Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat intelligence - nullmeetblr 21st June 2015

session take by Tamil during null/owasp/g4h meet bangalore

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Threat intelligence - nullmeetblr 21st June 2015

  1. 1. THREAT INTELLIGENCE JAYAKUMAR M PRABHAKARAN S
  2. 2. Threat Intelligence (informally)  Information about “bad stuff” (threats)  Actors, Vulnerabilities, Exploits, Malware/Tools, etc. (“TTPs” & “IOCs”)
  3. 3. Why Intelligence?  You don’t know what you don’t know  You can’t act on what you don’t know  I’m sure they are Sun Tzu references 
  4. 4. A Sample feed of Phishing Indicator
  5. 5. Can you guess how much a TI data feed cost?
  6. 6. Symantec DeepSight security risk feed is approximately $27,500 per year Symantec's 12-month retail subscription to its reputation feed costs $95,300 FireEye Threat Intelligence 20% of the cost of the purchased appliance starting around $17,400 and increasing to more than $175,000 per unit. LogRhythm, which does not offer data feed subscriptions, starts at about $28,000 per year
  7. 7. 1. How many sources does the threat intelligence service pull from? 2. How frequently is the threat intelligence updated? 3. How are the threats evaluated? 4. How is the data formatted? 5. Can the threat data be correlated with information that the enterprise already has about its security posture? Five Questions To Ask When Choosing A Threat Intelligence Service
  8. 8. CRITs - Collaborative Research Into Threats
  9. 9. CRITs is a web-based tool which combines an analytic engine with a cyber threat database that not only serves as a repository for attack data and malware, but also provides analysts with a powerful platform for conducting malware analyses, correlating malware, and for targeting data.
  10. 10. Advantage of CRIT’s  Static analysis  Dynamic analysis  Services  Supports STIX and TAXII etc…
  11. 11. What value we add.?  Automation of tasks  Correlating past data
  12. 12. anb_service carver_service chminfo_service chopshop_service clamd_service crits_scripts cuckoo_service data_miner_service diffie_service entropycalc_service farsight_service machoinfo_service meta_checker metacap_service office_meta_service opendns_service passivetotal_service pdfinfo_service peinfo_service pyew pyinstaller_service relationships_service shodan_service snugglefish_service ssdeep_service stix_validator_service taxii_service threatgrid_service threatrecon_service timeline_service totalhash_service unswf_service upx_service virustotal_service whois_service yara_service zip_meta_service Services for CRITs

    Be the first to comment

    Login to see the comments

session take by Tamil during null/owasp/g4h meet bangalore

Views

Total views

788

On Slideshare

0

From embeds

0

Number of embeds

7

Actions

Downloads

17

Shares

0

Comments

0

Likes

0

×