Is the time right for your organization to purchase a threat intelligence platform?
These slides--based on the webinar featuring leading IT analyst firm EMA and IntSights--provides research-based insights to help you determine whether or not digital threat intelligence management is right for your organization.
You will also get key insights into new research, including the methodology behind platform evaluation and an overview of key players in the market.
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
1. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Using Digital Threat Intelligence Management to Combat Threats:
Understanding the Ins and Outs of DTIM Platforms
David Monahan
Managing Research Director,
Security and Risk Management
Enterprise Management Associates
Alon Arvatz
CPO and Co-founder
IntSights
3. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Today’s Speakers
Alon Arvatz, CPO and Co-founder, IntSights
George S. Patton said “If everyone is thinking alike, then somebody isn’t thinking.” Alon
thinks, but not like most of us. And it’s this quality that has given him vast experience and
knowledge in the world of cyberthreat intelligence, and why he has succeeded in working
in the most advanced environments in the world. After serving in an elite intelligence unit
in the Israel Defense Forces, Alon joined Guy Nizan to establish Cyber School, a center
providing teenagers with courses, seminars and summer camp workshops on cyber
intelligence.
David Monahan, Managing Research Director, Security and Risk Management, EMA
David is a senior information security executive with several years of experience. He has
organized and managed both physical and information security programs, including security
and network operations (SOCs and NOCs) for organizations ranging from Fortune 100
companies to local government and small public and private companies. He has diverse audit
and compliance and risk and privacy experience such as providing strategic and tactical
leadership to develop, architect, and deploy assurance controls; delivering process and policy
documentation and training; and working on educational and technical solutions.
4. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Logistics for Today’s Webinar
An archived version of the event recording will be
available at www.enterprisemanagement.com
• Log questions in the chat panel located on the lower
left-hand corner of your screen
• Questions will be addressed during the Q&A session
of the event
QUESTIONS
EVENT RECORDING
A PDF of the speaker slides will be distributed
to all attendees
PDF SLIDES
5. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Using Digital Threat Intelligence Management to Combat Threats:
Understanding the Ins and Outs of DTIM Platforms
David Monahan
Managing Research Director,
Security and Risk Management
Enterprise Management Associates
25. TIP EVALUATION CHEAT-SHEET
AUTOMATED
REMEDIATION
THREAT RESEARCH &
ANALYSIS
IOC ENRICHMENT &
MANAGEMENT
(THREAT INTEL PLATFORM)
TAILORED INTELLIGENCE &
THREAT VISIBILITY
• Trends
• Research & Investigation
• Link Analysis
• IOCs aggregation & management
• IOCs investigation
• Intelligence Sharing
• Network & endpoint security integration
• External threat takedown
• Active Directory remediation
• Exploitable data
• Dark web
• Brand security
• Data leakage
• Phishing
• Attack indication
26. 1. Threat Intel Data Collection & Brand/Asset Monitoring
Type Description of Requirement
Phishing
Detection of newly registered domains and sub-domains based on company assets: --
Common additions, Common permutations
Discovery of active phishing pages utilizing company name/graphic language
Image processing capabilities for detection of active phishing pages
"Piggybacking" of phishing site repositories
Data Leakage
Detection of leaked credentials based on company assets
Detection of confidential documents leaked online based on company assets and
watermarks
Detection of employee's private data leaked online (Doxing)
Detection of references to secret projects based on company assets
Detection of leaked software code and IP
Vulnerabilities
Reporting of newly disclosed vulnerabilities based on company assets
Active scanning of vulnerabilities on provided assets
Detection of exposed internal pages
Detection of open-ports on company's servers
Problem in SSL certificate/its installation
Unsecure FTP connections
Detection of publicly disclosed SQL/XSS vulnerabilities found on company's assets
Detection of unencrypted login pages
Detection of old and/or unmaintained pages
27. 1. Threat Intel Data Collection & Brand/Asset Monitoring
Attack Indications
Reporting of intention to target the company or industry
Reporting of major hacktivist campaigns
Reporting of illegal trade in the company's products online
Reporting of counterfeit activity re: company brands
Reporting of employee emails found on spam lists
Reporting of blacklisted IP addresses, based on CIDRs/ IP provided by the
company
Indications of activist initiatives against the company
Reporting of RDPs sold on the black market based on the CIDRs/IP provided
by the company
Reporting of malware samples targeting company based on company assets
Detection of machines infected with malware
Reporting of indications of insider activity within the company or industry
Executive monitoring
Alert on specific intentions to target VIPs based on a list provided by the
company
Alert on fake profiles utilizing the name/image of a VIP
Alert on VIP credentials leaked online
Brand Security
Fake profiles utilizing the company's name and/or graphic language for
fraudulent purposes
Fake profiles that impersonate company employees
Fake applications that resemble the company's' and/or utilize the company's
name/graphic language: mobile & desktop;
Malicious applications that resemble the company's and/or utilize the
company's name/graphic language
Defacement detection
28. 1. Threat Intel Data Collection & Brand/Asset Monitoring
Sources
Cyber-crime forums
Mobile messaging apps
IRC chat rooms
Application stores
Paste sites
Dev repositories
IP blacklists
Search engines - Google, Bing, etc.
Document sharing sites
Data leakage sites and repositories
Passive DNS
WHOIS servers
Bug-bounty sites
Phishing reporting sites
Social media sites
Data dumps shared via P2P
Insider-trading sources
E-commerce platforms
Black markets
Access to attached list of forums, black markets, and other deep web sources
Automated collection of new sources: "deep crawling", monitoring of new sites
added to the site indexes
29. 2. Threat Intelligence Management & Research Capabilities
Type Description of Requirement
Threat Knowledge Base
"Threat encyclopedia" comprised of terms which describe the following types of threats:
Malware
Campaign
Threat Actor profiles
TTP's
IOCs per threat
Monitoring of APT-related activity
Trends and Analysis
The system can generate general cyber intelligence reports concerning trends and
developments in the cyber-threat landscape
Trend detection and monitoring
Built-in search engine for data scraped off forums and other deep/dark web sources
The system can generate industry-specific intelligence reports concerning trends and
developments in the cyber-threat landscape
Option for Ad-hoc reports, researches and papers upon request on different topics (Top used
TTPs by specific threat actors, etc.)
Malware and Malicious infrastructure
Automated malware analysis
Reverse engineering capability upon request
APT
Detection and long term monitoring of APT campaigns
APT threat actor monitoring
Access to forums where APT-affiliated TAs participate
Indicators of Compromise
Customized IOC generation
IOC prioritization
General IOC feeds for known threats
Commercial feeds
30. Internal:
• Active Directory Credential Theft
• Social Media Credential Leakage
• Phishing Domain Monitoring & Blocking
Endpoint
FirewallSIEM
Web Proxies and Email Gateways
Orchestration
3. Security Integration & Automated Remediation
31. External:
• Malicious Mobile Application Takedown
• Malicious Domain Takedown
• Suspicious Social Media Page Takedown
• Paste Site Takedown
60+ Paste Sites Safe Browsing Programs
Internet Registrars Social Media
App Stores
3. Security Integration & Automated Remediation