Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER THREAT INTELLIGENCE

Published byJocelyn Stanley Modified over 6 years ago

Similar presentations

Presentation on theme: "CYBER THREAT INTELLIGENCE"— Presentation transcript:

1 CYBER THREAT INTELLIGENCE

2 What is Threat Intelligence
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

3 CYBER SECURITY – BY THE NUMBERS
MOTIVATION BEHIND ATTACKS

4 CYBER SECURITY – BY THE NUMBERS
DISTRIBUTION OF TARGETS

5 CYBER SECURITY – BY THE NUMBERS
ATTACK TECHNIQUES

6 THE DARK HACKING COMMUNITY
EXPLAINED

7 THE PROBLEM: Over 80% say threats have doubled last year
97% of security technology is signature based Threats today are polymorphic 98% of security technologies are reactive 66% of SOCs falling behind in addressing threats

8 THE PROBLEM: Security spending is based on failure, rather than need.
The more secure that you feel, the less you spend.  This is an inherently dangerous approach to cyber risk management. Instead of looking to spend significantly more in their enterprise, Boards should be looking at greater efficiencies with their existing technologies (they exist).

9 THE PROBLEM: Staying ahead in today’s new, fast-evolving security environment calls for placing threat intelligence at the center of security. Threat Intelligence will be the top enterprise security priority from 2017 through 2020. Focusing on threat intelligence is one of the smartest ways to protect employees, along with critical IP and business data.

10 THE PROBLEM: Advanced behavior and sophisticated techniques used to evade conventional security products As high as 46% of cyber attacks are unknown 0days are killing us No one looking beyond the horizon where threats are born

11 THE PROBLEM: Companies do NOT know what Threat Intelligence is
Intelligence is generally used to learn about a particular threat and used to make a plan to defend against said threat. Actionable Intelligence does not always equal preventative actions/measures.

12 THE PROBLEM: Companies do NOT know what Threat Intelligence is
SIEM does not EQUAL Threat Intelligence Insider Threat is NOT Threat Intelligence Saying ‘bad’ things on Social Media is NOT Threat Intelligence

13 THE PROBLEM: Too many EXTERNAL feeds
How do you choose what is relevant Are you looking inside the organization for Intelligence? What patterns do you see? During the last incident, what did you learn?

14 THE PROBLEM: WHO owns Threat Intelligence?
Currently not a lot of dedicated teams Growing trend of the numbers increasing Threat Intelligence is NOT easy Too much data can become overwhelming Digesting Threat Intelligence in to environment can be PAINFUL! Threat Intelligence expertise is slowly growing

15 THE PROBLEM: Security Practitioners are Educating our Foes
We all attend conferences, write opinions, appear on TV YouTube is a great source for bad actors to learn our capabilities Security Hardware Companies freely distribute Data Sheets, Videos, How-To’s

16 THE SOLUTION: Close the gap between threat Prediction and Pro- Active Defense The acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities to offer course of action that enhance decision making ~Carnegie Melon Software Engineering Institute

17 THE SOLUTION: The DNA has to be in research
Identifying the real threat – the unknown unknowns Deliver productive intelligence on what matters Contextual learning and cognitive computing Correlation analysis, connecting the dots

18 THE SOLUTION: In depth analysis of unknown threats, 0days, etc.
Differentiate the signal from the noise Answer the “why” and “how” not just the “what” Customized intelligence built around your Organization

19 THE VALUE: Deep analytical insight into cyber threats
Industry analysis on security and technology companies Customized global threat dashboard Direct access to Threat Analysts Customized reports on threats, industry and trends Visibility into BadIPs, BadURLs and Phishing sites

20 THE VALUE: Threat Intelligence can cut in half the time to detect a threat and improve an investigation by 42% Increase readiness, Indicators of Compromise analysis, archived data, and Tools, Techniques, and Procedures Better prepared for the future threat on the horizon Threat Intelligence needs to do the heavy lifting; deliver important, productive intelligence

21 Intelligence Categorized As
Tactical, Raw and Finished Depending on an organization’s operational maturity, determines at what stage they use this intelligence. Tactical intelligence is defined as your indicators of compromise: bad IP’s, file hashes, domain names. Analysts must understand the context of this intelligence to put it into use within their organization. Raw intelligence has been collected and processed but not analyzed. Usually collected via API’s or alerts are triggered on key words or phrases. Examples include: malware analysis, and compromised account data. Finished intelligence is ready to be used and is raw intelligence put into context. Examples include: fraud intelligence, brand protection, threat actor data and third party risk information.

22 Threat Intelligence Practice
Why Build a Threat Intelligence Practice Tactical: Enforce and improve the ability for your security team (NOC/SOC) and all IT personnel to anticipate, prevent and mitigate cyber attacks. Operational: Improve the ability for high levels across your organization (CISO, CIO, CTO, CEO) to transform the use of threat intelligence for both protection and response. Strategic: Improve the board’s decisions to allocate budget for solutions that integrate and operationalize threat intelligence.

23 Use External Threat Intelligence
To Understand and Prevent Threats The hardest patterns for threat actors to change are their TTP’s or Tactics, Techniques and Procedures – how they actually implement a threat. How does TI help you prevent and detect threats? Preempt attempts to defraud customers with impersonating domain registrations. Track exploit kits to prioritize patching. Detect breaches by monitoring dark net marketplaces for stolen data. Security professionals can use external threat intelligence to understand trends of attacks against other organizations, which you can use to better prepare for when those threat actors inevitably choose your organization to attack. It’s important to detect when attack infrastructure is being created to stay a step ahead of attackers trying to impersonate your organization. One emerging threat that has gained attention lately is homograph attacks, in which attackers use Unicode characters to create domains that are indistinguishable from legitimate domain names. Understanding attack trends and the use of exploit kits is a critical first step in developing a strategy to combat ransomware and other similar malware based attacks. By collecting tactical intelligence from exploit kit advertisements, you can identify common vulnerabilities and exposures (CVEs) being exploited and prioritize patching to prevent your organization from being compromised. Although detecting the sale of stolen data is not an ideal time to identify an attacker moving against your organization, considering dwell times for external attackers average 107 days — it’s better to be aware of the breach than to unknowingly allow it to persist.

24 THE BENEFIT OF THREAT INTELLIGENCE:
Increase Security Posture within your Organization Timely and Prioritize threats to assign Risk Create a Program with a Dedicated Team Intelligence is the ability to adapt to Change ~ Stephan Hawking

25 ROI THROUGH INTELLIGENCE ORCHESTRATION
Internal Threat Intelligence External Threat Intelligence Threat Intelligence Threat Intelligence’s differentiator should be the ability to integrate with the client enterprise.

26 THE BENEFIT OF THREAT INTELLIGENCE:
Understand your Assets Need to understand how threats will affect your organization Understand your Controls and Capabilities What does your firewall stop? Endpoint Detection and Response? Orchestration and Mitigation Automation is the future

27 THE SUMMARY: Threat Intelligence will change the game in cybersecurity
A competitive differentiator in the market place Invest in cyber resilience Create a watchtower with productive intelligence and research that drives your business Create a smarter workforce with a Threat Intelligence platform

28 THE SUMMARY: Intelligence is like underwear, it is important that you have it but not necessary that you show it off!

29 Stealthcare.com

Download ppt "CYBER THREAT INTELLIGENCE"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.

Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.

© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
© 2010 IBM Corporation Business Analytics software Business Analytics Editable Text Editable Text Editable Text.

© 2010 IBM Corporation Business Analytics software Business Analytics Editable Text Editable Text Editable Text.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.

FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Why SIEM – Why Security Intelligence??

Why SIEM – Why Security Intelligence??
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Chapter 1 Market-Oriented Perspectives Underlie Successful Corporate, Business, and Marketing Strategies.

Chapter 1 Market-Oriented Perspectives Underlie Successful Corporate, Business, and Marketing Strategies.

Similar presentations

Ads by Google