Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with Threat Intelligence

1.553 Aufrufe

Veröffentlicht am

In the wake of massive numbers of security breaches in 2014, enterprises are struggling to improve how they consume threat intelligence to better protect their networks. Over 65% of companies use external threat intelligence as part of their security analytics, but are dissatisfied with the time and resources needed to understand and analyze the data available. With a barrage of information coming in to your organization on vulnerabilities, malware, and potentially malicious sites on the Internet, how can you truly make sense of the data and take action when it’s required?

During this presentation, you will learn how your enterprise can quickly research threats, integrate actionable intelligence and collaborate with peers using global threat intelligence.

Veröffentlicht in: Technologie
  • ⇒ www.HelpWriting.net ⇐ This service will write as best as they can. So you do not need to waste the time on rewritings.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • If you’re looking for a great essay service then you should check out ⇒ www.WritePaper.info ⇐. A friend of mine asked them to write a whole dissertation for him and he said it turned out great! Afterwards I also ordered an essay from them and I was very happy with the work I got too.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • I’ve personally never heard of companies who can produce a paper for you until word got around among my college groupmates. My professor asked me to write a research paper based on a field I have no idea about. My research skills are also very poor. So, I thought I’d give it a try. I chose a writer who matched my writing style and fulfilled every requirement I proposed. I turned my paper in and I actually got a good grade. I highly recommend HelpWriting.net to anyone who is in the same shoes as me.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with Threat Intelligence

  1. 1. © 2015 IBM Corporation IBM Security 1© 2015 IBM Corporation (Security) Ignorance Isn’t Bliss: 5 Ways to Advance Security Decisions with Threat Intelligence Jim Brennan Director of Strategy and Product Management Infrastructure Security & X-Force
  2. 2. © 2015 IBM Corporation IBM Security 2 Agenda  Threat Intelligence Overview  Current Challenges  Solutions  X-Force Exchange  The 5 Things You Can Do  Questions
  3. 3. © 2015 IBM Corporation IBM Security 3 What is threat intelligence? *Gartner, Definition: Threat Intelligence, Rob McMillan, May 2013, refreshed September 3, 2014, G00249251 Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
  4. 4. © 2015 IBM Corporation IBM Security 4 The Threat Intelligence market is growing … 1 Gartner, Competitive Landscape: Threat Intelligence Services, Worldwide, 2015, October 2014 G00261001 Threat Intelligence Services market size1 SANS Cyber Threat Intelligence Summit 2015 Courses Instructors Disciplines 2014 Courses Instructors Disciplines
  5. 5. © 2015 IBM Corporation IBM Security 5 … and maturing from an industry perspective  Importance as part of any organization’s suite of tools  The criteria for evaluation – Where is it sourced from? – How often is it updated? – Is it vetted by humans? – And many others …
  6. 6. © 2015 IBM Corporation IBM Security 6 Threat intelligence does help Attacks: Increased efficiencies achieved More efficiency in security processing to help clients focus on identified malicious events Events: up 12% year on year to 91m Observable occurrences in a system or network Incidents: up 22% year on year Attacks deemed worthy of deeper investigation Monthly 7,647,121 Security events Annual 16,857 Monthly 1,405 Security attacks Annual 109.37 Monthly 9.11 Security incidents Security Intelligence Correlation and analytics tools Security Intelligence Human security analysts Weekly 1,764,121 Weekly 324 Weekly 2.10 Annual 91,765,453 Utilization of threat intelligence can yield a significant reduction in security incidents, as well as speed to respond
  7. 7. © 2015 IBM Corporation IBM Security 7 Security teams are using multiple sources of intelligence to identify cyber threats, but they come with new challenges 65% of enterprise firms use external threat intelligence to enhance their security decision making1 However, security teams lack critical support to make the most of these resources It takes too long to make information actionable Data is gathered from untrusted sources Analysts can’t separate the signal from the noise 1 Source: ESG Global
  8. 8. © 2015 IBM Corporation IBM Security 8 Ever-increasing proliferation of cyber threat intelligence feeds External Malware Hashes / MD5 Brand abuse phishing indicator s Malware campaigns/ indicators Fraud payment logs Top tier phishing indicators Customer asset / credentials Threat landsca pe intel (TTPs) Intel as a service (IaaS) Staff asset / credentia ls Industry threat intel sharing Public sector threat intel ISAC threat intel Law enforcemt threat intel Passiv e DNS intel OSINT sentiment analysis Undergd dark Web intel IP reputatio n intel Human Intel (HUMINT) Technical Intel (TECHINT) Actor intel/ind icators Internal Firewall logs Proxy logs IDS/IPS logs Web logs Application logs Authent- ication logs Malware detection logs Email logs Network Security logs Building access logs Fraud payment logs CSIRT incidents Vulner- ability patch mgmt DNS/ DHCP logs Call/ IVR logs Endpoi nt security logs Employee directory SSO/ LDAP contex t Application inventory Website marketing analytics Advanced analytics and human intelligence must be applied and integrated into the organization to leverage the value of all the data When shopping for intelligence sources, organizations can be overwhelmed by choices as well as the cost and complexity to operationalize and gain a return on investment Operationalizing it can be costly and complex
  9. 9. © 2015 IBM Corporation IBM Security 9 The bad actors are already collaborating
  10. 10. © 2015 IBM Corporation IBM Security 10 Ideal requirements for key capabilities in a solution  Know everything about the particular observable that starts your investigation, i.e. historical information  Know everything your colleagues in the same industry know about that particular observable  Apply everything you and your colleagues know to the controls that exist in your infrastructure in order to better protect your organization
  11. 11. © 2015 IBM Corporation IBM Security 11 The real value of threat intelligence lies in its application to your business – to turn insight into action Without insight, organizations struggle to understand and stay ahead of the threat.  Potential attacks can be overlooked if the attacker’s methods and motives are unknown  Armed with this intelligence, organizations can take action ahead of threat to proactively adapt security strategy, remediate vulnerabilities and monitor for impact  By applying intelligence upfront, an organization can optimize security resources, increase efficiencies, reduce costs and improve risk management
  12. 12. © 2015 IBM Corporation IBM Security 12 Threat Intelligence sharing  It helps provide insight, context, and confidence with respect to the information that is being observed, i.e. an isolated attack or part of a broader industry-wide attack  It benefits both the organization and the broader community  Ranges from technical information on a particular piece of malware to more strategic, unstructured content
  13. 13. © 2015 IBM Corporation IBM Security 13 The current state of threat intelligence sharing  E-mail and informal gatherings  ISACs – Information Sharing and Analysis Center – Financial Services, National Health, Information Technology  Threat Intelligence Platforms – Dynamic market populated by both established players and startups  Machine Readable Threat Intelligence – STIX - Structured Threat Information Expression – TAXII – Trusted Automated Exchange of Indicator Information
  14. 14. © 2015 IBM Corporation IBM Security 14 Backed by the reputation and scale of IBM X-Force Introducing IBM X-Force Exchange Research and collaboration platform and API Security Analysts and Researchers Security Operations Centers (SOCs) Security Products and Technologies OPEN a robust platform with access to a wealth of threat intelligence data SOCIAL a collaborative platform for sharing threat intelligence ACTIONABLE an integrated solution to help quickly stop threats A new platform to consume, share, and act on threat intelligence IBM X-Force Exchange is:
  15. 15. © 2015 IBM Corporation IBM Security 15 OPEN A robust platform with access to a wealth of threat intelligence data • Over 700 terabytes of machine-generated intelligence from crawler robots, honeypots, darknets, and spamtraps • Multiple third party and partner sources of intelligence • Up to thousands of malicious indicators classified every hour Quickly gain access to threat data from curated sources: Leverage the scale of IBM Security and partner ecosystem Human intelligence adds context to machine- generated data: • Insights from security experts, including industry peers, IBM X-Force, and IBM Security professionals • Collaborative interface to organize and annotate findings, bringing priority information to the forefront
  16. 16. © 2015 IBM Corporation IBM Security 16 IBM Security Network Protection XGS IBM Security QRadar Security Intelligence IBM Security Trusteer Apex Malware Protection ACTIONABLE An integrated solution to help quickly stop threats STIX / TAXII (future feature) API • Integration between IBM Security products and X-Force Exchange- sourced actionable intelligence • Designed for third-party integration with planned future support for STIX and TAXII, the established standard for automated threat intelligence sharing • Leverage the API to connect threat intelligence to security products Push intelligence to enforcement points for timely protection 3rd Party Products
  17. 17. © 2015 IBM Corporation IBM Security 17 SOCIAL A collaborative platform for sharing threat intelligence Add context to threats via peer collaboration • Connect with industry peers to validate findings • Share a collection of Indicators of Compromise (IOCs) to aid in forensic investigations Discovers a new malware domain and marks it as malicious in the X-Force Exchange INCIDENT RESPONDER 1 Finds the domain and applies blocking rules to quickly stop malicious traffic. Shares with his CISO using the Exchange SECURITY ANALYST 2 Adds the domain to a public collection named “Malicious Traffic Sources Targeting Financial Industry” to share with industry peersCISO 3 For the first time, clients can interact with IBM X- Force security researchers and experts directly IBM X-FORCE 4
  18. 18. © 2015 IBM Corporation IBM Security 18 Steps you can take today … on tools Understand your threat intelligence – Relevance – Integration – Efficiency in sharing among products and teams Understand machine readable threat intelligence – STIX – stix.mitre.org – TAXII – taxii.mitre.org – APIs 1 2
  19. 19. © 2015 IBM Corporation IBM Security 19 Steps you can take today … on processes At a security team level – Identify information you have – Collaborate effectively within the organization At a company level – Team with CIO/CISO – Understand and address silos and legal issues At an industry level – Participate in industry security consortiums – Contribute to online threat intelligence sharing communities *Source: Rick Holland, Forrester Research 4 3 5
  20. 20. 20 © 2015 IBM Corporation Questions?
  21. 21. © 2015 IBM Corporation IBM Security 21 www.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

×