SlideShare a Scribd company logo

Dollars and Sense of Sharing Threat Intelligence

Download as PPTX, PDF
ThreatConnect
ThreatConnect

This document discusses threat intelligence sharing. It describes how ThreatConnect provides threat intelligence to customers across multiple industries by investigating new threats, correlating incidents, and providing ongoing support. It details the types of organizations ThreatConnect supports, metrics on the intelligence it shares, and how sharing intelligence benefits both the organization and the intelligence community by increasing analytical capabilities. Sharing intelligence in communities allows more eyes on threats and builds valuable relationships for future collaboration.

Technology
1 of 25
THE DOLLARS AND “SENSE” BEHIND THREAT INTELLIGENCE SHARING 2-11-2014 © Cyber Squared Inc. 2014 1
WHAT I DO Customer: We were hit with this. • Investigates new threats across industries Your Organization Peer to Peer Common Community Subscriber Community • Correlates incidents Industry Community • Provides ongoing and on-demand support Dynamic and On-Demand The ThreatConnect Intelligence Research Team (TCIRT) – Enrichments that expose the unseen ThreatConnect IRT © Cyber Squared Inc. 2014 TCIRT: Here are more details… 2
WHO I SUPPORT Customer Industries • Launched July 2013 Security/Intel • 1,700+ accounts • Dozens of Fortune 100/500 Companies Media/Entertain ment Utilities/Transpor tation Banking/Finance 16% 17% 4% Defense/Govern ment 5% 16% 4% Manufacturing • Many Industries Represented 8% Other • 66% Referral Rate 30% Technology © Cyber Squared Inc. 2014 3
THE WHO’S WHO • First Step: Recognize the players 3 2 Cyber 6 © Cyber Squared Inc. 2014 4
“BOB3160” • Second Step: Recognize the problem Unless You Played one of these… …this may carry little meaning © Cyber Squared Inc. 2014 Source: http://blog.avast.com/2014/01/22/win3264blackbeardpigeon-stealthiness-techniques-in-64-bit-windows-part-2/ 5
WHERE MY GEEKS AT? • Third Step: Mind the Gap Producer “Wolverine” Consumer “Technical Risk” Direct & Indirect Delivery Models “Business Risk” © Cyber Squared Inc. 2014 6
MEASURING IS MATURING • • • • • • What you do, costs someone / something (Time/Money) What does the org get between the 1st & 15th? What does it cost to produce or consume? What should I work on? X OR Y (WHERE X = (N) and Y = N) Is what I am producing of value & How do I know? How do I improve my process? (Make Faster & Cheaper) © Cyber Squared Inc. 2014 7
Q3 2013 METRICS © Cyber Squared Inc. 2014 8
ASSUMPTIONS & FACTS Assumptions: • Give data to get • Have analysts will collaborate • My perspective is not always correct Facts: • Time – Not enough • Talent – Not enough • Treasure – Not enough Definition: • What we mean when we say “Share” © Cyber Squared Inc. 2014 9
Q3 2013 TCIRT SHARING METRICS • In Q3 of 2013 TCIRT shared: • 143 Incidents, Threats or Emails 2013 Q3 ThreatConnect Shares 70 • When shared +1700 global users were enabled 60 • Consistent observables for July & August 40 • 47% Increase in September • Data exported, consumed and processed within organizational systems 62 50 39 42 30 20 10 0 July 2013 © Cyber Squared Inc. 2014 August 2013 September 2013 10
All material confidential and proprietary 11
FUZZY MATH (SHARES) • 1 x ThreatIntel Analyst a year / amount produced in a month @ a specific rate of production. $100,000yr/12mo - $8333mo / 39 Jul Shares = $213 share/mo. @3.24/hr - $65/hr $100,000yr/12mo - $8333mo / 42 Aug Shares = $198 share/mo. @3.29/hr –$60/hr $100,000yr/12mo - $8333mo / 62 Sep Shares = $134 share/mo. @2.18/hr – $61/hr Cost to Organization Amount of Production © Cyber Squared Inc. 2014 Ave Cost to produce share Frequency of production 12
GIVING AWAY KNOWLEDGE = GROWTH • Where did it all go? • Two Communities that we own • Subscriber Community • Common Community All Communitie s 5% • Over half of TCIRT research was given away • These Communities consist of individuals & organizations • Global / All Industries • Established lasting relationships & partnerships for future collaborative efforts © Cyber Squared Inc. 2014 Subscriber Community 44% Common Community 51% 13
FREE AS IN BEER • 1 x ThreatIntel Analyst shares incident data @3.24hrs to create w/ a Community of 1700 researchers. Where only 1% review/research the data for one hour. Only .5% review/research/respond. • 1% - 17 x Review/Research for one hour • .5% - 8.5 x Review/Research/Respond for one hour with additional findings • The ThreatIntel Analyst / Org leverages another 8.5 hours of additional manpower (@162% increase) of analytics. • Analyst obtains additional info/data • Org obtains at least $552 value of outsourced analysis (8.5 x $65) • Community leverages the entire exchange © Cyber Squared Inc. 2014 14
COMMUNITIES © Cyber Squared Inc. 2014 15
SHARING IS POWERFUL! Each Organization has their own private data Peer to Peer Sharing between two organizations Common System Wide Collaboration Each Industry Represented by their own Trusted Community © Cyber Squared Inc. 2014 16
COMMUNITY STANDUP • Since August • Deployable Private Communities Count of Private Communities & Membership Private Industry 200 180 • Minutes to configure 160 • By Industry 140 • By Threat 120 • By Geo N 100 • Multiple Roles • Vetting & Invitations • Attrib / nonAttributable 80 Private General 60 40 A 20 Private Industries A 0 Community 1 Community 2 © Cyber Squared Inc. 2014 Community 3 A Community 4 Regional Threat Based A Community 5 17
COMMUNITY INTERACTION • Leadership is contagious • Not all communities are created equal • Variables: 160 140 120 100 Common Community • Time • Leadership • Frequency Private Community 1 80 Private Community 2 Private Community 3 60 • Size of membership • Culture Private Community 4 40 20 0 Sep-13 Oct-13 © Cyber Squared Inc. 2014 Nov-13 Dec-13 Jan-14 18
GIVIN’ VALUE PROPS Increase your eyes and ears by N Newcomers to the mission: “Where do I get started”? Increase your probability for free beer at conferences Understand what are Industry best practices? Who else is dealing w/ cyber pandas? Successes / Failures that I should know about? • Distributed talent / distributed AS&W / increasing production times. • • • • • © Cyber Squared Inc. 2014 19
SOURCES OF INFO © Cyber Squared Inc. 2014 20
Q3 2013 SOURCES OF TCIRT DATA Websense Blog TCIRT Roll-Up Taiwan CERT Bulletin Rapid7 Blog Microsoft Blog Kaspersky Blog FireEye Blog F-Secure Blog Dell Secureworks Blog Contagio Blog Citizenlab Blog AlienVault Blog AhnLab Blog Adversary Blog Webroot Blog Symantec Blog Malwr Jsunpack Securelist Blog Cyb3rsleuth Blog Virus Total Joe Security Document Analyzer FireEye Blog ThreatExpert Scumware URLQuery TCIRT Partner Tipper TCIRT Malware Analysis / Yara Detections 0 10 20 30 © Cyber Squared Inc. 2014 40 50 60 21
ITEMS TO CONSIDER • Quality vs Quantity debate • more is not always better • Accuracy vs Timeliness debate • being 100% wrong now vs. 50% correct later • All Source vs Single Source • the wandering perspective • Customers & Feedback loop • What sources yield positive feedback? • Cost • time & money © Cyber Squared Inc. 2014 22
PARTING THOUGHTS © Cyber Squared Inc. 2014 23
SUMMARY • Understand others, everyone looks at things differently • Perfect the ability to communicate effectively to both the technical & non-technical audiences • Understand the business costs associated w/ doing or not doing aspects of your job • Make assumptions, Measure things, Make decisions • We are relational creatures that crave success = find success through relationship • If you are thinking in these terms & measuring you are likely postured for growth & maturity in this space. © Cyber Squared Inc. 2014 24
HAPPY HUNTING! Rich Barger © Cyber Squared Inc. 2014 25

Recommended

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
ThreatConnect
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
ThreatConnect
 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
ThreatConnect
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
 

Recommended

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
ThreatConnect
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
ThreatConnect
 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
ThreatConnect
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
ThreatConnect
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Dragos, Inc.
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
Gert-Jan Bruggink
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
MITRE - ATT&CKcon
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
Priyanka Aash
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
Priyanka Aash
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
MITRE - ATT&CKcon
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
Tudor Damian
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
Mark Arena
 

More Related Content

What's hot

Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Dragos, Inc.
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
MITRE - ATT&CKcon
 
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
Gert-Jan Bruggink
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
MITRE - ATT&CKcon
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
Priyanka Aash
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
Priyanka Aash
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
MITRE - ATT&CKcon
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 

What's hot (20)

Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan brugginkATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
 
Bridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk ManagementBridging the Gap Between Threat Intelligence and Risk Management
Bridging the Gap Between Threat Intelligence and Risk Management
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 

Similar to Dollars and Sense of Sharing Threat Intelligence

The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
Tudor Damian
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
Mark Arena
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
Deloitte United States
 
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault
 
Owasp LA
Owasp LAOwasp LA
Owasp LA
leifdreizler
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibility
AlienVault
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
Manish Kumar
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
SaraPia5
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Manage the Velocity of Change with Cloud Computing
Manage the Velocity of Change with Cloud Computing Manage the Velocity of Change with Cloud Computing
Manage the Velocity of Change with Cloud Computing
Janine Sneed
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
Jay McLaughlin
 
"Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!" "Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!"
Advanced Technology Consulting (ATC)
 
Selling 0days to governments and offensive security companies
Selling 0days to governments and offensive security companiesSelling 0days to governments and offensive security companies
Selling 0days to governments and offensive security companies
Maor Shwartz
 

Similar to Dollars and Sense of Sharing Threat Intelligence (20)

The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
 
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
 
Owasp LA
Owasp LAOwasp LA
Owasp LA
 
SIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibilitySIEM-plifying security monitoring: A different approach to security visibility
SIEM-plifying security monitoring: A different approach to security visibility
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Manage the Velocity of Change with Cloud Computing
Manage the Velocity of Change with Cloud Computing Manage the Velocity of Change with Cloud Computing
Manage the Velocity of Change with Cloud Computing
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
"Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!" "Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!"
 
Selling 0days to governments and offensive security companies
Selling 0days to governments and offensive security companiesSelling 0days to governments and offensive security companies
Selling 0days to governments and offensive security companies
 

More from ThreatConnect

Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017
ThreatConnect
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
ThreatConnect
 
Threat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a DestinationThreat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a Destination
ThreatConnect
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
ThreatConnect
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
ThreatConnect
 

More from ThreatConnect (7)

Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017Advanced Threat Hunting - BotConf 2017
Advanced Threat Hunting - BotConf 2017
 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 
Threat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a DestinationThreat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a Destination
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
The Security Industry is Suffering from Fragmentation, What Can Your Organiza...
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
 

Recently uploaded

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 

Recently uploaded (20)

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 

Dollars and Sense of Sharing Threat Intelligence

  • 1. THE DOLLARS AND “SENSE” BEHIND THREAT INTELLIGENCE SHARING 2-11-2014 © Cyber Squared Inc. 2014 1
  • 2. WHAT I DO Customer: We were hit with this. • Investigates new threats across industries Your Organization Peer to Peer Common Community Subscriber Community • Correlates incidents Industry Community • Provides ongoing and on-demand support Dynamic and On-Demand The ThreatConnect Intelligence Research Team (TCIRT) – Enrichments that expose the unseen ThreatConnect IRT © Cyber Squared Inc. 2014 TCIRT: Here are more details… 2
  • 3. WHO I SUPPORT Customer Industries • Launched July 2013 Security/Intel • 1,700+ accounts • Dozens of Fortune 100/500 Companies Media/Entertain ment Utilities/Transpor tation Banking/Finance 16% 17% 4% Defense/Govern ment 5% 16% 4% Manufacturing • Many Industries Represented 8% Other • 66% Referral Rate 30% Technology © Cyber Squared Inc. 2014 3
  • 4. THE WHO’S WHO • First Step: Recognize the players 3 2 Cyber 6 © Cyber Squared Inc. 2014 4
  • 5. “BOB3160” • Second Step: Recognize the problem Unless You Played one of these… …this may carry little meaning © Cyber Squared Inc. 2014 Source: http://blog.avast.com/2014/01/22/win3264blackbeardpigeon-stealthiness-techniques-in-64-bit-windows-part-2/ 5
  • 6. WHERE MY GEEKS AT? • Third Step: Mind the Gap Producer “Wolverine” Consumer “Technical Risk” Direct & Indirect Delivery Models “Business Risk” © Cyber Squared Inc. 2014 6
  • 7. MEASURING IS MATURING • • • • • • What you do, costs someone / something (Time/Money) What does the org get between the 1st & 15th? What does it cost to produce or consume? What should I work on? X OR Y (WHERE X = (N) and Y = N) Is what I am producing of value & How do I know? How do I improve my process? (Make Faster & Cheaper) © Cyber Squared Inc. 2014 7
  • 8. Q3 2013 METRICS © Cyber Squared Inc. 2014 8
  • 9. ASSUMPTIONS & FACTS Assumptions: • Give data to get • Have analysts will collaborate • My perspective is not always correct Facts: • Time – Not enough • Talent – Not enough • Treasure – Not enough Definition: • What we mean when we say “Share” © Cyber Squared Inc. 2014 9
  • 10. Q3 2013 TCIRT SHARING METRICS • In Q3 of 2013 TCIRT shared: • 143 Incidents, Threats or Emails 2013 Q3 ThreatConnect Shares 70 • When shared +1700 global users were enabled 60 • Consistent observables for July & August 40 • 47% Increase in September • Data exported, consumed and processed within organizational systems 62 50 39 42 30 20 10 0 July 2013 © Cyber Squared Inc. 2014 August 2013 September 2013 10
  • 11. All material confidential and proprietary 11
  • 12. FUZZY MATH (SHARES) • 1 x ThreatIntel Analyst a year / amount produced in a month @ a specific rate of production. $100,000yr/12mo - $8333mo / 39 Jul Shares = $213 share/mo. @3.24/hr - $65/hr $100,000yr/12mo - $8333mo / 42 Aug Shares = $198 share/mo. @3.29/hr –$60/hr $100,000yr/12mo - $8333mo / 62 Sep Shares = $134 share/mo. @2.18/hr – $61/hr Cost to Organization Amount of Production © Cyber Squared Inc. 2014 Ave Cost to produce share Frequency of production 12
  • 13. GIVING AWAY KNOWLEDGE = GROWTH • Where did it all go? • Two Communities that we own • Subscriber Community • Common Community All Communitie s 5% • Over half of TCIRT research was given away • These Communities consist of individuals & organizations • Global / All Industries • Established lasting relationships & partnerships for future collaborative efforts © Cyber Squared Inc. 2014 Subscriber Community 44% Common Community 51% 13
  • 14. FREE AS IN BEER • 1 x ThreatIntel Analyst shares incident data @3.24hrs to create w/ a Community of 1700 researchers. Where only 1% review/research the data for one hour. Only .5% review/research/respond. • 1% - 17 x Review/Research for one hour • .5% - 8.5 x Review/Research/Respond for one hour with additional findings • The ThreatIntel Analyst / Org leverages another 8.5 hours of additional manpower (@162% increase) of analytics. • Analyst obtains additional info/data • Org obtains at least $552 value of outsourced analysis (8.5 x $65) • Community leverages the entire exchange © Cyber Squared Inc. 2014 14
  • 16. SHARING IS POWERFUL! Each Organization has their own private data Peer to Peer Sharing between two organizations Common System Wide Collaboration Each Industry Represented by their own Trusted Community © Cyber Squared Inc. 2014 16
  • 17. COMMUNITY STANDUP • Since August • Deployable Private Communities Count of Private Communities & Membership Private Industry 200 180 • Minutes to configure 160 • By Industry 140 • By Threat 120 • By Geo N 100 • Multiple Roles • Vetting & Invitations • Attrib / nonAttributable 80 Private General 60 40 A 20 Private Industries A 0 Community 1 Community 2 © Cyber Squared Inc. 2014 Community 3 A Community 4 Regional Threat Based A Community 5 17
  • 18. COMMUNITY INTERACTION • Leadership is contagious • Not all communities are created equal • Variables: 160 140 120 100 Common Community • Time • Leadership • Frequency Private Community 1 80 Private Community 2 Private Community 3 60 • Size of membership • Culture Private Community 4 40 20 0 Sep-13 Oct-13 © Cyber Squared Inc. 2014 Nov-13 Dec-13 Jan-14 18
  • 19. GIVIN’ VALUE PROPS Increase your eyes and ears by N Newcomers to the mission: “Where do I get started”? Increase your probability for free beer at conferences Understand what are Industry best practices? Who else is dealing w/ cyber pandas? Successes / Failures that I should know about? • Distributed talent / distributed AS&W / increasing production times. • • • • • © Cyber Squared Inc. 2014 19
  • 20. SOURCES OF INFO © Cyber Squared Inc. 2014 20
  • 21. Q3 2013 SOURCES OF TCIRT DATA Websense Blog TCIRT Roll-Up Taiwan CERT Bulletin Rapid7 Blog Microsoft Blog Kaspersky Blog FireEye Blog F-Secure Blog Dell Secureworks Blog Contagio Blog Citizenlab Blog AlienVault Blog AhnLab Blog Adversary Blog Webroot Blog Symantec Blog Malwr Jsunpack Securelist Blog Cyb3rsleuth Blog Virus Total Joe Security Document Analyzer FireEye Blog ThreatExpert Scumware URLQuery TCIRT Partner Tipper TCIRT Malware Analysis / Yara Detections 0 10 20 30 © Cyber Squared Inc. 2014 40 50 60 21
  • 22. ITEMS TO CONSIDER • Quality vs Quantity debate • more is not always better • Accuracy vs Timeliness debate • being 100% wrong now vs. 50% correct later • All Source vs Single Source • the wandering perspective • Customers & Feedback loop • What sources yield positive feedback? • Cost • time & money © Cyber Squared Inc. 2014 22
  • 23. PARTING THOUGHTS © Cyber Squared Inc. 2014 23
  • 24. SUMMARY • Understand others, everyone looks at things differently • Perfect the ability to communicate effectively to both the technical & non-technical audiences • Understand the business costs associated w/ doing or not doing aspects of your job • Make assumptions, Measure things, Make decisions • We are relational creatures that crave success = find success through relationship • If you are thinking in these terms & measuring you are likely postured for growth & maturity in this space. © Cyber Squared Inc. 2014 24
  • 25. HAPPY HUNTING! Rich Barger © Cyber Squared Inc. 2014 25