SlideShare a Scribd company logo

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)

Download as PPTX, PDF
Priyanka Aash
Priyanka Aash

Implications to the Cyber World Cyber Attacks Dos & DDOS Logical Attacks on ATM's Subtypes of Cyber Threat Intelligence

Technology
1 of 35
Reinhold Wochner, MSc., MBA Raiffeisen Bank International Cyber Threat Intelligence
Who are we? 2 No Kangaroo Austria
3 History (last 30 years)
Risk Map 2016 4https://riskmap.controlrisks.com
Implications Maydan Nov. 2013 Crimea Feb. 2014 Donbass March 2014
Implications to the Cyber World
Cyber Implications Maydan Nov. 2013 Crimea Feb. 2014 Donbass March 2014 Ivano- Frankivsk Dec 2015
23 December 2015
Cyberattacks Attacks against the Ukrainian ICS (industrial control system) networks
Attack in Ukraine started to spread to other sectors
Hijacking of CCTV Take over of electronic billboards
Dos & DDOS Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks Multiple Distributed Denial of Service attacks by Ukrainian hackers, are directed at Central Bank of Russia DDoS attacks against governmental infrastructure
Logical attacks on ATMs in this area  Logical attacks on ATMs are on the rise in Russia and Ukraine 14 http://krebsonsecurity.com/wp-content/uploads/2014/10/ncrmalware.png/
Cyber arms race has started A lot of Cybersecurity knowledge is created in this region 15 http://www.tripwire.com/state-of-security/government/32-people-charged-for-one-of-the-largest-computer-hacking-and-securities-fraud-schemes-in-history/ Security Start up companies International providers of CTI services create branches in this region to make use of the talents with professional skills New attack methods + New Threat actors -
16 How can Cyber Threat Intelligence help your company?
17 • Implementation new controls (people, process, technology) • Bolster protection, detection, and response capabilities 20152014 2016 April 1, 2014 Intel-134332 November 11, 2014 Intel- 1344337 November 25, 2014 Intel- 1495303 April 22, 2015 Intel- 1549023 January 4, 2016 Intel- 1712383 May 30, 2016 Intel- 127504 June 15, 2016 Intel- 1877630 Junly 30, 2015 Intel- 1575086 …Mexican actors modify POS terminals, installed in La Paz stores…(April 1, 2014 Intel-134332) …French actors arrested for possession of skimming equipment… (November 11, 2011 13443377) …Actors selling skimming software targeting POS malware… (November 25, 2014 Intel-1495303) …POS malware with RAM scraping functionality advertised in underground markets… (May 30, 2016 Intel- 127504) • Communicate “over the horizon” threats with business BoD&business executives • Continued monitoring of new cyber crime threat tactics • Access existing controls v.new POS related Tactics, Techniques & procedures (TTPs) • Build plan, develop budget • Make budget request to match new threat reality • Attack hits the Bank, • Security starts mitigating Early warning Preparation Inflection Point CTI provider warnings Bank actions …Actor advertising POS terminal manipulation software… (April 22, 2015 Intel-1549023) …Observed increases in POS malware use in Australia… (Junly 30, 2015 Intel-1575086) …CTI provider suggests actors turning to POS malware over skimmers because it can increase profitability and security… (January 4, 2016 Intel-171238) Time to react improves with CTI *) Real examples but date/threat actor names/locations have been changed Cyber Threat Intelligence in action - example POS
18 20152014 2016 April 1, 2014 Intel-134332 November 11, 2014 Intel- 1344337 November 25, 2014 Intel- 1495303 April 22, 2015 Intel- 1549023 January 4, 2016 Intel- 1712383 May 30, 2016 Intel- 127504 June 15, 2016 Intel- 1877630 Junly 30, 2015 Intel- 1575086 • Attack hits the Bank, • Security starts mitigating Early warning Preparation Inflection Point CTI provider warnings Bank actions *) Real examples but date/threat actor names/locations have been changed Cyber Threat Intelligence in action - example POS Time to react improves with CTI
Black Energy attack – time line Still Investigating / Low chance of finding 2007 for BE-1 2012 for BE-2 2014 for BE-3 April 2015 October 24-25: Media December 2015: Energy https://socprime.com/en/blog/dismantling-blackenergy-part-3-all-aboard/
General CTI goals – Improve detection gap! Have we been breached?
General CTI goals – Improve response gap! How bad is it? How bad is it?
General CTI goals – Improve prevention gap! Can we avoid this from happening again?
Subtypes of Cyber Threat Intelligence Strategic High level reports on changing risk Understand tendencies and new threats  Management  Decision makers (CEO, COO, CRO, CSO, CISO, CIO, CFO, etc.) Deliverables Why we need it Targeted at
Subtypes of Cyber Threat Intelligence Strategic  Quality of strategic CTI reports: look at example reports and check if they add value  to update your security strategy  Optimize your security budget planning and priorization  Can the CTI provider customize the report to you business needs?  Are there strategic CTI reports on special security topics (e.g. ATM or POS?)  What preparation time does the analyst need?  What is the quality of the analyst access? Can he speak financial language?
Subtypes of Cyber Threat Intelligence Tactical Attacker methodologies, tools, tactics, techniques and procedures (TTPs) Malware analysis Incident reports React to the exact threat  COO,CSO, CISO  Architects  Sysadmins Deliverables Why we need it Targeted at
Tactical  What are the criteria's to determine the cyber threat level? Can the provider map his criticality classes to your classification?  During the POC: Could the historical data warned for breaches of customer data or internal documents?  How is the information processed and analyzed? Is it really intelligence that you get? Detection data Public Source data Commercial data Operational Environment Data Information Intelligence Sources validated for credibility of relevance Alternatives considered ActionDissemination Stakeholder value Collaboration Leadership focused Usable/Actionable Credible Clear Concise Complete Relevant Timely Accurate Gaps understood Collection Quallity assurance Accurate target Group
Tactical  Check the quality of tactical reports!
Subtypes of Cyber Threat Intelligence Operational Deliverables Why we need it Targeted at Actionable information on specific incoming attack from news sources, social media, chat rooms, business contacts, official sources, data breach notifications Adapt risk analysis React to the exat threat  Security officers  Security Architects
Operational  Can you easily change the CTI provider?  Does the CTI provider support secure M2M communication for sensitive information exchange (both directions)?  Can you integrate the information exchange in your Security Management System? CTI Provider A CTI Provider B CTI Provider C
Subtypes of Cyber Threat Intelligence Technical Attacker methodologies, tools, tactics, techniques and procedures (TTPs) Malware analysis Incident reports React to the exact threat  CISO  Architects  Sysadmins Deliverables Why we need it Targeted at
Technical  What is the quality of the information provided  Data feeds (e.g. IOCs): are important fields in standard formats missing or the information is in the wrong field?  Information is outdated or already publicly known  Is your SIEM system capable to consume the CTI data coming from the CTI Provider?  Is there a possibility for information enrichment?  Is there a content based image recognition to protect the companies brands?
32 Project Outcome: Creation of a CTI Competence Center CTI Competence Center in our Ukraine bank for RBI Group Improve maturity level in CTI in the group Maintain awareness of RBI NWUs about new and sophisticated targeted attacks and threats Support RBI NWUs in integrating CTI feeds to security systems (IOC Hub) Central overview of Cyber Threat Intelligence in the RBI Group Develop and establish CTI service governance process
If you are a global organization use local advantages
CTI seen from the C-SUITE 1. Protect the company brands 2. Prioritize real threats relevant to the enterprise 3. Influence right budgeting and staffing 4. Prevent and predict evolving cyber threats 5. Effective cyber risk communictions with top executives and board members by Security 6. Better focus for the CISO (more time to tackle the problems from a strategic and not from a reactive perspective) Security Maturity Model Ad Hoc Opportunistic Repeatable Managed Optimized Predictions & Prioritizations enabled by CTI
Reinhold Wochner, MSc., MBA CRISC, CRMA, CISM, CGEIT, CISSP, CISA speaker.wochner@web.de Thank you 

Recommended

2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 

Recommended

2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber SecurityDeep Shankar Yadav
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 

More Related Content

What's hot

Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016Sarah Bark
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceSyed Peer
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlienVault
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 

What's hot (20)

Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
 
SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016SOC 3.0: strategic threat intelligence May 2016
SOC 3.0: strategic threat intelligence May 2016
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Alien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligenceAlien vault sans cyber threat intelligence
Alien vault sans cyber threat intelligence
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
 

Viewers also liked

Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Priyanka Aash
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforcePriyanka Aash
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactPriyanka Aash
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsPriyanka Aash
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasRecorded Future
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Сравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиСравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиPositive Hack Days
 

Viewers also liked (20)

Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 
Keynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security TaskforceKeynote Session : Internet Of Things (IOT) Security Taskforce
Keynote Session : Internet Of Things (IOT) Security Taskforce
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
 
Keynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security ImpactKeynote Session : Emerging Healthcare Tech & Future Security Impact
Keynote Session : Emerging Healthcare Tech & Future Security Impact
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Workshop on Endpoint Memory Forensics
Workshop on Endpoint Memory ForensicsWorkshop on Endpoint Memory Forensics
Workshop on Endpoint Memory Forensics
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These Ideas
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Сравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной КореиСравнение хакеров Ирана, Китая и Северной Кореи
Сравнение хакеров Ирана, Китая и Северной Кореи
 

Similar to Security Strategy and Tactic with Cyber Threat Intelligence (CTI)

Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityNetworkCollaborators
 
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...maximumnetworks
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
How to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdfHow to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdfonline Marketing
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxAmrit Chhetri
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfinfosec train
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich TopCyberNewsMAGAZINE
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of EngagementJohn Palfreyman
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxmanas23pgdm157
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisIRJET Journal
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 

Similar to Security Strategy and Tactic with Cyber Threat Intelligence (CTI) (20)

Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
 
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
Threat Intelligence Making your Bespoke Security Operations Centre Work for Y...
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
How to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdfHow to avoid cyber security attacks in 2024 - CyberHive.pdf
How to avoid cyber security attacks in 2024 - CyberHive.pdf
 
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptxRole Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
Role Of Forensic Triage In Cyber Security Trends 2022-UPDATED.pptx
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdf
 
Hacking for ICE (Internal Controls Evaluation)
Hacking for ICE (Internal Controls Evaluation)Hacking for ICE (Internal Controls Evaluation)
Hacking for ICE (Internal Controls Evaluation)
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of Engagement
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)

  • 1. Reinhold Wochner, MSc., MBA Raiffeisen Bank International Cyber Threat Intelligence
  • 9. Cyberattacks Attacks against the Ukrainian ICS (industrial control system) networks
  • 10.
  • 11. Attack in Ukraine started to spread to other sectors
  • 12. Hijacking of CCTV Take over of electronic billboards
  • 13. Dos & DDOS Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks Multiple Distributed Denial of Service attacks by Ukrainian hackers, are directed at Central Bank of Russia DDoS attacks against governmental infrastructure
  • 14. Logical attacks on ATMs in this area  Logical attacks on ATMs are on the rise in Russia and Ukraine 14 http://krebsonsecurity.com/wp-content/uploads/2014/10/ncrmalware.png/
  • 15. Cyber arms race has started A lot of Cybersecurity knowledge is created in this region 15 http://www.tripwire.com/state-of-security/government/32-people-charged-for-one-of-the-largest-computer-hacking-and-securities-fraud-schemes-in-history/ Security Start up companies International providers of CTI services create branches in this region to make use of the talents with professional skills New attack methods + New Threat actors -
  • 16. 16 How can Cyber Threat Intelligence help your company?
  • 17. 17 • Implementation new controls (people, process, technology) • Bolster protection, detection, and response capabilities 20152014 2016 April 1, 2014 Intel-134332 November 11, 2014 Intel- 1344337 November 25, 2014 Intel- 1495303 April 22, 2015 Intel- 1549023 January 4, 2016 Intel- 1712383 May 30, 2016 Intel- 127504 June 15, 2016 Intel- 1877630 Junly 30, 2015 Intel- 1575086 …Mexican actors modify POS terminals, installed in La Paz stores…(April 1, 2014 Intel-134332) …French actors arrested for possession of skimming equipment… (November 11, 2011 13443377) …Actors selling skimming software targeting POS malware… (November 25, 2014 Intel-1495303) …POS malware with RAM scraping functionality advertised in underground markets… (May 30, 2016 Intel- 127504) • Communicate “over the horizon” threats with business BoD&business executives • Continued monitoring of new cyber crime threat tactics • Access existing controls v.new POS related Tactics, Techniques & procedures (TTPs) • Build plan, develop budget • Make budget request to match new threat reality • Attack hits the Bank, • Security starts mitigating Early warning Preparation Inflection Point CTI provider warnings Bank actions …Actor advertising POS terminal manipulation software… (April 22, 2015 Intel-1549023) …Observed increases in POS malware use in Australia… (Junly 30, 2015 Intel-1575086) …CTI provider suggests actors turning to POS malware over skimmers because it can increase profitability and security… (January 4, 2016 Intel-171238) Time to react improves with CTI *) Real examples but date/threat actor names/locations have been changed Cyber Threat Intelligence in action - example POS
  • 18. 18 20152014 2016 April 1, 2014 Intel-134332 November 11, 2014 Intel- 1344337 November 25, 2014 Intel- 1495303 April 22, 2015 Intel- 1549023 January 4, 2016 Intel- 1712383 May 30, 2016 Intel- 127504 June 15, 2016 Intel- 1877630 Junly 30, 2015 Intel- 1575086 • Attack hits the Bank, • Security starts mitigating Early warning Preparation Inflection Point CTI provider warnings Bank actions *) Real examples but date/threat actor names/locations have been changed Cyber Threat Intelligence in action - example POS Time to react improves with CTI
  • 19. Black Energy attack – time line Still Investigating / Low chance of finding 2007 for BE-1 2012 for BE-2 2014 for BE-3 April 2015 October 24-25: Media December 2015: Energy https://socprime.com/en/blog/dismantling-blackenergy-part-3-all-aboard/
  • 20. General CTI goals – Improve detection gap! Have we been breached?
  • 21. General CTI goals – Improve response gap! How bad is it? How bad is it?
  • 22. General CTI goals – Improve prevention gap! Can we avoid this from happening again?
  • 23. Subtypes of Cyber Threat Intelligence Strategic High level reports on changing risk Understand tendencies and new threats  Management  Decision makers (CEO, COO, CRO, CSO, CISO, CIO, CFO, etc.) Deliverables Why we need it Targeted at
  • 24. Subtypes of Cyber Threat Intelligence Strategic  Quality of strategic CTI reports: look at example reports and check if they add value  to update your security strategy  Optimize your security budget planning and priorization  Can the CTI provider customize the report to you business needs?  Are there strategic CTI reports on special security topics (e.g. ATM or POS?)  What preparation time does the analyst need?  What is the quality of the analyst access? Can he speak financial language?
  • 25. Subtypes of Cyber Threat Intelligence Tactical Attacker methodologies, tools, tactics, techniques and procedures (TTPs) Malware analysis Incident reports React to the exact threat  COO,CSO, CISO  Architects  Sysadmins Deliverables Why we need it Targeted at
  • 26. Tactical  What are the criteria's to determine the cyber threat level? Can the provider map his criticality classes to your classification?  During the POC: Could the historical data warned for breaches of customer data or internal documents?  How is the information processed and analyzed? Is it really intelligence that you get? Detection data Public Source data Commercial data Operational Environment Data Information Intelligence Sources validated for credibility of relevance Alternatives considered ActionDissemination Stakeholder value Collaboration Leadership focused Usable/Actionable Credible Clear Concise Complete Relevant Timely Accurate Gaps understood Collection Quallity assurance Accurate target Group
  • 27. Tactical  Check the quality of tactical reports!
  • 28. Subtypes of Cyber Threat Intelligence Operational Deliverables Why we need it Targeted at Actionable information on specific incoming attack from news sources, social media, chat rooms, business contacts, official sources, data breach notifications Adapt risk analysis React to the exat threat  Security officers  Security Architects
  • 29. Operational  Can you easily change the CTI provider?  Does the CTI provider support secure M2M communication for sensitive information exchange (both directions)?  Can you integrate the information exchange in your Security Management System? CTI Provider A CTI Provider B CTI Provider C
  • 30. Subtypes of Cyber Threat Intelligence Technical Attacker methodologies, tools, tactics, techniques and procedures (TTPs) Malware analysis Incident reports React to the exact threat  CISO  Architects  Sysadmins Deliverables Why we need it Targeted at
  • 31. Technical  What is the quality of the information provided  Data feeds (e.g. IOCs): are important fields in standard formats missing or the information is in the wrong field?  Information is outdated or already publicly known  Is your SIEM system capable to consume the CTI data coming from the CTI Provider?  Is there a possibility for information enrichment?  Is there a content based image recognition to protect the companies brands?
  • 32. 32 Project Outcome: Creation of a CTI Competence Center CTI Competence Center in our Ukraine bank for RBI Group Improve maturity level in CTI in the group Maintain awareness of RBI NWUs about new and sophisticated targeted attacks and threats Support RBI NWUs in integrating CTI feeds to security systems (IOC Hub) Central overview of Cyber Threat Intelligence in the RBI Group Develop and establish CTI service governance process
  • 33. If you are a global organization use local advantages
  • 34. CTI seen from the C-SUITE 1. Protect the company brands 2. Prioritize real threats relevant to the enterprise 3. Influence right budgeting and staffing 4. Prevent and predict evolving cyber threats 5. Effective cyber risk communictions with top executives and board members by Security 6. Better focus for the CISO (more time to tackle the problems from a strategic and not from a reactive perspective) Security Maturity Model Ad Hoc Opportunistic Repeatable Managed Optimized Predictions & Prioritizations enabled by CTI
  • 35. Reinhold Wochner, MSc., MBA CRISC, CRMA, CISM, CGEIT, CISSP, CISA speaker.wochner@web.de Thank you 

Editor's Notes

  1. First malware-related power outage ever to be documented. BlackEnergy had infected the networks of Prykarpattyaoblenergo and two other power companies More then 200.000 people losing power in 23 December 2015 by BlackEnergy attack in the regional capital Ivano-Frankivsk.
  2. Reports indicate the Ukraine attack was a well coordinated attack. Tactics like flooding the customer service lines to prevent indication that power was lost have been used. It also included a range of tactics to distract operators.
  3. BlackEnergy started to spread to other sectors with the potential to discrupt major business processes (e.g. discovered at the Borispol airport and in telecom networks) https://www.recordedfuture.com/blackenergy-malware-analysis/ http://www.tripwire.com/state-of-security/latest-security-news/blackenergy-involved-in-targeted-attack-against-boryspil-airport-says-ukraine
  4. Other Cyberattacks Other attacks include hacking of electronic billboards or hijacking of CCTV cameras Major Cyber Attacks March 17, 2014 VTB and Alpha banks on-line banking services suffer major cyber attacks caused by a caucasus hacker group. Those two banks are two of the largest Russian banks. Carbanak One billion USD have been stolen by cybercriminals from Russia, Ukraine and other parts of Europe, as well as from China Other Cyber Attacks Since April 2015 Ratopak Trojan against Russian/Ukrainian financial instituations (80 % targets in Russia, 10 % Ukrainian Banks)
  5. Attacks against mobile phones Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks. Attacks against governmental infrastructure DoS and DDoS attacks against governmental infrastructure Attacks against military institutions in NATO countries Targeted spear phising attacks. According to Microsoft the attacker group sent out bogus “Privacy alert” emails, telling recipients that an attempt had been made to access their accounts from Ukraine, and they should change their password. http://www.tripwire.com/state-of-security/security-data-protection/crimean-cyber-troubles-ramping/ http://www.tripwire.com/state-of-security/security-data-protection/strontium-microsoft-warns-of-hacking-gang-targeting-government-and-nato-workers/ http://www.bbc.com/news/world-europe-30453069