5. Challenges with SaaS/Cloud
• Sanctioned IT:
– Lack of user behavior visibility or audit trail,
– Ability to encrypt/secure
– Ability to directly prevent threats
• Shadow IT:
– No visibility
– No control
6. CASB
• Cloud Access Security Brokers (CASBs) are
security enforcement points between
consumers and service providers that apply
security controls to access cloud services
– Data Security/Encryption
– Visibility
– Threat Protection
– Compliance
Image Source: Cloud Access Security Broker (CASB): A pattern for secure access to cloud services EDUARDO B. FERNANDEZ et al
14. Turning the table
• New type of technologies which deceives the
attacker
– Isolate attacker
– Deceive and Observe
• Vendors
– Illusive
– Topspin
– TrapX
19. You will get hacked…but that’s ok
• Isolate Browser and Applications
• Trusted Container in un-trusted system
• Un-trusted Container in trusted system
• Microsegmentation Vendors
• Illumio
• Cloudpassage
• Vidder
• Catbird
• Certes
27. Intel 101
• Data vs Intelligence
– Context, Intent, Capability
• Tactical vs Strategic
– How and what?
– Who and why?
• Atomic vs Composite
– IP, packet string, hash
– Combine multiple things
• TTP- Tactics, Techniques and Procedures
28. Taxonomy for Threat Intelligence
Threat
intelligence
Threat
Intelligence
Platform
Threat
Intelligence
Enrichment
Threat
Intelligence
Integration
Open Source
Intel Human Intel
Technical
Intel
Adversary
Intel
Vulnerability
Intel
Strategic
Intel
29. Vendor Landscape
• Total Vendors studied: 23
• Prominent Vendors
– Open Source Intel: Recorded Future, Digital Shadows, Cyveillance
– Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners,
Verisign iDefence, Cyveillance
– Technical Intel: Norse Corporation , Anubis Networks, Emerging
Threats
– Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners,
Verisign iDefence, Symantec Deepsight
– Vulnerability Intel: iSIGHT Partners, Verisign iDefence
– Strategic Intel: , Surfwatch labs, Cytegic