Cyber Threat Intelligence Sharing Standards-based Repository

Slides:

Advertisements

Similar presentations

Test Automation Success: Choosing the Right People & Process

Advertisements

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

A Fast Growing Market. Interesting New Players Lyzasoft.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

The Integration Story: Rational Quality Manager / Team Foundation Server / Quality Center Introductions This presentation will provide an introduction.

Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.

CASE Tool Evolution Computer-aided documentation Computer- aided diagramming Analysis and design tools Automated design analysis Automated.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Threat context TLP WHITE Cyber security panel

Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)

Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

How to Make Cyber Threat Intelligence Actionable

1 © 2014 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.

CallFire & Real Estate Marketing. CallFire is a Santa Monica based technology company, dedicated to providing Real Estate firms innovative communication.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

An Anatomy of a Targeted Cyberattack

Understanding and breaking the cyber kill chain

Proactive Incident Response

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Hurricanes, Earthquakes, and Threat Intelligence

OIT Security Operations

Cybersecurity Information Sharing Act of 2015(CISA) and Automated Indicator Sharing (AIS) Presentation is about 45 minutes with 15 Q&A.

Today’s cyber security landscape

Apache Spot (Incubating)

Modern Systems Analysis and Design Third Edition

STIX Interoperability

DISA Global Operations

Defeat Tomorrow’s Threats Today

Introduction to a Security Intelligence Maturity Model

Intelligence Driven Defense, The Next Generation SOC

California Cybersecurity Integration Center (Cal-CSIC)

Reducing Cost and Risk During an Investigation

Advanced Threat Protection

CYBER THREAT INTELLIGENCE

Cyber Security coordination in Europe CERT-EU’s perspective

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Dr Paul Lewis Chief Technology Officer

Security Automation Standards Landscape

Transforming IT Management

6 Recommendations for Driving Business Value from Test Automation.

CIS 515 STUDY Lessons in Excellence-- cis515study.com.

Cyber Security Fingerprint Secure systems, protect production

Combining the best of Audit and Penetration Testing

Tools of Software Development

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

BizNOW Selling Together

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

Skybox Cyber Security Best Practices

Modern Systems Analysis and Design Third Edition

Modern Systems Analysis and Design Third Edition

Coordinated Security Response

Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 26 September 2018.

GRC - A Strategic Approach

Mitre Att&ck Matrix RA PS...Trebuchet Font makes crazy ampersands but I was to lazy to change it.

Protect data in core business applications

CYBER RISKS IN SECURITIES SERVICES

MSSP Security Orchestration Shopping List

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

OPIsrael And The Value Of Next Generation SOCs

Presentation transcript:

Cyber Threat Intelligence Sharing Standards-based Repository September 22, 2018 [Classification]

Cyber Intelligence Sharing Sharing is Essential to the Industry and Core to the FS-ISAC Intelligence sharing is the primary method of: Detecting industry targeting Detecting institution targeting Identifying new Techniques, Tactics and Procedures Locating Advanced Persistent Threats Issues Today with Sharing Today the industry processes very little of the intelligence it receives Manual, Time Consuming, Costly Practicing cost avoidance Industry average of 7 man hours to process a single intelligence document Only a fraction of the documents are processed Manually processing the entire CISCP document would cost over $10 million per Financial Institution Bad People Bad Things Bad Events Threat Intelligence

Cyber Intelligence Sharing Solution Let machines do machine work – process all intelligence at wire speed Use standards whenever possible to support Machine-to-Machine (M2M) DHS Sponsored Mitre standards, STIX & TAXII Make intelligence more accessible to those with less resources Small/ Medium Member Institutions Little security resources available Drive adoption through high-level service & ease of use for all types of member institutions Innovate - Incrementally increase adoption, fidelity, and automation More on STIX Standards Right-click to open PDF

Today’s Threat Intelligence Detail with Initial Cyber Intel Repository Today’s Threat Intelligence Early adopters integrate with the repository, sighting same malicious activity Although still unclear, there is a level of automation Manual Sharing – You can only process a handful threat indicators The threat landscape is opaque IP Address: 172.198.1.1 Member #2 We also see this!! IP Address: 172.198.1.1 We just got pwned 

Next Version of Cyber Intel Repository Better capabilities with bi-directional machine-to-machine support Visibility and confirmation of the threat increases IP Address: 172.198.1.1 Port 80 Member #2 We also see this!! Member #1 IP Address: 172.198.1.1 Port 80 Sighting 8/5/18: Member #5 Sighting 8/8/18: Member #3

Next Year Significant portion of large financial institutions share their threats Detail of malicious activity and actor becomes clearer IP Address: 172.198.1.1 Port 80 User-Agent: Foo Get Vars: fun=2 Actor: Abe Lincoln Alias: L1c0lN Campaign: Occupy Whitehouse RFI w/v2.x 80% of Premier+ members respond to the RFI automatically Repo/Consumer

Security Standards Proliferation Multiple industries utilizing repositories sharing detailed sightings A clear picture of many malicious actors, activities, and threats IP Address: 172.198.1.1 Port 80 User-Agent: Foo Get Vars: fun=2 Actor: Abe Lincoln Alias: L1c0lN Campaign: Occupy Whitehouse

Many Other Organizations Logical Solution One firm’s incident is another firm’s defense Federation of repositories serve as community hubs Detection of a threat, instantly shared to trusted members Cost to adversaries increased; cost to firms decreased Organization A 1 Detect a Threat 2 Enrich Threat Data Filter Policy for Sharing Machine-to-Machine API ISAC Repository 3 Store, Maintain Trust, Build Confidence in Threat Data Machine-to-Machine API 4 ISAC – Information Sharing Analysis Center FI – Financial Institution US-CERT – US Computer Emergency Response Team Consume & Analyze 5 Actionable Intel = Proactive Defense Many Other Organizations

Benefits Save Time  Lower Costs  Reduce Risk One Firm’s Incident/ Exploit becomes Another’s Control/ Defense Less time & effort needed to: Aggregate, Store, Understand Threat Data Enrich/ Increase Fidelity of Threat Data Communicate Threat Data Action to Defend or Mitigate Security analysts would focus on analysis instead of machine work Reinvest time to improve risk posture Improving analytics of threats, linking TTPs to indicators, identifying new tool kits Become more pre-emptive, breaking the kill-chain earlier Better intelligence  better defense  increases cost of malicious activity Analysts can spend time analyzing & enriching threat data vs. collecting & verifying Moving to the Left of the Hack Eliminates Threats Before Being Compromised

Where We are Today Active working group, multiple meetings per month, interest and adoption growing across multiple industries and countries Working closely with DHS, US-CERT, and Mitre to create and align intelligence sharing standards Launched initial Repository – more coming Version 1: released in May First standards based repository, first TAXII implementation Tracking 37,000 Indicators Version 2: release in Fall 2013 Full STIX backend, supporting all STIX object types Bi-directional TAXII support Visit our webpage for more information www.fsisac.com/CyberIntelligenceRepository Right-click to open PDF