Presentation is loading. Please wait.

Presentation is loading. Please wait.

‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center.

Published bySharyl McCarthy Modified over 8 years ago

Similar presentations

Presentation on theme: "‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center."— Presentation transcript:

1 ‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center

2 ‹#› -Albert Einstein

3 ‹#› Agenda Review the Problem Cloud-CISC & TruSTAR Product Demo Questions and Open Discussion

4 ‹#› Review the problem

5 TruSTAR Sensitive & Proprietary ‹#› TruSTAR Sensitive & Proprietary The problem 75% of enterprise attacks spread from the first company to the next within 24 hours. -2015 Verizon DBIR Median number of days threats are present on a victims network prior to detection is 205 days. -2015 Verizon DBIR

6 ‹#› The problem The bad guys collaborate in real-time and share exploit intelligence on a global scale. 2013 Countries Affected Major Attacks * The good guys report incidents internally, but rarely share information. Steady Growth of Incident Reports * *Cisco 2014 Security Report, **Verizon 2014 DBIR Report The bad guys collaborate and share information… …and the bad guys are winning. TruSTAR Sensitive & Proprietary

7 ‹#› But, why don’t the good guys coordinate? Legal Concerns over disclosing Personally Identifiable Information, IP and discovery. Market Concerns over brand reputation and financial implications of disclosing a breach. Government Concerns over being seen as in bed with government and/or anti-trust violations. “Legislation removes legal excuses and puts pressure on companies to share, but legal concerns pale in comparison to market risk of sharing cyber incident information.” -Bryan Cunningham, Former NSC Legal Counsel, Data Security Attorney, May 2015 TruSTAR Sensitive & Proprietary

8 ‹#› Where has sharing gone wrong in the past? We have learned from the benefits and challenges faced by current and past sharing groups. We have also learned from our own experience with Cloud-CERT. Without protection from market / reputation risk and incentive to share early in the incident cycle, sharing is limited to: Recycled threat data Ad-hoc/’out-of-band’ personal relationships Stale incident data TruSTAR Sensitive & Proprietary

9 ‹#› Cloud-CISC built for valuable sharing.

10 ‹#› Cloud-CISC changes the paradigm to “Connective Defense” With Cloud-CISC companies can collaborate and decrease their dependence on their own security providers to discover and mitigate attacks. TruSTAR Sensitive & Proprietary ● Anonymity enables security operators to share real incident data by protecting them from market and reputation risk. ● Correlation incentivizes operators to share early in an incident to gain immediate insight from correlated data. ●Mobile Alerting enables operators to learn about incidents based on their user preferences. ●Automated Extraction of indicators of compromise accelerates risk identification and mitigation. ●End-to-End Encrypted Collaboration enables secure, real- time chat to drive toward collective mitigation.

11 ‹#› With Cloud-CISC the sharer gains immediate insight and the community gains early warning. Share + Correlate + Collaborate = Mitigate Powered by TruSTAR - A Technology pioneered by the leadership of CSA. TruSTAR Sensitive & Proprietary

12 ‹#› Product Demo

13 ‹#› We have a simple sharing script that utilizes our anonymity tools... You can compare redacted and original text from the terminal and submit. You can then export indicators with an export script and report ID. All of this can be easily automated and integrated with your workflow! The UI is helpful for some, but we also have an API and command line tools for automation and integration... TruSTAR Sensitive & Proprietary $ python import-trustar.py AnonymizerTemplate.json $ export-trustar.sh

14 ‹#› Next Steps?

15 ‹#› How do I get involved? TruSTAR Sensitive & Proprietary Getting Involved? Elite enterprise cyber security teams have already begun on-boarding and sharing is happening. Early adopters are rewarded with free access for the first year of the Cloud-CISC. Send email to c-cisc@cloudsecurityalliance.org to join pilot!c-cisc@cloudsecurityalliance.org Co-Chairs Dave Cullinane - Chairman, CSA Brian Kelly - CSO, Rackspace Still open to nominations for steering committee leaders and members! Contact dcullinane@cloudsecurityalliance.org for leadership opportunities!dcullinane@cloudsecurityalliance.org

16 ‹#› Questions ? THANK YOU.

Download ppt "‹#› September 2015 Cloud-CISC Cloud Cyber Incident Information Sharing Center."

Similar presentations

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.

The Future of Social Collaboration Randy Williams Enterprise Trainer and Evangelist AvePoint.
Lance Spitzner

Lance Spitzner
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel.

* The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Akamai Technologies - Overview RSA ® Conference 2013.

Akamai Technologies - Overview RSA ® Conference 2013.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C97-721796-00.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Similar presentations

Ads by Google