Mike Goffin 2014-10-17. Who am I? Mike Goffin Lead DeveloperProject Manager Senior Cyber Security Research Engineer The MITRE Corporation.

Slides:

Advertisements

Similar presentations

Visit the ccScan Website Scan, Import, and Automatically File documents to the Cloud SCAN, IMPORT, AND AUTOMATICALLY FILE DOCUMENTS TO SALESFORCE ® Introduction.

Advertisements

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.

WORLD SCIENTIFIC USER GUIDE. Learn all about the new World Scientific platform We are really excited to be launching our new platform as it will enable.

© 2014 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

Mike Goffin and Wesley Shields Approved for Public Release; Distribution Unlimited. Case Number

2004 Cross-Platform Automated Regression Test Framework Ramkumar Ramalingam, Rispna Jain IBM Software Labs, India.

Investor Relations: The Changing Landscape and PR Newswire’s IR Room Presented by: Chris Antoline IR Room Product Manager PR Newswire.

I-Room : Integrating Intelligent Agents and Virtual Worlds.

Integrating information towards Digital ATM Cyber Situational Awareness Presented By: David M. Petrovich Date:August 28, 2013.

The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.

BIG PICTURE REPORTING JustFoodERP What does reporting mean to our customers? Standard DocumentsSelf-serveSchedulingNotifications Business IntelligenceOnline.

Our aims ease the pain – for all our users get with the times better communication with our supporters recruit and engage people to our campaigns raise.

Mercury Quality Center Formerly Test Director. Topics Covered Testdirector Introduction Understanding the Testdirector Interface. Understanding Requirement.

GenSpace: Exploring Social Networking Metaphors for Knowledge Sharing and Scientific Collaborative Work Chris Murphy, Swapneel Sheth, Gail Kaiser, Lauren.

Threat Intelligence with Open Source tools Cornerstones of

Capabilities Briefing

1 Action Automated Security Breach Reporting and Corrections.

Optimizing Business Operations Business Priorities Presentation.

Election Tools Marta Fornal de Seixas.

Enhanced Collaboration and other benefits of Sharepoint Technologies Kern Sutton Business Productivity Group Microsoft Corporation.

Jason Morrill NCOAUG Training Day February, 2008

Module 3: Business Information Systems Chapter 11: Knowledge Management.

Drive Customer Satisfaction. Cut Costs. Improve Efficiencies. Oracle i Support Chris Kirby Senior Sales Consultant Oracle.

Using the SAS® Information Delivery Portal

Framework Universal & Infinite Software Solution.

Case Study Discussion Smart Content: Where is it Leading Us? For ASIDIC Spring 2010 by John Blossom Shore Communications Inc. 23 March 2010Copyright ©

1 © Copyright 2009 EMC Corporation. All rights reserved. ISIS and PixTools Toolkits Quickly Enabling Document Capture Solutions EMC Corporation.

Geospatially Enabling the Intelligence Collector David Attaway Natalie Feuerstein Phil Suarez.

© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.

Group Project Tools Ahmad Alnafoosi, Kathy Drew, Doug Schultz.

Visit the ccScan Website Scan, Import, and Automatically File documents to the Cloud SCAN, IMPORT, AND AUTOMATICALLY FILE DOCUMENTS TO SHAREPOINT ® Introduction.

PLoS ONE Application Journal Publishing System (JPS) First application built on Topaz application framework Web 2.0 –Uses a template engine to display.

Corporate Information Reconnaissance Cell (CIRC).

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

Statipedia: a platform for collaboration across statistical agencies Peter B. Meyer Office of Productivity and Technology, BLS and James A.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

B3AS Joseph Lewthwaite 1 Dec, 2005 ARL Knowledge Fusion COE Program.

Intelligence Support to Operations

Security Information and Event Management

DEV14 – Building Business Dashboards: Excel Services, KPIs and Report Centers Darwin Schweitzer Enterprise Technology Strategist

+ Logentries Is a Real-Time Log Analytics Service for Aggregating, Analyzing, and Alerting on Log Data from Microsoft Azure Apps and Systems MICROSOFT.

The Claromentis Digital Workplace An Introduction

Institute for the Protection and Security of the Citizen HAZAS – Hazard Assessment ECCAIRS Technical Course Provided by the Joint Research Centre - Ispra.

Ocean Observatories Initiative OOI Cyberinfrastructure Life Cycle Objectives Review January 8-9, 2013 Scientific Workflows for OOI Ilkay Altintas Charles.

Origami: Scientific Distributed Workflow in McIDAS-V Maciek Smuga-Otto, Bruce Flynn (also Bob Knuteson, Ray Garcia) SSEC.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Assure Analytics data analytics and visualisation Robert Ghanea-Hercock, Alex Healing, Ben Azvine, Karl Smith.

Research Administrator Portal A Technology Solution to Support Research Administration Activities at the Unit Level April 28, 2016.

How to Make Cyber Threat Intelligence Actionable

Time Series Data Repository #ODSummit - The Generic, Extensible, and Elastic Data Repository in OpenDaylight for Advanced Analytics.

GROUPROCKET - Choose Collaboration Software for Your Company.

Base Camp Software Team Project Tools. BaseCamp Software Basecamp is an online project management and collaboration tool Free plan is available but does.

Declarative Configuration Management with Azure Automation DSC and ARM Nathan Lasnoski Vice President of blog.concurrency.com Concurrency.

Scan, Import, and Automatically file documents to Box Introduction

CudaLaunch for Barracuda NG Firewall.

WORLD SCIENTIFIC USER GUIDE

STIX Interoperability

Session ID#: JDE This is a subtitle for the presentation Prepared by:

Building Analytics At Scale With USQL and C#

WORLD SCIENTIFIC USER GUIDE

Introduction to Team Foundation Server 2010

Cyber Threat Intelligence Sharing Standards-based Repository

Learning Objectives Understand the purpose of Workflow System

Microsoft Build /14/2019 8:42 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,

2/24/2019 6:15 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

WORLD SCIENTIFIC USER GUIDE

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

Presentation transcript:

Mike Goffin

Who am I? Mike Goffin Lead DeveloperProject Manager Senior Cyber Security Research Engineer The MITRE Corporation

Intelligence Rubber Banding Intelligence we know. A big problem: As we increase actionable Intelligence, threats are incentivized to change. The problem area: Intelligence we don’t know. Rubber Banding

Components of Threat Data Raw Data Artifacts Unrefined data that requires processing. Refined data ready for building into Intelligence. Intelligence Vetted and actionable Artifacts. Capability and Intent Actionable Artifacts Actionable Intelligence

Sources of Threat Data External Feeds White papers Articles Websites Forums Sharing communities Communication mediums “Automated” Internal Scanners Sensors Logs Detonation chambers PCAP stores Homegrown Human Internal Reverse Engineering Scripts Command line/GUI tools Manual review Word-of-mouth

How do we aggregate, refine, correlate, vet, and disseminate all of this data?

What is CRITs? Malware and threat data repository. Flexible platform for combining threat data from all of your sources into one place. Services framework to integrate with other tools. Pivot and search to make sense of seemingly disparate data. Collaborative analyst environment to enhance your security posture.

Core Technologies

Use Cases CRITs as a Raw Data warehouse of potentially useful data. Refine Raw Data into Artifacts. CRITs as an Artifact warehouse. Vet Artifacts and define Actionable Intelligence. CRITs as an Intelligence warehouse. Authoritative source for internal security posture. CRITs as a process output aggregation point. One place to acquire automated process output.

Supported Top-level Objects (TLOs) Campaigns Certificates Domains s Events Indicators IPs PCAPs Raw Data Samples Targets Release Master Upcoming Actors Disassembly Files

Notable Features Services Bucket Lists Campaign attribution Comments Favorites Notifications Objects Relationships Screenshots Sectors Sources Subscriptions Grouping

Services Framework Enhance capabilities using third-party tools. Add results to CRITs automatically. Visualize data in new ways. Interact with other systems in real-time. Make CRITs a part of your existing processes/procedures.

Demo

Closing Remarks Use the right tool(s) for the job. Tools do not replace analysts, they enable them. Share what you can, and share often. People and Tradecraft are what make the difference.

To Learn More

Thanks! Questions