Cloud-Enabled: The Future of Endpoint Security
Die SlideShare-Präsentation wird heruntergeladen.
×
![2014 CrowdStrike, Inc. All rights reserved. 22
@CROWDSTRIKE | #CROWDCASTS
DEMOS [ ]DATA VISUALIZATION
PACKET CAPTURE
LOG A...](https://image.slidesharecdn.com/crowdcastmonthlyoperationalizingintelligence-140430143751-phpapp02/75/crowdcast-monthly-operationalizing-intelligence-22-2048.jpg?cb=1668238297)
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Andere mochten auch (19)
Ähnlich wie CrowdCast Monthly: Operationalizing Intelligence (20)
Aktuellste (20)
CrowdCast Monthly: Operationalizing Intelligence
- 1. OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
- 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
- 3. 2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
- 4. 2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
- 5. RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
- 6. 2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
- 7. How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
- 8. 2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
- 9. 2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
- 10. INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
- 11. 2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
- 12. 2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
- 13. Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
- 14. Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
- 15. 2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
- 16. 2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
- 17. TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
- 18. 2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
- 19. 2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
- 20. INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
- 21. 2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
- 22. 2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
- 23. For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A
