Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Threat intelligence - nullmeetblr 21st June 2015


Published on

session take by Tamil during null/owasp/g4h meet bangalore

Published in: Technology
  • There is a useful site for you that will help you to write a perfect and valuable essay and so on. Check out, please ⇒ ⇐
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Threat intelligence - nullmeetblr 21st June 2015

  2. 2. Threat Intelligence (informally)  Information about “bad stuff” (threats)  Actors, Vulnerabilities, Exploits, Malware/Tools, etc. (“TTPs” & “IOCs”)
  3. 3. Why Intelligence?  You don’t know what you don’t know  You can’t act on what you don’t know  I’m sure they are Sun Tzu references 
  4. 4. A Sample feed of Phishing Indicator
  5. 5. Can you guess how much a TI data feed cost?
  6. 6. Symantec DeepSight security risk feed is approximately $27,500 per year Symantec's 12-month retail subscription to its reputation feed costs $95,300 FireEye Threat Intelligence 20% of the cost of the purchased appliance starting around $17,400 and increasing to more than $175,000 per unit. LogRhythm, which does not offer data feed subscriptions, starts at about $28,000 per year
  7. 7. 1. How many sources does the threat intelligence service pull from? 2. How frequently is the threat intelligence updated? 3. How are the threats evaluated? 4. How is the data formatted? 5. Can the threat data be correlated with information that the enterprise already has about its security posture? Five Questions To Ask When Choosing A Threat Intelligence Service
  8. 8. CRITs - Collaborative Research Into Threats
  9. 9. CRITs is a web-based tool which combines an analytic engine with a cyber threat database that not only serves as a repository for attack data and malware, but also provides analysts with a powerful platform for conducting malware analyses, correlating malware, and for targeting data.
  10. 10. Advantage of CRIT’s  Static analysis  Dynamic analysis  Services  Supports STIX and TAXII etc…
  11. 11. What value we add.?  Automation of tasks  Correlating past data
  12. 12. anb_service carver_service chminfo_service chopshop_service clamd_service crits_scripts cuckoo_service data_miner_service diffie_service entropycalc_service farsight_service machoinfo_service meta_checker metacap_service office_meta_service opendns_service passivetotal_service pdfinfo_service peinfo_service pyew pyinstaller_service relationships_service shodan_service snugglefish_service ssdeep_service stix_validator_service taxii_service threatgrid_service threatrecon_service timeline_service totalhash_service unswf_service upx_service virustotal_service whois_service yara_service zip_meta_service Services for CRITs