SlideShare a Scribd company logo

Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021

Andreas Sfakianakis
Andreas Sfakianakis

During the past years, cyber threat intelligence (CTI) discipline has been adopted by organisations worldwide. While CTI’s best practices are still developing, finding the right technology to support your CTI analysts’ workflows and daily activities is hard. And advertising from vendors makes it even harder. This session will cut through the propaganda: providing a vendor-agnostic look at the process of selecting the right tools by providing a primer on the CTI cycle. Second, hear an overview of the current threat intelligence platform (TIP) landscape and explore the limitations that have been spotted by researchers and practitioners. Finally, learn tangible recommendations related to TIPs for different user groups.

Technology
1 of 33
Download to read offline
Still thinking about your Ex(cel)? Here are some TIPs Andreas Sfakianakis SANS CTI Summit 2021 The past, present, and future of Threat Intelligence Platforms (TIPs)
§ CTI Lead EMEA @ S&P Global § CTI @ Financial and Oil & Gas sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Website: www.threatintel.eu
§ Original authors are referenced within the slide deck § Resources for this presentation: https://bit.ly/ctisummit2021 § This is a vendor agnostic presentation § Views are my own
The brief history of TIPs Current state of TIPs Looking ahead
(Past)
Reference: Gartner IOCs -> TIP -> security stack Threat team knows! Enrich and analyze all the things!? Share! Share! Share! Intelligence lifecycle support
2012 MISP 2012 CIF 2014 CRITs 2015 Threat Note 2016 MineMeld 2017 Yeti 2018 OpenCTI 2012 MISP 2012 AlienVault OTX 2015 Micro Focus Threat Central 2015 IBM X-Force Exchange 2015 Facebook Threat Exchange 2013 ThreatConnect 2013 Anomali 2014 EclecticIQ 2015 ThreatQuotient 2016 TruSTAR 2016 Cyware 2018 Analyst1 Open Source Commercial Community Exchange Platforms
Reference: Lockheed Martin Reference: SANS
Reference: https://twitter.com/_daviant/status/1253039113151938562
Reference: https://twitter.com/_daviant/status/1253039113151938562
§ Emerging technology with loose definition § Different shades of TIPs § Variety of management tools to support CTI Reference: Rick Holland
§ SANS CTI Surveys § Rick Holland - Threat Intelligence Awakens, Threat Intelligence Is Like Three Day Potty Training § S. Brown, J. Gommers and O. Serrano - From Cyber Security Information Sharing to Threat Management § Scott J Roberts - Community Intelligence & Open Source Tools: Building an Actionable Pipeline § FireEye - Excelerating Analysis Resources for this presentation: https://bit.ly/ctisummit2021
(Present)
”Your intelligence program’s maturity is based on your ability to do each part of the intelligence cycle” Reference: Intel471
Annex B: Detailed TIP functional requirements Excel sheet for TIP functional requirements can be found in GitHub link below Resources for this presentation: https://bit.ly/ctisummit2021
PIRs, stakeholders, RFIs Easy-peasy collection! IOC management Analysis capabilities Threat knowledge management Workflows and threat playbooks Dissemination of IOCs Reporting and feedback
§ Focus on collection, IOC management, normalisation, and IOC dissemination § Transitioning from IOC management to threat knowledge management § Limited support for intelligence lifecycle end to end CURRENT STATUS MAKING PROGRESS BUT STILL A LONG WAY TO GO
§ ENISA - Exploring the opportunities and limitations of current Threat Intelligence Platforms § Andy Piazza - An Analyst’s Need for a Threat Intelligence Platform § SEI Carnegie Mellon University - Cyber Intelligence Tradecraft Report § C. Sauerwein, C. Sillaber, A. Mussmann and R. Breu - Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives § threatintel.eu - Exceling at Threat Intelligence Platform (TIP) requirements Resources for this presentation: https://bit.ly/ctisummit2021
(Future)
Leadership communication and budget justification Vendor selection and PoC Evaluation criteria Stakeholder engagement Requirements and use cases Reference: Jason Wonn / Andy Piazza
Requirements Style Guide SOPs and Playbooks Feedback
Current state of the TIP landscape Educate your customers/end users Strive for feedback Communicate your roadmap CTI analyst focused
Let’s consult the Seeing Stone
§ Best practices for selecting and using TIPs § Recommendations for TIP vendors and developers § The future of TIPs Reference: Andy Piazza
§ BSidesNOVA - Jason Wonn - TIP of the Spear: A Threat Intelligence Platform Acquisition § Andy Piazza - An Analyst’s Need for a Threat Intelligence Platform § FIRST CTI 2019 – Pasquale Stirparo – Your requirements are not my requirements § Frost & Sullivan - Assessment of the Global Threat Intelligence Platforms Market, Forecast to 2022 § ENISA - Exploring the opportunities and limitations of current Threat Intelligence Platforms Resources for this presentation: https://bit.ly/ctisummit2021
§ Support CTI with a variety of integrated tools § Follow best practices for selecting and using your TIP § It takes two to tango… and further mature
Razvan Gavrila Chris Beard Sarah Brown Alexandre Dulaunoy Jane Ginn Pasquale Stirparo Omid Raghimi Jason Wonn Andy Piazza Derek Buchanan Samantha Loh Megan Kaczanowski Pierre Lamy D3 Intelligence - Brian Mohr QuoLab Technologies - Fabien Dombard TruSTAR - Shimon Modi Analyst1 – P. Terry, C. Hoffman, J. Nixon Anomali – Frank Lange ThreatConnect – Andrew Pendergast EclecticIQ - Aukjan van Belkum, Mark Huijnen IntSights - Yuval Inchi LookingGlass - Allan Thomson CTI PROS TIP VENDORS MARKET RESEARCH Forrester - Brian Kime
Thank you! Andreas Sfakianakis @asfakian Resources for this presentation: https://bit.ly/ctisummit2021

Recommended

Post naval thesis in cyber security
Post naval thesis in cyber securityPost naval thesis in cyber security
Post naval thesis in cyber securityMichaelRodriguesdosS1
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
Cyber Threat Intelligence - La rilevanza del dato per il business
Cyber Threat Intelligence - La rilevanza del dato per il businessCyber Threat Intelligence - La rilevanza del dato per il business
Cyber Threat Intelligence - La rilevanza del dato per il businessFrancesco Faenzi
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 

Recommended

Post naval thesis in cyber security
Post naval thesis in cyber securityPost naval thesis in cyber security
Post naval thesis in cyber securityMichaelRodriguesdosS1
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
Cyber Threat Intelligence - La rilevanza del dato per il business
Cyber Threat Intelligence - La rilevanza del dato per il businessCyber Threat Intelligence - La rilevanza del dato per il business
Cyber Threat Intelligence - La rilevanza del dato per il businessFrancesco Faenzi
 
The Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceThe Sweet Spot of Cyber Intelligence
The Sweet Spot of Cyber IntelligenceTieu Luu
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Roy Ramkrishna
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber SecurityDeep Shankar Yadav
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloNorth Texas Chapter of the ISSA
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
TiC
TiCTiC
TiCCory Kennedy
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Andreas Sfakianakis
 

More Related Content

What's hot

Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Roy Ramkrishna
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloNorth Texas Chapter of the ISSA
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011Mousselmal Tarik
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 

What's hot (20)

Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
 
The Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering SystemThe Making of a simple Cyber Threat Intelligence Gathering System
The Making of a simple Cyber Threat Intelligence Gathering System
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
TiC
TiCTiC
TiC
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
 

Similar to Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021

Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Andreas Sfakianakis
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuNixu Corporation
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020Jonathan Cran
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
 
Sans cti summit the joy of threat landscaping - bruggink - final
Sans cti summit the joy of threat landscaping - bruggink - finalSans cti summit the joy of threat landscaping - bruggink - final
Sans cti summit the joy of threat landscaping - bruggink - finalGert-Jan Bruggink
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsVon Welch
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Decisions
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityNizar Ben Neji
 
QuoScient - NOAH19 Berlin
QuoScient - NOAH19 BerlinQuoScient - NOAH19 Berlin
QuoScient - NOAH19 BerlinNOAH Advisors
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to SecurityTripwire
 

Similar to Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021 (20)

Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
Sans cti summit the joy of threat landscaping - bruggink - final
Sans cti summit the joy of threat landscaping - bruggink - finalSans cti summit the joy of threat landscaping - bruggink - final
Sans cti summit the joy of threat landscaping - bruggink - final
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next Steps
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Digital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the UniversityDigital Security Capacity Building: Role of the University
Digital Security Capacity Building: Role of the University
 
QuoScient - NOAH19 Berlin
QuoScient - NOAH19 BerlinQuoScient - NOAH19 Berlin
QuoScient - NOAH19 Berlin
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to Security
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021

  • 1. Still thinking about your Ex(cel)? Here are some TIPs Andreas Sfakianakis SANS CTI Summit 2021 The past, present, and future of Threat Intelligence Platforms (TIPs)
  • 2. § CTI Lead EMEA @ S&P Global § CTI @ Financial and Oil & Gas sectors § ENISA, FIRST.org, SANS, European Commission § Twitter: @asfakian Website: www.threatintel.eu
  • 3. § Original authors are referenced within the slide deck § Resources for this presentation: https://bit.ly/ctisummit2021 § This is a vendor agnostic presentation § Views are my own
  • 4.
  • 5. The brief history of TIPs Current state of TIPs Looking ahead
  • 7. Reference: Gartner IOCs -> TIP -> security stack Threat team knows! Enrich and analyze all the things!? Share! Share! Share! Intelligence lifecycle support
  • 8. 2012 MISP 2012 CIF 2014 CRITs 2015 Threat Note 2016 MineMeld 2017 Yeti 2018 OpenCTI 2012 MISP 2012 AlienVault OTX 2015 Micro Focus Threat Central 2015 IBM X-Force Exchange 2015 Facebook Threat Exchange 2013 ThreatConnect 2013 Anomali 2014 EclecticIQ 2015 ThreatQuotient 2016 TruSTAR 2016 Cyware 2018 Analyst1 Open Source Commercial Community Exchange Platforms
  • 9. Reference: Lockheed Martin Reference: SANS
  • 12. § Emerging technology with loose definition § Different shades of TIPs § Variety of management tools to support CTI Reference: Rick Holland
  • 13. § SANS CTI Surveys § Rick Holland - Threat Intelligence Awakens, Threat Intelligence Is Like Three Day Potty Training § S. Brown, J. Gommers and O. Serrano - From Cyber Security Information Sharing to Threat Management § Scott J Roberts - Community Intelligence & Open Source Tools: Building an Actionable Pipeline § FireEye - Excelerating Analysis Resources for this presentation: https://bit.ly/ctisummit2021
  • 15.
  • 16. ”Your intelligence program’s maturity is based on your ability to do each part of the intelligence cycle” Reference: Intel471
  • 17. Annex B: Detailed TIP functional requirements Excel sheet for TIP functional requirements can be found in GitHub link below Resources for this presentation: https://bit.ly/ctisummit2021
  • 18.
  • 20. § Focus on collection, IOC management, normalisation, and IOC dissemination § Transitioning from IOC management to threat knowledge management § Limited support for intelligence lifecycle end to end CURRENT STATUS MAKING PROGRESS BUT STILL A LONG WAY TO GO
  • 21. § ENISA - Exploring the opportunities and limitations of current Threat Intelligence Platforms § Andy Piazza - An Analyst’s Need for a Threat Intelligence Platform § SEI Carnegie Mellon University - Cyber Intelligence Tradecraft Report § C. Sauerwein, C. Sillaber, A. Mussmann and R. Breu - Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives § threatintel.eu - Exceling at Threat Intelligence Platform (TIP) requirements Resources for this presentation: https://bit.ly/ctisummit2021
  • 23. Leadership communication and budget justification Vendor selection and PoC Evaluation criteria Stakeholder engagement Requirements and use cases Reference: Jason Wonn / Andy Piazza
  • 24. Requirements Style Guide SOPs and Playbooks Feedback
  • 25. Current state of the TIP landscape Educate your customers/end users Strive for feedback Communicate your roadmap CTI analyst focused
  • 26. Let’s consult the Seeing Stone
  • 27. § Best practices for selecting and using TIPs § Recommendations for TIP vendors and developers § The future of TIPs Reference: Andy Piazza
  • 28. § BSidesNOVA - Jason Wonn - TIP of the Spear: A Threat Intelligence Platform Acquisition § Andy Piazza - An Analyst’s Need for a Threat Intelligence Platform § FIRST CTI 2019 – Pasquale Stirparo – Your requirements are not my requirements § Frost & Sullivan - Assessment of the Global Threat Intelligence Platforms Market, Forecast to 2022 § ENISA - Exploring the opportunities and limitations of current Threat Intelligence Platforms Resources for this presentation: https://bit.ly/ctisummit2021
  • 29.
  • 30. § Support CTI with a variety of integrated tools § Follow best practices for selecting and using your TIP § It takes two to tango… and further mature
  • 31.
  • 32. Razvan Gavrila Chris Beard Sarah Brown Alexandre Dulaunoy Jane Ginn Pasquale Stirparo Omid Raghimi Jason Wonn Andy Piazza Derek Buchanan Samantha Loh Megan Kaczanowski Pierre Lamy D3 Intelligence - Brian Mohr QuoLab Technologies - Fabien Dombard TruSTAR - Shimon Modi Analyst1 – P. Terry, C. Hoffman, J. Nixon Anomali – Frank Lange ThreatConnect – Andrew Pendergast EclecticIQ - Aukjan van Belkum, Mark Huijnen IntSights - Yuval Inchi LookingGlass - Allan Thomson CTI PROS TIP VENDORS MARKET RESEARCH Forrester - Brian Kime
  • 33. Thank you! Andreas Sfakianakis @asfakian Resources for this presentation: https://bit.ly/ctisummit2021