Reduce the Attacker's ROI with Collaborative Threat Intelligence

574 views

Published on

The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each new attack vector requires defenders to deploy and maintain additional security controls. So, how can we increase the cost for the attacker? One way is through collaborative threat intelligence.

Join Wendy Nather of 451 Research and Jaime Blasco, Director of AlienVault Labs for a discussion of the value of collaborative threat intelligence. Wendy and Jaime will discuss how a collaborative approach differs from other threat intelligence sources, along with practical considerations to help you evaluate threat intelligence offerings and protect your environment.

Published in: Technology, Economy & Finance
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
574
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
31
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Need to add their photos
  • Q: Let’s talk first about threat intelligence in general. How is it different from, say, a list of bad IPs for you to block at the firewall>
  • Just about every security tool out there is claiming to include threat intelligence. If you have several of these products in-house, is that enough threat intelligence for the organization to get by?
    If you’re CISO at a small- or medium-size organization, and you’re shopping for threat intelligence, how would you evaluate the offerings? (move to next slide after asking question)

  • Couldn’t an enterprise just subscribe to the same open source threat intelligence feeds that everyone else does? What more does collaborative threat-sharing bring to the table?
    (then go to next slide)
  • Many threat-sharing groups are either ISACs (information sharing and analysis centers) or private groups where you have to know the right people to take part. How do SMBs get into the game?
    How do enterprises make sure that they’re not exposing confidential information when they share threat intelligence?
  • Are large enterprises and small ones going to benefit from the same types of threat intelligence, or do they need different kinds?
    How does AlienVault’s product help security staff consume threat intelligence?
  • Reduce the Attacker's ROI with Collaborative Threat Intelligence

    1. 1. Reduce the Attacker’s ROI with Collaborative Threat Intelligence
    2. 2. @AlienVault2 Meet today’s presenters INTRODUCTIONS Jaime Blasco Director, AlienVault Labs AlienVault @jaimeblascob Wendy Nather Research Director, Security 451 Research @451Wendy
    3. 3. @AlienVault What is Threat Intelligence? Provides data that you did not already have • Examples: reputation scoring, attack tools, threat actors Provides data (or analysis of data) that helps you make more decisions about defense • Example: helping you figure out what else to look for, or what proactive measures to take Verizon Business VERIS taxonomy: includes both actor and action Data sold separately; customer can decide how to apply it further Platform or technology specifically for threat intel collection, analysis or sharing
    4. 4. @AlienVault Threat Intelligence is … Additive – made to be collected Secretive – part of the value is that not everyone else knows it Transitive – built on transitive trust relationships Elusive – can quickly expire, degrade or dry up
    5. 5. @AlienVault 36% 31% 28% 2%1% 3% 4% 2% 3% 1% 8% 53% 59% 61% 4% 6% 2H '13 2H '12 2H '11 Threat intelligence trends
    6. 6. @AlienVault Threat Intelligence Trends
    7. 7. @AlienVault Questions to Ask When Evaluating Threat Intelligence Which indicators are being offered? Where does the TI come from? How is the TI generated? How rich is the metadata? Is the information useful to my organization? Does it help detect incidents? Does it help me when responding to an incident? Does it help triaging? Am I able to consume the data with the technologies/tools within my enterprise?
    8. 8. @AlienVault Evaluating Threat Intelligence Offerings Origin Variety Freshness Speed and scale Relevance False-positive rate Confidence Completeness Consumability
    9. 9. @AlienVault The Power of the “Crowd” for Threat Detection Cyber criminals are reusing the same tactics to attack multiple targets. Collaborative threat intelligence makes us all more secure.  Identify, flag and block known attackers  Update policies/alerts to detect threats Reduce the attacker’s ROI
    10. 10. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products
    11. 11. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack
    12. 12. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect
    13. 13. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
    14. 14. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
    15. 15. @AlienVault Threat Sharing Enables Preventative response Through an automated, real-time, threat exchange framework
    16. 16. @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience
    17. 17. @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures
    18. 18. @AlienVault Global threat detection for local response
    19. 19. @AlienVault Security Technologies Needed to Consume Threat Intelligence Proxy Log Management SIEM Intrusion Detection System Intrusion Prevention System Network Monitoring Firewall End Point Protection Forensic Tools
    20. 20. @AlienVault powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
    21. 21. More Questions? Tweet @AlienVault NOW FOR SOME Q&A… Join the Open Threat Exchange http://www.alienvault.com/open-threat-exchange Download a free 30-day trial of USM http://www.alienvault.com/free-trial Join us for a live demo http://www.alienvault.com/marketing/alienvault- usm-live-demo @jaimeblascob @451Wendy

    ×