Cyber Threat Intelligence: Integrating the Intelligence Cycle. Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017

Similar documents
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Cyber Threat Intelligence Standards - A high-level overview

4/13/2018. Certified Analyst Program Infosheet

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Readiness, Response & Resilence:

Threat Based Defence Alonso Jose da Silva II. GRC & Cyber Security Conference - Bringing the Silos

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

CTI Capability Maturity Model Marco Lourenco

RSA NetWitness Suite Respond in Minutes, Not Months

Strategic Security Analyst

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

RiskSense Attack Surface Validation for IoT Systems

empow s Security Platform The SIEM that Gives SIEM a Good Name

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

CYBER THREAT INTEL: A STATE OF MIND. Internal Audit, Risk, Business & Technology Consulting

An All-Source Approach to Threat Intelligence Using Recorded Future

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

CYBER THREAT INTELLIGENCE TOWARDS A MATURE CTI PRACTICE

The GenCyber Program. By Chris Ralph

The Kill Chain for the Advanced Persistent Threat

The New Era of Cognitive Security

Department of Management Services REQUEST FOR INFORMATION

How enterprises can use cyber threat information effectively? Shimon Modi,

Space Cyber: An Aerospace Perspective

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Forecast to Industry 2016

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The Evolution of : Continuous Advanced Threat Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CYBERSECURITY MATURITY ASSESSMENT

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Industry role moving forward

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

BUILDING AND MAINTAINING SOC

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

White Paper. View cyber and mission-critical data in one dashboard

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Plant Security Services Protecting productivity in the digital era October

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

COMPUTER SCIENCE INTERNET SCIENCE AND TECHOLOGY HUMAN MEDIA INTERACTION BUSINESS INFORMATION TECHNOLOGY

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Sharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data

Traditional Security Solutions Have Reached Their Limit

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Advancing Cyber Intelligence Practices Through the SEI s Consortium

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Resilient Smart Grids

Achieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)

Cloud and Cyber Security Expo 2019

RSA INCIDENT RESPONSE SERVICES

Toward All-Hazards Security and Resilience for the Power Grid

Automated Threat Management - in Real Time. Vectra Networks

ICS Security Innovation Asia Pacific ICS Security Summit. Singapore 2013

RSA INCIDENT RESPONSE SERVICES

Rethinking Cybersecurity from the Inside Out

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Industrial Control Threat Intelligence

THE EVOLUTION OF SIEM

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Beyond Firewalls: The Future Of Network Security

Cybersecurity. Securely enabling transformation and change

Comprehensive datacenter protection

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

with Advanced Protection

Cyber Security CRA Overview

RSA ADVANCED SOC SERVICES

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Building a Resilient Security Posture for Effective Breach Prevention

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

esendpoint Next-gen endpoint threat detection and response

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Arbor White Paper Keeping the Lights On

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Sustainable Security Operations

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Defending Our Digital Density.

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Transcription:

Cyber Threat Intelligence: Integrating the Intelligence Cycle Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017

CLASSIFICATION MARKS The Global Domain Network Domain The internet offers global connectivity to all the good things contained therein and to all the bad things, as well. CLASSIFICATION MARKS 2

Situational Awareness Risk and opportunity management is a core function of every organization. Situational awareness is key to improved business decisions. 3

CLASSIFICATION MARKS The Value of Cyber Threat Intelligence Proper CTI should extend our vision and allow us to take steps that normally we would not. CLASSIFICATION MARKS 4

Noblis Definition and Vision CLASSIFICATION MARKS Requirements-Driven Methodology Traditional and Non-Traditional Intelligence Techniques Holistic Cyber Threat Picture Tactical Operational Strategic Proactively Diminish Threats Technical Expertise Analytic Tradecraft Timely Accurate Our vision incorporates network defense data and all-source intelligence to provide a holistic cyber threat picture. CLASSIFICATION MARKS 5

CLASSIFICATION MARKS The Three Levels of Threat Intelligence STRATEGIC LONG-TERM TRENDS OPERATIONAL SHORT-TERM TRENDS TACTICAL TIMEFRAME IMMEDIATE tactics are concerned with doing the job right, and higher levels of strategy are concerned with doing the right job. (Drew and Snow, 2006) CLASSIFICATION MARKS 6

Cyber Threat Intelligence: A Holistic Picture Tactical Operational Strategic Reactive Focused on Today/Tomorrow Feeds and IoCs Focused on Next Week/Month Adversary TTP Focused on Years Ahead Planning and Risk 7

Man in the Middle DDoS Proactive Defense Measures! Risk Mitigation: Social Engineering What do we have that they want? How do we protect our data? 8

Incorporating the Traditional Intelligence Cycle Monitoring and Response Requirements and Planning Dissemination Collection Analysis and Production Processing and Exploitation Incorporating the traditional Intelligence Cycle into analysts workflow will expand the precision with which we can identify, defend against, and prevent cyber threats. 9

NETFLOW Industrial Attacks 10

Monitoring and Response Integration Integrating CTI, network operations and security, and business operations enables more effective decisions to balance risk, response, and allocation of resources. 11

12

IdealWorks: Risk Assessment 13

Incorporating the Traditional Intelligence Cycle Monitoring and Response Requirements and Planning Dissemination Collection Analysis and Production Processing and Exploitation Incorporating the Intelligence Cycle into analysts workflow allows the company to proactively identify threats and intelligence gaps. 14

TTP Military Modernization Economic Opportunity Job Applications Job Applications Market Access Agreements Military Modernization Industrial Attacks Market Access Agreements TTP Leaps in R&D Leaps in R&D Economic Opportunity Gaps Industrial Attacks NETFLOW Traffic NETFLOW Traffic 15

Incorporating the Traditional Intelligence Cycle Monitoring and Response Requirements and Planning Dissemination Collection Analysis and Production Processing and Exploitation Incorporating the Intelligence Cycle into analysts workflow allows the company to proactively identify threats and intelligence gaps. 16

Monitoring and Response Integration A Monitoring and Response framework links the organization s intelligence support with its network operations division and drives information flow. 17

Cyber Threat Intelligence: A Holistic Picture Tactical Operational Strategic Reactive Proactive Focused on Today/Tomorrow Feeds and IoCs Focused on Next Week/Month Adversary TTP Focused on Years Ahead Planning and Risk 18

Benefits of Integrating People and Tools 19

CLASSIFICATION MARKS Knowledge, Skills, and Abilities: Integrating People Cyber Threat Intelligence Analyst (Foundational Skills) CND Analyst (Technical Track) Open Source Analyst (Analytical Track) Just as people and tools are behind these threats, people and tools are required to resolve these threats automation and machine learning provide only half of the solution. CLASSIFICATION MARKS 20

CLASSIFICATION MARKS Knowledge, Skills, and Abilities: Integrating People Open Source Analyst Cyber Threat Intelligence Analyst (Analytical Track) (Foundational Skills) Cyber Threat Intelligence Analyst CND Analyst (Foundational Open Skills) Source Analyst (Technical Track) (Analytical Track) Just as people and tools are behind these threats, people and tools are required to resolve these threats automation and machine learning provide only half of the solution. CLASSIFICATION MARKS 21

Now remember, Proactive Man says: 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback