SlideShare ist ein Scribd-Unternehmen logo

CrowdCast Monthly: Operationalizing Intelligence

CrowdStrike
CrowdStrike

In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors. While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy? View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure. Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.

TechnologieBusiness
1 von 24
Downloaden Sie, um offline zu lesen
OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A
CrowdCast Monthly: Operationalizing Intelligence

Empfohlen

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesJorge Orchilles
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 

Empfohlen

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesJorge Orchilles
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...Adam Pennington
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixJorge Orchilles
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP CourseMasoud Ostad
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-templatejbmills1634
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 

Weitere ähnliche Inhalte

Was ist angesagt?

SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixJorge Orchilles
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...MITRE ATT&CK
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-templatejbmills1634
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterMITRE ATT&CK
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 

Was ist angesagt? (20)

SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
 
CSSLP Course
CSSLP CourseCSSLP Course
CSSLP Course
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...It's just a jump to the left (of boom): Prioritizing detection implementation...
It's just a jump to the left (of boom): Prioritizing detection implementation...
 
The need for security
The need for securityThe need for security
The need for security
 
It security-plan-template
It security-plan-templateIt security-plan-template
It security-plan-template
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 

Andere mochten auch

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaCrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyCrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGSCrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperCrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.CrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明CODE BLUE
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015SLBdiensten
 
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Androidtsnua
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesKaspersky
 

Andere mochten auch (20)

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Venom
Venom Venom
Venom
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015
 
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 

Ähnlich wie CrowdCast Monthly: Operationalizing Intelligence

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsThreatConnect
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio RosaTI Safe
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsTripwire
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUMohit Rampal
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptxSolarwinds N-able
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Mark Skilton
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data AnalyticsSymantec
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industryNumaan Huq
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Lean US Market Entry
Lean US Market EntryLean US Market Entry
Lean US Market EntryWinston Choe
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? Jakub Kałużny
 
Learn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stackLearn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stackAlex Ortiz
 

Ähnlich wie CrowdCast Monthly: Operationalizing Intelligence (20)

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
 
Hacker House August Proposal
Hacker House August ProposalHacker House August Proposal
Hacker House August Proposal
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data Analytics
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Lean US Market Entry
Lean US Market EntryLean US Market Entry
Lean US Market Entry
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ?
 
Learn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stackLearn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stack
 

Mehr von CrowdStrike

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperCrowdStrike
 

Mehr von CrowdStrike (7)

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 

Kürzlich hochgeladen

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 

Kürzlich hochgeladen (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 

CrowdCast Monthly: Operationalizing Intelligence

  • 1. OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
  • 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
  • 3. 2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
  • 4. 2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
  • 5. RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
  • 6. 2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
  • 7. How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
  • 8. 2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 9. 2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 10. INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
  • 11. 2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 12. 2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
  • 13. Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 14. Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
  • 15. 2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
  • 16. 2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
  • 17. TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
  • 18. 2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
  • 19. 2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
  • 20. INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
  • 21. 2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
  • 22. 2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
  • 23. For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A