Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
2




3
Direction
Access
Analysis &
Assessment
Dissemination
Action
Customer
Gather
Information
Insight
Expert
Schema
Assess
Sou...
4
Immediate
Threat
Evolving
Threat
Long Term
Threat
Trend
Analysis
Horizon
Scanning
Futurology
Situational Awareness Strat...
5


High-level
Information on
changing risk
The board
Details of a specific
Incoming attack
Defenders
Attacker
Methodolo...
6




Threat
Source
Threat
Event
Vulnerability
Adverse
Impact
Initiates Exploits Causing
Characteristics:
• Capability...
7
Driving
Forces
Public Cyber
Data
Past Incident
Records
Adversaries
(Threat Source)
Threat
Scenarios
Adverse
Impacts
Thre...
8



9





10















11

 Threat
Events
Countries &
Regions
Industries
Selection
Bias
Sample
Bias
12
13
14
15





16
Threat
Scenarios
Threat
Events
TTPS
Many to
Many
Many to
ManySpecific
Instance with
extensive
business
context.
Collect...
17




Pitfalls of Cyber Data
Pitfalls of Cyber Data
Upcoming SlideShare
Loading in …5
×

Pitfalls of Cyber Data

2,221 views

Published on

Our presentation from 44con Cyber Security on April 28th 2015 discussing how we use public cyber data and some of the problems we have run into.

Jointly presented with Ernest Li.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Pitfalls of Cyber Data

  1. 1. 2    
  2. 2. 3 Direction Access Analysis & Assessment Dissemination Action Customer Gather Information Insight Expert Schema Assess Source Define Action
  3. 3. 4 Immediate Threat Evolving Threat Long Term Threat Trend Analysis Horizon Scanning Futurology Situational Awareness Strategic Intelligence
  4. 4. 5   High-level Information on changing risk The board Details of a specific Incoming attack Defenders Attacker Methodologies, Tools and tactics Architects & Sysadmins Indicators of Specific malware SOC staff / IR Long-TermUseShort-TermUse Low LevelHigh Level
  5. 5. 6     Threat Source Threat Event Vulnerability Adverse Impact Initiates Exploits Causing Characteristics: • Capability • Intent • Target Sequences: • Actions • Activities • Scenarios • Relevance Conditions: • Pervasiveness • Severity Controls: • Effectiveness Risk: • Likelihood • Impact Risk View
  6. 6. 7 Driving Forces Public Cyber Data Past Incident Records Adversaries (Threat Source) Threat Scenarios Adverse Impacts Threat Events TTPs Controls Threat Personas Technical Indicators Tactical View
  7. 7. 8   
  8. 8. 9     
  9. 9. 10               
  10. 10. 11   Threat Events Countries & Regions Industries Selection Bias Sample Bias
  11. 11. 12
  12. 12. 13
  13. 13. 14
  14. 14. 15     
  15. 15. 16 Threat Scenarios Threat Events TTPS Many to Many Many to ManySpecific Instance with extensive business context. Collection of TTPs with limited Business Context Standards not used / many fudges
  16. 16. 17    

×