Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

How do you predict the threat landscape?

448 Aufrufe

Veröffentlicht am

In this webinar, Janne Pirttilahti, Director, New Services from F-Secure Cyber Security Services, will explain essential predictive measures, how to acquire evidence-based knowledge about existing or emerging adversaries and threats, and how to turn that insight into actions to better protect your organization.

Article URL: https://business.f-secure.com/webinar-how-to-predict-threat-landscape

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

How do you predict the threat landscape?

  1. 1. HOWDOYOUPREDICT THETHREAT LANDSCAPE? Janne Pirttilahti Director, New Services, F-Secure Cyber Security Services
  2. 2. 2  Holistic cyber security  Definitions  Why predictive capabilities matter  Predictive approach to cyber threats  Threat intelligence  Recommendations AGENDA
  3. 3. CYBERSECURITYISAPROCESS 3 Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage, analyze and learn Minimize attack surface, prevent incidents Recognize incidents and threats, isolate and contain them
  4. 4. CYBERSECURITYISAPROCESS 4 Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage, analyze and learn Minimize attack surface, prevent incidents Recognize incidents and threats, isolate and contain them
  5. 5. PREDICT Pri-`dikt To declare or indicate in advance; especially : foretell on the basis of observation, experience, or scientific reason Source: Merriam Webster 5
  6. 6. 6  Top three behaviors that impact us?  What do future attacks look like?  Where to invest next?  How to train our people?  How to prepare oneself and for what? PREDICTIVECAPABILITIESARENEEDED TOANSWERMANYQUESTIONS
  7. 7. PRIORITIZE. BEPREPARED. 7
  8. 8. MARSH&MCLENNANCYBERHANDBOOK: MOSTORGANIZATIONS NOT ADEQUATELY PREPARED FOR CYBERATTACK 8
  9. 9. 9
  10. 10. 10
  11. 11. 11
  12. 12. 12 Source: www.databreaches.net
  13. 13. 13 October
  14. 14. 14 October November
  15. 15. PREDICTIVEAPPROACH TOCYBERTHREATS 15 2) ACTIONABLE THREAT INTELLIGENCE PROACTIVELY ANTICIPATE NEW ATTACKS 1) ASSET & VULNERABILITY MANAGEMENT UNDERSTAND THE CURRENT STATE OF YOUR SYSTEMS
  16. 16. THEFOUNDATIONOFACTIONABLE INTELLIGENCEISTOKNOWYOUROWN SYSTEMS 16
  17. 17. THREAT INTELLIGENCE: FOREWARNED IS FOREARMED 17
  18. 18. 18 “Threat intelligence is evidence-based knowledge (e.g. context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets. CISOs should plan for current threats, as well as those that could emerge in the long term (e.g. in three years).” Gartner, February 2016
  19. 19. 19 CDN STIXTAXII OSINT HUMINT TLP IOC CTI IOA DGA MD5 MRTI ISAC ISAO CTIIC NCCIC TTP TAP SHA1 OTX SIEM CISA IODEF OPENIOC CYBOX YARA Technical Intel Adversary Intel Vulnerability Intel Breach Monitoring TIP Strategic Intel Data Enrichment
  20. 20. 20 STRATEGIC / EXECUTIVE LEVEL THEDIFFERENT LEVELSOF THREATINTELLIGENCE – Strategic, high level information of changing risk – Geopolitics, Foreign Markets, Cultural Background – Vision timeframe: years
  21. 21. 21 OPERATIONAL / TACTICAL STRATEGIC / EXECUTIVE LEVEL THEDIFFERENT LEVELSOF THREATINTELLIGENCE – Strategic, high level information of changing risk – Geopolitics, Foreign Markets, Cultural Background – Vision timeframe: years – Details of specific incoming risk: who, what, when? – Attacker’s methods, tools and tactics, their modus operandi – Early warnings of incoming attacks – Vision timeframe: months, weeks, hours
  22. 22. 22 OPERATIONAL / TACTICAL STRATEGIC / EXECUTIVE LEVEL TECHNICAL THEDIFFERENT LEVELSOF THREATINTELLIGENCE – Strategic, high level information of changing risk – Geopolitics, Foreign Markets, Cultural Background – Vision timeframe: years – Details of specific incoming risk: who, what, when? – Attacker’s methods, tools and tactics, their modus operandi – Early warnings of incoming attacks – Vision timeframe: months, weeks, hours – Specific IOCs (for SIEM, FW, etc. integration) – More data, less intel – Automated processing is paramount – Vision timeframe: hours, minutes (but also long lasting)
  23. 23. MANYORGANIZATIONS START WITHFREESOLUTIONS. 23
  24. 24. 24
  25. 25. 25
  26. 26. NOTHING BEATS ANEXPERT. 26
  27. 27. PROCURINGSTRATEGICALLY RELEVANTINTELLIGENCE IS EXTRAVAGANT. 27
  28. 28. STRATEGICALLYRELEVANTDATAIS UNIQUETOEACHCOMPANY 28 All threat data: Vulnerability feeds Exploit kit feeds Malicious software feeds Indicators of compromise feeds Bad IP address feeds Botnet activities feeds DNS changes feeds Reputation feeds (URL & content) Known threat actor behavior data All ”breadcrumb” data from company personnel … Global landscape Business area landscape Possibly relevant data Strategically important data
  29. 29. EVENACTIONABLE INTELLIGENCE IS ONLYWORTH ITWITH PROCESSES INPLACE TO EFFECTIVELY ACTONIT. 29
  30. 30. CYBERSECURITYISAPROCESS 30 Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage, analyze and learn Minimize attack surface, prevent incidents Recognize incidents and threats, isolate and contain them
  31. 31.  Understanding your own environment is the foundation 31 CLOSINGWORDS
  32. 32.  Understanding your own environment is the foundation  There are both commercial and free options available 32 CLOSINGWORDS
  33. 33.  Understanding your own environment is the foundation  There are both commercial and free options available  Start from figuring out what benefits you the most 33 CLOSINGWORDS
  34. 34.  Understanding your own environment is the foundation  There are both commercial and free options available  Start from figuring out what benefits you the most  Threat Intelligence can strengthen your security posture 34 CLOSINGWORDS
  35. 35. QUESTIONS &ANSWERS 35
  36. 36. f-secure.com

×