* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel.

Slides:



Advertisements
Similar presentations
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Advertisements

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
The Most Analytical and Comprehensive Defense Network in a Box.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Threat Intelligence with Open Source tools Cornerstones of
MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Department Of Computer Engineering
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Security Guidelines and Management
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
[Name / Title] [Date] Effective Threat Protection Strategies.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
The Most Analytical and Comprehensive Defense Network in a Box.
Dell Connected Security Solutions Simplify & unify.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
Complete Security. Threats changing, still increasing Data everywhere, regulations growing Users everywhere, using everything We’re focused on protecting.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Security Information and Event Management
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Application Security in a cyber security program
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.
IS3220 Information Technology Infrastructure Security
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Barracuda Networks. Safe Public Cloud Transitions Why Barracuda? The Challenge When organizations move workloads to the public cloud, data protection.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.
No boundaries with Unified Web Security Solutions Steven Vlastra Sr. Systems Engineer - Benelux.
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
Your Partner for Superior Cybersecurity
OIT Security Operations
Top 5 Open Source Firewall Software for Linux User
Network Security Analysis Name : Waleed Al-Rumaih ID :
SECURITY INFORMATION AND EVENT MANAGEMENT
Call AVG Antivirus Support | Fix Your PC
Cyber Defense Matrix Cyber Defense Matrix
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Check Point Connectra NGX R60
Shifting from “Incident” to “Continuous” Response
Chapter 4: Protecting the Organization
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Cloud Computing for Wireless Networks
Presentation transcript:

* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS

Review of the current Network Security landscape Quick overview of Layered Security What, exactly, is Threat Intelligence? Threat Intelligence and Layered Security, together Publicly shared sources of Threat Intelligence Conclusion and Q & A Agenda

Current Network Security Not Your Father’s Threats Yesterday’s Threat Landscape… Perimeter was defined, and endpoints were easily managed Data and assets were static Malware/Trojans had limited points of entry

Current Network Security Today’s Threat Landscape Perimeter? What perimeter? And with BYOD, it’s more like herding cats. Data and Assets are mobile, dynamic, and accessed by almost anyone Juxtaposition between privacy (SSL) and visibility (decryption, anyone?) Malware can manifest itself anywhere

Layered Security: Fact and Fiction The Big Boys like to bash each other Are there any silver bullets? Let’s have an honest conversation: Everyone has their strengths We prefer a different approach. More like …

Layered Security: A Quick Inventory From perimeter to endpoint, paralleling the “Cyber Kill Chain”: External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability Scanning, and Penetration Testing Dedicated IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet techniques Anti-virus, Personal Firewalls, Host-based IPS, patching, software updates And one SIEM to log them all So, where does Threat Intelligence fit in? All of the above! “Prepare to be breached.” Shift from preventative to detective? Sort of. Layered Security: “Defense in Depth” Recommended by the NSA ;-)

What is Threat Intelligence? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -John Burnham, IBM Ummmm … What? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -John Burnham, IBM Ummmm … What? “Threat Intelligence is network data that, when put to good use, can protect you.” - Me

No, really. What is Threat Intelligence? This might get a little technical. WARNING

No, really. What is Threat Intelligence? Malware Exchanges & Sources Malware Exchange (major NetSec vendors) VirusTotal.com VirusShare.com IDS/IPS Event Feedback Loop Universities ISPs and Carriers IDS/IPS Customer base Sandnets IDS/IPS Rulesets Other Proprietary Information DNS/Domain Lists and Analytics IP Reputation Lists and Analytics This is Threat Intelligence. Data Engine (Pcap analysis and data correlation) Pcaps

OK. What does Threat Intelligence look like? Lists of IPs and/or URLs Could be as simple as a text file of IP addresses or domains associated with bad actors and command & control servers STIX and TAXII Comes from DHS, and designed and maintained by MITRE. Provides a common markup language and method of exchange for threat intelligence data. Many companies provide their threat intelligence in STIX. (Other formats include OTX and CIF, among others.) Proprietary Data Takes many forms, from simple automated feeds to complex databases and APIs. Companies trying to differentiate themselves by providing unique insights, like geolocation, business sector, threat classification, etc.

Threat Intelligence and Layered Security Security: Blocked Malware: ~85% BLOCKED MALWARE “Actionable” Threat Intelligence SIEM consolidates data from multiple devices Might include Intelligence from external sources Used for analysis and incident response SIEM “Active” Threat Intelligence IP and/or Domain reputation lists Pushed out to security devices regularly Collaboration of InfoSec community Internet Firewall IDS/IPS Corporate LAN

Publicly Shared Threat Intelligence The What. Many Network Security vendors make their living selling threat intelligence. Luckily, many of these vendors also offer at least some of their intelligence up to the community at large, for free, no strings attached. You can benefit from this. The Why. Why give it away? Online businesses often use the ‘Freemium’ business model to introduce their product to consumers. But more importantly, many Network Security vendors feel a sense of duty born out of the Internet’s implicit sense of community. In other words, it’s the right thing to do. And now, the Who and the How.

Publicly Shared Threat Intelligence The Who. A sampling of NetSec organizations that provide free Threat Intelligence. senderbase.org Open Threat Exchange CI Army list at Center for Internet Security (SANS Internet Storm Center)

Publicly Shared Threat Intelligence The How. Here’s how we do it. CINS System Active Sentinels The Internet and NetSec Community CINS Lists (“Active” Threat Intelligence) csf firewalls, curl, python urllib, etc.

And in conclusion… Layered security doesn’t only make sense as a network security strategy; its diversity also produces better threat intelligence. And, active threat intelligence can dramatically improve a network’s protection from malware and other attacks. Conclusion? Layered Security and Active Threat Intelligence: Two great tastes that taste great together.

Ted Gruenloh Director of Operations (972) Questions? Ted

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.