WHITE PAPER. The Need to Know
|
|
- Britton Curtis
- 5 years ago
- Views:
Transcription
1 WHITE PAPER MATURING A THREAT INTELLIGENCE PROGRAM Discover the state of your threat intelligence capabilities and uncover a roadmap to getting ahead of today s threats. The threat intelligence landscape is an emerging one. Even in the most sophisticated IT organizations, resource constraints often dictate that threat intelligence (TI) is the responsibility of a sole analyst sifting through incident alerts looking for patterns and trends which may indicate that a threat exists. Threat intelligence is more than that. Yet, with very few industry standards around what TI is and what it isn t, we feel Gartner s definition[1] comes the closest: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject s response to that menace or hazard. The Need to Know Clearly, going beyond simple event-based data analysis is a prerequisite for any useful threat intelligence program. The problem is that many organizations don t know enough about the threats they face or their own security posture to defend themselves adequately. Instead they re stuck in a reactive stop the bleeding or compliance-driven approach to cyber security with no clear vision or blueprint for reaching any other state. So it goes that in the rush to keep up with the TI trend, organizations are purchasing standalone solutions that have little value in helping them achieve a true proactive posture and efficiently orchestrate security solutions and processes throughout the organization to achieve maximum value. Yet, it s not enough to implement new controls and technologies around systems. In order to fully harness the power of TI, 3865 WILSON BLVD. SUITE 550 ARLINGTON, VA p f
2 organizations must make the case for an intelligence-driven security approach and identify the right people to staff the program. In order to evolve their defensive posture, they must source the right threat data, sift through the noise, discover and implement the right process and methodologies, implement automation, and improve information sharing both internally between teams and externally with their supply chain partners, peers across the industry, and public organizations. Of course, not all organizations have the resources and organizational structures needed to implement a comprehensive threat intelligence program. And that s fine. Threat intelligence is an iterative process with defined maturity levels and milestones. With the challenges and opportunities of TI in mind, ThreatConnect has developed the Threat Intelligence Maturity Model (TIMM). Whether you are getting started with TI or seeking to expand an existing program, it provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program and how it can better apply threat intelligence to drive smarter security processes, unite all resources behind a common defense, and take decisive action to keep your business on course. THE THREAT INTELLIGENCE MATURITY MODEL Find out where your organization sits on the Threat Intelligence Maturity Model. Review each stage and learn about the resources, organizational structures, and technologies needed to achieve strategic processes and operationalize your threat intelligence. The model offers some general direction on the capabilities, risks, and exposures at each stage as well as things to consider as you anticipate moving to the next milestone. Maturity Level 0: Unclear Where to Start Threat intelligence programs begin life as threat data collection programs. Many organizations make the mistake of starting out aggregating external feeds and looking at the problem from the outside in. This just creates a new data problem. Typically data is fed into Security Information and Event Management (SIEM) technology whose operators quickly become overwhelmed or spammed by false positives and unvalidated data. The data at this stage is one size fits all, meaning that it is raw and unformatted, has no context around it, and is virtually unusable to thwart cyber threats. Because it forces process, a better place to start involves aggregating internal data from multiple sources and using this raw data to begin protecting your network on an automated basis. Threat data, also known as indicators of compromise (IOC), is then sent to your endpoint protection devices. This automation of incident identification is the foundation of any threat data strategy. TYPICAL TEAM: Not really a team at this stage. The staffing resources needed to support this basic-level threat intelligence program is limited to a security director or network admin. RISKS AND EXPOSURES: Not surprisingly, this stage on the maturity model has many, almost uncountable deficiencies. The defensive posture between the information gathered and alerting is a labor-intensive and manual process. With added time pressures and many events per day, analyst time spent on each individual event is extremely limited, and decisions must be made quickly, often with little to no information beyond what is contained in the alert. Time also adds another element of risk. Due to the manual nature of the work, alerts often point to historical threats and don t account for the fact that adversaries have had time to adapt.
3 Maturity Level 1: Warming Up to Threat Intelligence Organizations at this maturity level have integrated some level of automation into their defensive controls to prevent future attacks. They are correlating internal data with ingested threat data feeds within their SIEM to begin the process of automated alerts and blocking at the endpoint. Analysts likely will be overwhelmed and will experience sensor fatigue. Together, Level 0 (automating incident notifications) and Level 1 (automating defensive controls) are the prerequisite for a mature threat intelligence program. TYPICAL TEAM: Network admin or solo analyst. RISKS AND EXPOSURES: Although a step forward towards a useful TI program, Level 1 is still a reactive stop the bleeding approach with several deficiencies. Triage is hard enough with time and resource constraints, but it s merely a bandage if you don t really know who is targeting your organization and why. While the aggregated threat data gained in Level 1 is useful, it won t actually tell you much about the context of the threat your organization may be facing. For example, is the activity a one-off or is it part of a larger, coordinated series of attacks? What information can you glean about who the threat actors are, where they re located, and what behavior patterns they exhibit? As organizations think about moving up the maturity model, their posture shifts from Am I bleeding and where? to Why do I keep bleeding and how do I fortify my security infrastructure/posture to prevent it? Using the data gathered in Level 1, organizations can begin to automatically analyze, correlate, pivot, and enrich that data so that actionable intelligence can be gained and blocking measures introduced. Another limitation of Maturity Level 1 is the SIEM approach. Unlike threat intelligence programs, SIEM platforms aren t designed to handle the multiple unstructured formats of threat intelligence from numerous sources that are required for analysis. SIEMs tend to quickly become malnourished, meaning that they get overfed with unvalidated and uncorroborated data, which essentially clogs organizations security arteries with garbage information. When bad data overwhelms your security posture, you end up losing sight of the real threats to your organization. Furthermore, in both Levels 0 and 1, the focus is often exclusively on internal data (although it shouldn t be, as we mentioned above) with no ability to interact or benefit from threat data produced by external sources such as communities in similar industries, geographies, etc. Maturity Level 2: Expanding Threat Intelligence Capabilities At Level 2 organizations start to proactively produce truly actionable threat intelligence that addresses the who, why, and how of any given attack to draw context and connections and further refine threat knowledge. Such organizations are also seeking out communities, asking questions and drawing on additional IOCs to expand their threat knowledge. Instead of merely consuming indicators and reacting accordingly, threat intelligence teams have transcended to a place where data is turned into knowledge. They are collaborating to build and define processes that can find the smallest atomic indicator s role in the vast tapestry of an attack landscape.
4 At this maturity level, organizations begin building out a true threat intelligence process. Taking external and internal data inputs to decipher what s helpful, what s relevant, and what s merely noise, and iterating accordingly. This enables a shift from a reactive to a more proactive posture. TYPICAL TEAM: To be prepared to handle this level of a TI program, the organization must have both a team-based approach and a security operations center (SOC). A SOC is comprised of defined roles and workflows for network monitoring and incident response. RISKS AND EXPOSURES: Threat analysis is often labor-intensive (think sharing incident and threat data by spreadsheets and s) and TI requirements typically exceed capacity. With attack sources changing by the minute, hour, and day, scalability and efficiency is impossible. Large SOCs, for example, produce hundreds of millions of events per day. This is extremely difficult to filter down to a manageable number of suspicious events for triage. Even a couple of un-vetted threat feeds going into a SIEM can cause the SOC to become quickly inundated. It s at this point that organizations must deploy analytical TI program resources to produce usable, relevant, and timely threat intelligence from the threat data they consume. Organizations need a threat intelligence platform (TIP) that can automatically analyze the content of threat indicators and the relationships between them. For example, an analyst could perform relationship modeling on a phishing to determine who sent it, who received the (s), which domains it is registered to, IP addresses that resolve to that domain, and so on. From here, the analyst can pivot further to reveal other domains that use the same DNS resolver, the internal hosts that try to connect to it, and what other host/domain name requests have been attempted. ADVERSARY Clearly, a TIP is a force multiplier that can significantly increase the capacity of security teams. In addition, with a move towards the introduction of external threat data from communities, a TIP can act on this form of information sharing at speeds previously unimagined. With a TIP, organizations can function as a pack against threats, rather than potentially blinkered lone wolves. CAPABILITIES VICTIM INFRASTRUCTURE Maturity Level 3: Threat Intelligence Program in Place It s here at Level 3 that organizations are starting to build on the operational capabilities achieved so far and establish a structured team approach to strategic analysis. Organizations at this maturity level have some established TI processes and workflows in place and are beginning to collaborate with partners, vendors, and their supply chain to protect network-adjacent organizations. They are also producing in-house correlated and analyzed TI from data feeds and internal data. Finally, they are beginning to measure the efficacy of their processes and report progress and security infrastructure health to leadership.
5 Having identified persistent threat actors, they are now tracking them and beginning to act on threats more strategically. They have also integrated more tightly with the wolf pack, and are joining organizations like Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs). They are also using TI to drive tactical business decisions. From a staffing and resource perspective at this stage, this organization is also realizing greater efficiencies and increased capacity of existing intelligence teams. This ultimately lowers the threshold needed to establish and reap the rewards of this functionality in existing environments. A threat intelligence platform (TIP) is a key requisite for this level of maturity. A TIP is a force multiplier that can help organizations overcome the labor-intensive process of threat analysis that often exceeds the capacity of enterprise organizations. A TIP can handle many of the tasks described above automatically and allow a security analyst to perform many of the sophisticated duties normally reserved for specialist threat analysts. With a TIP, workflows are automated and multiple kinds of TI from a multitude of sources can be processed automatically. TI can be quickly visualized (both by security teams, the organization as a whole, and wider communities) and pivoted to provide a richer picture of threat actors so that action can be taken. A TIP also drives smarter practices back into your SIEM, intrusion detection, and other security tools thanks to the finely curated, relevant and widely-sourced TI that the TIP produces. TYPICAL TEAM: Typical teams include the SOC and incident response teams with a security director at the helm; sometimes a dedicated threat intelligence analyst may be involved. Network operations and IT staff are also involved. Hybrid options also exist in which internal teams handle Level 0 and 1 threat intelligence, while more sophisticated requirements are outsourced. RISKS AND EXPOSURES: While some workflows are in place at this stage, there s room for improvement. A fully-featured TIP works best when it integrates information from multiple upstream resources and transforms it for use by downstream tools (forensics tools, IDS, reputation feeds, SIEM watch lists, etc.). This can all be achieved automatically without user involvement and makes it easier to generate reports or data feeds to enhance workflow. Further collaboration with communities is also needed to share intelligence and integrate and ingest TI data in machine-readable formats. Finally, there is an opportunity to move beyond just the tactical use of threat intelligence and utilize it strategically to inform high-level business considerations such as the financial costs of mitigating attacks and brand management. Maturity Level 4: Well-Defined Threat Intelligence Program At the top of the threat intelligence maturity model, these organizations have implemented a stable TI program with defined, formalized processes and workflows that produce actionable intelligence and ensure an appropriate response. They are also collaborating effectively and even leading a threat intelligence community an enhanced ability that is a key feature of a mature TI program. This level of community participation can t be achieved without a sophisticated threat intelligence platform. Powerful TIPs enable these communities to create tools and applications that can be
6 used to continue to change the game for security professionals. In this model, analysts and developers freely share applications with one another, choose and modify applications, and accelerate solution development through plug-and-play activities. Furthermore, the organization at this level is both operationally and strategically aligned and uses TI to make C-level business decisions. At this stage, the CISO/security director is using TI to make network and security architecture changes and optimizing security teams that will limit the ability of adversaries to successfully leverage intrusion tactics, techniques, and procedures. BENEFITS OF A MATURE THREAT INTELLIGENCE PRACTICE Perceptions documented in a recent study of 692 IT and IT security practitioners. [2] 48% 75% 60% 22% 21% Fosters collaboration among peers and industry groups. Improves the security posture of an organization. Improves situational awareness. Reduces the cost of detecting and preventing attacks. Makes threat data more actionable. The CISO is also reporting on return on investment to prove the effectiveness of the TI program and inform board-level strategic decision making. Finally, operations playbooks are being built based on TI to ensure a systematic approach for achieving and maintaining a world-class threat intelligence program. HITTING THREAT INTELLIGENCE MILESTONES As the TIMM shows, achieving an intelligence-driven approach requires people, process, and technology. The human aspect of threat intelligence programs is the most important factor. The investment doesn t have to be huge, and it s important to realize that the most useful sources of threat intelligence are not necessarily the most expensive. Many organizations can start today using existing personnel to improve data gathering and collation. Over time a case can be made to business stakeholders to add an element of automation that would reduce manual processes. Finally, a truly team-driven approach that aligns security strategy with business strategy and the sharing of attack indicators with wider communities becomes possible. The problem is getting there. That is where ThreatConnect, the most widely adopted and comprehensive threat intelligence platform available, can help. ThreatConnect brings together trusted communities, process excellence, and the Diamond Model for Intrusion Analysis to provide complete threat intelligence. Unlike piecemeal solutions that often only support Level 0 and 1 of the TIMM, ThreatConnect helps grow your program across the lifecycle of the maturity model, at your own pace. With ThreatConnect, security analysts can simultaneously coordinate with incident response, security operations, and risk management teams while aggregating data from trusted communities - whether they be private communities comprised of supply chain partners or any number of ISACs and ISAOs. With ThreatConnect, your team will be better equipped to protect the organization from modern cyber threats, mitigate risk, and address strategic business needs all through a single, robust platform. Mature users can also start building apps, and if approved, share them with the ThreatConnect Exchange, thus bringing collaboration to a new level. TC Exchange allows users to join or create their own communities. Users can also access open source and premium feeds to enhance intelligence gathering. Within TC Exchange, users can build, host, and share secure, customized applications that enable better intelligence gathering, analysis, and sharing.
7 Maturity Level 4: Well Defined Threat Intelligence Program Mature TI Team & Processes Actively Participates in Communities and May Lead a Community Produce and Utilize Tactical and Strategic Threat Intelligence Maturity Level 3: Threat Intelligence Program in Place Some TI Processes & Workflows Produce Tactical and Strategic TI Share TI with Partners, Vendors, Customers and Communities Maturity Level 2: Expanding Threat Intelligence Capabilities Produce Some Operational TI Consume Threat Data and TI Want to Participate in communities Maturity Level 1: Warming up to Threat Intelligence Aggregate Threat Data for Alerting and Blocking Maturity Level 0: Unclear Where to Start But don t just take our prosaic word for it. The figure above brings it all together. We ve defined the key maturity milestones of a threat intelligence program, how and when your organization can achieve them, and how ThreatConnect can help. Whether you are getting started or are a mature enterprise organization in need of a cloud-based or on-premises TIP, ThreatConnect is available in a variety of deployment editions to suit your requirements, local data security regulations, and your team s preferred operational methodology. CONNECT WITH US Interested in learning more about how ThreatConnect can help unite your security team and protect your enterprise? Further Reading \\ Technology Overview for Threat Intelligence Platforms (Gartner) \\ The Five Characteristics of an Intelligence-Driven Security Operations Center (Gartner) \\ What s in a Platform? This blog examines how a true threat intelligence platform lets analysts innovate while spending more time on analysis, helps raise the water of threat intelligence for partners, and better serves the needs of directors and the c-suite. TOLL FREE: LOCAL: FAX: ThreatConnect, Inc Wilson Blvd., Suite 550 Arlington, VA Footnotes: [1] Definition: Threat Intelligence. Rob McMillan, Gartner, May definition-threat-intelligence
Maturing a Threat Intelligence Program WHITE PAPER
WHITE PAPER Maturing a Threat Intelligence Program Discover the state of your current threat intelligence program and uncover a roadmap to getting ahead of today s threats. www.threatconnect.com The threat
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationSIEM + Threat Intelligence:
WHITE PAPER SIEM + Threat Intelligence: Quickly Identify the Threats that Matter to You Table of Contents Introduction... 4 All About the SIEM... 5 The Benefits of Integrating Threat Intelligence into
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationTriage & Collaboration. Improving a major bank s cyber threat security posture
CASE STUDY Triage & Collaboration. Improving a major bank s cyber threat security posture Industry: Banking Customer: Global financial institution with over EUR 500 billion in assets EclecticIQ. Intelligence
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationUSING THE SIEM TO BRING THREAT INTELLIGENCE INTO YOUR SOC AND IR TEAMS
WHITE PAPER USING THE SIEM TO BRING THREAT INTELLIGENCE INTO YOUR SOC AND IR TEAMS What Ms. Pac-Man Can Teach Us About Pairing Your SIEM with a TIP to Battle Persistent Threats EXECUTIVE SUMMARY: HOW TO
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationFrom Reactive to Proactive: How to Avoid Alert Fatigue
From Reactive to Proactive: How to Avoid Alert Fatigue Take decisive action on the threats that are most critical and relevant to your organization. Alert fatigue. As cybersecurity teams and technologies
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationThe Resilient Incident Response Platform
The Resilient Incident Response Platform Accelerate Your Response with the Industry s Most Advanced, Battle-Tested Platform for Incident Response Orchestration The Resilient Incident Response Platform
More informationC T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified
EC-Council C T Certified I A Threat Intelligence Analyst CERTIFIED THREAT INTELLIGENCE ANALYST PROGRAM BROCHURE 1 Predictive Capabilities for Proactive Defense! Cyber threat incidents have taken a drastic
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationOUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER
OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE
More informationPopular SIEM vs aisiem
Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationResolving Security s Biggest Productivity Killer
cybereason Resolving Security s Biggest Productivity Killer How Automated Detection Reduces Alert Fatigue and Cuts Response Time 2016 Cybereason. All rights reserved. 1 In today s security environment,
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationAutomated Response in Cyber Security SOC with Actionable Threat Intelligence
Automated Response in Cyber Security SOC with Actionable Threat Intelligence while its biggest weakness is lack of visibility: SOCs still can t detect previously unknown threats, which is a consistent
More informationManaged Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts
Managed Enterprise Phishing Protection Comprehensive protection delivered 24/7 by anti-phishing experts MANAGED ENTERPRISE PHISHING PROTECTION 24/7 expert protection against phishing attacks that get past
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationMATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services
MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services THE NEED FOR MATURE CYBER DEFENSE CAPABILITIES The average annual cost of cyber crime reached $11.7 million per organization
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationHow to Write an MSSP RFP. White Paper
How to Write an MSSP RFP White Paper Tables of Contents Introduction 3 Benefits Major Items of On-Premise to Consider SIEM Before Solutions Security Writing an RFP and Privacy 45 Benefits Building an of
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationwhitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk
whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk Assure the board your company won t be the next data breach Introduction A solid vulnerability management program is critical
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationWHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter
WHITEPAPER Enterprise Cyber Risk Management Protecting IT Assets that Matter Contents Protecting IT Assets That Matter... 3 Today s Cyber Security and Risk Management: Isolated, Fragmented and Broken...4
More informationTHREAT HUNTING REPORT
2018 THREAT HUNTING REPORT TABLE OF CONTENTS INTRODUCTION KEY SURVEY FINDINGS THREAT HUNTING METHODOLOGY & DEMOGRAPHICS SPONSORS OVERVIEW CONTACT US 3 4 5 30 31 33 THREAT HUNTING 2018 REPORT INTRODUCTION
More informationTHE ACCENTURE CYBER DEFENSE SOLUTION
THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationempow s Security Platform The SIEM that Gives SIEM a Good Name
empow s Security Platform The SIEM that Gives SIEM a Good Name Donnelley Financial Solutions empow s platform is unique in the security arena it makes all the tools in our arsenal work optimally and in
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationBuilding a Threat Intelligence Program
WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351
More informationTRUE SECURITY-AS-A-SERVICE
TRUE SECURITY-AS-A-SERVICE To effectively defend against today s cybercriminals, organizations must look at ways to expand their ability to secure and maintain compliance across their evolving IT infrastructure.
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationTHREAT HUNTING REPORT
2018 THREAT HUNTING REPORT INTRODUCTION Organizations are experiencing new and evolving cyberthreats that are increasing in both sophistication and frequency, often overwhelming Security Operation Center
More informationPreparing your network for the next wave of innovation
Preparing your network for the next wave of innovation The future is exciting. Ready? 2 Executive brief For modern businesses, every day brings fresh challenges and opportunities. You must be able to adapt
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationCYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE
CYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE Richard Kerkdijk December 7th 2017 A WORD ABOUT TNO Dutch innovation and advisory body, founded by law in 1932 and currently comprising some 2800
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More information8 Must Have. Features for Risk-Based Vulnerability Management and More
8 Must Have Features for Risk-Based Vulnerability Management and More Introduction Historically, vulnerability management (VM) has been defined as the practice of identifying security vulnerabilities in
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationReadiness, Response & Resilence:
Readiness, Response & Resilence: building out advance security operations Husam Al Saraf Solutions Principal Lead Turkey, Africa & Middle East #RSAemeaSummit 1 Traditional Security Operations Top Gaps
More informationRSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1
RSA Advanced Security Operations Richard Nichols, Director EMEA 1 What is the problem we need to solve? 2 Attackers Are Outpacing Defenders..and the Gap is Widening Attacker Capabilities The defender-detection
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationPaper. Delivering Strong Security in a Hyperconverged Data Center Environment
Paper Delivering Strong Security in a Hyperconverged Data Center Environment Introduction A new trend is emerging in data center technology that could dramatically change the way enterprises manage and
More informationAchieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER
Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER Table of Contents The Digital Transformation 3 Four Must-Haves for a Modern Virtualization Platform 3
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationINTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.
2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of
More informationTHREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION
SESSION ID: AIR-W12 THREAT INTEL AND CONTENT CURATION: ORGANIZING THE PATH TO SUCCESSFUL DETECTION Justin Monti CTO MKACyber Mischel Kwon CEO MKACyber @MKACyber What is Cyber Threat Intelligence Data collected,
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationCYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting
CYBER THREAT INTEL: A STATE OF MIND Internal Audit, Risk, Business & Technology Consulting WHO ARE WE? Randy Armknecht, CISSP, EnCE Protiviti Director - IT Consulting randy.armknecht@protiviti.com Albin
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationClearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds
Clearing the Path to Micro-Segmentation A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds Clearing the Path to Micro-Segmentation 1 More Clouds in the Forecast The migration of vast
More information21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation
21ST century enterprise HCL Technologies Presents Roadmap for Data Center Transformation june 2016 21st Century Impact on Data Centers The rising wave of digitalization has changed the way IT impacts business.
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationPredictive Insight, Automation and Expertise Drive Added Value for Managed Services
Sponsored by: Cisco Services Author: Leslie Rosenberg December 2017 Predictive Insight, Automation and Expertise Drive Added Value for Managed Services IDC OPINION Competitive business leaders are challenging
More informationCylance Axiom Alliances Program
Alliances Program Cylance Axiom Alliances Program Program Overview The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first
More informationभ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)
Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative
More informationHow to Underpin Security Transformation With Complete Visibility of Your Attack Surface
How to Underpin Security Transformation With Complete Visibility of Your Attack Surface YOU CAN T SECURE WHAT YOU CAN T SEE There are many reasons why you may be considering or engaged in a security transformation
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More information