A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information