Reduce the Attacker's ROI with Collaborative Threat Intelligence
Upcoming SlideShare
Loading in...5
×
 

Reduce the Attacker's ROI with Collaborative Threat Intelligence

on

  • 197 views

The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each ...

The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each new attack vector requires defenders to deploy and maintain additional security controls. So, how can we increase the cost for the attacker? One way is through collaborative threat intelligence.

Join Wendy Nather of 451 Research and Jaime Blasco, Director of AlienVault Labs for a discussion of the value of collaborative threat intelligence. Wendy and Jaime will discuss how a collaborative approach differs from other threat intelligence sources, along with practical considerations to help you evaluate threat intelligence offerings and protect your environment.

Statistics

Views

Total Views
197
Views on SlideShare
197
Embed Views
0

Actions

Likes
2
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Need to add their photos
  • Q: Let’s talk first about threat intelligence in general. How is it different from, say, a list of bad IPs for you to block at the firewall>
  • Just about every security tool out there is claiming to include threat intelligence. If you have several of these products in-house, is that enough threat intelligence for the organization to get by? <br /> If you’re CISO at a small- or medium-size organization, and you’re shopping for threat intelligence, how would you evaluate the offerings? (move to next slide after asking question) <br /> <br />
  • Couldn’t an enterprise just subscribe to the same open source threat intelligence feeds that everyone else does? What more does collaborative threat-sharing bring to the table? <br /> (then go to next slide)
  • Many threat-sharing groups are either ISACs (information sharing and analysis centers) or private groups where you have to know the right people to take part. How do SMBs get into the game? <br /> How do enterprises make sure that they’re not exposing confidential information when they share threat intelligence? <br />
  • Are large enterprises and small ones going to benefit from the same types of threat intelligence, or do they need different kinds? <br /> How does AlienVault’s product help security staff consume threat intelligence? <br />

Reduce the Attacker's ROI with Collaborative Threat Intelligence Reduce the Attacker's ROI with Collaborative Threat Intelligence Presentation Transcript

  • Reduce the Attacker’s ROI with Collaborative Threat Intelligence
  • @AlienVault2 Meet today’s presenters INTRODUCTIONS Jaime Blasco Director, AlienVault Labs AlienVault @jaimeblascob Wendy Nather Research Director, Security 451 Research @451Wendy
  • @AlienVault What is Threat Intelligence? Provides data that you did not already have • Examples: reputation scoring, attack tools, threat actors Provides data (or analysis of data) that helps you make more decisions about defense • Example: helping you figure out what else to look for, or what proactive measures to take Verizon Business VERIS taxonomy: includes both actor and action Data sold separately; customer can decide how to apply it further Platform or technology specifically for threat intel collection, analysis or sharing
  • @AlienVault Threat Intelligence is … Additive – made to be collected Secretive – part of the value is that not everyone else knows it Transitive – built on transitive trust relationships Elusive – can quickly expire, degrade or dry up
  • @AlienVault 36% 31% 28% 2%1% 3% 4% 2% 3% 1% 8% 53% 59% 61% 4% 6% 2H '13 2H '12 2H '11 Threat intelligence trends
  • @AlienVault Threat Intelligence Trends
  • @AlienVault Questions to Ask When Evaluating Threat Intelligence Which indicators are being offered? Where does the TI come from? How is the TI generated? How rich is the metadata? Is the information useful to my organization? Does it help detect incidents? Does it help me when responding to an incident? Does it help triaging? Am I able to consume the data with the technologies/tools within my enterprise?
  • @AlienVault Evaluating Threat Intelligence Offerings Origin Variety Freshness Speed and scale Relevance False-positive rate Confidence Completeness Consumability
  • @AlienVault The Power of the “Crowd” for Threat Detection Cyber criminals are reusing the same tactics to attack multiple targets. Collaborative threat intelligence makes us all more secure.  Identify, flag and block known attackers  Update policies/alerts to detect threats Reduce the attacker’s ROI
  • @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products
  • @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack
  • @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect
  • @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • @AlienVault Threat Sharing Enables Preventative response Through an automated, real-time, threat exchange framework
  • @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience
  • @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures
  • @AlienVault Global threat detection for local response
  • @AlienVault Security Technologies Needed to Consume Threat Intelligence Proxy Log Management SIEM Intrusion Detection System Intrusion Prevention System Network Monitoring Firewall End Point Protection Forensic Tools
  • @AlienVault powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
  • More Questions? Tweet @AlienVault NOW FOR SOME Q&A… Join the Open Threat Exchange http://www.alienvault.com/open-threat-exchange Download a free 30-day trial of USM http://www.alienvault.com/free-trial Join us for a live demo http://www.alienvault.com/marketing/alienvault- usm-live-demo @jaimeblascob @451Wendy