Unstructured Threat Intelligence Processing using NLP



Similar documents
DYNAMIC DNS: DATA EXFILTRATION

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Ty Miller. Director, Threat Intelligence Pty Ltd

IBM SECURITY QRADAR INCIDENT FORENSICS

Practical Threat Intelligence. with Bromium LAVA

The Future of the Advanced SOC

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Threat Intelligence: Friend of the Enterprise

All about Threat Central

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

ONLINE RECONNAISSANCE

Situational Awareness A Discussion

Cyber Security Operations: Building or Outsourcing

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Securing your IT infrastructure with SOC/NOC collaboration

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Hunting for the Undefined Threat: Advanced Analytics & Visualization

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

TEXT ANALYTICS INTEGRATION

idata Improving Defences Against Targeted Attack

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Can We Become Resilient to Cyber Attacks?

Direct-to-Company Feedback Implementations

Marble & MobileIron Mobile App Risk Mitigation

Social Media Implementations

How To Create An Insight Analysis For Cyber Security

Covert Operations: Kill Chain Actions using Security Analytics

A Primer on Cyber Threat Intelligence

Defense Security Service

WHITE PAPER: THREAT INTELLIGENCE RANKING

Threat Intelligence Platforms: The New Essential Enterprise Software

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Vulnerability Management

The New ROI: Results Oriented Intel. David Amsler, Founder

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Modern Approach to Incident Response: Automated Response Architecture

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

Detect & Investigate Threats. OVERVIEW

Supplier Relationship Management Tools

Best Practices for Vulnerability Management

How To Integrate Intelligence Based Security Into Your Organisation

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

Dealing with Big Data in Cyber Intelligence

Tivoli Security Information and Event Manager V1.0

Achieving World-Class Security in Today s Cost-Conscious Business Climate

Making critical connections: predictive analytics in government

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Defending Against Data Beaches: Internal Controls for Cybersecurity

Managing Threat Intelligence in a World of Information Overload

Attack Intelligence: Why It Matters

Gaining the upper hand in today s cyber security battle

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

A Systemic Artificial Intelligence (AI) Approach to Difficult Text Analytics Tasks

REVOLUTIONIZING ADVANCED THREAT PROTECTION

D&B Data Manager Your Data Management process in the Cloud. Transparent, Complete & Up-To-Date Master Data

The Big Data Paradigm Shift. Insight Through Automation

Actionable information for security incident response

SCALABLE SYSTEMS LIFE SCIENCE & HEALTHCARE PRACTICES

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Data Driven Assessment of Cyber Risk:

After the Attack. The Transformation of EMC Security Operations

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

White Paper. Intelligence Driven. Security Monitoring. v nexusguard.com

Threat Intelligence UPDATE: Cymru EIS Report. cymru.com

After the Attack: RSA's Security Operations Transformed

RSA Security Anatomy of an Attack Lessons learned

PREDICTIVE ANALYTICS DEMYSTIFIED

Risk Analytics for Cyber Security

A Funny Thing Happened On The Way To OASIS: From Specifications to Standards

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Accenture Cyber Security Transformation. October 2015

SPEAR PHISHING AN ENTRY POINT FOR APTS

Master big data to optimize the oil and gas lifecycle

The Business Justification for Cyber Threat Intelligence. How advanced intelligence improves security, operational efficiency and strategic planning

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Apigee Insights Increase marketing effectiveness and customer satisfaction with API-driven adaptive apps

Mike Maxey. Senior Director Product Marketing Greenplum A Division of EMC. Copyright 2011 EMC Corporation. All rights reserved.

Symantec Cyber Security Services: DeepSight Intelligence

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

BMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization

Data Loss Prevention with Platfora Big Data Analytics

Combating a new generation of cybercriminal with in-depth security monitoring

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Some Thoughts on the Future of Cyber-security

Transcription:

Accenture Technology Labs Elvis Hovor @kofibaron Shimon Modi @shimonmodi Shaan Mulchandani @alabama_shaan Unstructured Threat Intelligence Processing using NLP

Enhancing Cyber Security Operations by Automating Threat Intelligence Extraction from Unstructured Sources Human driven processes are inadequate to effectively utilize increasing amount of cyber threat intelligence Challenges Threat intelligence provided in advisories, reports and other text formats require human analysts to parse and extract relevance. Difficult to scale human driven processes for increased amount of threat data that needs to analyzed. Multiple sources detail the same threat intelligence leading to wasted analysis effort and inefficiencies in general. Rely on human memory to spot connections among disparate advisories.

Desired Outcomes of Using Unstructured Threat Data Solution that allows Threat Intelligence teams to utilize their human expertize by automating extraction of threat data from unstructured text sources Desired Outcomes Threat intelligence provided in advisories, reports and other text formats require human analysts to parse and extract relevance. Difficult to scale human driven processes for increased amount of threat data that needs to analyzed. Multiple sources detail the same threat intelligence leading to wasted analysis effort and inefficiencies in general. Rely on human memory to spot connections among disparate advisories. Conduct automated threat searches specific actors or TTPs Track threat data on indicators, actors and TTPs from multiple sources with minimal manual effort

Closing the Attacker s Window of Opportunity Cyber Kill Chain Reconnaissance Weaponize Deliver Exploit Install Command and Control Act Attack State Pre-Attack Gain Foothold Ongoing Attack Respond Threat intelligence is disseminated quicker in unstructured text sources and is often more timely. Unstructured Threat Intelligence Structured Threat Intelligence Enabled Reducing cost of containing and mitigating the attack Current Security Operations 4

Solution Framework Underground Social Media Websites Sites Advisories Flash Warnings Blogs Analysis Reports Natural Language Processing Module Collect Information Extraction Standardize (STIX) Filter & Prioritize Reporting & Visualization Relational DB Indicator of Compromise TTPS Course of Action (COA) Exploit Target Asset Categorization Relevance Ratings CMDB Asset Scoring Graph DB Campaigns Actors Incidents 5

Using the Unstructured Threat Intelligence Processing Tool 6

Upload a file for the parsing of threat data into STIX data constructs 7

Copy and paste any text directly into the field below to extract threat data into STIX constructs 8

Insert any URL into the field to retrieve threat data in text format of the given URL 9

Automate threat data retrieval from various web sites via Scumblr to allow constant ingest of unstructured threat data 0

5 The dashboard provides a view of extracted threat data from documents mapped to STIX data constructs. Each individual piece of threat data is counted to determine the overall threat s trend within the specified date range. 5 4 4 4 4

This page shows a prioritized list of threat documents that were uploaded based on their overall relevance score. Relevance is determined by the score of the Additional actions can be taken on each ingested threat document. (e.g. show details or display visualizations of analytics on data from the documents)

Displays the original text of the threat document Extracted intelligence from threat document mapped to STIX

Drill down by STIX construct to see threat data extracted from the documents Asset Up-vote or down-vote any element extracted to tune the NLP engine s accuracy 4

A custom tree node visualization is generated for each document and shows the elements extracted, their categories under STIX and all other documents that contain a related element 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information