cyber threat intelligence
TRANSCRIPT
CYBER THREAT INTELLIGENCE
PRESENTED BY- PRACHI MISHRA
Contents
1. Malware Trends…………………………………………………………………………1 2. Top Schemes for Malware………………………………………………………….23. Threat Alerts on the Rise……………………………………………………………34. Threat Intelligence……………………………………………………………………..45. Global CTI…………………………………………………………………………………..56. Features……………………………………………………………………………………..97. Requirements……………………………………………………………………………108. The 3 Principles…………………………………………………………………………129. Collaborative TI………………………………………………………………………….1410. Standards And Tools……………………………………………………………………2111. Conclusion …………………………………………………………………………………2412. References…………………………………………………………………………………25
Malware Trends
Trojan 16%
Web Threat3%
Worm4%
Crimeware Kit23%
Rogueware51%
Spam3%
Crimeware Kit Rogueware Spam Trojan Web Threat Worm 1
Top Schemes For Malware
2
Threat Alerts on the Rise…An introduction
•The Information Security landscape is constantly evolving.
•It is no longer viable to rely on defense.
•Intelligence and the insight that it brings is at the heart of next generation Information Security.
•Determined adversary will get through eventually.
3
Threat Intelligence …Filtering the market noise
Evidence based knowledge, including context, mechanisms, indicators, implications & actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
3
Global Cyber Threat Intelligence…Much ado about something
An example Data feeds with bad IP addresses that are dumped into our environment.
More raw information is not what teams or security technologies need.
5
An Example of Bad IP Addresses
6
An Example of Threat Intelligence
7
Information Intelligence Raw, unfiltered feed Processed, sorted info
Unevaluated when delivered Evaluated and interpreted by trained analysts
Aggregated from virtually every source
Reliably aggregated and correlated for accuracy
May be true, false, misleading, incomplete,
relevant or irrelevant
Accurate, timely, complete (as possible), assessed for
relevancy
Not actionable Actionable
8
Features…In a nutshell
•Additive – made to be collected
•Secretive – built around the organization's security needs
•Transitive – built on transitive trust relationships
•Elusive – can quickly expire, degrade or dry up
9
• Threat Actors Tracking nation-state activities, organized cyber criminals and hacktivists.
• Vulnerabilities and ExploitationUncovering zero-days on a daily and weekly basis, monitoring CVEs and tracking exploitations.
Requirements…Developing Intelligence capabilities
10
• Mechanisms and Indicators Analyzing malware family derivatives, tracking DDoS technology and its evolution.
• Actionable AdviceProviding clients with ongoing, daily stream reporting to filter the noise.To drive decision advantage over the adversaries.
11
The Three Principles…Managing CTI proactively
Principle 1-Creating an intelligence-led mindset
Principle 2- Implementing an intelligence operating model
Principle 3-Building an intelligence-led decision-making process
12
13
Collaborative TI…The power of the crowd
•Cyber criminals are re-using the same tactics to attack multiple targets. •Collaborative threat intelligence makes us more secure. Identifies, flags and blocks
known attackersUpdates policies/alerts to
detect threats 14
Traditional Response
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
15
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
Attack
Traditional Response
16
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
Attack
Traditional Response
Detect16
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
Traditional Response
RespondDetect
16
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
RespondDetect
Attack
Traditional Response
16
Threat Exchange Framework…Enabling preventive response
• To prevent cyber criminals from re-using the same methods of attacks
•Through an automated, real-time, threat exchange framework these attacks can be reduced
17
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
Detect
Attack
Open Threat Exchange
Puts preventative response measures through shared experience
18
First Street Credit Union Alpha Insurance Group John Elway
Auto NationRegional Pacific
Telecom Marginal Food Products
Detect
Attack
Open Threat Exchange
Protects others in the network with the preventative response measures
18
Benefits Of Collaborative TI
• Shifts the advantage from the attacker to the defender
• Open and free to everyone• Each member benefits from the incidents of all
other members
19
Disadvantages of Collaborative TI…They can’t make a mistake
• Understaffed and underfunded•Prevention controls fail to block every malicious activity•Hundreds of vulnerabilities to patch•Increasing complexity of the IT infrastructure:a) Moving to the cloudb) Virtualization c) Bring Your Own Device (BYOD)
20
Standards And Tools
• To collect, analyze and share Threat Intelligence• The basic being:
1. IODEF: Incident Object Description Exchange Format
2. CIF: Collective Intelligence Framework
21
22
CIF
• Cyber Intelligence management system• Open source community model• Gathers threat intelligence from various
sources• Gains access to public and private feeds• Used for identification, response and
mitigation• IP addresses, URLs etc commonly collected
23
24
REFERENCES1. https://code.google.com/p/collective-intelligence-f
ramework/wiki/WhatisCIF Seen 9/12/2014
2. http://www.cisco.com/c/en/us/products/security/annual_security_report Seen 9/19/2014
3. http://www.alienvault.com/open-threat-exchange/blog Seen 9/22/2014
4. http://www.kpmg.com/cyber-security/pages/cyber-intelligence-security.aspx Seen 9/23/2014
5. http://www.isightpartners.com/white-papers/cyber-threat-intelligence-need/ Seen 9/23/2014
6. http://www.sans.org/tools-standards-cyber-threat-intelligence/ Seen 9/24/2014
25
THANK YOU!
QUESTIONS?
26