Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Published byAntony Benson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX."— Presentation transcript:

1 Security Innovation & Startup

2 OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX

3 PRESENTATION OVERVIEW  A very quick overview of AlienVault  Our Open approach to crowd sourced threat intelligence  The OTX Platform and Data

4 ABOUT ALIENVAULT AlienVault is the leading provider of Unified Security Management (USM) and crowd-sourced threat intelligence technology required to detect and act on today’s advanced cyber threats

5 USM PLATFORM 5 CRITICAL CAPABILITIES ASSET DISCOVERY Active Network Scanning Passive Network Scanning Asset Inventory Host-based Software Inventory VULNERABILITY ASSESSMENT Continuous Vulnerability Monitoring Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING Log Collection Netflow Analysis Service Availability Monitoring SECURITY INTELLIGENCE/SIEM SIEM Event Correlation Incident Response THREAT DETECTION Network IDS Host IDS File Integrity Monitoring powered by AV Labs Threat Intelligence

6 THE ATTACKER’S ADVANTAGE  They only need to be successful once  Determined, skilled and often funded adversaries  Custom malware, 0days, multiple attack vectors, social engineering  Persistent

7 IMPORTANCE OF SHARING  Helps you to achieve a preventative response to changes in the threat landscape by learning how attackers are targeting others  Armed with real-time, detailed security event information, you can update your defenses to avoid becoming a victim  The right solution will allow you to automatically share anonymized threat information “In the case of threat-intelligence sharing, the adversary has only to mess up once – being detected – and all the defenders will know about it. It’s in our best interest, as an industry, to keep the odds ever in our favor.” -- Wendy Nather, 451 Group, 2014 Threat Intelligence Report “In the case of threat-intelligence sharing, the adversary has only to mess up once – being detected – and all the defenders will know about it. It’s in our best interest, as an industry, to keep the odds ever in our favor.” -- Wendy Nather, 451 Group, 2014 Threat Intelligence Report

8 OPEN THREAT EXCHANGE OTX Launched in 2012 - The world’s largest open threat sharing and analysis network Supports more than 26,000 participants in over 140 countries contributing more than 1 million threat indicators daily Provides access to real- time, detailed information about threats and incidents around the world

9 COLLABORATION POWERING OTX Collaborate Openly research and collaborate on emerging threats. Defend Integrate with AlienVault USM or Export IoCs to any security product Learn Extract, validate and investigate threat data from logs, blogs, articles and reports )

10 THE DEFENDER’S DILEMMA First Street Credit Union Alpha Insurance Group John Elway Auto Nation Zero Cool Telecom Soylent Green Foods

11 THREAT INTELLIGENCE APPLIED First Street Credit Union Alpha Insurance Group John Elway Auto Nation Zero Cool Telecom Soylent Green Foods Open Threat Exchange Intelligence improves the defender’s odds Detect

12 THREAT INTELLIGENCE APPLIED First Street Credit Union Alpha Insurance Group John Elway Auto Nation Zero Cool Telecom Soylent Green Foods Open Threat Exchange Discovery improves odds for other defenders Detect

13 OTX 1.0 IP REPUTATION DATA  Updates provided every 30 minutes  200,000-350,000 validated malicious IP’s at any point Malware Domain Distributing malware or hosting exploit code Malware IP Instrumental in malware, including malicious redirection Command and Control Sending command and control instructions to malware or a botnet Scanning Host Observed repeatedly scanning or probing remote systems APT Observed to be actively involved in an APT campaign Spamming Host Actively propagating or instrumental in the distribution of spam Malicious Host Engaged in malicious but uncharacterized activity

14 OTX 2.0: “PULSES” CROWD SOURCED THREAT RESEARCH  THE FACE OF OTX – SOCIAL INTERFACE TO COLLABORATIVELY DEVELOP & SHARE THREAT INTELLIGENCE IN REAL- TIME  CREATE, ENHANCE OR CONSUME “PULSES” – SHORT MULTIVARIATE ANALYSIS OF THREAT INDICATORS  EXPORT INDICATORS OF COMPROMISE INTO SECURITY TOOLS (OPENIOC, STIX) AND AUTOMATICALLY CONSUME IN ALIENVAULT PRODUCTS  INTEGRATE & EXPLORE THROUGH AN OPEN API  STRENGTHEN DEFENSES AND HELP OTHERS DO THE SAME

15 INVESTIGATING THREATS  Pulse: ONE data construct for ALL types of threats (Data breach, Botnet, APT Campaign, etc.)  Defined by Indicators of Compromise or IoCs: (md5, IPv4s, URLs, hostnames, etc.)  Explore attack vectors and threat geolocation information  Share and comment on Pulses and IoCs

16 OTX HOME PAGE

17 DETAILED INTELLIGENCE

18 ADDITIONAL DETAIL

19 CREATING A PULSE FROM SOURCE FILE

20 CREATING PULSE MANUALLY

21 PULSE API: OPEN ACCESS, OPEN STANDARDS DirectConnect API  Free access to Java and Python SDKs for pulse data  DirectConnect Agents for popular open source software suites (e.g.: BroIDS) Open Formats  Export pulses to STIX, OpenIoC, CSV

22 SUMMARY EFFECTIVE THREAT SHARING  Crowd-source threat data without attribution  Provide valuable intelligence that can be acted on quickly  Facilitate the collection, validation and dissemination of diverse, crowd sourced threat data  Open, collaborative and affordable  Enable organizations to share threat intelligence with each other in a trusted environment  Should span industries, market categories and geographies

23

Download ppt "Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Threat Intelligence with Open Source tools Cornerstones of

Threat Intelligence with Open Source tools Cornerstones of
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel.

* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming

Similar presentations

Ads by Google