FS-ISAC CHARLES BRETZ



Similar documents
FIA Webinar Cybersecurity Threats: Preparation & Response June 29, 2015

A Crisis Response, Information Sharing View of FFIEC Appendix J?

Cybersecurity Panel. ABA Mutual Community Bank Conference Marriott Marquis Hotel, Washington, D.C.

Cybersecurity Awareness. Part 2

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Cybersecurity Awareness

Testimony of John W. Carlson on behalf of the. The Financial Services Information Sharing & Analysis Center (FS-ISAC)

Cybersecurity Awareness

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

FINANCIAL SERVICES INFORMATION SHARING & ANALYSIS CENTER (FS-ISAC) OPERATING RULES

Rapid Fire Security : Evolution to Revolution

Digital Evidence and Threat Intelligence

Clavister InSight TM. Protecting Values

Financial Services. Information Sharing & Analysis Center FS ISAC

Threat Intelligence Buyer s Guide

Report on CAP Cybersecurity November 5, 2015

The Third Rail: New Stakeholders Tackle Security Threats and Solutions

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

IT Security Strategy and Priorities. Stefan Lager CTO Services

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Perspectives on Cybersecurity in Healthcare June 2015

Evolution and Revolution of Cyber Threat Intelligence

US-CERT Year in Review. United States Computer Emergency Readiness Team

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

INFRAGARD.ORG. Portland FBI. Unclassified 1

External Supplier Control Requirements

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Find the intruders using correlation and context Ofer Shezaf

Cyber Information-Sharing Models: An Overview

NERC CIP Compliance with Security Professional Services

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Managing Cyber Attacks

Quantum Dawn 2 A simulation to exercise cyber resilience and crisis management capabilities. October 21, 2013

September 20, 2013 Senior IT Examiner Gene Lilienthal

The Next Generation Security Operations Center

Into the cybersecurity breach

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

LogRhythm and NERC CIP Compliance

ICIT - Institute for Critical Infrastructure Technology

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Data Breach Response Planning: Laying the Right Foundation

Actions and Recommendations (A/R) Summary

Franchise Data Compromise Trends and Cardholder. December, 2010

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

A New Approach to Assessing Advanced Threat Solutions

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Protecting Your Organisation from Targeted Cyber Intrusion

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Get the most out of Public Sector Cyber Security Associations & Collaboration

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

BT Assure Threat Intelligence

A Cyber Security Integrator s perspective and approach

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

CyberNEXS Global Services

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Soltra edge open cyber intelligence platform report

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Ecom Infotech. Page 1 of 6

THE TOP 4 CONTROLS.

OCIE Technology Controls Program

Preventing Corporate Account Takeover Fraud

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Ed McMurray, CISA, CISSP, CTGA CoNetrix

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Redefining Endpoint Security: Symantec Endpoint Protection Russ Jensen

After the Attack: RSA's Security Operations Transformed

Cisco Advanced Services for Network Security

The Protection Mission a constant endeavor

RETHINKING ORC: NRF S CYBER SECURITY EFFORTS. OMG Cross Domain Threat & Risk Information Exchange Day, March 23, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

New York State Department of Financial Services. Report on Cyber Security in the Banking Sector

The SIEM Evaluator s Guide

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

Transcription:

FS-ISAC CHARLES BRETZ

Information Sharing To be forewarned is to be fore-armed

MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector initiative formed in 1999 Designed/developed/owned by financial services industry Mitigate cybercrime, hactivist, nation state activity Process thousands of threat indicators per month 2004: 68 members; 2014: 5900 participants 2500 members bound by operating rules Sharing information globally FS-ISAC, Not for publication

PRIVATE SOURCES CROSS SECTOR SOURCES GOVERNMENT SOURCES Information Sources DHS Treasury & FS Regulators FBI, USSS, NYPD FS-ISAC Operations FS-ISAC 24x7 Security Operations Center Member Communications Information Security Physical Security Other Intel Agencies Business Continuity/ Disaster Response isight Partners Info Sec Secunia Vulnerabilities Wapack Labs Malware Forensics NC4 Phy Sec Incidents MSA Phy Sec Analysis Cross Sector (other ISACS) Open Sources (Hundreds) FS-ISAC, Not for publication Alerts Member Submissions Fraud Investigations Payments/ Risk

Information Sharing & Analysis Tools Threat Data, Information Sharing Anonymous Submissions CyberIntel Listserver Relevant/Actionable Cyber & Physical Alerts (Portal) Special Interest Group Listservers (Payments Risk Council and Payment Processor Information Sharing Council) Document Repository Member Surveys Risk Mitigation Toolkit Threat Viewpoints Ongoing Engagement Bi-weekly Threat Calls Emergency Member Calls Semi-Annual Member Meetings and Conferences Regional Outreach Program Bi-Weekly Educational Webinars Readiness Exercises US and EU Government Sponsored Exercises Cyber Attack against Payment Processes (CAPP) Exercise Advanced Threat/DDoS Exercise Industry exercises-systemic Threat, Quantum Dawn Two, etc. Financial Services Information Sharing & Analysis Center

Information Sharing: Traffic Light Protocol Restricted to a defined group (e.g., only those present in a meeting.) Information labeled RED should not be shared with anyone outside of the group This information may be shared with FS-ISAC members Information may be shared with FS-ISAC members and partners (e.g., vendors, MSSPs, customers). Information in this category is not to be shared in public forums This information may be shared freely and is subject to standard copyright rules FS-ISAC, Not for publication

How FS-ISAC Works: Circles of Trust IRC CYBER INTEL PRC IRC CHEF PRC Insurance Risk Council Clearing House and Exchange Forum Payments Risk Council CHEF CIC PPISC CIC CAC TIC Payment Processor Information Sharing Council Community Institution Council Compliance and Audit Council Threat Intelligence Committee PPISC TIC CAC Cyber Intel Cyber Intelligence List Member reports incident to Cyber Intel List Members respond with initial analysis and recommendations SOC completes analysis, anonymizes the source, and generates alert to general membership FS-ISAC, Not for publication

Automation Inflection Points 2014 Security automation launched 1999 FS-ISAC established 1993 All electronic ACH 1981 First version of online banking 1978 Electronic Funds Transfer Act 1876 First commercial telephone installation-by two bankers Financial Services Information Sharing & Analysis Center

The need for speed Attackers have honed their skills to come at you rapidly Defenders take a long time to feel the impact of an attack Initial Attack to Initial Compromise (Shorter Time Worse) Seconds Minutes Hours Days Weeks Months Initial Compromise to Data Exfiltration (Shorter Time Worse) 10% 75% 12% 2% 0% 1% Initial Compromise to Discovery (Longer Time Worse) 8% 38% 14% 25% 8% 8% 0% 0% 2% 13% 29% 54% SOLTRA An FS-ISAC DTCC Company

SECURITY AUTOMATION STATUS Soltra joint venture between FS-ISAC and DTCC Industry-owned utility to automate threat intelligence sharing DTCC IT & scalability; FS-ISAC community & best practices Funded by the industry, including SIFMA and some of its largest members Open standards (STIX, TAXII) Provide platform that can be extended to all sizes of financial services firms, other ISACs and industries Integrate with vendor solutions (firewalls, intrusion detection, anti-virus, threat intelligence, etc.) Soltra Edge First available was on 12/3/2014 FS-ISAC instance, January 2015 Over 900 downloads of Soltra Edge, less than half from financial services sector Adapter and Network capabilities -- 2015 Financial Services Information Sharing & Analysis Center

STIX Constructs An open standard to categorize cyber threat intelligence information Atomic What threat activity are we seeing? Tactical What threats should I look for on my networks and systems and why? Operational Where has this threat been seen? What can I do about it? What weaknesses does this threat exploit? Strategic Who is responsible for this threat? Why do they do this? What do they do?

Threat Intelligence Automation Solution Instead of 2% or less of attacks blocked, detected, or prevented, a much higher percentage of attacks are stopped. 1 5 3 Org A 2 4 Intelligence Repository Many Trusted Orgs Financial Services Information Sharing & Analysis Center

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information