Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 1 Commercial in Confidence Intelligence-led security.

Published byJoel Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 1 Commercial in Confidence Intelligence-led security."— Presentation transcript:

1 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 1 Commercial in Confidence Intelligence-led security Understanding threat intelligence

2 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 2 Commercial in Confidence SIX STEPS TO INTELLIGENCE-LED SECURITY 1. PERFORM THREAT ASSESSMENT 2. DETERMINE INTELLIGENCE REQUIREMENTS 3. BUILD COLLECTION SOURCES 4. OPERATIONALIZE THREAT INTELLIGENCE 5. INTRODUCE SECURITY ANALYTICS 6. GAIN SITUATIONAL AWARENESS

3 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 3 Commercial in Confidence Malware signaturesMalware signatures IOCs / IOAsIOCs / IOAs Domain blacklistsDomain blacklists IP reputation listsIP reputation lists Security mailing listsSecurity mailing lists RSS feedsRSS feeds Open-source reportsOpen-source reports Targets (sector / region)Targets (sector / region) Motivation / PersistenceMotivation / Persistence Tools / Tactics / ProceduresTools / Tactics / Procedures Attribution / AffiliationAttribution / Affiliation Socio-political contextSocio-political context Business impactsBusiness impacts Suggested mitigationsSuggested mitigations THREAT INTELLIGENCE UNDERSTANDING THREAT INTELLIGENCE

4 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 4 Commercial in Confidence Dissemination Direction Collection Analysis Production Non-linear process with multiple feedback loops THE TRADITIONAL INTELLIGENCE LIFECYCLE

5 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 5 Commercial in Confidence Infrastructure DRIVES THE BUILDING OF INTELLIGENCE MODELS Malware Criminals Victims Banks Police Investigators CERTs Researchers

6 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 6 Commercial in Confidence SHYLOCK – A CYBER CRIMINAL INTELLIGENCE PROBLEM

7 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 7 Commercial in Confidence SHYLOCK FINANCIAL CRIME OPERATION Estimated at over 50K machines compromised Global victimisation, but with a preference for UK, US, and Italy

8 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 8 Commercial in Confidence SHYLOCK – A CYBER CRIMINAL INTELLIGENCE PROBLEM Intelligence Model Criminals Malware Infrastructure Victims

9 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 9 Commercial in Confidence HOW IT WORKS – COMPROMISING THE VICTIM Intelligence Model Criminals Malware Infrastructure Victims

10 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 10 Commercial in Confidence HOW IT WORKS – MALWARE AUTOMATION Intelligence Model Criminals Malware Infrastructure Victims

11 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 11 Commercial in Confidence HOW IT WORKS – MALWARE AUTOMATION Intelligence Model Criminals Malware Infrastructure Victims

12 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 12 Commercial in Confidence HOW IT WORKS – MALWARE AUTOMATION Intelligence Model Criminals Malware Infrastructure Victims

13 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 13 Commercial in Confidence HOW IT WORKS – BANKING WEBSITE MODIFICATION Intelligence Model Criminals Malware Infrastructure Victims

14 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 14 Commercial in Confidence FINDING THE C2 INFRASTRUCTURE Intelligence Model Criminals Malware Infrastructure Victims

15 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 15 Commercial in Confidence LINKS TO MULE RECRUITMENT Intelligence Model Criminals Malware Infrastructure Victims

16 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 16 Commercial in Confidence THE SHYLOCK TAKEDOWN – INTELLIGENCE INTO ACTION

17 Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 17 Commercial in Confidence BAE Systems Applied Intelligence Surrey Research Park Guildford Surrey GU2 7RQ United Kingdom T: +44 (0)1483 816000 F: +44 (0)1483 816144 www.twitter.com/baesystems_ai www.linkedin.com/company/baesystemsai Copyright © BAE Systems 2014. All rights reserved. BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc. BAE Systems Detica and BAE Systems Applied Intelligence are trading names of Detica Limited registered in England (No.1337451) with its registered office at Surrey Research Park, Guildford, England, GU2 7RQ.

Download ppt "Copyright © 2014 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc 1 Commercial in Confidence Intelligence-led security."

Similar presentations

Using Intelligence led policing as a model to Prioritize Organized Crime Investigations – A Canadian Perspective.

Using Intelligence led policing as a model to Prioritize Organized Crime Investigations – A Canadian Perspective.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
The Cyber Threat Intelligence Experts

The Cyber Threat Intelligence Experts
Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners.

Who Is Attacking You? Distinguishing Motivation to Prioritize Threats John Hultquist Senior Manager, Cyber Espionage Threat Intelligence iSIGHT Partners.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
Working Jointly to Tackle e-Crime Paul Wright Hi-Tech Crime Team City of London Police.

Working Jointly to Tackle e-Crime Paul Wright Hi-Tech Crime Team City of London Police.
Cyber Crime The current threat to the UK Security Marking.

Cyber Crime The current threat to the UK Security Marking.
Cyber Crime in the Digital Age

Cyber Crime in the Digital Age
Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.

Building a Threat Intel Team Ryan Olson Director of Threat Intelligence October, 2014.
Information Warfare Theory of Information Warfare

Information Warfare Theory of Information Warfare
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.

Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Police Service of Northern Ireland Detective Chief Inspector Douglas Grant MSc PSNI Cyber Crime Centre.

Police Service of Northern Ireland Detective Chief Inspector Douglas Grant MSc PSNI Cyber Crime Centre.
Presentation by: Judith St-George - Director General

Presentation by: Judith St-George - Director General
Using IP to Increase Entrepreneurial Competitiveness Ron Marchant CB FRSA Intellectual Property Rights Management, Riga, May 2012.

Using IP to Increase Entrepreneurial Competitiveness Ron Marchant CB FRSA Intellectual Property Rights Management, Riga, May 2012.

Similar presentations

Ads by Google