SlideShare una empresa de Scribd logo

The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention in the Post-Target Breach Era

J
JoAnna Cheshire

Presented at InnoTech Oklahoma 2016. All rights reserved.

Tecnología
1 de 16
Descargar para leer sin conexión
* The Role of Threat Intelligence and Layered Security
 for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS
! Review of the current Network Security landscape ! Quick overview of Layered Security ! What, exactly, is Threat Intelligence? ! Threat Intelligence and Layered Security, together ! Publicly shared sources of Threat Intelligence ! Conclusion and Q & A Agenda
Current Network Security
 Not Your Father’s Threats Yesterday’s Threat Landscape… !  Perimeter was defined, and endpoints were easily managed !  Data and assets were static !  Malware/Trojans had limited points of entry
Current Network Security
 Today’s Threat Landscape !  Perimeter? What perimeter? And with BYOD, it’s more like herding cats. !  Data and Assets are mobile, dynamic, and accessed by almost anyone !  Juxtaposition between privacy (SSL) and visibility (decryption, anyone?) !  Malware can manifest itself anywhere
Layered Security: Fact and Fiction ! The Big Boys like to bash each other ! Are there any silver bullets? ! Let’s have an honest conversation: Everyone has their strengths ! We prefer a different approach. More like …
Layered Security: A Quick Inventory From perimeter to endpoint, paralleling the “Cyber Kill Chain”: !  External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability Scanning, and Penetration Testing !  Dedicated IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet techniques !  Anti-virus, Personal Firewalls, Host-based IPS, patching, software updates !  And one SIEM to log them all So, where does Threat Intelligence fit in? All of the above! “Prepare to be breached.” Shift from preventative to detective? Sort of. Layered Security: “Defense in Depth” Recommended by the NSA ;-)
What is Threat Intelligence? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -  John Burnham, IBM Ummmm … What? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -  John Burnham, IBM Ummmm … What? “Threat Intelligence is network data that, when put to good use, can protect you.” - Me
No, really. What is Threat Intelligence? This might get a little technical. WARNING
No, really. What is Threat Intelligence? Malware Exchanges & Sources Malware Exchange (major NetSec vendors) VirusTotal.com VirusShare.com IDS/IPS Event Feedback Loop Universities ISPs and Carriers IDS/IPS Customer base Sandnets IDS/IPS Rulesets Other Proprietary Information DNS/Domain Lists and Analytics IP Reputation Lists and Analytics T h i s i s T h r e a t I n t e l l i g e n c e . Data Engine (Pcap analysis and data correlation) Pcaps
OK. What does Threat Intelligence look like? Lists of IPs and/or URLs Could be as simple as a text file of IP addresses or domains associated with bad actors and command & control servers STIX and TAXII Comes from DHS, and designed and maintained by MITRE. Provides a common markup language and method of exchange for threat intelligence data. Many companies provide their threat intelligence in STIX. Proprietary Data Takes many forms, from simple automated feeds to complex databases and APIs. Companies trying to differentiate themselves by providing unique insights, like geolocation, business sector, threat classification, etc.
Firewall333 IDS/IPS Corporate LAN Explicit rules DPI/Pattern matching AV software, Host-based IPS 0% 10% to 40% 10% to 40% Threat Intelligence and Layered Security Security: Blocked Malware: ~85% BLOCKED MALWARE “Actionable” Threat Intelligence !  SIEM consolidates data from multiple devices !  Might include Intelligence from external sources !  Used for analysis and incident response SIEM “Active” Threat Intelligence !  IP and/or Domain reputation lists !  Pushed out to security devices regularly !  Collaboration of InfoSec community Internet Firewall IDS/IPS Corporate LAN
Publicly Shared Threat Intelligence The What. Many Network Security vendors make their living selling threat intelligence. Luckily, many of these vendors also offer at least some of their intelligence up to the community at large, for free, no strings attached. You can benefit from this. The Why. Why give it away? Online businesses often use the ‘Freemium’ business model to introduce their product to consumers. But more importantly, many Network Security vendors feel a sense of duty born out of the Internet’s implicit sense of community. In other words, it’s the right thing to do. And now, the Who and the How.
Publicly Shared Threat Intelligence The Who. A sampling of NetSec organizations that provide free Threat Intelligence. senderbase.org http://shadowserver.org http://rules.emergingthreats.net Open Threat Exchange CI Army list at http://cinsscore.com Center for Internet Security http://dshield.org (SANS Internet Storm Center)
Publicly Shared Threat Intelligence The How. Here’s how we do it. CINS System Active Sentinels The Internet and NetSec Community CINS Lists (“Active” Threat Intelligence) csf firewalls, curl, python urllib, etc.
And in conclusion… Layered security doesn’t only make sense as a network security strategy; its diversity also produces better threat intelligence. And, active threat intelligence can dramatically improve a network’s protection from malware and other attacks. Conclusion? Layered Security and Active Threat Intelligence: Two great tastes that taste great together.
Ted Gruenloh Director of Operations (972) 991-5005 tedg@econet.com http://www.networkcloaking.com/free Questions? Ted Gruenloh @tedgruenloh & @sentinelips

Recomendados

NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
Securelogy
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 

Recomendados

NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
Securelogy
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Introduction to the concept of it security
Introduction to the concept of it securityIntroduction to the concept of it security
Introduction to the concept of it security
RAVIKUMAR Digital Signal Processing
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and Steganography
Preeti Yadav
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
Inderjeet Singh
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
Ppt
PptPpt
Ppt
Shiva Krishna Chandra Shekar
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
OWASP Delhi
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
Roy Ramkrishna
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
Mousselmal Tarik
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
Tahseen Shabab
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
Osama Ellahi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Syed Peer
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Trish McGinity, CCSK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Teoría de las inteligencias multiples
Teoría de las inteligencias multiplesTeoría de las inteligencias multiples
Teoría de las inteligencias multiples
rkemer_8
 
Company Overview HC Deck v2
Company Overview HC Deck v2Company Overview HC Deck v2
Company Overview HC Deck v2
Jennifer Jones
 

Más contenido relacionado

La actualidad más candente

Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
 

La actualidad más candente (20)

Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Introduction to the concept of it security
Introduction to the concept of it securityIntroduction to the concept of it security
Introduction to the concept of it security
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and Steganography
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ppt
PptPpt
Ppt
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Davitt Potter - CSA Arrow
Davitt Potter - CSA ArrowDavitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 

Destacado

Teoría de las inteligencias multiples
Teoría de las inteligencias multiplesTeoría de las inteligencias multiples
Teoría de las inteligencias multiples
rkemer_8
 
Company Overview HC Deck v2
Company Overview HC Deck v2Company Overview HC Deck v2
Company Overview HC Deck v2
Jennifer Jones
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
rkemer_8
 
Основи баз даних
Основи баз данихОснови баз даних
Основи баз даних
Olga Tiron
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
rkemer_8
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
rkemer_8
 
Bibliografia
Bibliografia Bibliografia
Bibliografia
rkemer_8
 
El sueño
El sueño El sueño
El sueño
rkemer_8
 
Hemisferio cerebral
Hemisferio cerebralHemisferio cerebral
Hemisferio cerebral
rkemer_8
 
Sustainability of MSME Fund of Central Bank of Nigeria
Sustainability of MSME Fund of Central Bank of NigeriaSustainability of MSME Fund of Central Bank of Nigeria
Sustainability of MSME Fund of Central Bank of Nigeria
Kamakhya Nr. Singh
 

Destacado (16)

Teoría de las inteligencias multiples
Teoría de las inteligencias multiplesTeoría de las inteligencias multiples
Teoría de las inteligencias multiples
 
Company Overview HC Deck v2
Company Overview HC Deck v2Company Overview HC Deck v2
Company Overview HC Deck v2
 
Pitch Presentation
Pitch Presentation Pitch Presentation
Pitch Presentation
 
tempat tidur quantum
tempat tidur quantumtempat tidur quantum
tempat tidur quantum
 
WE16 - Increasing Equity in Faculty Searches
WE16 - Increasing Equity in Faculty SearchesWE16 - Increasing Equity in Faculty Searches
WE16 - Increasing Equity in Faculty Searches
 
tempat tidur simple
tempat tidur simpletempat tidur simple
tempat tidur simple
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
 
Engaging the Participant - Telehospitalist program (innotech)
Engaging the Participant - Telehospitalist program (innotech)Engaging the Participant - Telehospitalist program (innotech)
Engaging the Participant - Telehospitalist program (innotech)
 
Noticias inmobiliarias de hoy - 10 de noviembre
Noticias inmobiliarias de hoy - 10 de noviembreNoticias inmobiliarias de hoy - 10 de noviembre
Noticias inmobiliarias de hoy - 10 de noviembre
 
Основи баз даних
Основи баз данихОснови баз даних
Основи баз даних
 
Realidad universitarya
Realidad universitaryaRealidad universitarya
Realidad universitarya
 
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
MONOGRAFIA PARA LA OBSTETRICIA (grupo de 5)
 
Bibliografia
Bibliografia Bibliografia
Bibliografia
 
El sueño
El sueño El sueño
El sueño
 
Hemisferio cerebral
Hemisferio cerebralHemisferio cerebral
Hemisferio cerebral
 
Sustainability of MSME Fund of Central Bank of Nigeria
Sustainability of MSME Fund of Central Bank of NigeriaSustainability of MSME Fund of Central Bank of Nigeria
Sustainability of MSME Fund of Central Bank of Nigeria
 

Similar a The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention in the Post-Target Breach Era

Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
Alison Hall
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
AngelGomezRomero
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Andris Soroka
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source tools
terriert
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 

Similar a The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention in the Post-Target Breach Era (20)

Main Menu
Main MenuMain Menu
Main Menu
 
eForensics_17_2013_KMOKER
eForensics_17_2013_KMOKEReForensics_17_2013_KMOKER
eForensics_17_2013_KMOKER
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdf
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_April
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Sophos
SophosSophos
Sophos
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source tools
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 

Más de JoAnna Cheshire

Más de JoAnna Cheshire (20)

The Future of Work
The Future of WorkThe Future of Work
The Future of Work
 
Catching the Next Train
Catching the Next TrainCatching the Next Train
Catching the Next Train
 
The SharePoint Migration Playbook
The SharePoint Migration PlaybookThe SharePoint Migration Playbook
The SharePoint Migration Playbook
 
Introduction to SharePoint Framework
Introduction to SharePoint FrameworkIntroduction to SharePoint Framework
Introduction to SharePoint Framework
 
PowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's GuidePowerShell + SharePoint Online - An Admin's Guide
PowerShell + SharePoint Online - An Admin's Guide
 
Artificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs PerspectiveArtificial Intelligence & Machine Learning - A CIOs Perspective
Artificial Intelligence & Machine Learning - A CIOs Perspective
 
Modernizing Data Management
Modernizing Data Management Modernizing Data Management
Modernizing Data Management
 
Microsoft and Enterprise Search
Microsoft and Enterprise Search Microsoft and Enterprise Search
Microsoft and Enterprise Search
 
Introduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groupsIntroduction to Microsoft Teams and Office 365 groups
Introduction to Microsoft Teams and Office 365 groups
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Accelerate your business with flow
Accelerate your business with flowAccelerate your business with flow
Accelerate your business with flow
 
Building applications for your business using power apps and flow
Building applications for your business using power apps and flowBuilding applications for your business using power apps and flow
Building applications for your business using power apps and flow
 
The Decomposition Dilemma
The Decomposition DilemmaThe Decomposition Dilemma
The Decomposition Dilemma
 
Not "If" but "When"
Not "If" but "When"Not "If" but "When"
Not "If" but "When"
 
Defending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about itDefending against Ransomware and what you can do about it
Defending against Ransomware and what you can do about it
 
The New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business AdvantageThe New Convergence of Data; the Next Strategic Business Advantage
The New Convergence of Data; the Next Strategic Business Advantage
 
Healthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStoreHealthcare - An Identity Thief's SuperStore
Healthcare - An Identity Thief's SuperStore
 
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
Microservices Architectural Maturity Matrix, Token Based Authority, API Gatew...
 
Define Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's BrandDefine Yourself! Crafting a Wonder Woman's Brand
Define Yourself! Crafting a Wonder Woman's Brand
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention in the Post-Target Breach Era

  • 1. * The Role of Threat Intelligence and Layered Security
 for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS
  • 2. ! Review of the current Network Security landscape ! Quick overview of Layered Security ! What, exactly, is Threat Intelligence? ! Threat Intelligence and Layered Security, together ! Publicly shared sources of Threat Intelligence ! Conclusion and Q & A Agenda
  • 3. Current Network Security
 Not Your Father’s Threats Yesterday’s Threat Landscape… !  Perimeter was defined, and endpoints were easily managed !  Data and assets were static !  Malware/Trojans had limited points of entry
  • 4. Current Network Security
 Today’s Threat Landscape !  Perimeter? What perimeter? And with BYOD, it’s more like herding cats. !  Data and Assets are mobile, dynamic, and accessed by almost anyone !  Juxtaposition between privacy (SSL) and visibility (decryption, anyone?) !  Malware can manifest itself anywhere
  • 5. Layered Security: Fact and Fiction ! The Big Boys like to bash each other ! Are there any silver bullets? ! Let’s have an honest conversation: Everyone has their strengths ! We prefer a different approach. More like …
  • 6. Layered Security: A Quick Inventory From perimeter to endpoint, paralleling the “Cyber Kill Chain”: !  External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability Scanning, and Penetration Testing !  Dedicated IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet techniques !  Anti-virus, Personal Firewalls, Host-based IPS, patching, software updates !  And one SIEM to log them all So, where does Threat Intelligence fit in? All of the above! “Prepare to be breached.” Shift from preventative to detective? Sort of. Layered Security: “Defense in Depth” Recommended by the NSA ;-)
  • 7. What is Threat Intelligence? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -  John Burnham, IBM Ummmm … What? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” -  John Burnham, IBM Ummmm … What? “Threat Intelligence is network data that, when put to good use, can protect you.” - Me
  • 8. No, really. What is Threat Intelligence? This might get a little technical. WARNING
  • 9. No, really. What is Threat Intelligence? Malware Exchanges & Sources Malware Exchange (major NetSec vendors) VirusTotal.com VirusShare.com IDS/IPS Event Feedback Loop Universities ISPs and Carriers IDS/IPS Customer base Sandnets IDS/IPS Rulesets Other Proprietary Information DNS/Domain Lists and Analytics IP Reputation Lists and Analytics T h i s i s T h r e a t I n t e l l i g e n c e . Data Engine (Pcap analysis and data correlation) Pcaps
  • 10. OK. What does Threat Intelligence look like? Lists of IPs and/or URLs Could be as simple as a text file of IP addresses or domains associated with bad actors and command & control servers STIX and TAXII Comes from DHS, and designed and maintained by MITRE. Provides a common markup language and method of exchange for threat intelligence data. Many companies provide their threat intelligence in STIX. Proprietary Data Takes many forms, from simple automated feeds to complex databases and APIs. Companies trying to differentiate themselves by providing unique insights, like geolocation, business sector, threat classification, etc.
  • 11. Firewall333 IDS/IPS Corporate LAN Explicit rules DPI/Pattern matching AV software, Host-based IPS 0% 10% to 40% 10% to 40% Threat Intelligence and Layered Security Security: Blocked Malware: ~85% BLOCKED MALWARE “Actionable” Threat Intelligence !  SIEM consolidates data from multiple devices !  Might include Intelligence from external sources !  Used for analysis and incident response SIEM “Active” Threat Intelligence !  IP and/or Domain reputation lists !  Pushed out to security devices regularly !  Collaboration of InfoSec community Internet Firewall IDS/IPS Corporate LAN
  • 12. Publicly Shared Threat Intelligence The What. Many Network Security vendors make their living selling threat intelligence. Luckily, many of these vendors also offer at least some of their intelligence up to the community at large, for free, no strings attached. You can benefit from this. The Why. Why give it away? Online businesses often use the ‘Freemium’ business model to introduce their product to consumers. But more importantly, many Network Security vendors feel a sense of duty born out of the Internet’s implicit sense of community. In other words, it’s the right thing to do. And now, the Who and the How.
  • 13. Publicly Shared Threat Intelligence The Who. A sampling of NetSec organizations that provide free Threat Intelligence. senderbase.org http://shadowserver.org http://rules.emergingthreats.net Open Threat Exchange CI Army list at http://cinsscore.com Center for Internet Security http://dshield.org (SANS Internet Storm Center)
  • 14. Publicly Shared Threat Intelligence The How. Here’s how we do it. CINS System Active Sentinels The Internet and NetSec Community CINS Lists (“Active” Threat Intelligence) csf firewalls, curl, python urllib, etc.
  • 15. And in conclusion… Layered security doesn’t only make sense as a network security strategy; its diversity also produces better threat intelligence. And, active threat intelligence can dramatically improve a network’s protection from malware and other attacks. Conclusion? Layered Security and Active Threat Intelligence: Two great tastes that taste great together.
  • 16. Ted Gruenloh Director of Operations (972) 991-5005 tedg@econet.com http://www.networkcloaking.com/free Questions? Ted Gruenloh @tedgruenloh & @sentinelips