SlideShare a Scribd company logo

CrowdCast Monthly: Operationalizing Intelligence

CrowdStrike
CrowdStrike

In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors. While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy? View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure. Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.

TechnologyBusiness
1 of 24
Download to read offline
OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A
CrowdCast Monthly: Operationalizing Intelligence

Recommended

Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep Dive
Ulisses Albuquerque
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 

Recommended

Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
Skycure
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
Shahee Mirza
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep Dive
Ulisses Albuquerque
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
anupriti
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
Florian Roth
 
Open Source & Cybersecurity
Open Source & CybersecurityOpen Source & Cybersecurity
Open Source & Cybersecurity
Fathi Kamil Mohad Zainuddin
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
Management Events
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
Anton Chuvakin
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
jubke
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDE
Girindro Pringgo Digdo
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 

More Related Content

What's hot

Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
 

What's hot (20)

Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Application Security
Application SecurityApplication Security
Application Security
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Android Device Hardening
Android Device HardeningAndroid Device Hardening
Android Device Hardening
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Detection and Response Roles
Detection and Response RolesDetection and Response Roles
Detection and Response Roles
 
Open Source & Cybersecurity
Open Source & CybersecurityOpen Source & Cybersecurity
Open Source & Cybersecurity
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
It security and awareness training 5 10-2018
It security and awareness training 5 10-2018It security and awareness training 5 10-2018
It security and awareness training 5 10-2018
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Threat Modeling Using STRIDE
Threat Modeling Using STRIDEThreat Modeling Using STRIDE
Threat Modeling Using STRIDE
 

Viewers also liked

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
CrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdStrike
 

Viewers also liked (20)

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Venom
Venom Venom
Venom
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015
 
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
 

Similar to CrowdCast Monthly: Operationalizing Intelligence

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Invincea, Inc.
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Tripwire
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
Mohit Rampal
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data Analytics
Symantec
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
Numaan Huq
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
Adam Heller
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 

Similar to CrowdCast Monthly: Operationalizing Intelligence (20)

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
 
Hacker House August Proposal
Hacker House August ProposalHacker House August Proposal
Hacker House August Proposal
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data Analytics
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Lean US Market Entry
Lean US Market EntryLean US Market Entry
Lean US Market Entry
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ?
 
Learn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stackLearn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stack
 

More from CrowdStrike

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 

More from CrowdStrike (8)

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 

Recently uploaded

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

CrowdCast Monthly: Operationalizing Intelligence

  • 1. OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
  • 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
  • 3. 2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
  • 4. 2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
  • 5. RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
  • 6. 2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
  • 7. How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
  • 8. 2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 9. 2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 10. INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
  • 11. 2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 12. 2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
  • 13. Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 14. Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
  • 15. 2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
  • 16. 2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
  • 17. TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
  • 18. 2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
  • 19. 2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
  • 20. INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
  • 21. 2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
  • 22. 2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
  • 23. For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A