• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Big Data, Security Intelligence, (And Why I Hate This Title)
 

Big Data, Security Intelligence, (And Why I Hate This Title)

on

  • 658 views

The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.

The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.

Statistics

Views

Total Views
658
Views on SlideShare
487
Embed Views
171

Actions

Likes
2
Downloads
15
Comments
0

7 Embeds 171

http://hurricanelabs.com 89
https://hurricanelabs.com 35
http://mangastorytelling.tistory.com 29
http://beta.hurricanelabs.com 10
https://twitter.com 3
https://www.hurricanelabs.com 3
http://www.hanrss.com 2
More...

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title) Presentation Transcript

    • Big Data, SecurityIntelligence,(And Why I Hate This Title)
    • Introduction / Who Am I• Matt Yonchak• Director of SecurityServices• Hurricane Labs• Avid Clevelandsports cynic
    • What are we going totalk about?Security Intelligence
    • Fact #1Attacks are happening on our networks and we dont know:•How it happened•Who got in•How pervasive this attack is
    • Fact #2Traditional tools are insufficient to the task of realsecurity analysis
    • Intrusion PreventionSystems (IPS)
    • Firewalls
    • Incredible tool or amazing distraction?SIEM
    • Fact #3All Data Is Security Relevant
    • • WAF• IPS• Proxy• FirewallTypical Security Data
    • Non-Typical Data(but still relevant to security)• Web Application Data• Voice and Communication• Email• Performance Monitoring• ID Management• External Data Sources
    • ProblemWe’ve Been Attacked
    • How Did It Happen?Social EngineeringAttacking the User
    • What Does It Look Like?• Evades normal security controls• Moves slow and stays quiet• Knows what data its after• Propagates itself internally
    • Weve Been Compromised
    • Looking At The ProblemDifferently
    • Security Intelligence Is:Analysis Outside the Box
    • Security Intelligence Is:Behavior-Based Analysis
    • Security Intelligence Is:Working a Little Harder
    • Security Intelligence Is:Understanding theBig Picture
    • Security Intelligence: HowDo We Get It?Understand the Attack / Attackers
    • LogsSecurity Intelligence: HowDo We Get It?
    • Understand Your NetworkSecurity Intelligence: HowDo We Get It?
    • Understand Your NetworkSecurity Intelligence: HowDo We Get It?
    • Back to Our ProblemHow would we have detected/stopped theattack?
    • Finding The Attack
    • Finding The AttackBring In SomeExternal Data• GeoIP• Blacklists / Watchlists• Our own intelligence
    • Finding The AttackThink Outside the Box
    • Going ForwardHow do we build out this practice withinour organizations?
    • Going ForwardAccept that what were doing now:• Traditional IncidentResponse• Our typical securitycontrols• Our SIEMs
    • Going ForwardLegitimize the SecurityIntelligence Concept
    • Security IntelligenceLegitimacyTrain For It
    • Security IntelligenceLegitimacy• SecurityIntelligenceAnalyst?• SecurityIntelligenceEngineer?• SecurityIntelligence...Ninja?
    • Security IntelligenceLegitimacy
    • Results
    • Results
    • ClosingThe only way to really get where we need tobe in security analysis is if we:•Put in the work to get there•Think outside the box•Change what is normal for security analysis
    • Questions?• Twitter: @mattyonchak• Email: matt@hurricanelabs.com