SlideShare ist ein Scribd-Unternehmen logo

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Andreas Sfakianakis
Andreas Sfakianakis

This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)

Internet
1 von 40
Downloaden Sie, um offline zu lesen
www.ecs.co.uk Threat Intelligence: State-of-the-art and trends Secure South West 5 Andreas Sfakianakis ECS 02/04/2015
ECS - Threat Management Strategy Build a picture of your adversaries. Understand their strategies, objectives, methodologies and attributes. Gain a clear understanding of your own network and systems alongside any weaknesses. Understand your countermeasures and contextual information. Bolster your countermeasures to deny attack channels. Establish and execute business as usual threat intelligence, vulnerability management, monitoring and response procedures. Review and report outcomes, deliverables, value and lessons learnt.
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
The Global Risk Landscape
What about …. Cyber? Number of breaches per threat actor category over time
What about …. Cyber?
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Threat Intelligence • "We don't know what it is, but we need it.” • Intelligence is the application of knowledge to information • Inform business decisions regarding the risks and implications associated with threats. • Data is not information, information is not knowledge, knowledge is not intelligence, intelligence is not wisdom. • Buzzword of 2014!
Information versus Intelligence
Characteristics of Intelligence
Why we need Threat Intelligence? • Dynamic threat landscape • Situational awareness (different sectors have different threats) • Defend better by knowing adversary • From reactive to proactive • Driving better investment strategies • After all it’s all about … context, context and context!
Types of Threat Intelligence Strategic Tactical Created by Humans Machines or humans + machines Consumed by Humans Machines and humans Delivery time frame Days – months Seconds to hours Useful lifespan Long Short (usually) Durability Durable Fragile (*) Ambiguity Possible; hypothesis and leads OK Undesirable; systems don’t tolerate it Focus Planning, decisions Detection, triage, response
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
How do we build it? • Fundamental cycle of intelligence processing • Civilian or military intelligence agency / law enforcement • Closed path consisting of repeating nodes.
Pyramid of Pain David Bianco
Embedding Threat Intelligence into the DNA of an organisation
Interrupting the kill chain “Kill Chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks.
Threat Intelligence Sources • Internal • Open source • Commercial • Community/Information sharing
Internally-sourced Threat Intelligence • Detailed analysis of locally caught malware • Detailed analysis of disk images, memory images • Threat actor profiles based on local data • Artifacts shared by other organizations • Fusing local data with shared data • Behavioural analysis
Open Source Threat Intelligence
Open Source Tactical Feeds
Remember! Sean Mason
Threat Intel Providers
What Threat Intel Providers deliver?
Information Sharing
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
What is a Threat Intel Platform?
But…
Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
CRITs (Collaborative Research into Threats)
Soltra Edge
The need for security automation
STIX standard What Activity are we seeing? What Threats should I be looking for and why? Where has this threat been Seen? What does it Do? What weaknesses does this threat Exploit? Why does it do this? Who is responsible for this threat? What can I do? Consider These Questions…..
Structured Threat Information Expression
STIX/TAXII Adoption
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Take aways • Current state of TI is still initial BUT has a great potential • Context is critical (makes everyone’s job easier) • Intelligence-led defense has significant operating costs • Do not blindly invest in intelligence (first think of requirements, DIY vs buy) • Look for upcoming automation/tool developments • Do not forget people and processes!!!!
Thank you for your attention! J Questions? @asfakian

Empfohlen

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 

Empfohlen

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.pptAmitPandey388410
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfssuser4db968
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxssuser4db968
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021Gregory McCardle
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Andreas Sfakianakis
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Andreas Sfakianakis
 

Weitere ähnliche Inhalte

Ähnlich wie Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfssuser4db968
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxssuser4db968
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Gregory McCardle
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxTamaOlan1
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)Jeff Green
 

Ähnlich wie Threat Intelligence: State-of-the-art and Trends - Secure South West 2015 (20)

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdf
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptx
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
 

Mehr von Andreas Sfakianakis

Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Andreas Sfakianakis
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Andreas Sfakianakis
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Andreas Sfakianakis
 
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019Andreas Sfakianakis
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Andreas Sfakianakis
 
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021Andreas Sfakianakis
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 

Mehr von Andreas Sfakianakis (7)

Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
 
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
 
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 

Kürzlich hochgeladen

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 

Kürzlich hochgeladen (20)

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

  • 1. www.ecs.co.uk Threat Intelligence: State-of-the-art and trends Secure South West 5 Andreas Sfakianakis ECS 02/04/2015
  • 2. ECS - Threat Management Strategy Build a picture of your adversaries. Understand their strategies, objectives, methodologies and attributes. Gain a clear understanding of your own network and systems alongside any weaknesses. Understand your countermeasures and contextual information. Bolster your countermeasures to deny attack channels. Establish and execute business as usual threat intelligence, vulnerability management, monitoring and response procedures. Review and report outcomes, deliverables, value and lessons learnt.
  • 3. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 4. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 5. The Global Risk Landscape
  • 6. What about …. Cyber? Number of breaches per threat actor category over time
  • 8. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 9. Threat Intelligence • "We don't know what it is, but we need it.” • Intelligence is the application of knowledge to information • Inform business decisions regarding the risks and implications associated with threats. • Data is not information, information is not knowledge, knowledge is not intelligence, intelligence is not wisdom. • Buzzword of 2014!
  • 12. Why we need Threat Intelligence? • Dynamic threat landscape • Situational awareness (different sectors have different threats) • Defend better by knowing adversary • From reactive to proactive • Driving better investment strategies • After all it’s all about … context, context and context!
  • 13. Types of Threat Intelligence Strategic Tactical Created by Humans Machines or humans + machines Consumed by Humans Machines and humans Delivery time frame Days – months Seconds to hours Useful lifespan Long Short (usually) Durability Durable Fragile (*) Ambiguity Possible; hypothesis and leads OK Undesirable; systems don’t tolerate it Focus Planning, decisions Detection, triage, response
  • 14. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 15. How do we build it? • Fundamental cycle of intelligence processing • Civilian or military intelligence agency / law enforcement • Closed path consisting of repeating nodes.
  • 17. Embedding Threat Intelligence into the DNA of an organisation
  • 18. Interrupting the kill chain “Kill Chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks.
  • 19. Threat Intelligence Sources • Internal • Open source • Commercial • Community/Information sharing
  • 20. Internally-sourced Threat Intelligence • Detailed analysis of locally caught malware • Detailed analysis of disk images, memory images • Threat actor profiles based on local data • Artifacts shared by other organizations • Fusing local data with shared data • Behavioural analysis
  • 21. Open Source Threat Intelligence
  • 25. What Threat Intel Providers deliver?
  • 27. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 28. What is a Threat Intel Platform?
  • 30. Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
  • 31. Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
  • 34. The need for security automation
  • 35. STIX standard What Activity are we seeing? What Threats should I be looking for and why? Where has this threat been Seen? What does it Do? What weaknesses does this threat Exploit? Why does it do this? Who is responsible for this threat? What can I do? Consider These Questions…..
  • 38. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 39. Take aways • Current state of TI is still initial BUT has a great potential • Context is critical (makes everyone’s job easier) • Intelligence-led defense has significant operating costs • Do not blindly invest in intelligence (first think of requirements, DIY vs buy) • Look for upcoming automation/tool developments • Do not forget people and processes!!!!
  • 40. Thank you for your attention! J Questions? @asfakian