Threat Intelligence Buyer s Guide
|
|
|
- Marianna Richard
- 10 years ago
- Views:
Transcription
1 Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Principal Analyst
2 Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2
3 This year, Arnold s back!! 2014 Forrester Research, Inc. Reproduction Prohibited 3
4 Agenda Threat intelligence trends Evaluating threat intelligence Recommendations 2014 Forrester Research, Inc. Reproduction Prohibited 4
5 Forrester defines threat intelligence as: Details of the motivations, intent, and capabilities of internal and external threat actors. Threat intelligence includes specifics on the tactics, techniques, and procedures of these adversaries. Threat intelligence's primary purpose is to inform business decisions regarding the risks and implications associated with threats Forrester Research, Inc. Reproduction Prohibited 5
6 Threat intelligence trends 2014 Forrester Research, Inc. Reproduction Prohibited 6
7 Actionable intel meet Terry Tate The leading provider of actionable intelligence Forrester Research, Inc. Reproduction Prohibited 7
8 Challenges Gleaning intelligence from a multitude of feeds and data Dealing with variances in data quality and relevancy Validating third-party intelligence Tactical focus of intelligence programs 2014 Forrester Research, Inc. Reproduction Prohibited 8
9 Operationalizing intelligence = cat herding 2014 Forrester Research, Inc. Reproduction Prohibited 9
10 Operationalizing intelligence 2014 Forrester Research, Inc. Reproduction Prohibited 10
11 Threat intelligence sharing We share at about the same speed that George R.R. Martin writes novels, which is slow Quid pro quo and relationship driven You cannot automate trust 2014 Forrester Research, Inc. Reproduction Prohibited 11
12 Sharing standards adoption FS-ISAC & DHS are driving adoption of STIX/TAXII STIX (Structured Threat Information expression) TAXII (Trusted Automated Exchange of Indicator Information) FS-ISAC members are pushing vendors to support them 2014 Forrester Research, Inc. Reproduction Prohibited 12
13 My threat intel can beat up your threat intel 2014 Forrester Research, Inc. Reproduction Prohibited 13
14 Crowded market place research preview 2014 Forrester Research, Inc. Reproduction Prohibited 14
15 Intelligence providers deliver Examples: Examples: Threat indicator feeds (host/network) Cryptolocker analysis Tactical/ope rational intel Strategic intel Executive briefs Campaign analysis Industry specific threat assessments 2014 Forrester Research, Inc. Reproduction Prohibited 15
16 Agenda Threat intelligence trends Evaluating threat intelligence Recommendations 2014 Forrester Research, Inc. Reproduction Prohibited 16
17 Before we start 2014 Forrester Research, Inc. Reproduction Prohibited 17
18 Before we start, STOP 2014 Forrester Research, Inc. Reproduction Prohibited 18
19 You have to have an actual strategy Jerry the owner isn t happy with Jerry the general manager 2014 Forrester Research, Inc. Reproduction Prohibited 19
20 Before we start, stop What is your mission? What are your intelligence requirements? Develop requirements: What threat actors target you? What are they after? Do you know your organization's priorities? Do you know the risks to your business? 2014 Forrester Research, Inc. Reproduction Prohibited 20
21 Align with business risks 2014 Forrester Research, Inc. Reproduction Prohibited 21
22 The Intelligence Cycle Use the Intelligence Cycle as a framework to evaluate intelligence sources 2014 Forrester Research, Inc. Reproduction Prohibited 22
23 1) Planning and direction How does the provider develop intel requirements? How do the provider s intelligence requirements align with yours? Threat actor, vertical specific, malware, geopolitical How does the provider work with you? What feedback mechanisms exists? 2014 Forrester Research, Inc. Reproduction Prohibited 23
24 2) Collection What are providers collection capabilities? OSINT, HUMINT, language coverage, geos P2P, honeypots, Tor, crawlers, professional service engagements, vendor products footprint Do collection capabilities align with your intelligence requirements? Overcome the sources and methods challenge 2014 Forrester Research, Inc. Reproduction Prohibited 24
25 2) Collection continued Collection management should be a function within your intelligence team You must be able to identify your collection gaps Then you can make a build versus buy decision 2014 Forrester Research, Inc. Reproduction Prohibited 25
26 3) Processing Raw data is transformed into information for analysis What platform is used for processing? How does processing enable timely intelligence production? How do you prioritize processing based on intelligence requirements? 2014 Forrester Research, Inc. Reproduction Prohibited 26
27 4) Analysis and production Understand the analytic methodology used to derive intelligence (Diamond) What analysis platform is used? (Is it available to customers?) Who is doing the analysis? Background and skillsets? Intelligence community Incident responders Malware analysts 2014 Forrester Research, Inc. Reproduction Prohibited 27
28 4) Analysis and production continued Vulnerability analysis Campaign analysis Periodic summaries (weekly/monthly) Brand monitoring Custom products Common intelligence products Malware analysis Threat actor analysis High value target alerting Executive briefings Threat feeds 2014 Forrester Research, Inc. Reproduction Prohibited 28
29 Measuring intelligence Characteristics of valuable intelligence Accurate Pretty obvious Timely Meh, stale indicators Relevant Aligned with intelligence requirements Tailored Audience appropriate (tactical/strategic) Predictive Anticipates threat activity Actionable Can be easily integrated into security controls 2014 Forrester Research, Inc. Reproduction Prohibited 29
30 Measuring intelligence Characteristics of valuable intelligence Accurate Pretty obvious Timely Meh, stale indicators Relevant Aligned with intelligence requirements Tailored Audience appropriate (tactical/strategic) Predictive Anticipates threat activity Actionable Can be easily integrated into security controls Do you actually get hits? Compare with peer orgs Forrester Research, Inc. Reproduction Prohibited 30
31 5) Dissemination How do you help me make the intelligence actionable? 2014 Forrester Research, Inc. Reproduction Prohibited 31
32 5) Dissemination How do you help me make the intelligence actionable? A.pdf file? An list? A portal I have to login to? 2014 Forrester Research, Inc. Reproduction Prohibited 32
33 5) Dissemination How do you help me make the intelligence actionable? A.pdf file? An list? A portal I have to login to? Terry Tate is still out there 2014 Forrester Research, Inc. Reproduction Prohibited 33
34 5) Dissemination How do you help me make the intelligence actionable? A.pdf file? An list? A portal I have to login to? Terry Tate is still out there XML, JSON, STIX, IODEF, OpenIOC are better answers 2014 Forrester Research, Inc. Reproduction Prohibited 34
35 5) Dissemination continued Vendors must make APIs available to: Permit enterprises with development skills/bandwidth customization capabilities (1%ers) Better living through integrations Those without software development skills will have to rely upon product integrations NetCitadel has an interesting offering that automates (or semi-automates) responses to firewalls and proxies 2014 Forrester Research, Inc. Reproduction Prohibited 35
36 The Intelligence Cycle repeats 2014 Forrester Research, Inc. Reproduction Prohibited 36
37 Agenda Threat intelligence trends Evaluating threat intelligence Recommendations 2014 Forrester Research, Inc. Reproduction Prohibited 37
38 Recommendations 1) Avoid Expense in Depth 2014 Forrester Research, Inc. Reproduction Prohibited 38
39 2014 Forrester Research, Inc. Reproduction Prohibited 39
40 Expense in Depth Are you more secure? 2014 Forrester Research, Inc. Reproduction Prohibited 40
41 The 80s called, they want their security strategy back Don t blindly invest in intelligence Instead: Let intelligence requirements drive investment Invest based on collection gaps Measure your intelligence sources effectiveness And continue to do so periodically 2014 Forrester Research, Inc. Reproduction Prohibited 41
42 Recommendations 2) Focus on the Intelligence Analysis Platform 2014 Forrester Research, Inc. Reproduction Prohibited 42
43 Orchestrate your intelligence activities Quarterbacks orchestrate on the field 2014 Forrester Research, Inc. Reproduction Prohibited 43
44 Orchestrate your intelligence activities Quarterbacks orchestrate on the field 2014 Forrester Research, Inc. Reproduction Prohibited 44
45 Orchestrate your intelligence activities Quarterbacks orchestrate on the field 2014 Forrester Research, Inc. Reproduction Prohibited 45
46 An Intelligence Analysis Platform is your quarterback 2014 Forrester Research, Inc. Reproduction Prohibited 46
47 Intelligence Analysis Platform capabilities Rate intelligence source value Manage threat indicators Asset aware Have an API for making intelligence actionable Enables analysis (visualization, pivoting) Provide enrichment Active DNS, GeoIP, Maltego, Passive DNS, VirusTotal 2014 Forrester Research, Inc. Reproduction Prohibited 47
48 Intelligence Analysis Platforms Solutions Cyber Squared ThreatConnect Detica CyberReveal IBM i2 Analyst's Notebook Lockheed Martin Palisade Lookingglass ScoutPlatform Maltego MITRE CRITs (Collaborative Research Into Threats) Palantir 2014 Forrester Research, Inc. Reproduction Prohibited 48
49 Recommendations 3) Have an actual strategy 2014 Forrester Research, Inc. Reproduction Prohibited 49
50 Final thoughts Don t be Jerry Jones, proceed wisely Develop intelligence requirements that focus both internally and externally Manage collection capabilities 2014 Forrester Research, Inc. Reproduction Prohibited 50
51 You must demonstrate value An intelligence led defense has significant operating costs: $100k analysts (How many does your org have?) Hundreds of thousands to millions of dollars in technology investment How to show value Produce strategic intelligence products for executives Use intelligence for portfolio management Decrease dwell time metrics Communicate cost avoidance (Leverage financial impact data from public companies in your sector i.e. TGT 10K) 2014 Forrester Research, Inc. Reproduction Prohibited 51
52 Free research Follow me on Twitter for updates on upcoming research Previewed today: Market Overview: Threat Intelligence Service Providers (May) Forrester's Targeted Attack Hierarchy Of Needs (April) Participate in a research interview and get the final report for free (anonymous) Provide input that can drive vendor strategy 2014 Forrester Research, Inc. Reproduction Prohibited 52
53 My favorite 2014 Forrester Research, Inc. Reproduction Prohibited 53
54 Thank you Rick Holland +1
Separating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
After the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
Threat Intelligence is Like Three Day Potty Training
SESSION ID: CXO-T08R Threat Intelligence is Like Three Day Potty Training Rick Holland Principal Analyst Forrester Research @rickhholland Potty training method that guarantees success so you can say goodbye
Eight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
Threat Intelligence Platforms: The New Essential Enterprise Software
Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise
The Third Rail: New Stakeholders Tackle Security Threats and Solutions
SESSION ID: CXO-R03 The Third Rail: New Stakeholders Tackle Security Threats and Solutions Ted Ross Director, Threat Intelligence HP Security Research @tedross Agenda My brief background An example of
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS * Agenda! Review of the current Network Security
All about Threat Central
All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH-032015
Rapid IOC Detection and Remediation WP-ATH-032015 EXECUTIVE SUMMARY In the escalating war that is cyber crime, attackers keep upping their game. Their tools and techniques are both faster and stealthier
Attack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 [email protected] www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
FS-ISAC CHARLES BRETZ
FS-ISAC CHARLES BRETZ Information Sharing To be forewarned is to be fore-armed MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector
A Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
White Paper: Leveraging Web Intelligence to Enhance Cyber Security
White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti)
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti) Alex Pinto Chief Data Scientist MLSec Project @alexcpsec @MLSecProject Alexandre Sieira CTO Niddel @AlexandreSieira
Attribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our
The business Side of threat Intelligence. Cyber Squared Inc.
The business Side of threat Intelligence 1 WhoAm I? CEO of CyberSquared Inc., the company behindthreatconnect TM. Founding member of the company, started in 2011. Experience inprogramming, network security,
How to Use Cyber Threat Intelligence in my Workflows?
How to Use Cyber Threat Intelligence in my Workflows? The Power of Global Cyber Threat Intelligence There is a great deal of power that comes along with knowing your adversary. By mapping his past activities
Data- Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti)
Data- Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing (#ddti) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject Alexandre Sieira CTO Niddel @AlexandreSieira
Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
Threat intelligence. A buyer s guide
Threat intelligence A buyer s guide 1 Table of Contents Executive summary... 03 1. Introduction... 04 The rise of digital business... 05 What is cyber threat intelligence?... 07 Common types of cyber threat
Can We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device
Product Brochure ThreatStream Optic ThreatStream Threat Intelligence Platform Imagine being able to make sense of all the threat information that s flowing through your security controls and coming from
Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
Cyber Intelligence Workforce
Cyber Intelligence Workforce Troy Townsend Melissa Kasan Ludwick September 17, 2013 Agenda Project Background Research Methodology Findings Training and Education Project Findings Workshop Results Objectives
Symantec Cyber Security Services: DeepSight Intelligence
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
Cymon.io. Open Threat Intelligence. 29 October 2015 Copyright 2015 esentire, Inc. 1
Cymon.io Open Threat Intelligence 29 October 2015 Copyright 2015 esentire, Inc. 1 #> whoami» Roy Firestein» Senior Consultant» Doing Research & Development» Other work include:» docping.me» threatlab.io
Cybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE
ANALYST DAY STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE TRAVIS REESE, PRESIDENT, MANDIANT CONSULTING AND ISIGHT INTELLIGENCE COPYRIGHT 2016, FIREEYE, INC. ALL RIGHTS RESERVED. INTELLIGENCE- LED
Security Business Intelligence Big Data for Faster Detection/Response
Security Business Intelligence Big Data for Faster Detection/Response SESSION ID: STU-R02B Stacy Purcell Security Architect Intel/IT Legal Notices This presentation is for informational purposes only.
The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations
FROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
Obtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
WHITE PAPER: THREAT INTELLIGENCE RANKING
WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
Threat Intelligence is Dead. Long Live Threat Intelligence!
SESSION ID: STR-R02 Threat Intelligence is Dead. Long Live Threat Intelligence! Mark Orlando Director of Cyber Operations Foreground Security Background Threat Intelligence is Dead. Long Live Threat Intelligence!
Cyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
Attackers are reusing attacks (because they work)
The Problem Attackers are reusing attacks (because they work) Defenders are collecting and/or sharing information, but Often a manual process (copy-paste from a PDF) Different sources provide different
Open Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team
Open Source Threat Intelligence Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team 2 Before we begin All trademarks belong to their respective owners. No association with any other organizations,
5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment Contents IT S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with
How To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks
ADVANCED KILL CHAIN DISRUPTION Enabling deception networks Enabling Deception Networks Agenda Introduction Overview of Active Defense Process Orchestration in Active Defense Introducing Deception Networks
Threat Intelligence: Friend of the Enterprise
SECURELY ENABLING BUSINESS Threat Intelligence: Friend of the Enterprise Danny Pickens Principal Intelligence Analyst MSS FishNet Security DANNY PICKENS Principal Intelligence Analyst, FishNet Security
Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity
Threat Intelligence for Dummies Karen Scarfone Scarfone Cybersecurity 1 Source Material Threat Intelligence for Dummies ebook Co-authored with Steve Piper of CyberEdge Group Published by Wiley Sponsored
Intelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
SITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
Evolution and Revolution of Cyber Threat Intelligence
Evolution and Revolution of Cyber Threat Intelligence March 20, 2013 PROPRIETARY INFORMATION Unauthorized distribution is prohibited. Agenda FS-ISAC Overview Cyber Threat Landscape Intelligence Primer
What is Cyber Threat Intelligence and why do I need it?
What is Cyber Threat Intelligence and why do I need it? Global Cyber Threat Intelligence much ado about something The Information Security market is buzzing about cyber threat intelligence. Following all
A Crisis Response, Information Sharing View of FFIEC Appendix J?
A Crisis Response, Information Sharing View of FFIEC Appendix J? Susan Rogers (MBCP, MBCI) Financial Services Information Sharing and Analysis Center FS-ISAC, Business Resiliency Director [email protected];
Advanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China [email protected] 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
Digital Evidence and Threat Intelligence
Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected
IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already
The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter
The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter 1. In what ways do private entities currently share with, and receive from, the government cyber threat information?
Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBER. An End-to-End Cyber Intelligence Platform
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBER An End-to-End Cyber Intelligence Platform Palantir Cyber: An End-to-End Cyber Intelligence Platform 2 TABLE OF CONTENTS 3 4 6 14 Introduction
Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the
Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS
2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion
Accenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
From Threat Intelligence to Defense Cleverness: A Data Science Approach (#tidatasci)
From Threat Intelligence to Defense Cleverness: A Data Science Approach (#tidatasci) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject () { :; }; whoami Alex Pinto That guy
RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015
RETHINKING ORC: NRF S CYBER SECURITY EFFORTS OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015 No Organization is Secure Source: http://www.informationisbeautiful.net An Average
Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA
Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat
All statistics mentioned in this report were taken from the 2014 survey unless otherwise noted.
About this Report In May 2014, Bizo, in association with Oracle Marketing Cloud, surveyed more than 500 business executives about their companies lead nurturing challenges and strategies. The survey revealed
Cyber Threat Intelligence: Has to Be a Better Way
Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging
Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
US-CERT Year in Review. United States Computer Emergency Readiness Team
US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals
THREAT INTELLIGENCE PLATFORMS Everything You ve Ever Wanted to Know But Didn t Know to Ask. www.threatconnect.com
THREAT INTELLIGENCE PLATFORMS Everything You ve Ever Wanted to Know But Didn t Know to Ask www.threatconnect.com 2015 ThreatConnect, Inc. All Rights Reserved 2015 ThreatConnect, Inc. All Rights Reserved
Detect, Contain and Control Cyberthreats
A SANS Whitepaper Written by Eric Cole, PhD June 2015 Sponsored by Raytheon Websense 2015 SANS Institute Introduction Dwell Time Relates to damage because the longer a system is compromised, the bigger
CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014
CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed
Threat Intelligence Sharing in a Connected World
a Cohort plc company Threat Intelligence Sharing in a Connected World Mass Consultants Ltd November 2015 Prepared by: MASS Enterprise House Great North Road Little Paxton St Neots Cambridgeshire PE19 6BN
The Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
SANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a