Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Threat Intelligence Sharing Standards-based Repository

Published byIrwan Susman Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Threat Intelligence Sharing Standards-based Repository"— Presentation transcript:

1 Cyber Threat Intelligence Sharing Standards-based Repository
September 22, 2018 [Classification]

2 Cyber Intelligence Sharing
Sharing is Essential to the Industry and Core to the FS-ISAC Intelligence sharing is the primary method of: Detecting industry targeting Detecting institution targeting Identifying new Techniques, Tactics and Procedures Locating Advanced Persistent Threats Issues Today with Sharing Today the industry processes very little of the intelligence it receives Manual, Time Consuming, Costly Practicing cost avoidance Industry average of 7 man hours to process a single intelligence document Only a fraction of the documents are processed Manually processing the entire CISCP document would cost over $10 million per Financial Institution Bad People Bad Things Bad Events Threat Intelligence

3 Cyber Intelligence Sharing
Solution Let machines do machine work – process all intelligence at wire speed Use standards whenever possible to support Machine-to-Machine (M2M) DHS Sponsored Mitre standards, STIX & TAXII Make intelligence more accessible to those with less resources Small/ Medium Member Institutions Little security resources available Drive adoption through high-level service & ease of use for all types of member institutions Innovate - Incrementally increase adoption, fidelity, and automation More on STIX Standards Right-click to open PDF

4 Today’s Threat Intelligence
Detail with Initial Cyber Intel Repository Today’s Threat Intelligence Early adopters integrate with the repository, sighting same malicious activity Although still unclear, there is a level of automation Manual Sharing – You can only process a handful threat indicators The threat landscape is opaque IP Address: Member #2 We also see this!! IP Address: We just got pwned 

5 Next Version of Cyber Intel Repository
Better capabilities with bi-directional machine-to-machine support Visibility and confirmation of the threat increases IP Address: Port 80 Member #2 We also see this!! Member #1 IP Address: Port 80 Sighting 8/5/18: Member #5 Sighting 8/8/18: Member #3

6 Next Year Significant portion of large financial institutions share their threats Detail of malicious activity and actor becomes clearer IP Address: Port 80 User-Agent: Foo Get Vars: fun=2 Actor: Abe Lincoln Alias: L1c0lN Campaign: Occupy Whitehouse RFI w/v2.x 80% of Premier+ members respond to the RFI automatically Repo/Consumer

7 Security Standards Proliferation
Multiple industries utilizing repositories sharing detailed sightings A clear picture of many malicious actors, activities, and threats IP Address: Port 80 User-Agent: Foo Get Vars: fun=2 Actor: Abe Lincoln Alias: L1c0lN Campaign: Occupy Whitehouse

8 Many Other Organizations
Logical Solution One firm’s incident is another firm’s defense Federation of repositories serve as community hubs Detection of a threat, instantly shared to trusted members Cost to adversaries increased; cost to firms decreased Organization A 1 Detect a Threat 2 Enrich Threat Data Filter Policy for Sharing Machine-to-Machine API ISAC Repository 3 Store, Maintain Trust, Build Confidence in Threat Data Machine-to-Machine API 4 ISAC – Information Sharing Analysis Center FI – Financial Institution US-CERT – US Computer Emergency Response Team Consume & Analyze 5 Actionable Intel = Proactive Defense Many Other Organizations

9 Benefits Save Time  Lower Costs  Reduce Risk
One Firm’s Incident/ Exploit becomes Another’s Control/ Defense Less time & effort needed to: Aggregate, Store, Understand Threat Data Enrich/ Increase Fidelity of Threat Data Communicate Threat Data Action to Defend or Mitigate Security analysts would focus on analysis instead of machine work Reinvest time to improve risk posture Improving analytics of threats, linking TTPs to indicators, identifying new tool kits Become more pre-emptive, breaking the kill-chain earlier Better intelligence  better defense  increases cost of malicious activity Analysts can spend time analyzing & enriching threat data vs. collecting & verifying Moving to the Left of the Hack Eliminates Threats Before Being Compromised

10 Where We are Today Active working group, multiple meetings per month, interest and adoption growing across multiple industries and countries Working closely with DHS, US-CERT, and Mitre to create and align intelligence sharing standards Launched initial Repository – more coming Version 1: released in May First standards based repository, first TAXII implementation Tracking 37,000 Indicators Version 2: release in Fall 2013 Full STIX backend, supporting all STIX object types Bi-directional TAXII support Visit our webpage for more information Right-click to open PDF

Download ppt "Cyber Threat Intelligence Sharing Standards-based Repository"

Similar presentations

Test Automation Success: Choosing the Right People & Process

Test Automation Success: Choosing the Right People & Process
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
A Fast Growing Market. Interesting New Players Lyzasoft.

A Fast Growing Market. Interesting New Players Lyzasoft.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
11.1 Lecture 11 CASE tools IMS2805 - Systems Design and Implementation.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.

Get Complete IT Compliance: Reduce Risk and Cost Jonathan CISO, Qualys Seth Automation Specialist, BMC.
The Integration Story: Rational Quality Manager / Team Foundation Server / Quality Center Introductions This presentation will provide an introduction.

The Integration Story: Rational Quality Manager / Team Foundation Server / Quality Center Introductions This presentation will provide an introduction.
Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.

Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.
CASE Tool Evolution 19801984 1987 1990 Computer-aided documentation Computer- aided diagramming Analysis and design tools Automated design analysis Automated.

CASE Tool Evolution Computer-aided documentation Computer- aided diagramming Analysis and design tools Automated design analysis Automated.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.

‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Threat context TLP WHITE Cyber security panel

Threat context TLP WHITE Cyber security panel
Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)

Align Business and Information Technology – with SOA Pradeep Nair Director – Software Group (IBM India/SA)
Www.infotech.com Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.

Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.
ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable

Similar presentations

Ads by Google