Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Leveraging Threat Intelligence.

Published byShavonne Laureen Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Leveraging Threat Intelligence."— Presentation transcript:

1 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Leveraging Threat Intelligence to Manage your Risks and Threats Stan Wisseman - CISSP, CSSLP, CISM, TOGAF Security Strategy, HP Enterprise Security Products

2 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2 The most aggressive threat environment in the history of information Rise of the Cyber Threat: it affects our lives TJX Inc. 95 million credit cards HMRC 25 million records Heartland Payments 130 million records Wikileaks Mastercard Backlash 13.9 million credit cards RSA 40 million tokens compromised Sony Playstation Network 101.6 million records 2011 2010 2009 2008 2007 2012 Zappos 24 million records 2013 Adobe 152 million credentials 2014 Target 110M Credit Cards $68M in breach costs AOL 2.4M user records

3 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3 HACKTIVIST

4 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4 The Face of the New Reality

5 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ORGANIZE SPECIALIZE MONETIZE

6 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6 I follow ISO, PCI and other security standards Our predictability is well known I work within budget cycles I stitch technology together across functions

7 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7 Challenges enterprises and governments are facing Nature and motivation of attacks (Fame to fortune, market adversary) 1 Research Infiltration Discovery Capture Exfiltration Transformation of enterprise IT (Delivery and consumption changes ) 2 Consumption Traditional DCPrivate cloudManaged cloudPublic cloud Virtual desktopsNotebooksTabletsSmart phones Delivery Regulatory pressures (Increasing cost and complexity) 3 Basel III

8 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8 Pressure from all sides on our security capabilities

9 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9 Today, security has crossed the chasm It’s now a board-level agenda item

10 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10 Source: 2014 Mandiant M-Trends Report

11 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

12 12 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

13 13 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

14 14 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

15 15 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

16 16 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

17 17 Our Enterpris e Their Ecosyste m Our approach to security The adversary ecosystemDisrupting the adversary ecosystem RESEARCH INFILTRATI ON $ $ $ EXFILTRATIO N DISCOVERYCAPTURE 001011 010011 011010 011 Their Ecosyste m RESEARCH INFILTRATI ON $ $ $ EXFILTRATIO N DISCOVERY CAPTURE Our Enterpris e 001011 010011 011010 011 Educate users Stop adversary access Find and remove adversary Secure the important assets Plan to mitigate damage

18 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18 Our Security focus segments Product Focus Segments Primary Technology HP Fortify and AppDefender HP TippingPoint IPS and Next Gen Firewall HP ArcSight HP Threat Central HP Atalla Their Ecosyste m RESEARCH INFILTRATI ON $ $ $ EXFILTRATI ON DISCOVERYCAPTURE Our Enterpris e 001011 010011 011010 011 Educate users Plan to mitigate damage Capabilities that customers need to disrupt the adversary Information Security Actionable IntelligenceNext Gen. Network Security Software Security Stop adversary access Find and remove adversary Secure the important assets

19 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19 Ponemon Institute - ROI for top seven categories of enabling security technologies 2013 Survey of 234 Global Companies

20 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20 Collaborative Defense: Intelligence Sharing Many attacks today are increasingly complex and multistage. Current visibility and ability to act is typically after exploit has occurred Response is important but inadequate alone Holistic threat intelligence is not a single player sport Sharing our threat intelligence: Harnesses the power of the community Quickly and precisely shares threat intel to identify and mitigate advanced attacks Disseminate detection indicators and mitigating actions Global view of threat landscape by combining and analyzing data from varied sources

21 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21 Threat Intelligence Defined Strategic TI reports and other human-readable products on threat actors, their intentions, affiliations, interests, goals, capabilities, plans, campaigns, etc. Tactical TI (sometimes labeled “technical” or “operational” with subtle differences in usage) indicators, IP, URL or hash lists, and other system-level or network- level artifacts that can be matched to what is observed on information systems. Strategic vs. Tactical Source: http://blogs.gartner.com/anton-chuvakin/2014/01/30/on-broad-types-of-threat-intelligence/

22 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22 TI Mapped to Business Functions Source: NIST Cyber Framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf STRATEGIC TI TACTICAL TI

23 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23 Community-driven Threat Intelligence Platforms There are community-driven efforts available today, leveraging widely adopted open-source standards. STIX: structured language to represent cyber threat information TAXII: services & message exchanges for sharing actionable cyber threat information CybOX: schema for specification, capture, characterization, and communication of observable events CRITS (Collaborative Research Into Threats) is an open source malware and threat repository FS-ISAC Avalanche: is a federated network of STIX-based repositories sharing intelligence.

24 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24 HP Invests heavily in research (over 2750 researchers in ZDI) Research directly applied to product (2 hour updates) Adapts to the threat landscape ZDI - Global Research

25 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25 Field Intel - Security Research Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open- source software or public intelligence. - Wikipedia Human intelligence (HUMINT) is intelligence gathered by means of interpersonal contact. - Wikipedia Intel Aggregation is the aggregation of threat intel from multiple sources. Aggregation allows for trend analysis to identify events that may not be evident in any single feed. HPSR’s Field Intel team provides context around threats. They track and understand threat actors, motivations, tools and techniques.

26 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26 Threat Central TC Client: ESM, Portal, STIX Threat DB Privacy Enhanced TC Forum Threat Central Open Source HP Security Research Feeds Private Community TC Client (ESM) TC Client (Any) TC Client (STIX) Sector Community TC Client (ESM) TC Client (Any) TC Client (STIX) Global Community TC Client (ESM) TC Client (Any) TC Client (STIX) TC Client (ESM) TC Client (STIX) TC Client (Any) TC Client (ESM) HP Confidential. This information is not to be shared without the approval from HP.

27 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27 Actionable Intel \ IP address Domain File Hash Signature URL Contextual Intel \ Actor Campaign Tools Techniques Procedures Open Source HP Security Research Feeds Collect Normalize Correlate Distribute / ACT Compare & Correlate \ IP address match? Domain match? File Hash match? Signature match? URL match? CHANGE SCORE TC Portal ArcSight ESM HP TippingPoint Automated Action Influenced by Context TC Community HP Confidential. This information is not to be shared without the approval from HP.

28 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28 Objective: Increase Cost to the Adversary Trivial/chea p to hop between IP addresses Slightly more expensive to hop between domains Difficult & expensive: Changing tactics and procedures to evade behavioral detection | 2828 |

29 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Questions? hp.com/go/hpsrblog

30 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank You HP Confidential. This information is not to be shared without the approval from HP.

Download ppt "© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Leveraging Threat Intelligence."

Similar presentations

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Performance testing.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Performance testing.
© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. trans for ma tion : a.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. trans for ma tion : a.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Mike Goffin and Wesley Shields 2014-11-14 Approved for Public Release; Distribution Unlimited. Case Number 14-3467.

Mike Goffin and Wesley Shields Approved for Public Release; Distribution Unlimited. Case Number
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary.

“White Hat Anonymity”: Current challenges security researchers face preforming actionable OSINT Christopher R. Barber, CISSP, C|EHv7 Threat Analyst Solutionary.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Similar presentations

Ads by Google