SlideShare ist ein Scribd-Unternehmen logo

Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure

Als PPTX, PDF herunterladen
Puneet Kukreja
Puneet Kukreja
1 von 20
Copyright 2015 © Information Security Forum Limited 1ISF’s 26th Annual World Congress - Atlanta IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURE Speakers: Puneet Kukreja Partner, Cyber Advisory, Deloitte Chair: Nick Frost ISF
Demystifying Threat Intelligence -keeping it real ISF World Congress – 2015 Atlanta U.S.A.
Our Discussion 3 Threat landscape Defining threat intelligence Threat intelligence lifecycle Challenges of threat intelligence What we need What can I takeaway
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat Landscape The cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud. Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape Distributed Denial of Service (DDoS) Application Layer Attacks Brute Force Attacks Network Protocol Attacks Known Vulnerability Exploitation Zero Day Exploitation Phishing Rogue Update Attacks Watering Hole Attacks Types of Cyber Attacks
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence “There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON Defining threat intelligence? Source: Gartner Definition – Threat Intelligence Gartner STRATEGIC TACTICAL TECHNICAL OPERATIONAL TYPES OF THREAT INTELLIGENCE SOURCE: Centre for the Protection of National Infrastructure – UK Government
Defining threat intelligence? SOURCE: Centre for the Protection of National Infrastructure – UK Government
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it all about the Kill Chain? Threat intelligence lifecycle RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATIONINSTALLATION COMMAND & CONTROL ACTIONS ON OBJECTIVES THE KILL CHAIN 1 2 3 45 6 7
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it just not another control process? Threat intelligence lifecycle PLANNING DIRECTION COLLECTION PROCESSINGANALYSIS PRODUCTION DISSEMINATION 1 2 3 45 6 7
Standards supporting threat intelligence The Trusted Automated eXchange of Indicator Information (TAXII™) Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) Cyber Observable eXpression (CybOX™)
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/ STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Use Case (sharing threat information) Source: http://stixproject.github.io/getting-started/whitepaper/
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Challenges of threat intelligence Why do I ask that question? Attack Graphs Stakeholders Scenario Planning Integrated Architecture Business Case Threat Modelling Contextual Requirements Threat Actors Actionable Governance Threat Feeds
What we need Attributes to measure threat intelligence Accurate Relevant Aligned to Requirements Tailored Integrated Timely Predictive Actionable
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence What can I take away Improves visibility & reporting Integration is required across design, engineering and operations Begins with critical systems and asset inventory Do not overlook security operations process maturity Is only as good as your asset and threat profile classification Vendors are only as good as “your” use cases It’s no Silver Bullet
Thank you Puneet Kukreja | Partner | Cyber Advisory Deloitte Australia
Copyright 2015 © Information Security Forum Limited 19ISF’s 26th Annual World Congress - Atlanta QUESTIONS?
Copyright 2015 © Information Security Forum Limited 20ISF’s 26th Annual World Congress - Atlanta Please feel free to contact us for further discussion: Puneet Kukreja – Partner, Cyber Advisory, Deloitte pkukreja@deloitte.coma.au Nick Frost - ISF nick.frost@securityforum.org

Empfohlen

Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
Phil Agcaoili
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 

Empfohlen

Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
Phil Agcaoili
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
Osama Ellahi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber Intelligence
Tieu Luu
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
TiC
TiCTiC
TiC
Cory Kennedy
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
Roy Ramkrishna
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
OWASP Delhi
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
Mousselmal Tarik
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
EC-Council
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 

Weitere ähnliche Inhalte

Was ist angesagt?

Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 

Was ist angesagt? (20)

Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber Intelligence
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
TiC
TiCTiC
TiC
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
 

Andere mochten auch

Pivotal role of intelligence analysis in ILP
Pivotal role of intelligence analysis in ILPPivotal role of intelligence analysis in ILP
Pivotal role of intelligence analysis in ILP
dalened
 
Executive Communications
Executive CommunicationsExecutive Communications
Executive Communications
Pat Scherer
 
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
Intelligence Analysis & Cognitive Biases: an Illustrative Case StudyIntelligence Analysis & Cognitive Biases: an Illustrative Case Study
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
Pierre Memheld
 
Eidws 110 operations
Eidws 110 operationsEidws 110 operations
Eidws 110 operations
IT2Alcorn
 
Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communications
IT2Alcorn
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsec
IT2Alcorn
 
Eidws 112 intelligence
Eidws 112 intelligenceEidws 112 intelligence
Eidws 112 intelligence
IT2Alcorn
 

Andere mochten auch (20)

Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Pivotal role of intelligence analysis in ILP
Pivotal role of intelligence analysis in ILPPivotal role of intelligence analysis in ILP
Pivotal role of intelligence analysis in ILP
 
Information Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data AnalysisInformation Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data Analysis
 
Competitive intelligence-analysis-tools-for-economic-development
Competitive intelligence-analysis-tools-for-economic-developmentCompetitive intelligence-analysis-tools-for-economic-development
Competitive intelligence-analysis-tools-for-economic-development
 
Ontologijos, semantinis saitynas ir semantinė paieška
Ontologijos, semantinis saitynas ir semantinė paieškaOntologijos, semantinis saitynas ir semantinė paieška
Ontologijos, semantinis saitynas ir semantinė paieška
 
Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information?
 
Executive Communications
Executive CommunicationsExecutive Communications
Executive Communications
 
Data Fusion for Dealing with the Recommendation Problem
Data Fusion for Dealing with the Recommendation ProblemData Fusion for Dealing with the Recommendation Problem
Data Fusion for Dealing with the Recommendation Problem
 
2004 06 intelligence analysis seminar
2004 06 intelligence analysis seminar2004 06 intelligence analysis seminar
2004 06 intelligence analysis seminar
 
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
Intelligence Analysis & Cognitive Biases: an Illustrative Case StudyIntelligence Analysis & Cognitive Biases: an Illustrative Case Study
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
 
What can go wrong in executive communications
What can go wrong in executive communicationsWhat can go wrong in executive communications
What can go wrong in executive communications
 
Eidws 110 operations
Eidws 110 operationsEidws 110 operations
Eidws 110 operations
 
Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communications
 
Eidws 111 opsec
Eidws 111 opsecEidws 111 opsec
Eidws 111 opsec
 
Eidws 112 intelligence
Eidws 112 intelligenceEidws 112 intelligence
Eidws 112 intelligence
 
intelligence report format
intelligence report formatintelligence report format
intelligence report format
 

Ähnlich wie Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure

Developing a Rugged DevOps Approach to Cloud Security
Developing a Rugged DevOps Approach to Cloud SecurityDeveloping a Rugged DevOps Approach to Cloud Security
Developing a Rugged DevOps Approach to Cloud Security
TechWell
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
ijtsrd
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
ijtsrd
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
TopCyberNewsMAGAZINE
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 

Ähnlich wie Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure (20)

Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital Economy
 
Information Security Business Middle East 2011
Information Security Business Middle East 2011Information Security Business Middle East 2011
Information Security Business Middle East 2011
 
Developing a Rugged DevOps Approach to Cloud Security
Developing a Rugged DevOps Approach to Cloud SecurityDeveloping a Rugged DevOps Approach to Cloud Security
Developing a Rugged DevOps Approach to Cloud Security
 
How to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdfHow to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdf
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
Module 1 - Evolution to Secure DevOps.pptx
Module 1 - Evolution to Secure DevOps.pptxModule 1 - Evolution to Secure DevOps.pptx
Module 1 - Evolution to Secure DevOps.pptx
 
SMi Group's 4th annual Oil & Gas Cyber Security conference
SMi Group's 4th annual Oil & Gas Cyber Security conferenceSMi Group's 4th annual Oil & Gas Cyber Security conference
SMi Group's 4th annual Oil & Gas Cyber Security conference
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
White hat march15 v2.2
White hat march15 v2.2White hat march15 v2.2
White hat march15 v2.2
 

Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure

  • 1. Copyright 2015 © Information Security Forum Limited 1ISF’s 26th Annual World Congress - Atlanta IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURE Speakers: Puneet Kukreja Partner, Cyber Advisory, Deloitte Chair: Nick Frost ISF
  • 2. Demystifying Threat Intelligence -keeping it real ISF World Congress – 2015 Atlanta U.S.A.
  • 3. Our Discussion 3 Threat landscape Defining threat intelligence Threat intelligence lifecycle Challenges of threat intelligence What we need What can I takeaway
  • 4. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat Landscape The cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud. Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth
  • 5. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape Distributed Denial of Service (DDoS) Application Layer Attacks Brute Force Attacks Network Protocol Attacks Known Vulnerability Exploitation Zero Day Exploitation Phishing Rogue Update Attacks Watering Hole Attacks Types of Cyber Attacks
  • 6. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape
  • 7. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence “There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON Defining threat intelligence? Source: Gartner Definition – Threat Intelligence Gartner STRATEGIC TACTICAL TECHNICAL OPERATIONAL TYPES OF THREAT INTELLIGENCE SOURCE: Centre for the Protection of National Infrastructure – UK Government
  • 8. Defining threat intelligence? SOURCE: Centre for the Protection of National Infrastructure – UK Government
  • 9. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it all about the Kill Chain? Threat intelligence lifecycle RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATIONINSTALLATION COMMAND & CONTROL ACTIONS ON OBJECTIVES THE KILL CHAIN 1 2 3 45 6 7
  • 10. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it just not another control process? Threat intelligence lifecycle PLANNING DIRECTION COLLECTION PROCESSINGANALYSIS PRODUCTION DISSEMINATION 1 2 3 45 6 7
  • 11. Standards supporting threat intelligence The Trusted Automated eXchange of Indicator Information (TAXII™) Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) Cyber Observable eXpression (CybOX™)
  • 12. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Architecture
  • 13. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/ STIX Architecture
  • 14. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Use Case (sharing threat information) Source: http://stixproject.github.io/getting-started/whitepaper/
  • 15. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Challenges of threat intelligence Why do I ask that question? Attack Graphs Stakeholders Scenario Planning Integrated Architecture Business Case Threat Modelling Contextual Requirements Threat Actors Actionable Governance Threat Feeds
  • 16. What we need Attributes to measure threat intelligence Accurate Relevant Aligned to Requirements Tailored Integrated Timely Predictive Actionable
  • 17. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence What can I take away Improves visibility & reporting Integration is required across design, engineering and operations Begins with critical systems and asset inventory Do not overlook security operations process maturity Is only as good as your asset and threat profile classification Vendors are only as good as “your” use cases It’s no Silver Bullet
  • 18. Thank you Puneet Kukreja | Partner | Cyber Advisory Deloitte Australia
  • 19. Copyright 2015 © Information Security Forum Limited 19ISF’s 26th Annual World Congress - Atlanta QUESTIONS?
  • 20. Copyright 2015 © Information Security Forum Limited 20ISF’s 26th Annual World Congress - Atlanta Please feel free to contact us for further discussion: Puneet Kukreja – Partner, Cyber Advisory, Deloitte pkukreja@deloitte.coma.au Nick Frost - ISF nick.frost@securityforum.org