Cloud and Cyber Security Expo 2019

Transcription

1 Cloud and Cyber Security Expo 2019 The Terrain to Actionable Intelligence Azeem Aleem, VP Consulting, NTT Security

2 Actionable Intelligence Actionable intelligence through Cyber Intelligence Embedding intelligence driven security into your environment Where to use Predictive Analytics Creating and applying security metrics to drive performance

3 We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard John F. Kennedy President John F. Kennedy's speech in 1963 in Washington D.C Image source: Keystone-France Gamma-Keystone/Getty Images

4 Making success a reality Cognitive Intelligence

5 5 Man on the Moon Image source:

6 Good intelligence isn t just found it s hunted 180, , , , ,000 80,000 60,000 40,000 20,

7 Actionable intelligence What adversaries are attacking me? What could we have done better? How did they achieve it? What information was taken?

8 Reality intelligence-driven SOC 1) Define dwell time From point of trigger to eyes on (analyst assigned) 2) Separation of duties Analytics (CIRT Tier 1) Adv. Tools and tactics SOC/CDC Cyber Threat Intelligence Advanced Analysis 3) Threat intelligence Integrated investigation Visible to analyst Content Analytics

9 Intelligence driven security framework Tier 1 analyst Tier 2 analyst Threat intelligence analyst Analysis & tools support analyst SOC manager Readiness Establish state of preparation and ability to handle actionable intelligence Response Design and implement a solution that positioned to handle cyber security incident response and remediation in alignment to business objectives and risk Resiliency Develop the ability to predict and respond to cyber incidents while operating and sustaining an optimized intelligent security operation capability

10 Business & risk alignment What is the mission, scope, and authority to mitigate the risk? Visibility Define the visibility required to achieve mission readiness Readiness Content Build enablement for detection (use cases, situational awareness, and baseline) Security Operations How do I respond, contain, and hunt to achieve the mission identifying known and unknown threats? Applied intelligence & analytics How do I analyze, attribute, and predict the threat and refocus the mission?

11 L2 Analyst L1 Analyst Threat Intel Analyst Reactive to predictive Initial Alert/ Notification Incident Tracking and Logging Incident Categorization / Assign Priority Triage and Investigate within SLA Escalation to L2 No Remediation / Recovery recommendations Communicate and Report Activities Yes Readiness Investigate Incident Analyze Findings Engaged Content Management No Engage Adv. Analytics No Remediation / Recovery recommendations Communicate and Report Activities Incident Closure YES YES Incident Review/QA/ Lessons Learnt Intel Content Engineering Advanced Analysis Unique Intel Findings Analyze Request of Malware or Forensics Adjust Controls Predictive Document Findings Tune Content within Security Tools Import Indicators to Trending/Analysis Research Threats Report Findings Threat Database Communicate and Report Activities Communicate and Report Activities Generate Incident Metrics

12 Value of predictive analytics improved resiliency Reconnaissance Weaponize Delivery Exploitation Installation C2 Action Earlier detection of threats

13 Value of visibility and metrics Before After resource investment Reconnaissance Weaponize Delivery Exploitation Installation C2 Action

14 Resiliency success factor SOC Mission Monitoring Team Vulnerability Management Incident Response Threat Intelligence Security Engineering Critical Success Factor Critical Success Factor Critical Success Factor Critical Success Factor Critical Success Factor

15 Getting the cyber swing

16 Azeem Aleem VP Consulting, NTT Security Follow me on Come and see us at Stand S4333

17 Thank you