SlideShare una empresa de Scribd logo

Threat Intelligence in Cyber Risk Programs

Rahul Neel Mani
Rahul Neel Mani

Sangram Gayal, Director, Cybersecurity, PwC

Tecnología
1 de 20
Descargar para leer sin conexión
Threat Intelligence in Cyber Risk Programs www.pwc.com Strictly Private and Confidential March 11, 2016 Sangram Gayal
Agenda 1 Why are we talking about this? 1 2 We already have threat intelligence!!! 6 3 Using Threat Intelligence 13 Page Active Discovery This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC, its members, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. This publication contains certain examples extracted from third party documentation and so being out of context from the original third party documents; readers should bear this in mind when reading the publication. The copyright in such third party material remains owned by the third parties concerned, and PwC expresses its appreciation to these companies for having allowed it to include their information in this publication. For a more comprehensive view on each company’s communication, please read the entire document from which the extracts have been taken. Please note that the inclusion of a company in this publication does not imply any endorsement of that company by PwC nor any verification of the accuracy of the information contained in any of the examples. © 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability company in India), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
PwC March 11, 2016 Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 1
PwC March 11, 2016 Today, every organization endeavouring to improve its cyber posture is following the trend of adapting to various security solutions…. Unfortunately many still face security incidents Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 2 Our study shows that Indian organizations detected more incidents over the previous year, shooting up from an average of 2,895 incidents to 6,284 incidents a year. 117% Source: PwC India GSISS 2015 Estimated average financial loss as a result of security incident per survey respondent: India (USD)
PwC March 11, 2016 Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 3 We believe it is possible not only adapt to these increasing incidents but grow stronger because of them. A new type of organization - ‘The antifragile’
PwC March 11, 2016 Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 4 “Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors” – Antifragile, Nassim Nicholas Taleb Nature is full of anti-fragile systems. The human muscles are a good example of anti- fragile system. The more they are subjected to bouts of stress, the stronger they grow.
PwC March 11, 2016 The mechanism of antifragility is about early discovery, response and improving resistance. Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 5 1 2 3 Early discovery of existence of known and unknown threat vectors in the environment is important to prevent its spread and causing damage. It is important to contain spread, assess damage, analyze characteristics of the threat and finally eardicate the threat. Codify the learnings into mechanisms to detect or prevent recurrence of the threat vector. Share with others and learn from others. Early Discovery Rapid Response Threat Resistance All antifragile systems found in nature work on these principles including human muscles, vaccinations, human society etc.
PwC March 11, 2016 We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 6
PwC March 11, 2016 Threat = Capability to Cause Harm Intelligence = Information, Analysis & Context Threat Intelligence = Information, its Analysis and Context Regarding ‘Things’ that might cause Harm What is threat intelligence? Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 7
PwC March 11, 2016 Types of Threat Intelligence Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 8 High Level Information on changing risks Attacker methodologies, tools and tactics Details of incoming attack Indicators of Specific Malware Low LevelHigh Level ShortTermLongTerm Area of Enterprise Focus
PwC March 11, 2016 Threat Intelligence Explained Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 9 Strategic Threat Intelligence • Target Audience is The Board, Executive Management • Focus on changing risks, high level topics: Geopolitics, Foreign markets, Cultural background • Vision timeframe: years Tactical Threat Intelligence • Target Audience: System Admins, Pen Testers, Hunters • Focus on TTPs (tactics, techniques, procedures, tools etc.), C2 behaviour etc. • Vision timeframe: Weeks to Months Operational Threat Intelligence • Target Audience: strategic security teams • Focus on Threat Actors, Nation-State actors, future attacks etc. Based on infiltrating Threat Actor groups • Vision timeframe: Hours to Months Technical Threat Intelligence • Target Audience: SOC, IR, Firewall Admins • Focus on Indicators of compromise, malware domains, artefacts, signatures etc. • Vision timeframe: Hours to years
PwC March 11, 2016 The Pyramid of Pain Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 10 Hash Values / IP Address Domains System Artifacts TTPs Tools Pyramid of Pain (for the attacker) - David J. Bianco Tough Challenging Annoying Easy Trivial Indicators of Compromise Developed by Client / PwC’s Cyber Threat Intelligence team Indicators of Compromise provided by most OEM’s and Anti- virus providers
PwC March 11, 2016 Where do you get the Threat Intelligence? Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 11 Hash Values / IP Address Domains System Artifacts TTPs Tools A number of Open- source and Commercial Feeds Develop from known malware behaviour. Analyse malware to understand variants, families, CnC domains and threat actors
PwC March 11, 2016 Technical & Tactical TI – Looking at the indicators Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 12 MD5 / Sha-1 Hash Filename of Initial Malware Files Dropped by Malware Registry Keys created by malware Well Written Yara Rule Trivial Difficult IP Address Domain Name Exact URL accessed Algorithm for generating Radom domain Exact Command Channel Structure
PwC March 11, 2016 Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 13
PwC March 11, 2016 1. Collate and Curate Threat Feeds: Use a platform to collate and curate threat feeds, distribute it to various detection systems. Maintain the intelligence system by adding your own threat Intelligence 2. Tactical Intelligence: Generate tactical intelligence for malware variants prevalent in your environment. Use tactical intelligence generated by communities, peers and professional agencies. 3. Sharing: Share your new threat intelligence with local and global communities. Submit malware samples, submit new indicators, and share the CnC information. 1. Run a Threat Intelligence Program Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 14
PwC March 11, 2016 2. Use technical and tactical TI to detect Compromises Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 15 Active Discovery 1. Use enriched and curated Technical TI at Gateways, SIEMs and Domain Controllers to detect compromises 2. Use Tactical TI to analyse host compromises by collecting system and memory artefacts 3. Use Tactical TI by conducting static and dynamic analysis of suspicious file samples 4. Use honeypots to actively detect lateral movement
PwC March 11, 2016 3. Respond to compromises while leveraging Tactical Indicators Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 16 1. Develop Tactical Threat Indicators for detected compromises and unknown malware 2. Use the TI to “hunt” for malware and eradicate it 3. Build Threat Intelligence database of detected malware Cyber Response
PwC March 11, 2016 - brought to you by PwC’s Active Defence Services Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 17 PwC CIRCA Cyber Incident Response and compromise assessment platform 04 PwC Nethunt Network level compromise assessment and hunting platform with flow and packet analysis 02 PwC TIP Threat Intelligence platform for threat feeds aggregation, selection, visualization, and sharing. 01 LAMPS Large –scale Automated Malware Analysis Platform 03 Active Discovery PwC’s Active Defence Services helps organizations detect, analyse and monitor advanced threats supported by team of Malware Analysts, Data Scientists and Incident Responders. PwC ADS Platforms
The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional advisor. © 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability company in India), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. “the ring has awoken, it’s heard its masters call” – Gandalf, Lord of the Rings The sleeping malware in our organizations Sangram Gayal +91 9819197716 sangram.gayal@in.pwc.com

Recomendados

Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 

Recomendados

Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Digital transformation: introduction to cyber risk
Digital transformation: introduction to cyber riskDigital transformation: introduction to cyber risk
Digital transformation: introduction to cyber riskMosoco Ltd
 
Informe scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridadInforme scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridadPablo Heraklio
 

Más contenido relacionado

La actualidad más candente

Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKMITRE ATT&CK
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 

La actualidad más candente (20)

Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 

Destacado

Digital transformation: introduction to cyber risk
Digital transformation: introduction to cyber riskDigital transformation: introduction to cyber risk
Digital transformation: introduction to cyber riskMosoco Ltd
 
Informe scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridadInforme scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridadPablo Heraklio
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Viii congreso isaca 2015 grc
Viii congreso isaca 2015 grcViii congreso isaca 2015 grc
Viii congreso isaca 2015 grcbalejandre
 
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptx
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptxIndustrial cyber security_tgs_barcelona_jun_2015_v1.pptx
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptxItconic
 
Ciber... nacion: afrontando los retos del siglo XXI
Ciber... nacion: afrontando los retos del siglo XXICiber... nacion: afrontando los retos del siglo XXI
Ciber... nacion: afrontando los retos del siglo XXICorporacion Colombia Digital
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...Paco Barranco
 
End-user computing - The Mobile Workforce Report
End-user computing - The Mobile Workforce ReportEnd-user computing - The Mobile Workforce Report
End-user computing - The Mobile Workforce ReportDimension Data Asia Pacific
 
Inglorious Threat Intelligence by Rick Holland
Inglorious Threat Intelligence by Rick HollandInglorious Threat Intelligence by Rick Holland
Inglorious Threat Intelligence by Rick HollandDigital Shadows
 
The future of banking
The future of bankingThe future of banking
The future of bankingBarbara Biro
 
Cyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationCyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationBrad Deflin
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 

Destacado (20)

Digital transformation: introduction to cyber risk
Digital transformation: introduction to cyber riskDigital transformation: introduction to cyber risk
Digital transformation: introduction to cyber risk
 
Informe scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridadInforme scsi 2012 sobre ciberseguridad
Informe scsi 2012 sobre ciberseguridad
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
Software
SoftwareSoftware
Software
 
Viii congreso isaca 2015 grc
Viii congreso isaca 2015 grcViii congreso isaca 2015 grc
Viii congreso isaca 2015 grc
 
Implementing NIST Cybersecurity Framework Using COBIT 5
Implementing NIST Cybersecurity Framework Using COBIT 5Implementing NIST Cybersecurity Framework Using COBIT 5
Implementing NIST Cybersecurity Framework Using COBIT 5
 
Cyberseguridad en entornos empresariales
Cyberseguridad en entornos empresarialesCyberseguridad en entornos empresariales
Cyberseguridad en entornos empresariales
 
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptx
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptxIndustrial cyber security_tgs_barcelona_jun_2015_v1.pptx
Industrial cyber security_tgs_barcelona_jun_2015_v1.pptx
 
Ciber... nacion: afrontando los retos del siglo XXI
Ciber... nacion: afrontando los retos del siglo XXICiber... nacion: afrontando los retos del siglo XXI
Ciber... nacion: afrontando los retos del siglo XXI
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...
¡¡Ya hemos llegado!! @socialbrainsES, @BETA_permanente y @dygytalyaCOM han na...
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
End-user computing - The Mobile Workforce Report
End-user computing - The Mobile Workforce ReportEnd-user computing - The Mobile Workforce Report
End-user computing - The Mobile Workforce Report
 
Inglorious Threat Intelligence by Rick Holland
Inglorious Threat Intelligence by Rick HollandInglorious Threat Intelligence by Rick Holland
Inglorious Threat Intelligence by Rick Holland
 
Cybersecurity for the digital age
Cybersecurity for the digital ageCybersecurity for the digital age
Cybersecurity for the digital age
 
The future of banking
The future of bankingThe future of banking
The future of banking
 
Cyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop PresentationCyber Risk in Real Estate Sales - Workshop Presentation
Cyber Risk in Real Estate Sales - Workshop Presentation
 
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Cyber resilience (building the cyber security governance) isaca id tech ses ...
Cyber resilience (building the cyber security governance) isaca id tech ses ...Cyber resilience (building the cyber security governance) isaca id tech ses ...
Cyber resilience (building the cyber security governance) isaca id tech ses ...
 

Similar a Threat Intelligence in Cyber Risk Programs

Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityOnline Business
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksSangram Gayal
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaPuneet Kukreja
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-SessionRyan Faircloth
 
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfuzair
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxmanas23pgdm157
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report Steve Fantauzzo
 

Similar a Threat Intelligence in Cyber Risk Programs (20)

Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
En msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurityEn msft-scrty-cntnt-e book-cybersecurity
En msft-scrty-cntnt-e book-cybersecurity
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacks
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
ISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_KukrejaISF Congress 2016 - Session 7.2_Kukreja
ISF Congress 2016 - Session 7.2_Kukreja
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdfUnderstanding Cyber Threat Intelligence A Guide for Analysts.pdf
Understanding Cyber Threat Intelligence A Guide for Analysts.pdf
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report
 

Más de Rahul Neel Mani

7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 ReportRahul Neel Mani
 
TweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeTweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeRahul Neel Mani
 
Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Rahul Neel Mani
 
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, MumbaiRahul Neel Mani
 
CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 Rahul Neel Mani
 
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Rahul Neel Mani
 
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Rahul Neel Mani
 
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Rahul Neel Mani
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricRahul Neel Mani
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Rahul Neel Mani
 
CIO Productivity Conclave 2016
CIO Productivity Conclave 2016CIO Productivity Conclave 2016
CIO Productivity Conclave 2016Rahul Neel Mani
 
Take Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarTake Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarRahul Neel Mani
 

Más de Rahul Neel Mani (20)

7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
7th Annual DynamicCISO Summit & Excellence Awards 2020 Report
 
TweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital InitiativeTweetChat - A Grey Head Digital Initiative
TweetChat - A Grey Head Digital Initiative
 
Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017Cybersecurity: Glimpses from the 2017
Cybersecurity: Glimpses from the 2017
 
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
5th Annual DynamicCISO Summit 9-10 March 2018, Mumbai
 
CIO Productivity Conclave 2017
CIO Productivity Conclave 2017 CIO Productivity Conclave 2017
CIO Productivity Conclave 2017
 
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
Being a Digital Industrial By Anthony Thomas, Group Chief Information Officer...
 
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
Key Imperatives for the CIO in Digital Age By Lalatendu Das Digital VP, Assoc...
 
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
Traversing the Digital Vortex, Lux Rao, Director & Leader, Digital Transforma...
 
Sumit dhar
Sumit dharSumit dhar
Sumit dhar
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 
Cyber Crime Management
Cyber Crime ManagementCyber Crime Management
Cyber Crime Management
 
ABC of Infosec
ABC of InfosecABC of Infosec
ABC of Infosec
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Get the Basics Right
Get the Basics RightGet the Basics Right
Get the Basics Right
 
Upgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security FabricUpgrading Your Firewall? Its Time for an Inline Security Fabric
Upgrading Your Firewall? Its Time for an Inline Security Fabric
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
CIO Productivity Conclave 2016
CIO Productivity Conclave 2016CIO Productivity Conclave 2016
CIO Productivity Conclave 2016
 
Take Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva KumarTake Control of Your Imaging and Printing: Siva Kumar
Take Control of Your Imaging and Printing: Siva Kumar
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Threat Intelligence in Cyber Risk Programs

  • 1. Threat Intelligence in Cyber Risk Programs www.pwc.com Strictly Private and Confidential March 11, 2016 Sangram Gayal
  • 2. Agenda 1 Why are we talking about this? 1 2 We already have threat intelligence!!! 6 3 Using Threat Intelligence 13 Page Active Discovery This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC, its members, employees and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. This publication contains certain examples extracted from third party documentation and so being out of context from the original third party documents; readers should bear this in mind when reading the publication. The copyright in such third party material remains owned by the third parties concerned, and PwC expresses its appreciation to these companies for having allowed it to include their information in this publication. For a more comprehensive view on each company’s communication, please read the entire document from which the extracts have been taken. Please note that the inclusion of a company in this publication does not imply any endorsement of that company by PwC nor any verification of the accuracy of the information contained in any of the examples. © 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability company in India), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.
  • 3. PwC March 11, 2016 Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 1
  • 4. PwC March 11, 2016 Today, every organization endeavouring to improve its cyber posture is following the trend of adapting to various security solutions…. Unfortunately many still face security incidents Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 2 Our study shows that Indian organizations detected more incidents over the previous year, shooting up from an average of 2,895 incidents to 6,284 incidents a year. 117% Source: PwC India GSISS 2015 Estimated average financial loss as a result of security incident per survey respondent: India (USD)
  • 5. PwC March 11, 2016 Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 3 We believe it is possible not only adapt to these increasing incidents but grow stronger because of them. A new type of organization - ‘The antifragile’
  • 6. PwC March 11, 2016 Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 4 “Some things benefit from shocks; they thrive and grow when exposed to volatility, randomness, disorder, and stressors” – Antifragile, Nassim Nicholas Taleb Nature is full of anti-fragile systems. The human muscles are a good example of anti- fragile system. The more they are subjected to bouts of stress, the stronger they grow.
  • 7. PwC March 11, 2016 The mechanism of antifragility is about early discovery, response and improving resistance. Section 1 – Why are we talking about this? Threat Intelligence in Cyber Risk Programs • 5 1 2 3 Early discovery of existence of known and unknown threat vectors in the environment is important to prevent its spread and causing damage. It is important to contain spread, assess damage, analyze characteristics of the threat and finally eardicate the threat. Codify the learnings into mechanisms to detect or prevent recurrence of the threat vector. Share with others and learn from others. Early Discovery Rapid Response Threat Resistance All antifragile systems found in nature work on these principles including human muscles, vaccinations, human society etc.
  • 8. PwC March 11, 2016 We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 6
  • 9. PwC March 11, 2016 Threat = Capability to Cause Harm Intelligence = Information, Analysis & Context Threat Intelligence = Information, its Analysis and Context Regarding ‘Things’ that might cause Harm What is threat intelligence? Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 7
  • 10. PwC March 11, 2016 Types of Threat Intelligence Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 8 High Level Information on changing risks Attacker methodologies, tools and tactics Details of incoming attack Indicators of Specific Malware Low LevelHigh Level ShortTermLongTerm Area of Enterprise Focus
  • 11. PwC March 11, 2016 Threat Intelligence Explained Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 9 Strategic Threat Intelligence • Target Audience is The Board, Executive Management • Focus on changing risks, high level topics: Geopolitics, Foreign markets, Cultural background • Vision timeframe: years Tactical Threat Intelligence • Target Audience: System Admins, Pen Testers, Hunters • Focus on TTPs (tactics, techniques, procedures, tools etc.), C2 behaviour etc. • Vision timeframe: Weeks to Months Operational Threat Intelligence • Target Audience: strategic security teams • Focus on Threat Actors, Nation-State actors, future attacks etc. Based on infiltrating Threat Actor groups • Vision timeframe: Hours to Months Technical Threat Intelligence • Target Audience: SOC, IR, Firewall Admins • Focus on Indicators of compromise, malware domains, artefacts, signatures etc. • Vision timeframe: Hours to years
  • 12. PwC March 11, 2016 The Pyramid of Pain Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 10 Hash Values / IP Address Domains System Artifacts TTPs Tools Pyramid of Pain (for the attacker) - David J. Bianco Tough Challenging Annoying Easy Trivial Indicators of Compromise Developed by Client / PwC’s Cyber Threat Intelligence team Indicators of Compromise provided by most OEM’s and Anti- virus providers
  • 13. PwC March 11, 2016 Where do you get the Threat Intelligence? Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 11 Hash Values / IP Address Domains System Artifacts TTPs Tools A number of Open- source and Commercial Feeds Develop from known malware behaviour. Analyse malware to understand variants, families, CnC domains and threat actors
  • 14. PwC March 11, 2016 Technical & Tactical TI – Looking at the indicators Section 2 – We already have threat intelligence!!! Threat Intelligence in Cyber Risk Programs • 12 MD5 / Sha-1 Hash Filename of Initial Malware Files Dropped by Malware Registry Keys created by malware Well Written Yara Rule Trivial Difficult IP Address Domain Name Exact URL accessed Algorithm for generating Radom domain Exact Command Channel Structure
  • 15. PwC March 11, 2016 Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 13
  • 16. PwC March 11, 2016 1. Collate and Curate Threat Feeds: Use a platform to collate and curate threat feeds, distribute it to various detection systems. Maintain the intelligence system by adding your own threat Intelligence 2. Tactical Intelligence: Generate tactical intelligence for malware variants prevalent in your environment. Use tactical intelligence generated by communities, peers and professional agencies. 3. Sharing: Share your new threat intelligence with local and global communities. Submit malware samples, submit new indicators, and share the CnC information. 1. Run a Threat Intelligence Program Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 14
  • 17. PwC March 11, 2016 2. Use technical and tactical TI to detect Compromises Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 15 Active Discovery 1. Use enriched and curated Technical TI at Gateways, SIEMs and Domain Controllers to detect compromises 2. Use Tactical TI to analyse host compromises by collecting system and memory artefacts 3. Use Tactical TI by conducting static and dynamic analysis of suspicious file samples 4. Use honeypots to actively detect lateral movement
  • 18. PwC March 11, 2016 3. Respond to compromises while leveraging Tactical Indicators Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 16 1. Develop Tactical Threat Indicators for detected compromises and unknown malware 2. Use the TI to “hunt” for malware and eradicate it 3. Build Threat Intelligence database of detected malware Cyber Response
  • 19. PwC March 11, 2016 - brought to you by PwC’s Active Defence Services Section 3 – Using Threat Intelligence Threat Intelligence in Cyber Risk Programs • 17 PwC CIRCA Cyber Incident Response and compromise assessment platform 04 PwC Nethunt Network level compromise assessment and hunting platform with flow and packet analysis 02 PwC TIP Threat Intelligence platform for threat feeds aggregation, selection, visualization, and sharing. 01 LAMPS Large –scale Automated Malware Analysis Platform 03 Active Discovery PwC’s Active Defence Services helps organizations detect, analyse and monitor advanced threats supported by team of Malware Analysts, Data Scientists and Incident Responders. PwC ADS Platforms
  • 20. The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional advisor. © 2016 PricewaterhouseCoopers Private Limited. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers Private Limited (a limited liability company in India), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. “the ring has awoken, it’s heard its masters call” – Gandalf, Lord of the Rings The sleeping malware in our organizations Sangram Gayal +91 9819197716 sangram.gayal@in.pwc.com