A Primer on Cyber Threat Intelligence

Similar documents
isight Partners The Cyber Threat Intelligence Experts

WHITE PAPER: THREAT INTELLIGENCE RANKING

What is Cyber Threat Intelligence and why do I need it?

How To Create An Insight Analysis For Cyber Security

The Business Justification for Cyber Threat Intelligence. How advanced intelligence improves security, operational efficiency and strategic planning

How to Use Cyber Threat Intelligence in my Workflows?

The session is about to commence. Please switch your phone to silent!

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Gaining and Maintaining Support for a SOC. Jim Goddard Executive Director, Kaiser Permanente

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Cyber intelligence in an online world

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

SOLUTION PRIMER. Rafal Los Director, Solutions Research Office of the CISO, Accuvant. James Robinson Director, Information Security, Accuvant

81% of participants believe the government should share more threat intelligence with the private sector.

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Threat Intelligence. Benefits for the enterprise

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Security Analytics for Smart Grid

Threat Intelligence Platforms: The New Essential Enterprise Software

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

Cybersecurity Awareness. Part 1

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Advanced Threat Protection with Dell SecureWorks Security Services

Gaining the upper hand in today s cyber security battle

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Security Intelligence. Information Sharing Strategies Using Trusted Collaboration

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Practical Steps To Securing Process Control Networks

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Intelligence Driven Security

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

QRadar SIEM and FireEye MPS Integration

Defending Against Data Beaches: Internal Controls for Cybersecurity

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

The Next Generation Security Operations Center

7 Things All CFOs Should Know About Cyber Security

Managing cyber risks with insurance

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Security and Privacy

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

CYBER SECURITY, A GROWING CIO PRIORITY

Getting Ahead of Advanced Threats

Defending against modern cyber threats

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Combating a new generation of cybercriminal with in-depth security monitoring

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Can We Become Resilient to Cyber Attacks?

Zak Khan Director, Advanced Cyber Defence

Symantec Cyber Security Services: DeepSight Intelligence

Cyber Security Metrics Dashboards & Analytics

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Integrating MSS, SEP and NGFW to catch targeted APTs

Obtaining Enterprise Cybersituational

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Fostering Incident Response and Digital Forensics Research

CONSULTING IMAGE PLACEHOLDER

Modern Approach to Incident Response: Automated Response Architecture

The Future of the Advanced SOC

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

I D C A N A L Y S T C O N N E C T I O N

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

THE EVOLUTION OF SIEM

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Solutions Brochure. Security that. Security Connected for Financial Services

Rich Baich Principal March 22, 2012

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Risk Analytics for Cyber Security

September 20, 2013 Senior IT Examiner Gene Lilienthal

Information Security in Business: Issues and Solutions

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

FIVE PRACTICAL STEPS

TIBCO Cyber Security Platform. Atif Chaughtai

Cybersecurity Awareness

Ahead of the threat with Security Intelligence

Advanced Threats: The New World Order

Data Science Transforming Security Operations

EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Using SIEM for Real- Time Threat Detection

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

Transcription:

A Primer on Cyber Threat Intelligence

AS ADVERTISED 2

BUZZWORD BINGO! 3

TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly expanding attack surface area Mobile, cloud, virtualization, global business operations Large protection investments and no good prioritization filter Who, why, when, how Operational chaos Too many alarms, not enough people, poor prioritization Brain dead security tools that rely on past events/signatures Versus extremely agile adversaries Severe breaches continue 4

GLOBAL CYBER THREAT LANDSCAPE Active & Global Transcends Geographies and Sectors Multiple Motivations Cyber Crime, Espionage, Hacktivism, Destruction, etc. Low Entry Barriers Actors use what works; not necessarily sophisticated methods Open marketplace providing capabilities Structured & Vibrant Ecosystem providing better tools, infrastructure, sharing ideas and methods, pooling resources 5

MY INTELLIGENCE PHILOSOPHY Good intelligence allows decision makers to act more boldly The decision maker s time is valuable. Match his priorities command his attention Only deliver actionable information, no history lessons, no news reports The quality of the analysis is directly proportional to the quality of the question asked Good analysts are respected but not always popular No software can replace the analyst Intelligence is an art, not a science Less is more Everyone & everything is a potential information source Disperse the team, embed the resources, build a network across the silos Any system that does not sustain itself is not a system New does not mean better; Old does not mean better Intelligence can be Cheap-Fast- Accurate. Pick any two The buck stops with me; the team gets the credit

FORMAL RESEARCH PROCESS YIELDS RICH, CONTEXTUAL THREAT INTELLIGENCE Feedback & Clarification? i Collection Analysis Dissemination Intelligence Requirements Requested From Client Intelligence Requirements Created Based on Clients, Sectors and Adversaries Requirements Prioritized by Analysts, Matched to Current Holdings then Passed to Research Teams Collection Planning and Tasking of Global Teams Requirements Collected by Unique Global Teams and returned to Fusion Center Processing and Exploitation To Standardize Multiple Information Sources Ready for Analysis Analysis of Information and Production of Reporting for Clients Fully fused, Corroborated Crossreferenced and Edited Multi-source Intelligence Reporting Disseminated to Clients Client Feedback, Refinement of Intelligence Product 7

ACTIONABLE INTELLIGENCE OBJECTIVES Executives Strategic Provide understanding of identified and credible threats, correlated to business impact Managers & Analysts Operational Enable formulation of approaches to dealing with threats and prioritization of team activity Security Operators Tactical Provide understanding of how to mitigate threats and enable tools to do the heavy lifting 8

CYBER TACTICAL INTELLIGENCE Cyber Threat Intelligence Bad IP Address Actor Group Motivation Primary Targets Ability to Execute Additional IPs, Domains Malware Used Lures Vulnerabilities Targeted Historic Campaigns Successful Compromises Threat Data Feed Bad IP Address Ranking Last Hop Geo Location 9

WHAT ARE INTELLIGENCE REQUIREMENTS? Strategic questions What keeps the C-suite up at night? What news stories or business events seem to be their hot buttons? Will the Qassam Cyber Fighters (QCF) target us? Operational questions What does a targeted DDOS attack look like? How do we shape our defenses and responses? What are the technical capabilities of the QCF? What are the Tactics, Techniques and Procedures (Campaign) of the QCF? Tactical questions Which one of these 100 events should I examine first? What are attributable IOCs of the QCF? These questions are divided into answerable parts What is the pattern of who is attacked by QCF? How does a QCF campaign unfold, step by step = Priority Intelligence Requirements (PIR) and Other Intelligence Requirements (OIR) Drives the collection management plan Identifies intelligence gaps Create the needs statement &business case for new security services or products 10

EXAMPLE INTELLIGENCE DELIVERABLES Media Counterpoint - daily Threat Intelligence Briefing - daily or weekly Threat Intelligence Report - monthly Threat Intelligence Warning - as required Threat Intelligence Alert - as required Threat Scenarios - quarterly Sensor Enrichment - as required Threat Metrics weekly Intelligence Support Digital Brand Protection, Incident Response, Fraud, Attack Surface Management, Physical Security as required

Threat Actor Focus THREAT MATRIX Company X Hacktivist campaign Business sector Industry IP theft Enterprise General Novice Apprentice Competent Skilled Expert Threat Actor Capability

ACTIONABLE THREAT INTELLIGENCE FUNCTIONAL & TECHNICAL INTEGRATION Intelligence Governance Risk Compliance Surface Protections SIEM Incident Response Security Analytics Forensics Investigations Activity: Patch Management Ingress/Egress Blocking Event Prioritization Analyze Incidents (Who, Why) & Hunt for Issues Remediation & Attribution Value: Prioritize Most Critical Patches Enhance Protection Block with Confidence Shrink The Problem Improve Decisions Brief Executives Who/Why Attack Did We Find everything? 13

END TO END INTELLIGENCE PROCESS

isight Partners 200+ experts, 16 Countries, 24 Languages, 1 Mission W. Michael Susong +1 214 886 7714 msusong@isightpartners.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information