Presentation is loading. Please wait.

Presentation is loading. Please wait.

USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence.

Published byAshley Stephens Modified over 9 years ago

Similar presentations

Presentation on theme: "USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence."— Presentation transcript:

1

2 USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence Offensive Security $dayjob = Senior Malware & Threat Intel Analyst $sidejob = AdroitSec LLC – Principal/Consultant

3

4

5

6 Or…

7

8

9 “Details of the motivations, intent, and capabilities of internal and external threat actors. Threat intelligence includes specifics on the tactics, techniques, and procedures of these adversaries. Threat intelligence's primary purpose is to inform business decisions regarding the risks and implications associated with threats.” - Forrester

10

11

12

13

14

15 . Etc.FeedsIOCs

16

17 Analysis Etc.FeedsIOCs

18

19

20

21

22 Prevention Detection

23

24 H/T: ThreatConnect

25

26

27

28 Threat Intel could be it’s own “Program”

29 Threat Intel Program OSINT Threat Research External Intelligence Services ISACs Firewall IPS/IDS Web Gateway Anti-Virus HIDs/HIPs DLP Network Endpoint SIEM Detection & Response Governance / Resistance

30 Realize that threat TI is 80% internal 20% external (relative to your business)

31

32 May not be a “technical” application

33

34

35

36 "A shiny threat intel capability without a mature IR capability is like putting a big ole fancy spoiler on a stock 4 cyl Dodge Neon.“ - @mattnels

37

38

39 Visibility SIEM/Logs Network Hosts Threat Intel Analysis Verification Containment Remediation CSIRT Security reviews Identity mgmt Security design/reqs Vuln Mgmt Security Operations Policy Risk Management Security program design Compliance Reporting Audit Resist DetectIR Plan Ops IR

40 Threat Intelligence Consumption Asset Classification and Security Monitoring Incident Response Threat & Environment Manipulation Source: RecordedFuture.com – Robert Lee

41 Logs Network Endpoint Threat Intel Focal points: Logs Network Threat Intel Endpoint

42 Logs Network Endpoint Threat Intel Recon Weaponization DeliveryExploitationC2Exfiltration

43

44 Scope, Relevancy, Context, Breadth, Capabilities

45

46

47

48

Download ppt "USMC Veteran – 2651 Secure Comms/Intel SysAdmin +14 Years in Information Technology/Security Specialties: Incident Response/Forensics Threat Intelligence."

Similar presentations

Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.

Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.

Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.

IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.

Antivirus Technology in State Government Kym Patterson State Chief Cyber Security Officer Department of Information Systems.
11 Canal Center Plaza, Alexandria, VA 22314 T 800.663.7138 F 703.684.5189 www.robbinsgioia.com Enterprise Computing Conference (ECC) Workshop Alma R. Cole,

11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Enterprise Visibility & Security Analytics Rocky DeStefano, VP of Strategy & Technology.

Enterprise Visibility & Security Analytics Rocky DeStefano, VP of Strategy & Technology.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Similar presentations

Ads by Google