Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CrowdCast Monthly: Operationalizing Intelligence

5,866 views

Published on

In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors.

While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy?

View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure.

Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.

Published in: Technology, Business
  • Be the first to comment

CrowdCast Monthly: Operationalizing Intelligence

  1. 1. OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
  2. 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
  3. 3. 2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
  4. 4. 2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
  5. 5. RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
  6. 6. 2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
  7. 7. How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
  8. 8. 2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  9. 9. 2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  10. 10. INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
  11. 11. 2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
  12. 12. 2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
  13. 13. Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
  14. 14. Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
  15. 15. 2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
  16. 16. 2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
  17. 17. TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
  18. 18. 2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
  19. 19. 2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
  20. 20. INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
  21. 21. 2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
  22. 22. 2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
  23. 23. For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A

×