Pitfalls of Cyber Data

•

0 likes•2,396 views

Our presentation from 44con Cyber Security on April 28th 2015 discussing how we use public cyber data and some of the problems we have run into. Jointly presented with Ernest Li.

Technology

3
Direction
Access
Analysis &
Assessment
Dissemination
Action
Customer
Gather
Information
Insight
Expert
Schema
Assess
Source
Define
Action

4
Immediate
Threat
Evolving
Threat
Long Term
Threat
Trend
Analysis
Horizon
Scanning
Futurology
Situational Awareness Strategic Intelligence

5


High-level
Information on
changing risk
The board
Details of a specific
Incoming attack
Defenders
Attacker
Methodologies,
Tools and tactics
Architects &
Sysadmins
Indicators of
Specific malware
SOC staff / IR
Long-TermUseShort-TermUse
Low LevelHigh Level

6




Threat
Source
Threat
Event
Vulnerability
Adverse
Impact
Initiates Exploits Causing
Characteristics:
• Capability
• Intent
• Target
Sequences:
• Actions
• Activities
• Scenarios
• Relevance
Conditions:
• Pervasiveness
• Severity
Controls:
• Effectiveness
Risk:
• Likelihood
• Impact
Risk View

7
Driving
Forces
Public Cyber
Data
Past Incident
Records
Adversaries
(Threat Source)
Threat
Scenarios
Adverse
Impacts
Threat
Events
TTPs Controls
Threat
Personas
Technical
Indicators
Tactical View

11

 Threat
Events
Countries &
Regions
Industries
Selection
Bias
Sample
Bias

16
Threat
Scenarios
Threat
Events
TTPS
Many to
Many
Many to
ManySpecific
Instance with
extensive
business
context.
Collection of
TTPs with
limited Business
Context Standards
not used /
many fudges

What's hot

Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...EC-Council

Collaborated cyber defense in pandemic times Denise Bailey

Is Cyber Resilience Really That Difficult?John Gilligan

Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson

Top Level Cyber Security Strategy John Gilligan

Improve Your Threat Intelligence Strategy With These IdeasRecorded Future

Outpost24 webinar - Improve your organizations security with red teamingOutpost24

Threat Intelligence Tweaks That'll Take Your Security to the Next LevelRecorded Future

Using Hackers’ Own Methods and Tools to Defeat Persistent AdversariesEC-Council

Security Testing for Test ProfessionalsTechWell

Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash

Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council

Measuring DDoS Risk using FAIR (Factor Analysis of Information RiskTony Martin-Vegue

Building Human Intelligence – Pun IntendedEnergySec

Evidence-Based Risk ManagementEnergySec

Top 6 Sources for Identifying Threat Actor TTPsRecorded Future

011918 executive breach_simulation_customer_fac_rsRichard Smiraldi

Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert

7 Habits of Smart Threat Intelligence AnalystsRecorded Future

Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions

What's hot (20)

Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...

Collaborated cyber defense in pandemic times

Is Cyber Resilience Really That Difficult?

Managing Enterprise Risk: Why U No Haz Metrics?

Top Level Cyber Security Strategy

Improve Your Threat Intelligence Strategy With These Ideas

Outpost24 webinar - Improve your organizations security with red teaming

Threat Intelligence Tweaks That'll Take Your Security to the Next Level

Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries

Security Testing for Test Professionals

Bridging the Gap Between Threat Intelligence and Risk Management

Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...

Measuring DDoS Risk using FAIR (Factor Analysis of Information Risk

Building Human Intelligence – Pun Intended

Evidence-Based Risk Management

Top 6 Sources for Identifying Threat Actor TTPs

011918 executive breach_simulation_customer_fac_rs

Cyber Threat Intelligence Integration Center -- ONDI

7 Habits of Smart Threat Intelligence Analysts

Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts

Viewers also liked

WAF in ScaleAlexey Sintsov

PIANOS: Protecting Information About Networks The Organisation and It's Syste...Phil Huggins FBCS CITP

Security ArchitecturePhil Huggins FBCS CITP

Probability CalibrationPhil Huggins FBCS CITP

Measuring black boxesPhil Huggins FBCS CITP

Intelligence-led Cybersecurity Phil Huggins FBCS CITP

First Responders Course - Session 8 - Digital Evidence Collection [2004]Phil Huggins FBCS CITP

Delivering Secure ProjectsPhil Huggins FBCS CITP

First Responders Course- Session 1 - Digital and Other Evidence [2004]Phil Huggins FBCS CITP

UK Legal Framework (2003)Phil Huggins FBCS CITP

Introduction to HacktivismPhil Huggins FBCS CITP

First Response - Session 11 - Incident Response [2004]Phil Huggins FBCS CITP

Penetration Testing; A customers perspectivePhil Huggins FBCS CITP

Security Metrics [2008]Phil Huggins FBCS CITP

First Responder Course - Session 9 - Volatile Evidence Collection [2004]Phil Huggins FBCS CITP

PIANOS: Protecting Information About Networks The Organisation and It's Systems Phil Huggins FBCS CITP

First Responder Course - Session 10 - Static Evidence Collection [2004]Phil Huggins FBCS CITP

Security and Resilience Vulnerabilities in the UK’s Telecoms Networks Phil Huggins FBCS CITP

Network Reconnaissance InfographicPhil Huggins FBCS CITP

Managing Insider RiskPhil Huggins FBCS CITP

Viewers also liked (20)

WAF in Scale

PIANOS: Protecting Information About Networks The Organisation and It's Syste...

Security Architecture

Probability Calibration

Measuring black boxes

Intelligence-led Cybersecurity

First Responders Course - Session 8 - Digital Evidence Collection [2004]

Delivering Secure Projects

First Responders Course- Session 1 - Digital and Other Evidence [2004]

UK Legal Framework (2003)

Introduction to Hacktivism

First Response - Session 11 - Incident Response [2004]

Penetration Testing; A customers perspective

Security Metrics [2008]

First Responder Course - Session 9 - Volatile Evidence Collection [2004]

PIANOS: Protecting Information About Networks The Organisation and It's Systems

First Responder Course - Session 10 - Static Evidence Collection [2004]

Security and Resilience Vulnerabilities in the UK’s Telecoms Networks

Network Reconnaissance Infographic

Managing Insider Risk

Similar to Pitfalls of Cyber Data

Assessing Quality in Cyber Risk ForecastingJack Freund, PhD

How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems

Improving cyber security using biosecurity experienceNorman Johnson

Cyber Threat IntelligenceMarlabs

Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM

Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd

Applied cognitive security complementing the security analyst Priyanka Aash

Software Security in the Real WorldMark Curphey

How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems

ec council pdf final.pdflorcam securities

The 2019 Security StrategyCloudflare

Threat Hunting Report Morane Decriem

SOC Duties and Training NeedsAmin Asia

Information systems risk assessment frame workisraf 130215042410-phpapp01S Periyakaruppan CISM,ISO31000,C-EH,ITILF

knowthyself : Internal IT Security in SA SensePost

List of Current and Planned ControlsStep 4. Contr.docxsmile790243

Guide to high volume data sources for SIEMJoseph DeFever

Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.

Similar to Pitfalls of Cyber Data (20)

Assessing Quality in Cyber Risk Forecasting

How To Turbo-Charge Incident Response With Threat Intelligence

Improving cyber security using biosecurity experience

Cyber Threat Intelligence

Defense In Depth Using NIST 800-30

Enterprise under attack dealing with security threats and compliance

Applied cognitive security complementing the security analyst

Software Security in the Real World

How To Turbo-Charge Incident Response With Threat Intelligence

ec council pdf final.pdf

The 2019 Security Strategy

Threat Hunting Report

SOC Duties and Training Needs

Information systems risk assessment frame workisraf 130215042410-phpapp01

knowthyself : Internal IT Security in SA

List of Current and Planned ControlsStep 4. Contr.docx

Guide to high volume data sources for SIEM

Bridging the Gap Between Threat Intelligence and Risk Management

Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...

Recently uploaded

Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

MINDCTI Revenue Release Quarter One 2024MIND CTI

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Navigating Identity and Access Management in the Modern EnterpriseWSO2

AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin

DBX First Quarter 2024 Investor PresentationDropbox

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh

Quantum Leap in Next-Generation ComputingWSO2

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10

Architecting Cloud Native ApplicationsWSO2

WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea

Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

CNIC Information System with Pakdata Cf In Pakistandanishmna97

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub

Recently uploaded (20)

Decarbonising Commercial Real Estate: The Role of Operational Performance

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

MINDCTI Revenue Release Quarter One 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Navigating Identity and Access Management in the Modern Enterprise

AWS Community Day CPH - Three problems of Terraform

DBX First Quarter 2024 Investor Presentation

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Quantum Leap in Next-Generation Computing

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Architecting Cloud Native Applications

WSO2's API Vision: Unifying Control, Empowering Developers

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

JohnPollard-hybrid-app-RailsConf2024.pptx

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Artificial Intelligence Chap.5 : Uncertainty

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

CNIC Information System with Pakdata Cf In Pakistan

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Pitfalls of Cyber Data

2. 2    

3. 3 Direction Access Analysis & Assessment Dissemination Action Customer Gather Information Insight Expert Schema Assess Source Define Action

4. 4 Immediate Threat Evolving Threat Long Term Threat Trend Analysis Horizon Scanning Futurology Situational Awareness Strategic Intelligence

5. 5   High-level Information on changing risk The board Details of a specific Incoming attack Defenders Attacker Methodologies, Tools and tactics Architects & Sysadmins Indicators of Specific malware SOC staff / IR Long-TermUseShort-TermUse Low LevelHigh Level

6. 6     Threat Source Threat Event Vulnerability Adverse Impact Initiates Exploits Causing Characteristics: • Capability • Intent • Target Sequences: • Actions • Activities • Scenarios • Relevance Conditions: • Pervasiveness • Severity Controls: • Effectiveness Risk: • Likelihood • Impact Risk View

7. 7 Driving Forces Public Cyber Data Past Incident Records Adversaries (Threat Source) Threat Scenarios Adverse Impacts Threat Events TTPs Controls Threat Personas Technical Indicators Tactical View

8. 8   

9. 9     

10. 10               

11. 11   Threat Events Countries & Regions Industries Selection Bias Sample Bias

12. 12

13. 13

14. 14

15. 15     

16. 16 Threat Scenarios Threat Events TTPS Many to Many Many to ManySpecific Instance with extensive business context. Collection of TTPs with limited Business Context Standards not used / many fudges

17. 17    