Cyber Threat Intelligence Debbie Janeczek May 24, 2017

Similar documents
Adversary Playbooks. An Approach to Disrupting Malicious Actors and Activity

CYBERSECURITY MATURITY ASSESSMENT

Cyber Threat Intelligence Standards - A high-level overview

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA NetWitness Suite Respond in Minutes, Not Months

CYBER SOLUTIONS & THREAT INTELLIGENCE

Are we breached? Deloitte's Cyber Threat Hunting

Beyond Firewalls: The Future Of Network Security

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

THE ACCENTURE CYBER DEFENSE SOLUTION

RiskSense Attack Surface Validation for IoT Systems

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

RSA Cybersecurity Poverty Index

4/13/2018. Certified Analyst Program Infosheet

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

RSA INCIDENT RESPONSE SERVICES

Cyber Resilience. Think18. Felicity March IBM Corporation

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

NCSF Foundation Certification

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

RSA INCIDENT RESPONSE SERVICES

ENDPOINT SECURITY AND THE CLOUD: HOW TO APPLY PREDICTIVE ANALYTICS AND BIG DATA

Cyber Security Maturity Model

Security-as-a-Service: The Future of Security Management

Secure the value chain. Risk management in the omnichannel consumer and retail environment

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

The New Era of Cognitive Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Testing for cyber resilience tools & techniques for adversary simulation and improved defense

with Advanced Protection

Qualys Indication of Compromise

QUICK WINS: Why You Must Get Defensive About Application Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Threat Intelligence: Integrating the Intelligence Cycle. Elias Fox and Michael Norkus, Cyber Threat Intelligence Analysts January 2017

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

align security instill confidence

Cyber Security Stress Test SUMMARY REPORT

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

SHARE Session Protecting Critical Data on a z/os Mainframe: A New Attitude

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

THE EVOLUTION OF SIEM

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Adaptive & Unified Approach to Risk Management and Compliance via CCF

Overview of the. Computer Security Incident Response Plan. Process Resource Center

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

CYBER RESILIENCE & INCIDENT RESPONSE

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Current skills gap for capable CTI analysts: Training for forensics & analysis

Protecting your next investment: The importance of cybersecurity due diligence

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

Building Resilience in a Digital Enterprise

Resolving Security s Biggest Productivity Killer

Building an informed community New cyber threat landscape makes sharing intelligence imperative

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

CONTROLLING YOUR OWN BATTLESPACE. From Threat Response Teams To Threat Intelligence Teams

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Copyright 2016 EMC Corporation. All rights reserved.

USING THE SIEM TO BRING THREAT INTELLIGENCE INTO YOUR SOC AND IR TEAMS

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Bad Intelligence: Or how I learned to stop buying and love the basics

Incident Response Services

ENISA EU Threat Landscape

Cyber Threat Intelligence Sharing Standards

Building a Threat-Based Cyber Team

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cybersecurity Auditing in an Unsecure World

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

Department of Management Services REQUEST FOR INFORMATION

Ahead of the next curve

How enterprises can use cyber threat information effectively? Shimon Modi,

Operationalizing the Three Principles of Advanced Threat Detection

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Transcription:

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

AGENDA Today s Cybersecurity Challenges What is Threat Intelligence? Data, Information, Intelligence Strategic, Operational and Tactical Threat Intelligence Intelligence Lifecycle Importance of Defined Requirements Information Sharing

TODAY S CYBERSECURITY CHALLENGES Vastly expanding attack surface area Mobile, cloud, virtualization, global business operations Large protection investments and no good prioritization filter Who, why, when, how? Operational chaos too many alarms, not enough people, poor prioritization Legacy security tools that rely on past events/signatures Vs extremely agile adversaries Severe breaches continue

GLOBAL CYBER THREAT LANDSCAPE Active & Global Transcends Geographies and Sectors Multiple Motivations Cyber Crime, Espionage, Hacktivism, Destruction, etc Low Entry Barriers Actors use what works; not necessarily sophisticated methods Open marketplace providing capabilities Structured & Vibrant Ecosystem providing better tools, infrastructure, sharing ideas and methods, pooling resources

THREAT INTELLIGENCE You keep using (that term), I do not think it means what you think it means

WHAT IS THREAT INTELLIGENCE? Information that can aid decisions, with the aim of preventing an attack or decreasing the time taken to discover an attack Intelligence can also be information that, instead of aiding specific decisions, helps to illuminate the risk landscape Most organizations do not have enough information about threats they receive or their security posture in order to properly defend themselves Idea is to provide the ability to recognize and act upon indicators of attack and compromise scenarios in a timely manner Set of data collected, assessed and applied regarding security threats, threat actors, exploits, malware, vulnerabilities, and compromise indicators

Source: Joint Publication 2-0

LEVELS OF INTELLIGENCE Strategic questions What keeps the C-suite up at night? What has the possibility to threaten our global business interests and impact our customers? Who will target your organization? Operational questions How do we shape our defenses and responses? What are the Tactics, Techniques and Procedures (Campaign) of the threat actor? Tactical questions Which one of these 100 events should I examine first? What are attributable IOCs of the attack? These questions are divided into answerable parts What is the pattern of who is attacked by the threat actor? How does a campaign unfold, step by step Intelligence Requirements and Priority Intelligence Requirements Drives the collection management plan Identifies intelligence gaps Create the needs statement & business case for new security services or products

INTELLIGENCE LIFECYCLE The Intelligence Lifecycle is the underlying backbone of the CTI program driving requirements, collection efforts, and development of intelligence products Dissemination Analysis and Production Processing and Exploitation Planning and Direction Collection

INTELLIGENCE REQUIREMENTS Intelligence Requirements (IR s) are long-term, broadly defined categories that collectively set the scope of the team s efforts and responsibilities Persist for several years If a request does not pertain to an existing IR, then it is outside the team s scope Priority Intelligence Requirements (PIR S) will be more specific requests reviewed every six months and they will revolve around a particular topic The development of IR s and PIR s will enable the CTI team to manage vendor feeds to ensure collection of relevant intelligence

INFORMATION SHARING EXAMPLE

WHY THREAT INTELLIGENCE? Good intelligence allows decision makers to act more boldly The decision maker s time is valuable Match his priorities command his attention Only deliver actionable information, no history lessons, no news reports The quality of the analysis is directly proportional to the quality of the question asked No software can replace the analyst Intelligence is an art, not a science Less is more Everyone & everything is a potential information source Disperse the team, embed the resources, build a network across the silos Any system that does not sustain itself is not a system New does not mean better; Old does not mean better Intelligence can be Cheap-Fast Accurate Pick any two The buck stops with me; the team gets the credit

Thank You Questions? Contact Information: Debbie Janeczek DeborahJaneczek@aexpcom T: 602-766-3930

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback