Cyber Threat Intelligence Standards - A high-level overview
|
|
- Richard Newman
- 5 years ago
- Views:
Transcription
1 Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future
2 ~ whoami At TU Delft since 2008 in area Network Security, Critical Infrastructure Protection Threat Intelligence Lab with currently 23 team members Research Themes: Fingerprinting Adversarial Procedures Secure Threat Intelligence Sharing Vulnerability Analysis Design of Mitigation Schemes 2
3 For effective Cyber Defense you need Cyber Threat Intelligence Organized crime Script Kiddies Hacktivists Who is out there (and after me)? Cracker Cyber terrorists Nation-state actors What are their capabilities? What are their intentions? 3
4 What is Threat Intelligence? The purpose of threat intelligence is to understand the enemy, help anticipate future actions and plan a response. Knowns Unknowns Knowns Things we are aware of and understand Things we are aware of but don't understand Unknowns Things we are not aware of but would understand Things we don't know that they exist and don't understand Data Understanding 4
5 What is Threat Intelligence? The purpose of threat intelligence is to understand the enemy, help anticipate future actions and plan a response. Improving Data Improving Interpretation Knowns Unknowns Knowns Things we are aware of and understand Things we are aware of but don't understand Unknowns Things we are not aware of but would understand Things we don't know that they exist and don't understand Data Understanding 4
6 When is it a threat to me? Risk = Vulnerability * Impact Attacker Opportunity Means Motives System Access / Knowledge Vulnerabilities Capabilities and Resources Skill Valuation Goals 5
7 When is it a threat to me? Risk = Vulnerability * Impact * Threat Attacker Opportunity Means Motives System Access / Knowledge Vulnerabilities Capabilities and Resources Skill Valuation Goals Intelligence needs to help me understand these aspects for adversaries I potentially face. Threat Intelligence is in essence risk reduction. 5
8 Strategic Cyber Threat Intelligence Key goal: Support executives in decision making Strategic All deliverables are written in a language for policy makers and strategists 6
9 Operational Cyber Threat Intelligence Key goal: Understand the threat actors and their modus operandi Strategic Operational Investigate the capabilities, intent and methods or techniques, tactics and procedures (TTPs) Provides input to network architects, system administrators, etc. 7
10 Tactical Cyber Threat Intelligence Key goal: Apply knowledge about threats into concrete detection capabilities. Strategic Strategic Strategic Operational Operational Feed information that can be directly used to respond to threats (MD5 file hashes, Bro signatures, malicious domain names) into controls Tactical 8
11 Intelligence starts with a question and answers it Analyze available information against some requirements to make an assessment in decision making. Intelligence is both product and process! 9
12 CTI Interaction in the Organization and Standardization Efforts open data source Cyber Threat Intelligence Corpus commercial feeds shared intelligence asset information 10
13 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF Cyber Threat Intelligence Corpus shared intelligence asset information 10
14 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF Cyber Threat Intelligence Corpus shared intelligence asset information 10
15 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF Cyber Threat Intelligence Corpus ISACs Threat Intelligence Provider subject to active research Malicious Actor Internet shared intelligence Communication Protocol Cryptographic Protocol asset information Victim 10
16 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF Cyber Threat Intelligence Corpus subject to active research shared intelligence asset information 10
17 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF subject to active research shared intelligence Cyber Threat Intelligence Corpus decision making support security policy resource allocation security by design asset information 11
18 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF subject to active research shared intelligence Cyber Threat Intelligence Corpus decision making support security policy resource allocation security by design administrators CSIRTs / ISACs asset information 11
19 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF subject to active research shared intelligence Cyber Threat Intelligence Corpus decision making support security policy resource allocation security by design administrators CSIRTs / ISACs Pawn Storm Sednit APT28 Sofacy Group Strontium Tsar Team Fancy Bear asset information 11
20 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF subject to active research shared intelligence Cyber Threat Intelligence Corpus decision making support security policy resource allocation security by design Threat Modeling administrators CSIRTs / ISACs Ontologies VERIS e.g. OWASP, Intel TARA asset information 11
21 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds Stix Taxii IODEF subject to active research shared intelligence Cyber Threat Intelligence Corpus decision making support security policy resource allocation security by design Threat Modeling administrators CSIRTs / ISACs Ontologies VERIS e.g. OWASP, Intel TARA asset information Terminology Methods and Techniques 11
22 Processing CTI: The Intelligence Cycle Planning and Direction Dissemination and Integration Collection Analysis and Production Processing and Exploitation 12
23 Processing CTI: The Intelligence Cycle Start with intelligence gaps and prioritize them. Planning and Direction Dissemination and Integration Collection Analysis and Production Processing and Exploitation 12
24 Processing CTI: The Intelligence Cycle Planning and Direction Determine which data sources you need and how to get them. Acquire the data. Dissemination and Integration Collection Analysis and Production Processing and Exploitation 12
25 Processing CTI: The Intelligence Cycle Planning and Direction Dissemination and Integration Collection Correlation and validation of data. Evaluate its usefulness to answer the question. Analysis and Production Processing and Exploitation 12
26 Processing CTI: The Intelligence Cycle Planning and Direction Dissemination and Integration Collection Analysis and Production Processing and Exploitation Evaluate relevance to answer gap, draw conclusions. 12
27 Processing CTI: The Intelligence Cycle Planning and Direction Dissemination and Integration Collection Analysis and Production Processing and Exploitation Distribute and package the information for the customer. The format, language and medium is as important as the message! 12
28 OODA Main takeaway: Structure how you operate. (Remember intelligence and incident response is a process.) You can also use strategy to disrupt the activities of the adversary. Act Observe Decide Orient 13
29 OODA Main takeaway: Structure how you operate. (Remember intelligence and incident response is a process.) You can also use strategy to disrupt the activities of the adversary. Act Observe Decide Orient Observe Orient Decide Act Observe Orient Decide Act O O D A O O D A 13
30 Cyber Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions Pre-Compromise Compromise Post-Compromise Cost to Defender 14
31 Cyber Kill Chain can help you structure knowledge about adversarial TTPs Reconnaissance Weaponization Which hosts/employees were targeted? Analysis Which vector was used? Delivery How was the payload delivered?! Detection Exploitation Installation Command Which vulnerabilities and Control were used? Which modules, filenames contained the malware? To which C&C servers would the malware connect? Actions Synthesis These insights can then be mapped to tactical CTI for detection. 15
32 Diamond Model Main idea: Intrusions are a series of events connected in activity threads. As resources are reused, connections between common elements are drawn. persona (mail, handles), network assets Adversary Infrastructure IP, DNS, Victim persona, network assets, addresses Capability malware, exploit kits, stolen TLS certs, tools 16
33 Diamond Model Main idea: Intrusions are a series of events connected in activity threads. As resources are reused, connections between common elements are drawn. persona (mail, handles), network assets Adversary Infrastructure IP, DNS, Intention Victim persona, network assets, addresses Capability malware, exploit kits, stolen TLS certs, tools 16
34 Diamond Model Main idea: Intrusions are a series of events connected in activity threads. As resources are reused, connections between common elements are drawn. persona (mail, handles), network assets Adversary Infrastructure IP, DNS, TTP Victim persona, network assets, addresses Capability malware, exploit kits, stolen TLS certs, tools 16
35 CTI Interaction in the Organization and Standardization Efforts open data source commercial feeds subject to active research shared intelligence asset information Stix Taxii IODEF Cyber Threat Intelligence Corpus Terminology Methods and Techniques decision making support security policy resource allocation security by design Threat Modeling administrators CSIRTs / ISACs Ontologies VERIS Detection Formats SIEM / SOC / IR pentesting forensics e.g. OWASP, Intel TARA Snort, Bro, Yara Modeling Adversarial Behavior MITRE ATT&CK 18
36 CTI Interaction in the Organization and Standardization Efforts CTI Education (Training + Quality Standards) open data source commercial feeds subject to active research shared intelligence asset information Stix Taxii IODEF Cyber Threat Intelligence Corpus Terminology Methods and Techniques decision making support security policy resource allocation security by design Threat Modeling administrators CSIRTs / ISACs Ontologies VERIS Detection Formats SIEM / SOC / IR pentesting forensics e.g. OWASP, Intel TARA Snort, Bro, Yara Modeling Adversarial Behavior MITRE ATT&CK 18
37 Key Takeaways There is not one CTI Standardization effort: A broad portfolio of activities covering various aspects of the lifecycle Standardization activities are to some extent bottom up or are driven by individual organizations and become de-facto standards We are still missing agreement / standardization on a significant number of components in the CTI landscape 19
38 Thank you Christian Doerr Cyber Threat Intelligence Lab 20
Cyber Threat Intelligence Sharing Standards
SESSION ID: PST-W08 Cyber Threat Intelligence Sharing Standards Jerome Athias Cybersecurity Specialist Saudi Aramco @JA25000 Agenda Cyber Threat Intelligence (CTI) CTI Sharing Standards Summary & Apply
More information4/13/2018. Certified Analyst Program Infosheet
4/13/2018 Certified Analyst Program Infosheet Contents I. Executive Summary II. Training Framework III. Course Structure, Learning Outcomes, and Skills List IV. Sign-up and More Information Executive Summary
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationThe Mechanics of Cyber Threat Information Sharing
The Mechanics of Cyber Threat Information Sharing Session 229, February 23, 2017 Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) Julie Connolly, Principal
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCyber Threat Intelligence Debbie Janeczek May 24, 2017
Cyber Threat Intelligence Debbie Janeczek May 24, 2017 AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationC T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified
EC-Council C T Certified I A Threat Intelligence Analyst CERTIFIED THREAT INTELLIGENCE ANALYST PROGRAM BROCHURE 1 Predictive Capabilities for Proactive Defense! Cyber threat incidents have taken a drastic
More informationCyber Threat Intelligence: Integrating the Intelligence Cycle. Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017
Cyber Threat Intelligence: Integrating the Intelligence Cycle Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017 CLASSIFICATION MARKS The Global Domain Network Domain The internet
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationATT&CKing for better Defense: An Introduction to the MITRE ATT&CK Framework
ATT&CKing for better Defense: An Introduction to the MITRE ATT&CK Framework Random Image Taken From: http://www.flickr.com/photos/sophos_germany/3321556353/ Agenda Introductions The Problem MITRE ATT&CK
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationSandboxing and the SOC
Sandboxing and the SOC Place McAfee Advanced Threat Defense at the center of your investigation workflow As you strive to further enable your security operations center (SOC), you want your analysts and
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationCONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams
CONTROLLING YOUR OWN BATTLESPACE From Threat Response Teams To Threat Intelligence Teams Agenda Motivations The Intelligence Process The Cyber Kill Chain Approach Indicators of Compromise Information Sharing
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationA Common Cyber Threat Framework: A Foundation for Communication
For For Public Distribution A Common Cyber Threat Framework: A Foundation for Communication This is a work of the U.S. Government and is not subject to copyright protection in the United States. Overview
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationCYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE
CYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE Richard Kerkdijk December 7th 2017 A WORD ABOUT TNO Dutch innovation and advisory body, founded by law in 1932 and currently comprising some 2800
More informationSharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data
Sharing What Matters Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data Dan Gunter, Principal Threat Analyst Marc Seitz, Threat Analyst Dragos, Inc. August 2018 Today s Talk at
More informationHunting Threats In your Enterprise
Hunting Threats In your Enterprise ü Who am I? ü Abdulrahman Al-Nimari ü 25 Years IT & Infosec Experience ü Lead Enterprise Security Architect ü Mantech International Corporation, Riyadh, KSA ü CISSP,
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationBuilding a Threat-Based Cyber Team
Building a Threat-Based Cyber Team Anthony Talamantes Manager, Defensive Cyber Operations Todd Kight Lead Cyber Threat Analyst Sep 26, 2017 Washington, DC Forward-Looking Statements During the course of
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationThe Kill Chain for the Advanced Persistent Threat
The Kill Chain for the Advanced Persistent Threat Intelligence-driven Computer Network Defense as presented at Michael Cloppert Eric Hutchins Lockheed Martin Corp Wednesday, October 12, 2011 0000 10/12/2011
More informationWar Stories on Powering Incident Response with Intelligence
War Stories on Powering Incident Response with Intelligence Indicators What are They Good For? It depends Atomic Indicators must be high confidence to be useful 2 Herd Immunity Patient zero dies so others
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationModern Cyber Defense with Automated Real-Time Response: A Standards Update
SESSION ID: AIR-F01 Modern Cyber Defense with Automated Real-Time Response: A Standards Update Bret Jordan Director of Security Architecture Symantec @jordan_bret Joe Brule Executive Director OpenC2 Forum
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationGetting Security Operations Right with TTP0
0 Getting Security Operations Right with TTP0 Ismael Valenzuela SANS Instructor, McAfee @aboutsecurity Rob Gresham Splunk> Phantom @SOCologize Where were you in 1986? 0 What is the story? Google Market
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationCloud and Cyber Security Expo 2019
Cloud and Cyber Security Expo 2019 The Terrain to Actionable Intelligence Azeem Aleem, VP Consulting, NTT Security Actionable Intelligence Actionable intelligence through Cyber Intelligence Embedding intelligence
More informationA Forensic Accountant in Cyber Security
A Forensic Accountant in Cyber Security Gertjan Groen, President ACFE Netherlands Chapter Fraud Awareness Week Event ACFE Belgium 14 November 2017, Brussels Personal Background Started my career in auditing
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationEnhancing Threat Intelligence Data. 05/24/2017 DC416
Enhancing Threat Intelligence Data By @3ncr1pted 05/24/2017 DC416 Security consultant researcher/analyst in Threat Intel. Loves APTs, mainframes, ICS SCADA & creating security awareness StarTrek! Boldly
More informationBird of a Feather Automated Responses
Bird of a Feather Automated Responses Energy-Sec Summit 2017 13 Th Security and Compliance www.inl.gov August 2017 INL s Position Nationally A network of 17 DOE national labs DOE s lead lab for nuclear
More informationOverview of the. Computer Security Incident Response Plan. Process Resource Center
Overview of the Computer Security Incident Response Plan Process Resource Center Mobilized CSIRP: Visually Intuitive, Accurate, Complete, Succinct Content Available On-the-Go Process Resource Centers:
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationENDPOINT SECURITY AND THE CLOUD: HOW TO APPLY PREDICTIVE ANALYTICS AND BIG DATA
SESSION ID: SPO3-R04 ENDPOINT SECURITY AND THE CLOUD: HOW TO APPLY PREDICTIVE ANALYTICS AND BIG DATA Brian Gladstein Cybersecurity Market Strategist Carbon Black @briangladstein ASYMMETRIC WARFARE IT S
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationA YEAR OF PURPLE. By Ryan Shepherd
A YEAR OF PURPLE By Ryan Shepherd WHOAMI DETECTION and RESPONSE Investigator for Countercept Threat Hunter PURPLE Team Consultant Offensive Security Certified Professional (OSCP) Crest Registered Intrusion
More informationThreat Intel for All: There s More to Your Data than Meets the Eye
Threat Intel for All: There s More to Your Data than Meets the Eye By @3ncr1pted 07/28/2017 Wall of Sheep Security consultant researcher/analyst in Threat Intel. Loves APTs, mainframes, ICS SCADA & creating
More informationLeveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information
DIGITAL FORENSIC RESEARCH CONFERENCE Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information By Eoghan Casey, Greg Back, and Sean Barnum Presented At The Digital Forensic
More informationSynthetic Teammates and the Future of Cybersecurity
Synthetic Teammates and the Future of Cybersecurity Dr. Fernando Maymí Lead Scientist, Cyberspace Operations Soar Technology, Inc. fernando.maymi@soartech.com 1 8 August 2017 - THE FUTURE THREAT LANDSCAPE
More informationSemantic Cyberthreat Modelling
Semantic Cyberthreat Modelling Siri Bromander mnemonic siri@mnemonic.no Audun Jøsang University of Oslo josang@ifi.uio.no Martin Eian mnemonic meian@mnemonic.no Abstract Cybersecurity is a complex and
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationSecurity Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response
Security Operations Flexible and Scalable Solutions to Improve Your Security Capabilities Security threats continue to rise each year and are increasing in sophistication and malicious intent. Unfortunately,
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCYBER SECURITY OPERATION CENTER (CSOC)
WHITE PAPER ON CYBER SECURITY OPERATION CENTER (CSOC) THE CHANGING LANDSCAPE Introduction Thanks to Internet and developments around Internet! The world has changed its data dimensions and has opened up
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationProtecting your next investment: The importance of cybersecurity due diligence
Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationBuilding an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO
Building an Effective Threat Intelligence Capability Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO The Race To Digitize Automotive Telematics In-vehicle entertainment
More informationProtocols for exchange of cyber security information
Protocols for exchange of cyber security information Ing. Július Baráth, PhD. julius.barath@aos.sk Department of informatics Armed Forces Academy Liptovský Mikuláš, Slovakia doc. Ing. Marcel Harakaľ, PhD.
More informationSeven Steps to Ease the Pain of Managing a SOC
Seven Steps to Ease the Pain of Managing a SOC 1 Seven Steps to Ease the Pain of Managing a SOC Seven Steps to Ease the Pain of Managing a SOC If the complex, stressful, and time-consuming nature of running
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationPUBLIC POWER. Cybersecurity Information Sharing Report
PUBLIC POWER Cybersecurity Information Sharing Report Acknowledgment: This material is based upon work supported by the Department of Energy under Award Number(s) DE-OE0000811. Disclaimer:This report was
More informationAchieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)
Achieving & Measuring the Value of Cyber Threat Information Sharing Lindsley Boiney, Clem Skorupka (presenting) The MITRE Corporation 2018 International Information Sharing Conference McLean, VA 2 Acknowledgements
More informationIndustrial Control Threat Intelligence
Industrial Control Threat Intelligence By Sergio Caltagirone Director, Threat Intelligence, Dragos Executive Summary Modern network and asset defense require far greater visibility into the industrial
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationReadiness, Response & Resilence:
Readiness, Response & Resilence: building out advance security operations Husam Al Saraf Solutions Principal Lead Turkey, Africa & Middle East #RSAemeaSummit 1 Traditional Security Operations Top Gaps
More informationReducing cyber risks in the era of digital transformation
Reducing cyber risks in the era of digital transformation Sergey Soldatov Head of Security Operations Center, R&D Security Services WHO AM I? Since 2016: Head of SOC at Kaspersky lab Internal SOC Commercial
More informationOutwit Cyber Criminals with Comprehensive Malware and Exploit Protection.
Singtel Business Product Brochure Managed Advanced Threat Prevention Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection. As cyber criminals outwit businesses by employing ever-new
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationPredicting and Preventing Cyber Threats. Paolo Passeri, Consulting Systems Engineer
Predicting and Preventing Cyber Threats Paolo Passeri, Consulting Systems Engineer The way we work has changed Internet Critical infrastructure Amazon, Rackspace, Windows Azure, etc. Business apps Salesforce,
More informationCOST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE
2017 COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE NUMBER OF SECURITY BREACHES IS RISING AND SO IS SPEND Average number of security breaches each year 130 Average
More informationDesigning an Adaptive Defense Security Architecture. George Chiorescu FireEye
Designing an Adaptive Defense Security Architecture George Chiorescu FireEye Designing an Adaptive Security Architecture Key Challanges Existing blocking and prevention capabilities are insufficient to
More information6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are
PROGRAM Objective Cyber Security is the most sought after domain, and NASSCOM projects a requirment of over 1 million trained professionals by 2025. Tevel training program is an industry & employability
More informationFastResponder: New Open Source weapon to detect and understand a large scale compromise
FastResponder: New Open Source weapon to detect and understand a large scale compromise About us French Company in Cyber Security Cert Sekoia Detection Intrusion experts Digital Forensics and Incidence
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationA Stakeholder-centric Approach to Building a Cyber Threat Intelligence (CTI) Practice
WHITE PAPER A Stakeholder-centric Approach to Building a Cyber Threat Intelligence (CTI) Practice How to make threat intelligence relevant to executives, business stakeholders, security operations and
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationNISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions
NISTCSF.COM NIST Cybersecurity Framework (NCSF) Workforce Development Solutions AGENDA The Cybersecurity Threat Landscape The Cybersecurity Challenge NIST Cybersecurity Framework NICE Cybersecurity Workforce
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationHow enterprises can use cyber threat information effectively? Shimon Modi,
How enterprises can use cyber threat information effectively? Shimon Modi, Ph.D. smodi@trustar.co @shimonmodi About Me 10+ years of Applied R&D experience in Information Security Currently @ TruSTAR Technology
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More information