SlideShare a Scribd company logo

Enhanced threat intelligene for s ps v3

Neil King
Neil King
Technology
1 of 16
Download to read offline
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. ENHANCED THREAT INTELLIGENCE May 14, 2014 Neil King, VP Security Analytics
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Landscape: Wild West 2
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Taxonomy 3 Threat Category Botnet, Malware, Phishing, Mobile, Policy-based, Vulnerabilities Threat Entity IP Address, Domain, URL, File, Application Providers Anti-virus, Network Security, Threat Intelligence Specialists, Non-commercial Delivery Blocklists, Reports, News/Blogs
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. URL Feed Comparison 4 Amongst VirusTotal URL feeds there is little overlap across threat feeds….
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Number of Detections per Threat 5 A majority of threats are detected by 1-2 engines 0 50000 100000 150000 200000 250000 300000 350000 400000 450000 1 2 3 4 5 6 7 8 9 10 11+
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Detection Fragmentation – Full Feeds 6 Vendor'1 Vendor'2 Vendor'3 Vendor'4 Vendor'5 Vendor'6 Vendor'7 Vendor'8 Vendor'9 Vendor'10 Vendor'1 100% 1.40% 0.30% 0.13% 16.33% 6.27% 10.83% 7.57% 0.03% 45.50% Vendor'2 0.66% 100% 0% 51.33% 34.89% 40.87% 0.03% 3.50% 1.79% 40.27% Vendor'3 0.00% 0% 100% 0% 0% 0.01% 0% 0.32% 0.03% 0.01% Vendor'4 0.05% 9.89% 0% 100% 0.02% 11.90% 0% 0% 0.07% 0.57% Vendor'5 21.40% 0.74% 0% 0.05% 100% 2.42% 9.35% 7.07% 0.09% 27.07% Vendor'6 0.35% 0.89% 0.06% 1.62% 0.30% 100% 0.19% 1.34% 0.38% 2.31% Vendor'7 4.97% 0.03% 0% 0% 4.97% 0.20% 100% 0.03% 0% 26.60% Vendor'8 0.06% 0.07% 0.27% 0% 0.23% 0.35% 0.00% 100% 0.06% 0.64% Vendor'9 0.26% 1.99% 0.17% 0.26% 0.26% 2.95% 0% 3.38% 100% 2.86% Vendor'10 9.93% 0.99% 0.03% 0.25% 10.11% 4.55% 6.17% 5.40% 0.24% 100%
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Context Fragmentation 7     Vendor  1   Vendor  2   Vendor  3   Vendor  4   Vendor  5   Vendor  6   Vendor  7   Vendor  8   Vendor  9   Vendor  10   Domain               URL                   IP                               Category                   Risk  Score               Last  Seen                           Malware  Name           File  Hash                   Hash  Type               ASN                   Country                               Available Derived Not available
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. IP Addresses and URLs are great, but what about Mobile Application Reputation? 8
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Some challenges & opportunities for addressing mobile application threats 9 Anti-virus Application + See all traffic - Most subscribers don’t have AV App Store Protection + Centralized protection for specific App Store - Miss app downloads from alternative App Stores Mobile Networks + Opportunity protect downloads from all app stores + Can protect users that don’t have AV
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Identify Mobile Application Downloads…. 10 ~ Billion events ~ 15,000 APKs downloads From ~600 unique URLs Risky APKs
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. …and Associate APK reputations with URLs 11 We tried downloading some APKs (~36) and scanning them with Norton Security & Antivirus for Android with the following results Available Context •  Package Name •  Security Score •  Threat Category •  APK risks (Location, AdLibrary, device information) •  Destination of leaked information •  Battery impact •  Network impact •  First Seen (Application, Application Signer) •  More 5% 42%53% Malicious Not Malicious Greyware
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Symantec Mobile Insight Metrics Norton Mobile Insight 747,109 Signers (Publishers) Majority of Bad Actors Russia   China   Stores Crawled Continuously 200+  
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Requirements: 7 Cs 13 Coverage Broad coverage of threats increases likelihood of identifying malicious events Criticality Identify the highest impact threats Confidence Understanding the confidence level helps prioritize threats, and reduce false positives Context Understanding context, can help prioritize threats and accelerate investigations Current Threats change rapidly so intelligence needs to be current Customization Ability for companies to add specific threats and adjust weightings to apply to their specific situation Convenience Simplifying the aggregation, enhancement and application of threat intelligence
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 14 Our Approach to Enhanced Threat Intelligence Threat Intelligence Guavus Customer Threat Summary Enhancement & Normalization Enhanced Threat Feed •  Domain •  URL •  IP Address •  Threat Name •  APK Enhancement •  Threat Category •  Risk Score Research / Investigation •  Full Description •  Trending •  Geography •  Associated IPs •  Associated URLs •  Associated Threat Names
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 15 How can Service Providers Utilize ETI? Network Data Analytics Platform Enhanced Threat Intelligence Feed URL Rep IP Rep App Rep Use Cases Threat Detection Threat Prioritization Threat Investigation DPI Netflow Other
Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 16 Contact: Neil King neil.king@guavus.com www.linkedin.com/pub/neil-king/0/871/3a8/ Thanks for your time

Recommended

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 

Recommended

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
CAS MAA Infographic
CAS MAA InfographicCAS MAA Infographic
CAS MAA InfographicBlue Coat
 
Advanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicAdvanced Threat Protection Lifecycle Infographic
Advanced Threat Protection Lifecycle InfographicBlue Coat
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Blue Coat
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Force 3
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Settle the Score
Settle the ScoreSettle the Score
Settle the ScoreBill Creasey
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an AttackCisco Canada
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Fraud management in cloud simulation
Fraud management in cloud simulationFraud management in cloud simulation
Fraud management in cloud simulationSyniverse
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 

More Related Content

What's hot

118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Force 3
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...ThreatConnect
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016NowSecure
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an AttackCisco Canada
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Fraud management in cloud simulation
Fraud management in cloud simulationFraud management in cloud simulation
Fraud management in cloud simulationSyniverse
 

What's hot (20)

118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!Holy Threat Intelligence AMPman! We Need Endpoint Security!
Holy Threat Intelligence AMPman! We Need Endpoint Security!
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
Settle the Score
Settle the ScoreSettle the Score
Settle the Score
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016It's not about you: Mobile security in 2016
It's not about you: Mobile security in 2016
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty Programs
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Fraud management in cloud simulation
Fraud management in cloud simulationFraud management in cloud simulation
Fraud management in cloud simulation
 

Similar to Enhanced threat intelligene for s ps v3

How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR SessionFelipe Lamus
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea LeavesEd Bellis
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)IndusfacePvtLtd
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...NetwayClub
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Building an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessBuilding an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessPriyanka Aash
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecIBM Security
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
 

Similar to Enhanced threat intelligene for s ps v3 (20)

How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea Leaves
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Building an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessBuilding an Android Scale Incident Response Process
Building an Android Scale Incident Response Process
 
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...
 
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App SecWhat the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
What the New OWASP Top 10 2013 and Latest X-Force Report Mean for App Sec
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Enhanced threat intelligene for s ps v3

  • 1. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. ENHANCED THREAT INTELLIGENCE May 14, 2014 Neil King, VP Security Analytics
  • 2. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Landscape: Wild West 2
  • 3. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Taxonomy 3 Threat Category Botnet, Malware, Phishing, Mobile, Policy-based, Vulnerabilities Threat Entity IP Address, Domain, URL, File, Application Providers Anti-virus, Network Security, Threat Intelligence Specialists, Non-commercial Delivery Blocklists, Reports, News/Blogs
  • 4. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. URL Feed Comparison 4 Amongst VirusTotal URL feeds there is little overlap across threat feeds….
  • 5. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Number of Detections per Threat 5 A majority of threats are detected by 1-2 engines 0 50000 100000 150000 200000 250000 300000 350000 400000 450000 1 2 3 4 5 6 7 8 9 10 11+
  • 6. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Detection Fragmentation – Full Feeds 6 Vendor'1 Vendor'2 Vendor'3 Vendor'4 Vendor'5 Vendor'6 Vendor'7 Vendor'8 Vendor'9 Vendor'10 Vendor'1 100% 1.40% 0.30% 0.13% 16.33% 6.27% 10.83% 7.57% 0.03% 45.50% Vendor'2 0.66% 100% 0% 51.33% 34.89% 40.87% 0.03% 3.50% 1.79% 40.27% Vendor'3 0.00% 0% 100% 0% 0% 0.01% 0% 0.32% 0.03% 0.01% Vendor'4 0.05% 9.89% 0% 100% 0.02% 11.90% 0% 0% 0.07% 0.57% Vendor'5 21.40% 0.74% 0% 0.05% 100% 2.42% 9.35% 7.07% 0.09% 27.07% Vendor'6 0.35% 0.89% 0.06% 1.62% 0.30% 100% 0.19% 1.34% 0.38% 2.31% Vendor'7 4.97% 0.03% 0% 0% 4.97% 0.20% 100% 0.03% 0% 26.60% Vendor'8 0.06% 0.07% 0.27% 0% 0.23% 0.35% 0.00% 100% 0.06% 0.64% Vendor'9 0.26% 1.99% 0.17% 0.26% 0.26% 2.95% 0% 3.38% 100% 2.86% Vendor'10 9.93% 0.99% 0.03% 0.25% 10.11% 4.55% 6.17% 5.40% 0.24% 100%
  • 7. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Context Fragmentation 7     Vendor  1   Vendor  2   Vendor  3   Vendor  4   Vendor  5   Vendor  6   Vendor  7   Vendor  8   Vendor  9   Vendor  10   Domain               URL                   IP                               Category                   Risk  Score               Last  Seen                           Malware  Name           File  Hash                   Hash  Type               ASN                   Country                               Available Derived Not available
  • 8. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. IP Addresses and URLs are great, but what about Mobile Application Reputation? 8
  • 9. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Some challenges & opportunities for addressing mobile application threats 9 Anti-virus Application + See all traffic - Most subscribers don’t have AV App Store Protection + Centralized protection for specific App Store - Miss app downloads from alternative App Stores Mobile Networks + Opportunity protect downloads from all app stores + Can protect users that don’t have AV
  • 10. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Identify Mobile Application Downloads…. 10 ~ Billion events ~ 15,000 APKs downloads From ~600 unique URLs Risky APKs
  • 11. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. …and Associate APK reputations with URLs 11 We tried downloading some APKs (~36) and scanning them with Norton Security & Antivirus for Android with the following results Available Context •  Package Name •  Security Score •  Threat Category •  APK risks (Location, AdLibrary, device information) •  Destination of leaked information •  Battery impact •  Network impact •  First Seen (Application, Application Signer) •  More 5% 42%53% Malicious Not Malicious Greyware
  • 12. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Symantec Mobile Insight Metrics Norton Mobile Insight 747,109 Signers (Publishers) Majority of Bad Actors Russia   China   Stores Crawled Continuously 200+  
  • 13. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. Threat Intelligence Requirements: 7 Cs 13 Coverage Broad coverage of threats increases likelihood of identifying malicious events Criticality Identify the highest impact threats Confidence Understanding the confidence level helps prioritize threats, and reduce false positives Context Understanding context, can help prioritize threats and accelerate investigations Current Threats change rapidly so intelligence needs to be current Customization Ability for companies to add specific threats and adjust weightings to apply to their specific situation Convenience Simplifying the aggregation, enhancement and application of threat intelligence
  • 14. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 14 Our Approach to Enhanced Threat Intelligence Threat Intelligence Guavus Customer Threat Summary Enhancement & Normalization Enhanced Threat Feed •  Domain •  URL •  IP Address •  Threat Name •  APK Enhancement •  Threat Category •  Risk Score Research / Investigation •  Full Description •  Trending •  Geography •  Associated IPs •  Associated URLs •  Associated Threat Names
  • 15. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 15 How can Service Providers Utilize ETI? Network Data Analytics Platform Enhanced Threat Intelligence Feed URL Rep IP Rep App Rep Use Cases Threat Detection Threat Prioritization Threat Investigation DPI Netflow Other
  • 16. Guavus Confidential – Do Not Distribute © 2013 Guavus, Inc. All rights reserved. 16 Contact: Neil King neil.king@guavus.com www.linkedin.com/pub/neil-king/0/871/3a8/ Thanks for your time