SlideShare a Scribd company logo

Cyber Threat Intelligence: What do we Want? The Incident Response and Technology Risk Management Perspectives

Albert Hui
Albert Hui

Introduces "Hui's Hierarchy of CTIs", a reference model upon which cyber threat intelligence (CTI) can be classified, a 5W1H model for CTI contexts, and illustrates through examples what CTIs IR and TRM will find useful.

Science
1 of 21
Cyber Threat Intelligence What do we Want? The Incident Response and Technology Risk Management Perspectives September 2nd 2016 @ SecureHongKong Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CRISC S ec urI ty Ro ni n Hong Kong
• CSIRT Manager at an Investment Bank • ACFE (Association of Certified Fraud Examiner) Asia Pacific Fraud Conference keynote speaker • HTCIA (High Tech Crime Investigation Association) Asia Pacific Forensics Conference speaker • Co-designed the first Computer Forensics curriculum for Hong Kong Police Force • Technology Risk Manager at Multinational Banks • Risk Consultant for Government and Critical Infrastructures • Black Hat speakerCopyright © 2016 Albert Hui 2 Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CR Security RonI n Who am I? IncidentResponse& Investigations Technology RiskManagement
Essential Goals of CTI Copyright © 2016 Albert Hui 3 “Use a commercial threat intelligence service to develop informed tactics for current threats, and plan for threats that may exist in the midterm future.” Gartner Technology Overview for Security Threat Intelligence Service Providers Support development of Informed Tactics …against Current threats …against Future threats
Fatal Problem with Many CTI Products Copyright © 2016 Albert Hui 4 “Only a comparative few (vendors)… provide true intelligence capabilities.” Gartner Report on Threat Intelligence, Oct 2013 Cyber Threat Information Cyber Threat Intelligence
Information vs. Intelligence Information • Raw information, may be irrelevant or obsolete • May be false or incomplete • Not actionable Intelligence • Contextualized, relevant and timely • Accurate and complete • Actionable Copyright © 2016 Albert Hui 5 How to tell? Apply the “So What Test”.
Context Copyright © 2016 Albert Hui 6 •Attack characteristics, e.g. BEC spear phising, SQL injection What • Attack purpose, e.g. causing money transfer, stealing credit card info Why • At what cyber kill chain stage(s) is the attack operating (at which place(s) can it be observed)? Where • Attacker characteristics: technical competence (“fire power”), resilience to takedown / prosecution • Target characteristics: what business sectors / sizes / locations, and business activities is being targeted? Who • Associated attack history and trend, e.g. explosive growth of BEC spear phishing since 2015 When • Attack methodology (TTP - tactics, techniques, procedures) How
An Example Information Intelligence • These files are IOCs of Taiwan ATM heist campaign first observed early 2016. • Relevant to installation and action stages of attack. • Purposes are for executing the attack and for removing itself. Copyright © 2016 Albert Hui 7 Possible Actions • Scan / Query DB for file matches on ATM related systems. • Add signatures to AV / HIPS. • cnginfo.exe (MD5: C0105ADA8686DC537A64919C73A18DB7) • cngdisp.exe (MD5: 65880502B53F718BD0611A638DFD5969) • cleanup.bat • sdelete.exe (MD5: C74673589D5DD38B6443DA6054B8D07A)
Very Cool Copyright © 2016 Albert Hui 8 , but This is NOT CTI
Attribution Very Useful Copyright © 2016 Albert Hui 9http://whohackedus.com/ , If You Want to Hack Back 😂(Or for strategic planning, more on that later)
Attack and Defense Copyright © 2016 Albert Hui 10 Recon Weaponize Deliver Exploit Install C2 Action DetectDenyDisruptDegradeDeceiveDestroy
Incident Response Process Copyright © 2016 Albert Hui 11 Identification & Triage Containment Eradication Recovery Lessons Learned Event #1 Preparation Identification & Triage Containment Eradication Recovery Lessons Learned Event #2 Identification & Triage Containment Eradication Recovery Lessons Learned Event #3
Active Cyber Defense Cycle (ACDC) Threat Intelligence Consumption Threat Hunting Incident Response Security Hardening Copyright © 2016 Albert Hui 12 DetectDenyDisruptDegradeDeceiveDestroy Recon Weaponize Deliver Exploit Install C2 Action Identification & Triage Containment Eradication Recovery Lessons Learned
Hui’s Hierarchy of CTI Predict- ions Early Warnings Campaigns Trends & Seasonality TTPs (Tactics, Techniques and Procedures) IOCs (Indicators of Compromise) Copyright © 2016 Albert Hui 13 Threat Projection Threat Recognition Behavioral Pattern Time Series Pattern Activity Artifact Strategic Operational Tactical
Technology Risk Management (TRM) Perspectives Copyright © 2016 Albert Hui 14
Threat Components Copyright © 2016 Albert Hui 15 Opportunity ThreatMenace
Hui’s Cyber Threat Intent Taxonomy Copyright © 2016 Albert Hui 16 Secular Sacred egomoney ideology (e.g. hacktivists) revenge (e.g. former employees) curiosity industrial espionage war & terrorism (e.g. state-sponsored hackers) political (e.g. unfavorable foreign government policies)
FAIR (Factor Analysis of Information Risk) Risk Model Risk Loss Event Frequency Threat Event Frequency Vulnerability Loss Magnitude Primary Loss Secondary Loss Copyright © 2016 Albert Hui 17 Risk Likelihood Impact
Copyright © 2016 Albert Hui 18 Vulnerability Impact Transfer Terminate Tolerate Threat Risk Treat From Actionable CTI to Mitigations
An Example Intelligence • Since 2015, explosive growth of BEC frauds observed across the world. • Majority of funds wired through Hong Kong and/or Wenzhou. • (Internal intel) Significant increase in phishing emails not blocked by email gateway, reached end-point workstations. Possible Actions • Review money wiring process, ensure effective controls are in place, e.g. • dual custodianship (administrative control), • policy for what to do if CEO is not available, • anti-phishing services (technical control). • Review money wiring counterparties’ past transactions and wiring info for compromises. • Investigate weaknesses in email gateway phishing email protection. • User awareness training / circulars. Copyright © 2016 Albert Hui 19
Summary Copyright © 2016 Albert Hui 20 • Context, Context, Context • Actionable Intelligence (apply “So What” test) • From Reactive to Active Defense
Thank You! 21 albert@securityronin.com Security Roni n www.securityronin.com

Recommended

Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 

Recommended

Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersAlbert Hui
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramLondon School of Cyber Security
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...PaloAltoNetworks
 

More Related Content

What's hot

Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate securityG3 intelligence Ltd
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersAlbert Hui
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 

What's hot (20)

Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.
 

Viewers also liked

Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcAPNIC
 
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...PaloAltoNetworks
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP APNIC
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingPriyanka Aash
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseHuntsman Security
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaGhader Ahmadi
 

Viewers also liked (13)

Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia Pacifc
 
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
2016 Cybersecurity Predictions for Asia Pacific from Palo Alto Networks VP, C...
 
Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP Enhancing security incident response capabilities in the AP
Enhancing security incident response capabilities in the AP
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Cyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by ImprevaCyberthreat Defense Report 2017 by Impreva
Cyberthreat Defense Report 2017 by Impreva
 

Similar to Cyber Threat Intelligence: What do we Want? The Incident Response and Technology Risk Management Perspectives

Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and DesignAlbert Hui
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Proactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / ResiliencyProactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / ResiliencyDr. Lydia Kostopoulos
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
 
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsAlbert Hui
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfBecky Burwell
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingSqrrl
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 

Similar to Cyber Threat Intelligence: What do we Want? The Incident Response and Technology Risk Management Perspectives (20)

Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Proactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / ResiliencyProactive Counterespionage & Business Continuity / Resiliency
Proactive Counterespionage & Business Continuity / Resiliency
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Fabio Ghioni
Fabio GhioniFabio Ghioni
Fabio Ghioni
 
Threat Life Cycle Management
Threat Life Cycle ManagementThreat Life Cycle Management
Threat Life Cycle Management
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
 
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdf
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Modernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led TrainingModernizing Your SOC: A CISO-led Training
Modernizing Your SOC: A CISO-led Training
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 

More from Albert Hui

New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsAlbert Hui
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationAlbert Hui
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerAlbert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber eraAlbert Hui
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassAlbert Hui
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateAlbert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemAlbert Hui
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 

More from Albert Hui (11)

New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 

Recently uploaded

Pests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPirithiRaju
 
User Guide: Magellan MX™ Weather Station
User Guide: Magellan MX™ Weather StationUser Guide: Magellan MX™ Weather Station
User Guide: Magellan MX™ Weather StationColumbia Weather Systems
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxpriyankatabhane
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeSatoshi NAKAHIRA
 
Pests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPirithiRaju
 
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 GenuineCall Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuinethapagita
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024innovationoecd
 
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfBUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfWildaNurAmalia2
 
Harmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms PresentationHarmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms Presentationtahreemzahra82
 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxNandakishor Bhaurao Deshmukh
 
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)User Guide: Pulsar™ Weather Station (Columbia Weather Systems)
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)Columbia Weather Systems
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPirithiRaju
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfSELF-EXPLANATORY
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Nistarini College, Purulia (W.B) India
 
Solution chemistry, Moral and Normal solutions
Solution chemistry, Moral and Normal solutionsSolution chemistry, Moral and Normal solutions
Solution chemistry, Moral and Normal solutionsHajira Mahmood
 
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxGenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxBerniceCayabyab1
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Patrick Diehl
 
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptx
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptxSulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptx
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptxnoordubaliya2003
 
Citronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayCitronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayupadhyaymani499
 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxFarihaAbdulRasheed
 

Recently uploaded (20)

Pests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdfPests of safflower_Binomics_Identification_Dr.UPR.pdf
Pests of safflower_Binomics_Identification_Dr.UPR.pdf
 
User Guide: Magellan MX™ Weather Station
User Guide: Magellan MX™ Weather StationUser Guide: Magellan MX™ Weather Station
User Guide: Magellan MX™ Weather Station
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptx
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real time
 
Pests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdfPests of castor_Binomics_Identification_Dr.UPR.pdf
Pests of castor_Binomics_Identification_Dr.UPR.pdf
 
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 GenuineCall Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
Call Girls in Majnu Ka Tilla Delhi 🔝9711014705🔝 Genuine
 
OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024OECD bibliometric indicators: Selected highlights, April 2024
OECD bibliometric indicators: Selected highlights, April 2024
 
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdfBUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
BUMI DAN ANTARIKSA PROJEK IPAS SMK KELAS X.pdf
 
Harmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms PresentationHarmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms Presentation
 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
 
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)User Guide: Pulsar™ Weather Station (Columbia Weather Systems)
User Guide: Pulsar™ Weather Station (Columbia Weather Systems)
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
 
Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...
 
Solution chemistry, Moral and Normal solutions
Solution chemistry, Moral and Normal solutionsSolution chemistry, Moral and Normal solutions
Solution chemistry, Moral and Normal solutions
 
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptxGenBio2 - Lesson 1 - Introduction to Genetics.pptx
GenBio2 - Lesson 1 - Introduction to Genetics.pptx
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?
 
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptx
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptxSulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptx
Sulphur & Phosphrus Cycle PowerPoint Presentation (2) [Autosaved]-3-1.pptx
 
Citronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyayCitronella presentation SlideShare mani upadhyay
Citronella presentation SlideShare mani upadhyay
 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
 

Cyber Threat Intelligence: What do we Want? The Incident Response and Technology Risk Management Perspectives

  • 1. Cyber Threat Intelligence What do we Want? The Incident Response and Technology Risk Management Perspectives September 2nd 2016 @ SecureHongKong Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CRISC S ec urI ty Ro ni n Hong Kong
  • 2. • CSIRT Manager at an Investment Bank • ACFE (Association of Certified Fraud Examiner) Asia Pacific Fraud Conference keynote speaker • HTCIA (High Tech Crime Investigation Association) Asia Pacific Forensics Conference speaker • Co-designed the first Computer Forensics curriculum for Hong Kong Police Force • Technology Risk Manager at Multinational Banks • Risk Consultant for Government and Critical Infrastructures • Black Hat speakerCopyright © 2016 Albert Hui 2 Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CR Security RonI n Who am I? IncidentResponse& Investigations Technology RiskManagement
  • 3. Essential Goals of CTI Copyright © 2016 Albert Hui 3 “Use a commercial threat intelligence service to develop informed tactics for current threats, and plan for threats that may exist in the midterm future.” Gartner Technology Overview for Security Threat Intelligence Service Providers Support development of Informed Tactics …against Current threats …against Future threats
  • 4. Fatal Problem with Many CTI Products Copyright © 2016 Albert Hui 4 “Only a comparative few (vendors)… provide true intelligence capabilities.” Gartner Report on Threat Intelligence, Oct 2013 Cyber Threat Information Cyber Threat Intelligence
  • 5. Information vs. Intelligence Information • Raw information, may be irrelevant or obsolete • May be false or incomplete • Not actionable Intelligence • Contextualized, relevant and timely • Accurate and complete • Actionable Copyright © 2016 Albert Hui 5 How to tell? Apply the “So What Test”.
  • 6. Context Copyright © 2016 Albert Hui 6 •Attack characteristics, e.g. BEC spear phising, SQL injection What • Attack purpose, e.g. causing money transfer, stealing credit card info Why • At what cyber kill chain stage(s) is the attack operating (at which place(s) can it be observed)? Where • Attacker characteristics: technical competence (“fire power”), resilience to takedown / prosecution • Target characteristics: what business sectors / sizes / locations, and business activities is being targeted? Who • Associated attack history and trend, e.g. explosive growth of BEC spear phishing since 2015 When • Attack methodology (TTP - tactics, techniques, procedures) How
  • 7. An Example Information Intelligence • These files are IOCs of Taiwan ATM heist campaign first observed early 2016. • Relevant to installation and action stages of attack. • Purposes are for executing the attack and for removing itself. Copyright © 2016 Albert Hui 7 Possible Actions • Scan / Query DB for file matches on ATM related systems. • Add signatures to AV / HIPS. • cnginfo.exe (MD5: C0105ADA8686DC537A64919C73A18DB7) • cngdisp.exe (MD5: 65880502B53F718BD0611A638DFD5969) • cleanup.bat • sdelete.exe (MD5: C74673589D5DD38B6443DA6054B8D07A)
  • 8. Very Cool Copyright © 2016 Albert Hui 8 , but This is NOT CTI
  • 9. Attribution Very Useful Copyright © 2016 Albert Hui 9http://whohackedus.com/ , If You Want to Hack Back 😂(Or for strategic planning, more on that later)
  • 10. Attack and Defense Copyright © 2016 Albert Hui 10 Recon Weaponize Deliver Exploit Install C2 Action DetectDenyDisruptDegradeDeceiveDestroy
  • 11. Incident Response Process Copyright © 2016 Albert Hui 11 Identification & Triage Containment Eradication Recovery Lessons Learned Event #1 Preparation Identification & Triage Containment Eradication Recovery Lessons Learned Event #2 Identification & Triage Containment Eradication Recovery Lessons Learned Event #3
  • 12. Active Cyber Defense Cycle (ACDC) Threat Intelligence Consumption Threat Hunting Incident Response Security Hardening Copyright © 2016 Albert Hui 12 DetectDenyDisruptDegradeDeceiveDestroy Recon Weaponize Deliver Exploit Install C2 Action Identification & Triage Containment Eradication Recovery Lessons Learned
  • 13. Hui’s Hierarchy of CTI Predict- ions Early Warnings Campaigns Trends & Seasonality TTPs (Tactics, Techniques and Procedures) IOCs (Indicators of Compromise) Copyright © 2016 Albert Hui 13 Threat Projection Threat Recognition Behavioral Pattern Time Series Pattern Activity Artifact Strategic Operational Tactical
  • 14. Technology Risk Management (TRM) Perspectives Copyright © 2016 Albert Hui 14
  • 15. Threat Components Copyright © 2016 Albert Hui 15 Opportunity ThreatMenace
  • 16. Hui’s Cyber Threat Intent Taxonomy Copyright © 2016 Albert Hui 16 Secular Sacred egomoney ideology (e.g. hacktivists) revenge (e.g. former employees) curiosity industrial espionage war & terrorism (e.g. state-sponsored hackers) political (e.g. unfavorable foreign government policies)
  • 17. FAIR (Factor Analysis of Information Risk) Risk Model Risk Loss Event Frequency Threat Event Frequency Vulnerability Loss Magnitude Primary Loss Secondary Loss Copyright © 2016 Albert Hui 17 Risk Likelihood Impact
  • 18. Copyright © 2016 Albert Hui 18 Vulnerability Impact Transfer Terminate Tolerate Threat Risk Treat From Actionable CTI to Mitigations
  • 19. An Example Intelligence • Since 2015, explosive growth of BEC frauds observed across the world. • Majority of funds wired through Hong Kong and/or Wenzhou. • (Internal intel) Significant increase in phishing emails not blocked by email gateway, reached end-point workstations. Possible Actions • Review money wiring process, ensure effective controls are in place, e.g. • dual custodianship (administrative control), • policy for what to do if CEO is not available, • anti-phishing services (technical control). • Review money wiring counterparties’ past transactions and wiring info for compromises. • Investigate weaknesses in email gateway phishing email protection. • User awareness training / circulars. Copyright © 2016 Albert Hui 19
  • 20. Summary Copyright © 2016 Albert Hui 20 • Context, Context, Context • Actionable Intelligence (apply “So What” test) • From Reactive to Active Defense

Editor's Notes

  1. A helicopter was flying around above Seattle when an electrical malfunction disabled all of the aircraft's electronic navigation and communications qquipment. Due to the clouds and haze, the pilot could not determine the helicopter's position and course to fly to the airport. The pilot saw a tall building, flew toward it, circled, drew a handwritten sign, and held it in the helicopter's window. The pilot's sign said "WHERE AM I?" in large letters. People in the tall building quickly responded to the aircraft, drew a large sign and held it in a building window. Their sign read: "YOU ARE IN A HELICOPTER." The pilot smiled, waved, looked at her map, determined the course to steer to SEATAC airport, and landed safely. After they were on the ground, the co-pilot asked the pilot how the "YOU ARE IN A HELICOPTER" sign helped determine their position. The pilot responded "I knew that had to be the Microsoft building because, like their technical support, online help and product documentation, the response they gave me was technically correct, but completely useless.”