A Repeatable Threat Brief THE NATIONAL PRESS CLUB, WASHINGTON D.C. DECEMBER 3 & 4, 2014 Supported by the Department of Homeland Security, Science & Technology.

Slides:



Advertisements
Similar presentations
1 © Copyright, Risk Masters, Inc All rights reserved.Draft for Discussion Purposes Only RMI Risk Masters, Inc. Emerging Trends in Cyber-Security.
Advertisements

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
David A. Brown Chief Information Security Officer State of Ohio
A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Viewpoint Consulting – Committed to your success.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Stephen S. Yau CSE , Fall Security Strategies.
Certified Business Process Professional (CBPP®) Exam Overview
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Study Results Advanced Persistent Threat Awareness.
Lori Smith Vice President Business Intelligence Universal Technical Institute Chosen by Industry. Ready to Work.™
Accompanying notes to presentation What you need to know This presentation is part of the Art of connecting. There are four themes in total, each with.
Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
We provide web based benchmarking, process diagnostics and operational performance measurement solutions to help public and private sector organisations.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
PPBS Planning Programming Budgeting Systems. PPBS The Department of Defense is the only Agency to use this type of budget.budget.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Why SIEM – Why Security Intelligence??
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
WEBINAR Review- “Advanced Threat Protection – Can Technology alone deliver what’s needed?” Patrick Grillo, Senior Director, Security Strategy 1.From my.
Proactive Incident Response
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Information Security Program
Cybersecurity - What’s Next? June 2017
Comprehensive Security and Compliance at an Affordable Price.
Team 1 – Incident Response
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
SAMPLE Develop a Comprehensive Competency Framework
Security Themes Debunked
Cyber Protections: First Step, Risk Assessment
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Transforming IT Management
Cyber Threat Intelligence Sharing Standards-based Repository
5G Security Training
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
Combining the best of Audit and Penetration Testing
How to build a defense-in-depth
Varonis Overview.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Attacks on The Manufacturing Industry
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Successful Strategies in Enterprise Intrusion Investigations
Operations Security (OPSEC)
Cyber Security Culture
AT&T/Cisco Partnership…Enabling Customer Success
Risk Mitigation & Incident Response Week 12
Securing Critical Chemical Assets: The Responsible Care® Security Code
Strategic threat assessment
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Sachiko A. Kuwabara, PhD, MA
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Presentation transcript:

A Repeatable Threat Brief THE NATIONAL PRESS CLUB, WASHINGTON D.C. DECEMBER 3 & 4, 2014 Supported by the Department of Homeland Security, Science & Technology Dire ctorate

About This Presentation A repeatable threat brief you can take and modify to be your own Use to educate/inform those that can help you defend I will you the slides, or Find them at ThreatBrief.com/CyberThreatBrief

The Cyber Threat Insights From History and Current Operations Dec 2014Bob Gourley

Purpose of this Brief Provide facts and observations on the cyber threat in ways that can inform your decision-making Discuss best practices in the domain of cyber intelligence Provide recommendations that help enhance our collective defense

Lets Start With The Conclusion We will return to this slide after a review of the cyber threat ActionDescription AssessConduct assessment of cyber intelligence activities & prioritize improvement plans Get InformedThe more you know about the threat the more you can educate others and it takes a team Threat BriefsEnsure executives on the team understand cyber threat to their business objectives Understand YourselfKnow what data, systems, capabilities are most important to protect AutomateFew organizations have automated their ability to analyze operational and tactical threat indicators. Fewer have automated their ability to respond. CollaborateNo single organization can defend against all attackers. Sophisticated attacks always require collaboration. NetworkFind your peers and build a community before you need it and seek inputs on how they leverage cyber intelligence in their organization (Go SINET! Also FBI, ISACs, SANS, AFCEA, INSA, FedCyber, ThreatBrief.com) Prepare to be breachedPlan for how you would respond to the worst case scenario and exercise your responses. Love your peopleConsider assigning an insider threat manager to lead your insider mitigation program and remember it is not about tech here, it is about people and processes. And if you love and lead your good people they will help find the bad people.

The Condensed History of the Cyber Threat Civil War: Both sides attacked, exploited, passed false orders Hanover Hacker: Shows collaboration is critical 1988 Morris Worm: Plan for collaboration before you need it 1997 Solar Sunrise: Plan cyber intelligence data flow in advance 1998 Moonlight Maze: It takes a nation to fight a nation Shady Rat: Big organizations can attack large target sets. Collaborative intelligence work by good guys can save the day Estonia: Be ready to weather a storm 2008 Georgia: Expect cyber attacks timed to military ops 2009 GhostNet: When a powerful adversary wants in nothing will stop them. Collaborative cyber intelligence can inform response Wikileaks: Know the human element. Know balance between info sharing and protection Mandiant Report Released: Cyber intelligence can make a strategic difference 2013 Snowden Leaks: Know the threat before it strikes 2013 NYT: Just because someone should know doesn’t mean they do 2013/14 Banks and Retail: Nothing stops a persistent adversary

The State of the Hack 2014 Forensics study of 1,000 organizations reveal 84% infected with malware. Most had at least one bot in network. Few were aware. Rates up from last year. Even leading anti-virus vendors now admitting that “anti-virus is dead” Verizon Data Breach Investigations Report (DBIR) proves attackers get in fast (minutes or hours) and remain undetected for months or years. Manual removal of detected threats takes significant financial and management resources and months of effort. Malware Is Associated With Most Breaches

Who is Attacking? Successful attacks are conducted by organizations Organizations are groups of people acting together for a common purpose By studying organizations and how they behave and what they want we can help deter their actions and mitigate some of their capabilities When under attack we can better defend When penetrated we can more quickly respond The four categories of organizations: Nations, Criminals, Extremists, Hactivists

The Special Case of the Insider The term “Insider Threat” has a special use in the security community. Can be a person you trust who you have given credentials to your most sensitive networks and accounts. Can be a good person one day then change intent the next Could be operating as an extension of one of the organizational categories described above Cannot be stopped by technology alone (but technology can help). Requires policies, process and a highly functioning team of good people to catch the bad ones

Bad Actors and Their Code Modern malware is designed to stay under the radar Old anti-virus solutions do not work against new threats Malware hops between media Slow, hard to observe communications Sandboxing, honeypots/nets not the entire solution Even sophisticated adversaries and modern malware can be detected No adversary can be invisible Well trained incident response teams find them However, non-automated methods are overwhelmed Automation is key, including automating cyber intelligence Foundational Work Has Been Done Enabling Automation

Think of Cyber Intelligence like the National Security Community Does Three levels of cyber intelligence Strategic: serving longer term decisions and strategies Operational: serving day to day leadership decisions Tactical: direct support to defenders in the fight Benefits of this approach: Ensure right allocation of required resources to accomplish cyber intelligence objectives and to serve decision-makers Ensure the right architecture is put in place to support the different kinds of decisions made The National Security Community has Intelligence Agencies. Who can industry turn to?

The Rise of the Cyber Intelligence Discipline The hottest sector of the cyber security business right now is the cyber intelligence sector The old/established firms are enhancing their cyber intelligence practices and offerings New startups are attracting significant investments and innovating with new feeds Data feeds of threat intelligence are hot commodities A new construct called “Web Intelligence” is emerging Secure collaboration spaces are hot

Concluding Thoughts Adversaries have objectives they are going to fight to achieve. History has shown they will never stop. History also shows the bad guys will always get in, eventually. But a well-instrumented enterprise with a mature cyber intelligence program can detect and mitigate adversary actions. Focus on protecting the data, and prioritize which data to protect the best Secure collaboration is required to defeat the threat Which Leads Back To Our Recommendations

Steps To Enhance Our Use of Cyber Intelligence and Our Collective Cyber Defense Do you concur? ActionDescription AssessConduct assessment of cyber intelligence activities & prioritize improvement plans Get InformedThe more you know about the threat the more you can educate others and it takes a team Threat BriefsEnsure executives on the team understand cyber threat to business objectives Understand YourselfKnow what data, systems, capabilities are most important to protect AutomateFew organizations have automated their ability to analyze operational and tactical threat indicators. Fewer have automated their ability to respond. CollaborateNo single organization can defend against all attackers. Sophisticated attacks always require collaboration. NetworkFind your peers and build a community before you need it and seek inputs on how they leverage cyber intelligence in their organization (Go SINET! Also FBI, ISACs, SANS, AFCEA, INSA, FedCyber, ThreatBrief.com) Prepare to be breachedPlan for how you would respond to the worst case scenario and exercise your responses. Love your peopleConsider assigning an insider threat manager to lead your insider mitigation program and remember it is not about tech here, it is about people and processes. And if you love and lead your good people they will help find the bad people.

Sources and Methods We continuously research and review threat and response trends at ThreatBrief.com Other insights provided from 2014 Verizon Data Breach Investigations Report 2014 Annual Check Point Security Report RSA Sponsored Security for Business Innovation Council on Transforming Security SANS reference library Interviews of leading community CISOs The Cyber Threat

Lessons from history and current ops Insights from companies under attack Ways to Enhance Cyber Intelligence Support Strategic levels Operational levels Tactical levels About The Book TheCyberThreat.com

Thank You! Please give feedback and find more info at: ThreatBrief.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.