Your SlideShare is downloading. ×
0
1© Cyber Squared Inc. 2014
THE BUSINESS BENEFITS OF
THREAT INTELLIGENCE
3-12-2014
2© Cyber Squared Inc. 2014
WHO AM I?
• CEO of Cyber Squared Inc., the company behind
ThreatConnectTM.
• Founding member of...
3© Cyber Squared Inc. 2014
AGENDA
• Background
• Defining ROI for Threat Intelligence
• Making Assumptions Up Front
• Mode...
4© Cyber Squared Inc. 2014
WHAT MAKES GOOD THREAT INTELLIGENCE?
Aggregate Analyze ActLifecycle
• Accurate
• Aligned with y...
5© Cyber Squared Inc. 2014
BUSINESS NEED
ERP/Manufacturing
2015
1980’s
Every other part of the business has
evolved to nec...
6© Cyber Squared Inc. 2014
CONNECTED COLLABORATION
SOC
Incident
Response
Threat
Analysts
IT/
Compliance
Malware
Analysts
C...
7© Cyber Squared Inc. 2014
TM FORUM CATALYST PHASE 2
• Going beyond: “This Threat Intelligence stuff is a great idea!”:
• ...
8© Cyber Squared Inc. 2014
ROI OF THREAT INTELLIGENCE
CostSecurity Investment
Threat Intelligence
Knowledge Assumptions
Ex...
9© Cyber Squared Inc. 2014
FIND MORE THREATS, FASTER
4x/Day
1x/Day
4x/Day
5x/Day
100x/Day
Threat Discovery and Focused Pur...
10© Cyber Squared Inc. 2014
SECURITY PROCESSES
• Calculator Example: 8 Step Incident Response Process:
• Identify the Intr...
11© Cyber Squared Inc. 2014
USER TYPES
SOC
Incident
Response
Threat
Analysts
IT/
Compliance
Malware
Analysts
CISO/CIO
12© Cyber Squared Inc. 2014
THREAT INTELLIGENCE PERSONAS
Name: Joe
Role:
Security
Executive
Motivation
/Problem
 My compa...
13© Cyber Squared Inc. 2014
ASSUMPTIONS
• Process Assumptions:
• Persona Costs – What is the hourly cost per Persona?
• St...
14© Cyber Squared Inc. 2014
MODELING
Hourly Cost per Persona
Existing
Automation
Collaboration
Make Assumptions
Potential ...
15© Cyber Squared Inc. 2014
RESULTS (FROM SAMPLE)
Measurement Topics Type Value
Time Commitment to understand Threat to bu...
16© Cyber Squared Inc. 2014
Prioritize
Plan
TAKING ACTION
Defend
LearnUnderstand
Threats to your
Organization
17© Cyber Squared Inc. 2014
TAKE AWAY
• You don’t have a choice
• Cyber Threat Intelligence starts with understanding “You...
18© Cyber Squared Inc. 2014
THANK YOU & QUESTIONS
Download the Threat Intelligence Sharing ROI Calculator from:
http://bit...
Upcoming SlideShare
Loading in...5
×

The Business Benefits of Threat Intelligence Webinar

361

Published on

The Businees Benefits of Threat Intelligence

Take 30 minutes of your time to hear Cyber Squared Inc. CEO Adam Vincent review the need for businesses to evaluate the cost of a sophisticated threat intelligence program. Learn more about the ROI calculator that evaluates cost/benefits of threat intelligence investments and offers quantifiable financial benefits and use-cases to demonstrate the overall costs associated with data breaches, and how using threat intelligence can decrease those costs and make existing staff more efficient.

Watch the full webinar here: https://attendee.gotowebinar.com/recording/7218699913172089858

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
361
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "The Business Benefits of Threat Intelligence Webinar"

  1. 1. 1© Cyber Squared Inc. 2014 THE BUSINESS BENEFITS OF THREAT INTELLIGENCE 3-12-2014
  2. 2. 2© Cyber Squared Inc. 2014 WHO AM I? • CEO of Cyber Squared Inc., the company behind ThreatConnectTM. • Founding member of the company, started in 2011. • Experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security.
  3. 3. 3© Cyber Squared Inc. 2014 AGENDA • Background • Defining ROI for Threat Intelligence • Making Assumptions Up Front • Modeling Your Expectations • Measuring the Reality • Taking Action
  4. 4. 4© Cyber Squared Inc. 2014 WHAT MAKES GOOD THREAT INTELLIGENCE? Aggregate Analyze ActLifecycle • Accurate • Aligned with your requirements • Integrated • Predictive • Relevant • Tailored • Timely Source: Rick Holland (Principal Forrester Analyst) Blog Post Titled “Actionable Intelligence, Meet Terry Tate, Office Linebacker” Attributes to Measure Threat Intelligence:
  5. 5. 5© Cyber Squared Inc. 2014 BUSINESS NEED ERP/Manufacturing 2015 1980’s Every other part of the business has evolved to necessitate a platform to increase productivity and measure effectiveness. It’s your turn! Enterprise Security Support/Helpdesk CRM/Sales Finance/HR Marketing
  6. 6. 6© Cyber Squared Inc. 2014 CONNECTED COLLABORATION SOC Incident Response Threat Analysts IT/ Compliance Malware Analysts CISO/CIO Intelligence Sources Commercial Open Source Communities Sharing Internal Actionable Integrations SIEM IPS/IDS, Firewalls Gateways Endpoint, Response DLP, NAV
  7. 7. 7© Cyber Squared Inc. 2014 TM FORUM CATALYST PHASE 2 • Going beyond: “This Threat Intelligence stuff is a great idea!”: • AT&T, Bell Canada, Birmingham City University, cVidya, ThreatConnect, Edge Technologies, EMC/RSA, MITRE, Orange, Security Fabric Alliance, Symantec, Telecom New Zealand, Telstra, and the UK MOD’s Defence Science and Technology Laboratory (DSTL). • TM Forum Sharing Threat Intelligence Catalyst Phase 2 • Phase 1: Sharing Threat Intelligence Architecture & Whitepaper • Phase 2: Defined Security Personnel Personas • Phase 2: Produced Threat Intelligence ROI Calculator • Phase 2: Demonstration showing successful implementation of Threat Intelligence sharing in support of a sophisticated Distributed Denial of Service (DDoS) use case.
  8. 8. 8© Cyber Squared Inc. 2014 ROI OF THREAT INTELLIGENCE CostSecurity Investment Threat Intelligence Knowledge Assumptions Existing Automate Collaborate + =
  9. 9. 9© Cyber Squared Inc. 2014 FIND MORE THREATS, FASTER 4x/Day 1x/Day 4x/Day 5x/Day 100x/Day Threat Discovery and Focused Pursuit Activities Time Comparison: with and without TI Spearphish Email Analysis and Conviction Malware Correlation with past targeting Analyze, Correlate, Database New Domains, IP Addresses, Registrant Info Track Malicious Domains, IP addresses, Registrant Info Analyst IR and Threat Correlation Tasks
  10. 10. 10© Cyber Squared Inc. 2014 SECURITY PROCESSES • Calculator Example: 8 Step Incident Response Process: • Identify the Intrusion • Step 1: Create and task defensive signatures • Step 2: Maintain awareness of adversary changes to Threat Activity/Infrastructure • Scope the Intrusion • Step 3: Perform exploit/malware analysis • Step 4: Update signature base • Step 5: Link activity to any known groups of related activity • Mitigate/Step the Intrusion • Step 6: Take action to cut off intruder access to the network • Step 7: Monitor for changes in Threat Activity • Strategically React to Threats • Step 8: Generate reports on Threat trends for executives
  11. 11. 11© Cyber Squared Inc. 2014 USER TYPES SOC Incident Response Threat Analysts IT/ Compliance Malware Analysts CISO/CIO
  12. 12. 12© Cyber Squared Inc. 2014 THREAT INTELLIGENCE PERSONAS Name: Joe Role: Security Executive Motivation /Problem  My company is at risk and we need to be keeping up with threat trends  Other executives I know in my industry are being / have been targeted Identified Four Main Categories of Users: Threat Intelligence, Security Operations, Business Executives, and IT Leadership/Staff Name: Peter Role: IT Operations  I need to protect my assets  My company is at risk and we need to be keeping up with threats to my business operations Name: Jane Role: Threat Analyst  I need to make my threat analysis faster, easier, a nd more thorough without spending more money and time Name: Jack Role: Security Operations  My company and/or industry is likely being targeted  I need to protect corporate data but don’t have the resources internally or don’t know where to start
  13. 13. 13© Cyber Squared Inc. 2014 ASSUMPTIONS • Process Assumptions: • Persona Costs – What is the hourly cost per Persona? • Steps – What are steps of the security process? • Personas Involved – Who are the actors of the process? • Knowledge Assumptions (Defined Per Process Step): • Existing – How likely is it that you will find knowledge in a finished state when you need it? • Automation – How much efficiency is gained via automation? • Collaboration – What is the efficiency gained by working with others? • Cost Assumptions: • Incidents per Year – How many events will you have that require process? • Average Cost of an Intrusion – What is the average cost of an intrusion?
  14. 14. 14© Cyber Squared Inc. 2014 MODELING Hourly Cost per Persona Existing Automation Collaboration Make Assumptions Potential Cost of Compromise Model & Measure V1.0 contributed to TM Forum for incorporation to Fx13.5 release
  15. 15. 15© Cyber Squared Inc. 2014 RESULTS (FROM SAMPLE) Measurement Topics Type Value Time Commitment to understand Threat to business operations Hours 200 Lower Costs to obtain a larger understanding of the threat $$ Savings $33,450 Obtain insights that would not be otherwise obvious (from existing knowledge) Insights 37% Increase Automation to increase efficiencies Efficiency 45% Increase insights due to collaboration Additional Insights 2% Total Efficiencies from applying CTI Total Efficiency/Insights 84% Number of Incidents per Year 5 Projected Annual Cost without CTI $199,000 Projected Annual Cost with CTI $31,750 Projected Annual Savings $167,250 Savings Percentage 84%
  16. 16. 16© Cyber Squared Inc. 2014 Prioritize Plan TAKING ACTION Defend LearnUnderstand Threats to your Organization
  17. 17. 17© Cyber Squared Inc. 2014 TAKE AWAY • You don’t have a choice • Cyber Threat Intelligence starts with understanding “Your Needs” • Sharing is a new paradigm in cyber security • This calculator helps you measure something that historically has not been measured • We would love to help you customize the calculator to quantify your own cyber threat sharing needs and efforts
  18. 18. 18© Cyber Squared Inc. 2014 THANK YOU & QUESTIONS Download the Threat Intelligence Sharing ROI Calculator from: http://bit.ly/threatcalc Adam Vincent, CEO, avincent@cybersquared.com Visit www.ThreatConnect.com for more information.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×