Crowd-Sourced Threat Intelligence

•Download as PPTX, PDF•

5 likes•11,180 views

This talk will include an overview and demo of the Open Threat Exchange (OTX) and describe some of its information sources, including anonymous sharing from Open Source Security Information Management (OSSIM.) Jaime will share some of his experiences using OTX as a security researcher. He will also provide his thoughts on how OWASP members can benefit from security research and threat intelligence to "build in" security rather than constantly reacting.

Technology Economy & Finance

About me
- Director, AlienVault Labs
- Security Research
- Malware Analysis
- Incident response

The attacker’s advantage
• They only need to be successful once
• Determined, skilled and often funded adversaries
• Custom malware, 0days, multiple attack vectors,
social engineering
• Persistent

The defender’s disadvantage
• They can’t make a mistake
• Understaffed, jack of all trades, underfunded
• Increasing complex IT infrastructure:
– Moving to the cloud
– Virtualization
– Bring your own device
• Prevention controls fail to block everything
• Hundreds of systems and vulnerabilities to
patch

What is Threat Intelligence?
• Information about malicious actors
• Helps you make better decisions about
defense
• Examples: IP addresses, Domains, URL’s, File
Hashes, TTP’s, victim’s industries, countries..

How can I use Threat Intelligence?
• Detect what my prevention technologies fail
to block
• Security planning, threat assessment
• Improves incident response / Triage
• Decide which vulnerabilities should I patch
first

State of the art
• Most sharing is unstructured & human-to-
human
• Closed groups
• Actual standards require knowledge,
resources and time to integrate the data

Standards & Tools
• IODEF: Incident Object Description Exchange
Format
• MITRE:
– STIX: Structured Threat Information eXpression
– TAXXII: Trusted Automated eXchange of Indicator
Information
– MAEC, CAPEC, CyBOX
• CIF: Collective Intelligence Framework

The Power of the “Crowd” for
Threat Detection
 Cyber criminals are using (and reusing)
the same exploits against others (and
you).
 Sharing (and receiving) collaborative
threat intelligence makes us all more
secure.
 Using this data, detect, flag and block
attackers using indicators (Threat Intel)

Disrupt the Incident response cycle
Detect
Respond
Prevent
A traditional cycle …
1. Prevents known threats.
2. Detects new threats in the
environment.
3. Respond to the threats – as
they happen.
This isolated closed loop offers
no opportunity to learn from
what others have
experienced
….no advance notice

Traditional Response
First Street
Credit Union
Alpha Insurance Group
John Elway
Auto Nation
Regional Pacific Telecom Marginal Food Products

OTX Enables Preventative Response
Through an
automated, real-time,
threat exchange
framework

A Real-Time Threat Exchange framework
First Street
Credit Union
Alpha Insurance Group
John Elway
Auto Nation
Regional Pacific Telecom Marginal Food Products
Attack
Detect
Open Threat Exchange
Puts Preventative Response Measures in Place Through Shared Experience

Benefits of open Threat Exchange
Shifts the advantage from the
attacker to the defender
Open and free to everyone
Each member benefits from the
incidents of all other members
Automated sharing of threat data

Open Source Security Information
Management
OSSIM/USM
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software
Inventory
VULNERABILITY ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SECURITY INTELLIGENCE
• SIEM Event Correlation
• Incident Response
THREAT DETECTION
• Network IDS
• Host IDS
• Wireless IDS
• File Integrity Monitoring
USM Product Capabilities

Thank you!!
@jaimeblascob
http://www.alienvault.com/open-threat-exchange/blog

- As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked. So can facial and other biometrics. Why, then, is biometric-based authentication so fashionable? Why did one of the largest insurance companies just announce it is rolling out fingerprint and facial recognition for its customers (while it uses Symantec VIP for internal employees)? Did product management and marketing conduct a study that concluded customers feel safer with fingerprint and facial? Apple’s Touch ID, and VISA’s integration with it are shaping the fashionable trend faster than a Milan runway. Hopefully these short hemlines will fade soon. Apple’s senior vice president, Dan Riccio, irresponsibly claims, “Fingerprints are one of the best passwords in the world.” He probably understands it is easy to reset a password. He probably does not understand how hard it is to reset his fingerprints. Truly the inmates are running the asylum.

Welcome to the world of Cyber Threat Intelligence

Andreas Sfakianakis

Title: Welcome to the world of Cyber Threat Intelligence! Abstract: Welcome to the world of Cyber Threat Intelligence (CTI)! During this presentation, we will discuss about some of the basic concepts within CTI domain and we will have a look at the current threat landscape as observed from the trenches. The presentation is split into 3 parts: a) Intro to CTI, b) A view at the current threat landscape, and c) CTI analyst skillset. Short Bio: Andreas Sfakianakis is a Cyber Threat Intelligence and Incident Response professional and works for Standard and Poors' CTI team. He is also a member of ENISA’s CTI Stakeholders’ Group and Incident Response Working Group. He is the author of a number of CTI reports and an instructor of CTI. In the past, Andreas has worked within the Financial and Oil & Gas sectors as well as an external reviewer for European Commission. Andreas' Twitter handle is @asfakian and his website is www.threatintel.eu

Cyber Threat Intelligence

Marlabs

Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc

Cyber threat intelligence: maturity and metrics

Mark Arena

From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.

Cyber Threat Intelligence | Information to Insight

Deep Shankar Yadav

6 Steps for Operationalizing Threat Intelligence

Sirius

The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs. Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making. View to learn: --The difference between threat information and threat intelligence. --Available sources of intelligence and how to determine if they apply to your business. --Key steps for preparing to ingest threat information and turn it into intelligence. --How to derive useful data that helps you achieve your business goals. --Tools that are available to make collaboration easier.

Careers in Cyber Security

Deep Shankar Yadav

Cyber Threat Intelligence

mohamed nasri

The information security industry is a fast-paced ever-transforming field, which in the past couple of years with the influx of off-the-shelf malware, advance exploit kits and paid DDoS services has seen an increase in the importance of timely, proactive response. To enable the organization to successfully mount an impregnable defense, the need of the hour is to capture, analyze and provide actionable information that can be used to safeguard the organization. Enter ‘Cyber Threat intelligence’. Cyber Threat Intelligence is a new yet massively evolving domain in information security today. Since the beginning of time, Information (Knowledge) has always been regarded as a critical form of an advantage in any strategy-making process. CTI over the years has rolled from a previously perceived set of skills and techniques to a well-defined framework with the new infused market requirements spawning from the recent threat activities in the ever-changing IT landscape which has bought sophisticated attacks such as State-sponsored cyber-attacks, Ransomware, APT’s, Zero-days and Hacktivism that is now at the very doorstep of government, big & small corporations alike.

Building an Effective Cyber Intelligence ProgramLondon School of Cyber Security

Cyber threat Intelligence and Incident Response by:-Sandeep Singh

OWASP Delhi

The Cyber Threat Intelligence Matrix

Frode Hommedal

As we get to know what life in the digital domain is like, one of the revelations we've had is that many large and plenty of smaller organisations are targets of espionage, of the nefarious APT. During the last decade, it has become gospel to wait, watch, analyse and learn if you detect such an attacker in your infrastructure. Why? Because you get one chance to do the eviction of the attacker right. And if you fail, all your efforts will eventually have been for nothing. But for how long should you wait and watch? When have you watched long enough? When have you learned enough? And how do you make that decision? That is the challenge I hope the Cyber Threat Intelligence Matrix can help you face in a more structured manner.

Threat Intelligence

Deepak Kumar (D3)

Practical and Actionable Threat Intelligence Collection

Seamus Tuohy

A great deal of the existing human rights reporting and analysis aggregate and strip away contextual information in order to produce “quantified knowledge” that is technically reliable and useful for governmental decision making. The results produced often end up too delayed, partial, distorted, and misleading to be used by local actors and human rights defenders to directly respond to the threats that they face. Those who could benefit most from the human rights knowledge being collected and shared in the digital world are those that existing repositories of information serve the least. In this presentation I will provide concrete guidance on approaches for adopting data-rich, practical, and actionable threat information collection. In this content heavy 1.5 hour talk I will discuss a range of tools and techniques for seeking out sources of actionable information, distinguishing valuable information from useless but interesting information, and streamlining your information collection and analysis process to allow you to focus on your real work. This talk WON’T be focused on collecting or sharing threat intelligence and/or human rights research aimed at evidence creation or changing the public dialogue. It WILL be focused on helping you identify, collect, and use publicly available sources of information to respond to your changing threat landscape.

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Mark Arena

Cyber Threat Intelligence

Syed Peer

Speaker at the IDC IT Security Roadshow 2017 in Doha. It was a one day event bringing together some Security Vendors and End User folks to present and discuss security related topics. The event midway was split into two tracks A - Threat Intelligence and B - Securing the Endpoint to the cloud. My End User Presentation (Track A) covered Threat Intelligence. There were some some interesting speakers and audience Q & A discussions followed by a networking lunch to boot. The venue at the Shangri La Hotel in Doha provided a great space and good networking opportunity.

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

Threat Intelligence has become increasingly important as the number and severity of threats is growing continuously. We live in an era where our prevention technologies are not enough anymore, antivirus products fail to detect new or sophisticated pieces of malware, our firewalls and perimeter defenses are easily bypassed and the attacker’s techniques are growing in complexity. In this new landscape, sharing threat intelligence has become a key component to mitigate cyber-attacks. In this session we will define what Threat Intelligence is and discuss how to collect and integrate threat intelligence from public sources. In addition, we’ll demonstrate how to build your own Threat Intelligence data using Open Source tools such as sandboxes, honeypots, sinkholes and other publicly available tools. The industry’s reticence to share information about attack vectors gives the adversary a huge advantage. Using Threat Intelligence we can reduce this advantage and enable preventative response. We will guide you through the different standards (OpenIOC, STIX, MAEC, OTX, IODEF…) to describe and share cyber intelligence, as well as Open Source Frameworks such as CIF (Collective Intelligence Framework) that allows you to combine different threat sources. One of the biggest problems with Threat Intelligence is finding out how to take advantage of the data you have to actually improve the detection/prevention capabilities in your environment. We will describe how to leverage Threat Intelligence to detect threats and provide defenses, and we will focus on how to use Open Source Tools (Suricata, OSSIM, OSSEC, Bro, Yara…) to get the most of your Threat Intelligence. Presenters: Jaime Blasco and Santiago Bassett Cornerstones of Trust 2014: https://www.cornerstonesoftrust.com

Sans cyber-threat-intelligence-survey-2015

Roy Ramkrishna

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

Threat Intelligence Workshop

Priyanka Aash

Cyber Threat Intelligence

ZaiffiEhsan

Threat Hunting 101: Intro to Threat Detection and Incident Response

Infocyte

Join Infocyte's Vice President of Customer and Partner Success, Chris Mills, for Threat Hunting 101: An intro to using Infocyte HUNT to detect, investigate, and respond to advanced persistent threats, file-less malware, and other sophisticated attacks. Beyond these slides, please reference the video for additional insight and instruction on how to use our Threat Hunting and Incident Response platform.

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.

Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise. Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence. This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm

Shawn Tuma

The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.

2016 ISSA Conference Threat Intelligence Keynote philA

Phil Agcaoili

Cyber Threat Hunting with Phirelight

Hostway|HOSTING

Cyber Threat Intelligence - La rilevanza del dato per il business

Francesco Faenzi

Insa cyber intelligence 2011

Mousselmal Tarik

The Attackers Advantage

Shiv Shivakumar

Otx introduction sw

AlienVault

What's hot

Need for Threat Intelligence & How to Operationalize it for your Organisation.

Aditya Mukherjee Information Security

Building an Effective Cyber Intelligence ProgramLondon School of Cyber Security

Cyber threat Intelligence and Incident Response by:-Sandeep Singh

OWASP Delhi

The Cyber Threat Intelligence Matrix

Frode Hommedal

Threat Intelligence

Deepak Kumar (D3)

Practical and Actionable Threat Intelligence Collection

Seamus Tuohy

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Mark Arena

Cyber Threat Intelligence

Syed Peer

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Santiago Bassett

Sans cyber-threat-intelligence-survey-2015

Roy Ramkrishna

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

Threat Intelligence Workshop

Priyanka Aash

Cyber Threat Intelligence

ZaiffiEhsan

Threat Hunting 101: Intro to Threat Detection and Incident Response

Infocyte

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm

Shawn Tuma

2016 ISSA Conference Threat Intelligence Keynote philA

Phil Agcaoili

Cyber Threat Hunting with Phirelight

Hostway|HOSTING

Cyber Threat Intelligence - La rilevanza del dato per il business

Francesco Faenzi

Insa cyber intelligence 2011

Mousselmal Tarik

What's hot (20)

Need for Threat Intelligence & How to Operationalize it for your Organisation.

Building an Effective Cyber Intelligence Program

Cyber threat Intelligence and Incident Response by:-Sandeep Singh

The Cyber Threat Intelligence Matrix

Threat Intelligence

Practical and Actionable Threat Intelligence Collection

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Cyber Threat Intelligence

Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014

Sans cyber-threat-intelligence-survey-2015

Threat Intelligence 101 - Steve Lodin - Submitted

Threat Intelligence Workshop

Cyber Threat Intelligence

Threat Hunting 101: Intro to Threat Detection and Incident Response

Global Cyber Threat Intelligence

#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm

2016 ISSA Conference Threat Intelligence Keynote philA

Cyber Threat Hunting with Phirelight

Cyber Threat Intelligence - La rilevanza del dato per il business

Insa cyber intelligence 2011

Viewers also liked

The Attackers Advantage

Shiv Shivakumar

Otx introduction sw

AlienVault

Alienvault threat alerts in spiceworks

AlienVault

Operationalizing Threat Intelligence to Battle Persistent Actors

ThreatConnect

We have all heard that threat intelligence can help level the battlefield against advanced persistent threats whether criminal or nation state attackers. But what is Threat Intelligence? How does it fit into your organization’s security operations? And how can you develop your own Threat Intelligence? In this presentation you'll learn: - How to leverage Threat Intelligence to identify potential adversaries and take appropriate action - How to develop Threat Intelligence using the Diamond Model - How ThreatConnect investigated Chinese state-sponsored threats using the Diamond Model - How to operationalize Threat Intelligence using Splunk and ThreatConnect

AlienVault Threat Alerts in Spiceworks

AlienVault

Worldwide User Group & Summit 2016 Highlights | Final day

WeDo Technologies

How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks

AlienVault

Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry. The AlienVault Open Threat Exchange is different. It is one of the first (and most diverse) threat sharing networks, open to any and all who wish to join. And, free services like new ThreatFinder help make the threat data in OTX available and actionable by all. Join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use OTX to improve network security. Russ & Tom will cover: How threat intelligence is gathered and vetted in the Open Threat Exchange How to use the threat data provided by OTX free services Examples of the types of threats you can identify with OTX Best practices to investigate and mitigate threats, including a quick tour of AlienVault USM

Project Loon - Final PPTShreya Chakrabarti

4 Rules for Successful Threat Intelligence Teams

Recorded Future

Threat intelligence is quickly becoming a core element of risk management for many enterprises. Putting a team in place to manage threat intelligence, however, isn’t as easy as other, more established areas of information security. First, it’s newer, and second, organizations might not yet have the right skills and tools in-house. With that in mind, we’ve identified four simple rules that will help organizations build and maintain a successful threat intelligence team.

Crowd control managementPLN9 Security Services Pvt. Ltd.

Blending Automated and Manual Testing

Denim Group

DevOps puts an intense focus on automation – taking humans out of the loop whenever possible to allow frequent, incremental updates to production systems. However, thorough application testing often has multiple components – much of this can be automated, but manual testing is also required. This is inconvenient and not “DevOps-y,” but is unfortunately an unavoidable requirement in the real world. In addition, managing these multiple sources of application vulnerability intelligence often requires manual interaction – to clear false positives, de-duplicate repeated results, and make decisions about triage and remediation. Axway has rolled out an application security program that incorporates automated static and dynamic testing, attack surface analysis, component analysis, as well as inputs from 3rd parties including manual penetration testing, automated and manual dynamic testing, automated and manual static testing, and test results from vendors providing test data on their products. Automation has allowed Axway to increase the frequency of web application testing, thus reducing the cycle time in the application vulnerability “OODA loop.” Moving beyond the identification of vulnerabilities, Axway has deployed ThreadFix to automatically aggregate the results of the automated testing and de-duplicate findings. 3rd party penetration testers are also finding vulnerabilities and reporting them in reasonably structured CSV files requiring Axway to convert this manual test data and incorporate it into the aggregated vulnerability model in ThreadFix. Centralizing this pipeline allows for metric tracking – both for the application security program as a whole as well as on a per-vulnerability-source basis. This automation and consolidation now covers 50% of Axway’s application vulnerability review process - with plans to extend further. This presentation walks through Axway’s construction of their application security-testing pipeline and the decisions they were forced to make along the way to best maximize the use of automation while accommodating the reality of manual testing requirements. It then looks at how this testing regimen and the associated automation have allowed them to impact deployment practices as well as collect metrics on their assurance program. Finally, it looks at lessons learned along the way – the good and the bad – and identifies targeted next steps Axway plans to take to increase the depth and frequency of application security testing while dealing with the deployment realities placed on them to remain agile and responsive to business requirements.

Fuzzing 101 Webinar on Zero Day Management

Codenomicon

In this webinar, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.

Automated Attack Surface Approximation [FSE - SRC 2015]

Chris Theisen

Software Security Education at Scale

Chris Theisen

Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...

Yuji Kosuga

Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack

Imperva

In 2011, Imperva witnessed an assault by the hacktivist group, Anonymous, which included the use of social media for communications and, most importantly, their attack methods. Since Anonymous’ targets vary, it is important for security professionals to learn how to prepare their organization for a potential attack. These presentation slides will walk-through the key stages of an Anonymous attack campaign, including recruitment and communication, application attack methods, and mitigation strategies.

Autonomous Hacking: The New Frontiers of Attack and Defense

Priyanka Aash

Vulnerability analysis has largely been a process that requires substantial human expertise. However, very recently there has been a push for completely autonomous hacking systems, which can find flaws, exploit them and even provide patches, all without any human intervention. This talk presents recent advances in autonomous hacking and provides lessons learned from participating in the DARPA CGC. (Source: RSA USA 2016-San Francisco)

A DevOps Guide to Web Application Security

Imperva Incapsula

You’ve seen the headlines—"[Well-Known Company] Falls Victim To Hackers". These data breaches result in the theft of millions of names, passwords, credit card numbers, and other personal data. Imagine if such a breach lead to the theft of your application's data. . . If multi-national companies with dedicated security teams and expansive budgets aren’t immune to the impact of hackers, how can you adequately prepare yourself to defeat this threat? This presentation will explore the web application threat landscape. It will zero in on some of the most common attacks wreaking havoc on the internet, teaching you how to defend your online assets from them. This presentation will discuss: • The major security breaches of 2014 • Web application threats and common attack types • How to defend against today’s common attacks • Automated tools to help simplify website security

ISDD - Security Risks

Forrester High School

Attacks Against Captcha Systems - DefCamp 2012DefCamp

Viewers also liked (20)

The Attackers Advantage

Otx introduction sw

Alienvault threat alerts in spiceworks

Operationalizing Threat Intelligence to Battle Persistent Actors

AlienVault Threat Alerts in Spiceworks

Worldwide User Group & Summit 2016 Highlights | Final day

How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks

Project Loon - Final PPT

4 Rules for Successful Threat Intelligence Teams

Crowd control management

Blending Automated and Manual Testing

Fuzzing 101 Webinar on Zero Day Management

Automated Attack Surface Approximation [FSE - SRC 2015]

Software Security Education at Scale

Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...

Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack

Autonomous Hacking: The New Frontiers of Attack and Defense

A DevOps Guide to Web Application Security

ISDD - Security Risks

Attacks Against Captcha Systems - DefCamp 2012

Similar to Crowd-Sourced Threat Intelligence

Reduce the Attacker's ROI with Collaborative Threat Intelligence

AlienVault

The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each new attack vector requires defenders to deploy and maintain additional security controls. So, how can we increase the cost for the attacker? One way is through collaborative threat intelligence. Join Wendy Nather of 451 Research and Jaime Blasco, Director of AlienVault Labs for a discussion of the value of collaborative threat intelligence. Wendy and Jaime will discuss how a collaborative approach differs from other threat intelligence sources, along with practical considerations to help you evaluate threat intelligence offerings and protect your environment.

How Malware Works

AlienVault

With malware accounting for at least 40% of all breaches, knowing how malware works can be an extremely valuable asset in your threat detection cache – especially for the incident responder. According to Verizon’s 2013 Data Breach Investigations Report, “Malware and hacking still rank as the most common [threat] actions”. In general, malware can range from being simple annoyances like pop-up advertising to causing serious damage like stealing passwords and data or infecting other machines on the network. Malware is as old as software itself and although there are new types of malware constantly under development, they generally fall into a few broad categories. Check out this SlideShare to learn how malware works, and what we believe are the most common types of malware you should be prepared for. By learning how malware works and recognizing its different types, you’ll understand: - How they find their way into your network - How attackers control them remotely - How they use your systems for nefarious purposes - And most importantly, the security controls you need to effectively defend against and detect malware infections. (Hint: you need more than antivirus!)

Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...

Morakinyo Animasaun

Cyber Threat Intelligence

Prachi Mishra

Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts

Hexis Cyber Solutions

Your agents are fatigued and overwhelmed from fighting rogue attacks, and tailing covert ghost alerts. Meanwhile, the backdoor to your organization has been blown wide-open and cyber attackers are stealing the crown jewels. You need help. From this mission: • Uncover how to mitigate ghost alerts and empower your agents to focus on more important security priorities • Leverage your current security investments-- instead of replacing them • Learn how automation reduces the need for manual investigation and response

2015 Cyber Security

Allen Zhang

How to Simplify Audit Compliance with Unified Security Management

AlienVault

Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard. Review this presentation to learn: - Common audit compliance failures - A pre-audit checklist to help you plan and prepare - Core security capabilities needed to demonstrate compliance - How to simplify compliance with a unified approach to security

Threat Intelligence + SIEM: A Force to be Reckoned With

SolarWinds

How to Detect System Compromise & Data Exfiltration with AlienVault USM

AlienVault

More information on this webcast: http://ow.ly/IyNdF Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way. You'll learn: How attackers exploit vulnerabilities to take control of systems What they do next to find & exfiltrate valuable data How to catch them before the damage is done with AlienVault USM Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.

IT Security and Management - Semi Finals by Mark John Lado

Mark John Lado, MIT

Offensive malware usage and defense

Christiaan Beek

White Hat 6 March 2015 v2.2

Prof John Walker FRSA Purveyor Dark Intelligence

White hat march15 v2.2

Prof John Walker FRSA Purveyor Dark Intelligence

Cyber security with ai

Burhan Ahmed

Cyber security # Lec 1

Kabul Education University

The Aftermath: You Have Been Attacked! So what's next?Albert Hui

Why_TGTOP GUN

Cyber security and AI

DexterJanPineda

APT in the Financial Sector

LIFARS

Demo how to detect ransomware with alien vault usm_gg

AlienVault

By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage. Don’t fall victim to ransomware! AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack. You'll learn: How AlienVault USM detects communications with the command and control server How the behavior is correlated with other signs of trouble to alert you of the threat Immediate steps you need to take to stop the threat and limit the damage

Similar to Crowd-Sourced Threat Intelligence (20)

Reduce the Attacker's ROI with Collaborative Threat Intelligence

How Malware Works

Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...

Cyber Threat Intelligence

Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts

2015 Cyber Security

How to Simplify Audit Compliance with Unified Security Management

Threat Intelligence + SIEM: A Force to be Reckoned With

How to Detect System Compromise & Data Exfiltration with AlienVault USM

IT Security and Management - Semi Finals by Mark John Lado

Offensive malware usage and defense

White Hat 6 March 2015 v2.2

White hat march15 v2.2

Cyber security with ai

Cyber security # Lec 1

The Aftermath: You Have Been Attacked! So what's next?

Why_TG

Cyber security and AI

APT in the Financial Sector

Demo how to detect ransomware with alien vault usm_gg

More from AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits

AlienVault

As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents. Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats. You'll learn: What the AlienVault Labs security research team has learned about these threats How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities How the incident response capabilities in USM Anywhere can help you mitigate attacks Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast Hosted By Sacha Dawes Principal Product Marketing Manager Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.

Malware Invaders - Is Your OS at Risk?

AlienVault

How to Solve Your Top IT Security Reporting Challenges with AlienVault

AlienVault

Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar

Simplify PCI DSS Compliance with AlienVault USM

AlienVault

SIEM for Beginners: Everything You Wanted to Know About Log Management but We...

AlienVault

Need a crash course on SIEM? No problem. Our security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly. You'll learn everything you need to know about: * Critical information stored in your logs and how to leverage it for better security *Requirements to effectively perform log collection, log management, and log correlation *How to integrate multiple data sources *What features to look for in a SIEM solution

Insider Threat Detection Recommendations

AlienVault

Open Source IDS Tools: A Beginner's Guide

AlienVault

Malware detection how to spot infections early with alien vault usm

AlienVault

Security operations center 5 security controls

AlienVault

PCI DSS Implementation: A Five Step Guide

AlienVault

Payment Card Industry Data Security Standard (PCI DSS) compliance can be both hard and expensive. For most small to medium sized organizations, it doesn’t have to be as long you have the right plan and tools in place. In this guide you’ll learn five steps that you can take to implement and maintain PCI DSS compliance at your organization. AlienVault PCI DSS Compliance: https://www.alienvault.com/solutions/pci-dss-compliance Have a question? Ask it in our forum: http://forums.alienvault.com More videos: http://www.youtube.com/user/alienvaulttv AlienVault Blogs: http://www.alienvault.com/blogs AlienVault: http://www.alienvault.com

Improve threat detection with hids and alien vault usm

AlienVault

Host-based intrusion dection systems (HIDS) work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of HIDS, including: Analyzing system behavior and configuration status to track user access and activity Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes Correlating HIDS data with known IP reputation, vulnerability scans and more Logging and reporting for PCI compliance

The State of Incident Response - INFOGRAPHIC

AlienVault

Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. The results of the 2015 SANS Incident Response Survey provides a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling. Some key challenges reported by responders to the survey were: 66% cited a skills shortage as being an impediment to effective IR: 54% cited budgetary shortages for tools and technology 45% noted lack of visibility into system or domain events 41% noted a lack of procedural reviews and practice 37% have trouble distinguishing malicious events from nonevents Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice. Visit http://ow.ly/R3Cr0

Incident response live demo slides final

AlienVault

So, you've got an alarm - or 400 alarms maybe, now what? Security incident investigations can take many paths leading to incident response, a false positive or something else entirely. Join this webcast to see security experts from AlienVault and Castra Consulting work on real security events (well, real at one point), and perform real investigations, using AlienVault USM as the investigative tool. Process or art form? Yes. You'll learn: Tips for assessing context for the investigation How to spend your time doing the right things How to to classify alarms, rule out false positives and improve tuning The value of documentation for effective incident response and security controls How to speed security incident investigation and response with AlienVault USM

Improve Situational Awareness for Federal Government with AlienVault USM

AlienVault

Securing your network from threats is a constantly evolving challenge, especially for federal government agencies with much valuable data to protect, and where IT security resources are often limited. AlienVault has helped many government organizations get complete security visbility for effective threat detection and response, without breaking the bank. Join us for a live demo to see how AlienVault USM addresses these key IT security needs: Discover all IP-enabled assets to get an accurate picture of attack surface Identify vulnerabilities like insecure configurations and unpatched software Improve situational awareness with real-time threat detection and alerting Speed incident containment & response with built-in remediation guidance for every alert Investigate anomalies in protocol usage, privilege escalation, host behavior and more Generate fast & accurate reports for compliance & management

Improve Security Visibility with AlienVault USM Correlation Directives

AlienVault

At the heart of SIEM is ability to correlate events from one or many sources into actionable alarms based on your security policies. AlienVault USM provides over 2100 correlation directives developed by the AlienVault Labs team, plus the ability to create your own custom rules. Join us for this customer training session covering how to: Ensure you are using the latest and greatest built-in correlation directives from AlienVault Labs Write your own correlation directives based on events from one or more sources Turn correlation information into actionable alarms Use correlations to enforce your security policies

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

AlienVault

AlienVault Unified Security Management™ (USM) integrates SIEM/event correlation with built-in tools for intrusion detection, asset discovery, vulnerability assessment and behavioral monitoring to give you a unified, real-time view of threats in your environment. NEW v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need, starting on Day 1. Join us for a live demo to see how new USM v5.0 makes it easier than ever to accomplish these key tasks: Discover all IP-enabled assets on your network Identify vulnerabilities like unpatched software or insecure configurations Detect network scans and malware like botnets, trojans & rootkits Speed incident response with built-in remediation guidance for every alert Generate accurate compliance reports for PCI DSS, HIPAA and more

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

AlienVault

With a focus on simplifying asset management, OSSIM v5.0 (available 4/20) makes it faster and easier than ever to get the insights you need. Join us for this user training to learn how to get the most out of these new enhancements: Assign custom labels for assets, groups and networks Search, filter and group assets by OS, IP address, device type, custom labels and more Run vulnerability and asset scans on custom asset groups with one click Filter by asset groups in alarms, security events and raw logs Update configuration, sensor assignment, asset value and more on multiple assets and groups of assets at once ...and more!

AWS Security Best Practices for Effective Threat Detection & Response

AlienVault

In this SlideShare, we’ll share the AWS Security Best Practices for securing AWS environments, as well as some of the trends our research has shown with regard to attacks on those environments. We'll also introduce the key capabilities needed for a modern threat detection & incident response program customized for AWS, and other AWS Security Best Practices including: -Asset Discovery - creating an inventory of running instances -Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks -Change Management - detect changes in your AWS environment and insecure network access control configurations -S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance -CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior -Windows Event Monitoring - Analyze system level behavior to detect advanced threats With more IT environments moving data and applications to AWS, the motivation for hackers to target AWS environments is also increasing. We believe these AWS Security Best Practices will be a valuable addition to every security practitioner’s playbook. We'll finish up with a demo of NEW AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.

Improve Threat Detection with OSSEC and AlienVault USM

AlienVault

Host-based IDS systems, or HIDS, work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM features a complete integration of OSSEC, one of the most popular and effective open source HIDS tools. In this live demo, we'll show you how USM helps you get more out of OSSEC with: Remote agent deployment, configuration and management Behavioral monitoring of OSSEC clients Logging and reporting for PCI compliance Data correlation with IP reputation data, vulnerability scans and more We'll finish up by showing a demo of how OSSEC alert correlation can be used to detect brute force attacks with USM

Best Practices for Configuring Your OSSIM Installation

AlienVault

Because every network environment is different, OSSIM offers flexibile configuration options to adapt to the needs of different environments. Whether you are just getting started with OSSIM, or have been using it for years, thinking through the configuration options availble will help you get the most out of your installation. Join us for this customer training webcast where our OSSIM experts will walk through: How to deploy & configure OSSEC agents Best practices for configuring syslog and enabling plugins Scanning your network for assets and vulnerabilities

More from AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits

Malware Invaders - Is Your OS at Risk?

How to Solve Your Top IT Security Reporting Challenges with AlienVault

Simplify PCI DSS Compliance with AlienVault USM

SIEM for Beginners: Everything You Wanted to Know About Log Management but We...

Insider Threat Detection Recommendations

Open Source IDS Tools: A Beginner's Guide

Malware detection how to spot infections early with alien vault usm

Security operations center 5 security controls

PCI DSS Implementation: A Five Step Guide

Improve threat detection with hids and alien vault usm

The State of Incident Response - INFOGRAPHIC

Incident response live demo slides final

Improve Situational Awareness for Federal Government with AlienVault USM

Improve Security Visibility with AlienVault USM Correlation Directives

New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever

New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever

AWS Security Best Practices for Effective Threat Detection & Response

Improve Threat Detection with OSSEC and AlienVault USM

Best Practices for Configuring Your OSSIM Installation

Recently uploaded

RESUME BUILDER APPLICATION Project for students

KAMESHS29

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Free Complete Python - A step towards Data Science

RinaMondal9

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students

UiPath Test Automation using UiPath Test Suite series, part 6

How to Get CNIC Information System with Paksim Ga.pptx

Removing Uninteresting Bytes in Software Fuzzing

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

A tale of scale & speed: How the US Navy is enabling software delivery from l...

By Design, not by Accident - Agile Venture Bolzano 2024

Free Complete Python - A step towards Data Science

Large Language Model (LLM) and it’s Geospatial Applications

Climate Impact of Software Testing at Nordic Testing Days

20240609 QFM020 Irresponsible AI Reading List May 2024

Epistemic Interaction - tuning interfaces to provide information for AI support

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Microsoft - Power Platform_G.Aspiotis.pdf

Crowd-Sourced Threat Intelligence

1. Crowd-Sourced Threat Intelligence

2. About me - Director, AlienVault Labs - Security Research - Malware Analysis - Incident response

3. The attacker’s advantage • They only need to be successful once • Determined, skilled and often funded adversaries • Custom malware, 0days, multiple attack vectors, social engineering • Persistent

4. The defender’s disadvantage • They can’t make a mistake • Understaffed, jack of all trades, underfunded • Increasing complex IT infrastructure: – Moving to the cloud – Virtualization – Bring your own device • Prevention controls fail to block everything • Hundreds of systems and vulnerabilities to patch

5. What is Threat Intelligence? • Information about malicious actors • Helps you make better decisions about defense • Examples: IP addresses, Domains, URL’s, File Hashes, TTP’s, victim’s industries, countries..

6. How can I use Threat Intelligence? • Detect what my prevention technologies fail to block • Security planning, threat assessment • Improves incident response / Triage • Decide which vulnerabilities should I patch first

7. State of the art • Most sharing is unstructured & human-to- human • Closed groups • Actual standards require knowledge, resources and time to integrate the data

8. Standards & Tools • IODEF: Incident Object Description Exchange Format • MITRE: – STIX: Structured Threat Information eXpression – TAXXII: Trusted Automated eXchange of Indicator Information – MAEC, CAPEC, CyBOX • CIF: Collective Intelligence Framework

9. Collective Intelligence Framework

10. The Threat Intelligence Pyramid of Pain

11. The Power of the “Crowd” for Threat Detection  Cyber criminals are using (and reusing) the same exploits against others (and you).  Sharing (and receiving) collaborative threat intelligence makes us all more secure.  Using this data, detect, flag and block attackers using indicators (Threat Intel)

12. Disrupt the Incident response cycle Detect Respond Prevent A traditional cycle … 1. Prevents known threats. 2. Detects new threats in the environment. 3. Respond to the threats – as they happen. This isolated closed loop offers no opportunity to learn from what others have experienced ….no advance notice

13. Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products

14. Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack

15. Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect

16. Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond

17. Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond

18. OTX Enables Preventative Response Through an automated, real-time, threat exchange framework

19. A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience

20. A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures

21. Benefits of open Threat Exchange Shifts the advantage from the attacker to the defender Open and free to everyone Each member benefits from the incidents of all other members Automated sharing of threat data

22. Open Source Security Information Management OSSIM/USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities

23. Open Threat Exchange

24. Thank you!! @jaimeblascob http://www.alienvault.com/open-threat-exchange/blog

Crowd-Sourced Threat Intelligence

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Crowd-Sourced Threat Intelligence

Similar to Crowd-Sourced Threat Intelligence (20)

More from AlienVault

More from AlienVault (20)

Recently uploaded

Recently uploaded (20)

Crowd-Sourced Threat Intelligence