SlideShare a Scribd company logo

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.
NTT Innovation Institute Inc.

Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise. Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence. This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.

Technology
1 of 25
Download to read offline
Global Cyber Threat Intelligence Kenji Takahashi NTT Innovation Institute, Inc. 2016 Copyright NTT Innovation Institute, Inc. All rights reserved.
2 NTT i3 ACCELERATING THE TRANSFORMATION OF IDEAS FROM LAB TO MARKET Full Lifecycle Innovation FOCUS NTT Global Strategic Assets LEVERAGE Leading Companies and Startups ENGAGE INNOVATION Internet of Things Wearables Machine Learning MARKET-READY PLATFORMS Elastic Services Infrastructure Global Threat Intelligence Platform Cloud Service OrchestrationPlatform 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
3 THE EVOLVING GLOBAL SECURITY LANDSCAPE Cybercriminals • Large and sophisticated global crime groups • Black markets for stolen data, tool, and hacker talent • Detailed knowledge on targets (vulnerabilities, businesses, organizations and people) Enterprise Security Team • Technology vulnerability of IT • Largely reactive security practices • Limited data sources and analytic capabilities • Security skills gaps Threats and attacks generated by criminals outpace security team capabilities 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
4 THE GLOBAL THREATS LANDSCAPE IN 2016 Global Threat Intelligence Report 2016 (GTIR 2016) www.nttgroupsecurity.com Top 10 External Vulnerabilities Outdated PHP Version 8% Cross-Site Scripting (CSS/XSS) 7% Outdated Apache Web Server 7% SSL/TLS Information Disclosure 6% Web Clear Text Username/Password 5% Weak SSL/TLS Ciphers/Certificate 5% Outdated Apache Tomcat Server 4% Weak/No HTTPS cache policy 4% Cookie without HTTPOnly attribute set 3% SSL Certificate Signed using Weak Hashing Algorithm 3% Top 10 Internal Vulnerabilities Outdated Java Version 51% Outdated Adobe Flash Player 11% Outdated Adobe Reader and Acrobat 5% Outdated Microsoft Windows 3% Outdated Microsoft Internet Explorer 3% Outdated Mozilla Firefox 2% Outdated Microsoft Office 1% Outdated Linux Kernel 1% Outdated Novell Client 1% Outdated OpenSSH Version 1% The data presented is based on information gathered through 2015 Vulnerabilities 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
5 THE GLOBAL THREATS LANDSCAPE IN 2016 Attacks The data presented is based on information gathered through 2015 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
6 THE GLOBAL THREATS LANDSCAPE IN 2016 Incidents The data presented is based on information gathered through 2015 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
7 HACKING FOR PROFIT – THE JP MORGAN CYBERATTACK 100 million customers of 12 companies in the US 8 years of operation 2007-2015 $100Ms in illicit proceeds Global cybercrime network 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
8 RANSOM32: RANSOMWARE AS A SERVICE (source: http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/) 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
9 THE CYBERCRIME INFRASTRUCTURE OF BOTNETS • Consists of thousands of victimized computers (”nodes”) • Buy or rent tools, data, services, and talents on the cyber black market using bitcoins • Recycled in 30 – 90 day cycle 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
10 CYBER KILL CHAIN THE SEVEN PHASES OF A CYBER ATTACK *1: “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” by E. Hutchins, M. Cloppert, R. Amin, Lockheed Martin Corporation, 2011. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf Cyber Kill Chain is a registered trademark of Lockheed Martin Corporation. RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTIONS & OBJECTIVES 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
11 CYBER KILL CHAIN: CASE STUDY RECONNAISSANCE Recon, PHP and SQL fingerprinting 0 DELIVERY & Delivery of SQL injection via Havij tool & Exploitation of injection attack Command & Control Establish and maintain C2 WEAPONIZATION Recon data analyzed and Havij tool selected and configured for attack Creation of accounts and installation of RAT EXPLOITATION 46 53 58 51 55 ACTIONS & OBJECTIVES 0 6059 65 First Identified Log Public Disclosure Observed 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. Data exfiltration INSTALLATION
12 CKC AS A GUIDELINE FOR THREAT INTELLIGENCE • Analysis of earlier phase provides threat intelligence for later phases • Attribution underpins the analysis of CKC phases § Victims § Capabilities § Resources § Objectives • Strategic priority and focus are essential § Systems, services, data, and people of importance
13 WHAT CONSTITUTE THREAT INTELLIGENCE Threat intelligence is gathered from disparate sources and synthesized by human analysts to identify a specific threat and its target in advance of an incident. 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
14 THREAT INTELLIGENCE EVOLVING SECURITY FROM REACTION TO PREDICTION A new approach to addressing global threats requires: 1 Creation of potential victim/target profiles 2 Prediction of threats based on the real-time analysis of a variety of data sources 3 Deployment of security control to monitor and block both predicted and existing threats 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
15 GLOBAL THREAT INTELLIGENCE PLATFORM • Single holistic view of the real-time evolution of the dynamic threat landscape • Global dataset of more than 18 million attacks gathered from a wide variety of sources, across geographical and organizational boundaries • Advanced analytics driven by machine learning (including malware taint analysis) • API for seamless integration into applications, services and systems • Support led by managed security service professionals 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
16 DEMO 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
CONTEXTUALIZATION Provide the “right” information best fit to user context • Context can be expressed by vertical industry, geographical region, CKC phases, attack type, victim profile, used resources (IP addresses, URLs/domains, malware, etc.) Enable users to formulate contextualized queries • Users can save and manage queries The information is further enriched • Gathering the data from multiple non threat sources • Put them into consistent format • Pivoting Facilitate collaboration among security experts • Annotation, Labeling 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. 17
18 GTIP – MALWARE TAINT ANALYSIS ENGINE Dynamic data flow analysis by tracking down every movement of every bit of data by malware on a computer. Keep track of the trace of “tags” • Tags are identifiers placed on data, and are propagated as data moves inside computer, automatically tracking and identifying data provenance. BLACKLIST ANALYTICS ENGINE MALWARE BINARIES 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
19 IMPORTANT ISSUES FOR THE FUTURE OF CYBERSECURITY • Information Sharing • Big Data and Machine Learning for Malware and Traffic Analysis • Software Defined Security Orchestration 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
20 INFORMATION SHARING 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
21 MALWARE CLASSIFICATION BY MACHINE LEARNING Applying Machine Learning to both dynamic and static analysis • Features from execution in GTIP Malware Taint Analysis Engine (dynamic analysis) • Features extracted from raw files (static analysis) Preliminary experiments result in promising 98% accuracy • 4,000 malware files and 3,000 benign files • Windows binaries Same approach can be applied to other types of malware • Mobile (.apk), PDF, JavaScript, MS Office, etc. 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
TEMPORAL VISUALIZATION AND ANALYSIS • Different types of attacks and CKC phases show distinguishing temporal patterns. • By visualizing and analyzing the patterns, we are exploring a way of taking actions in an earlier, quicker and effective manner. SSH attacks access many targets in Reconnaissance phase A malware attacks accesses only one target in Exploitation phase 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. 22
23 TRAFFIC ANALYSIS: BOTNET INFRASTRUCTURE DETECTION Network providers, vendors, and law enforcements could detect bot masters and their infrastructures by working together Information sharing and massively scalable analytics are the key • Streaming analytics • Machine learning ML outlier detection Black lists, DNS sink holes, Passive DNS, DNS Cache, Domain Generation Algorithm (DGA), Domain profiling, ML clustering Netflow analysis, Behavior analysis 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
24 BENDABLE NETWORKS: SOFTWARE DEFINED SECURITY ORCHESTRATION The integration of ESI and GTIP takes security operation integrity and agility to a new level. DEVICES GTIP + ESI SOURCES FW, IPS, IDS, SIEM… On-demand installation On-demand policy and configuration Detect Install and update SDN + NFV + Threat Intelligence BENDABLE NETWORKS
25 ACCELERATING THE TRANSFORMATION OF IDEAS FROM LAB TO MARKET h t t p : / / www. n t t i3 . co m h t t p s: / / t wit t e r. co m / n t t i3 h t t p s: / / www. lin ke d in . c o m / co m p a n y / n t t in n o va t io n i n st it u t e h t t p s: / / www. f a ce b o o k. co m / n t t in n o va t io n h t t p s: / / www. yo u t u b e . co m / u se r / NT Ti3 Ch a n n e l 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
Priyanka Aash
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
Katie Nickels
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
Arpan Raval
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
Saqib Chaudhry
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
Cristian Garcia G.
 

More Related Content

What's hot

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
Katie Nickels
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
LearningwithRayYT
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
Arpan Raval
 

What's hot (20)

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 

Similar to Global Cyber Threat Intelligence

How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
Saqib Chaudhry
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
Cristian Garcia G.
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
Blueliv
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
Blueliv
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
A Study on Honeypots and Deceiving Attacker using Modern Honeypot NetworkA Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
ijtsrd
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
yugandharadahiphale2
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
yugandharadahiphale2
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
Priyanka Aash
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
DATA SECURITY SOLUTIONS
 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementOpen Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Black Duck by Synopsys
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Ivan Sang
 
Evolución de la Ciber Seguridad
Evolución de la Ciber SeguridadEvolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
Cristian Garcia G.
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
IBM Security
 
World best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious linkWorld best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious link
임채호 박사님
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
Thomvest Ventures
 

Similar to Global Cyber Threat Intelligence (20)

How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
A Study on Honeypots and Deceiving Attacker using Modern Honeypot NetworkA Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
 
icon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptxicon-aiincs-obusolini201809131800-190310184140.pptx
icon-aiincs-obusolini201809131800-190310184140.pptx
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
The malware monetization machine
The malware monetization machineThe malware monetization machine
The malware monetization machine
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementOpen Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
 
Evolución de la Ciber Seguridad
Evolución de la Ciber SeguridadEvolución de la Ciber Seguridad
Evolución de la Ciber Seguridad
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
World best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious linkWorld best web apps security and Active detection of malicious link
World best web apps security and Active detection of malicious link
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
 

More from NTT Innovation Institute Inc.

In Pursuit of Innovation: Full Lifecycle Innovation
In Pursuit of Innovation: Full Lifecycle InnovationIn Pursuit of Innovation: Full Lifecycle Innovation
In Pursuit of Innovation: Full Lifecycle Innovation
NTT Innovation Institute Inc.
 
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
NTT Innovation Institute Inc.
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
NTT Innovation Institute Inc.
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
NTT Innovation Institute Inc.
 
NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015
NTT Innovation Institute Inc.
 
NTT i3 Point of View: Network Infrastructure Elasticity
NTT i3 Point of View: Network Infrastructure ElasticityNTT i3 Point of View: Network Infrastructure Elasticity
NTT i3 Point of View: Network Infrastructure ElasticityNTT Innovation Institute Inc.
 

More from NTT Innovation Institute Inc. (6)

In Pursuit of Innovation: Full Lifecycle Innovation
In Pursuit of Innovation: Full Lifecycle InnovationIn Pursuit of Innovation: Full Lifecycle Innovation
In Pursuit of Innovation: Full Lifecycle Innovation
 
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
In Pursuit of Innovation: Curating the Culture of Ambitious Ideas, Rebellious...
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015NTT i3 at OpenStack Summit - May 20th, 2015
NTT i3 at OpenStack Summit - May 20th, 2015
 
NTT i3 Point of View: Network Infrastructure Elasticity
NTT i3 Point of View: Network Infrastructure ElasticityNTT i3 Point of View: Network Infrastructure Elasticity
NTT i3 Point of View: Network Infrastructure Elasticity
 

Recently uploaded

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

Global Cyber Threat Intelligence

  • 1. Global Cyber Threat Intelligence Kenji Takahashi NTT Innovation Institute, Inc. 2016 Copyright NTT Innovation Institute, Inc. All rights reserved.
  • 2. 2 NTT i3 ACCELERATING THE TRANSFORMATION OF IDEAS FROM LAB TO MARKET Full Lifecycle Innovation FOCUS NTT Global Strategic Assets LEVERAGE Leading Companies and Startups ENGAGE INNOVATION Internet of Things Wearables Machine Learning MARKET-READY PLATFORMS Elastic Services Infrastructure Global Threat Intelligence Platform Cloud Service OrchestrationPlatform 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 3. 3 THE EVOLVING GLOBAL SECURITY LANDSCAPE Cybercriminals • Large and sophisticated global crime groups • Black markets for stolen data, tool, and hacker talent • Detailed knowledge on targets (vulnerabilities, businesses, organizations and people) Enterprise Security Team • Technology vulnerability of IT • Largely reactive security practices • Limited data sources and analytic capabilities • Security skills gaps Threats and attacks generated by criminals outpace security team capabilities 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 4. 4 THE GLOBAL THREATS LANDSCAPE IN 2016 Global Threat Intelligence Report 2016 (GTIR 2016) www.nttgroupsecurity.com Top 10 External Vulnerabilities Outdated PHP Version 8% Cross-Site Scripting (CSS/XSS) 7% Outdated Apache Web Server 7% SSL/TLS Information Disclosure 6% Web Clear Text Username/Password 5% Weak SSL/TLS Ciphers/Certificate 5% Outdated Apache Tomcat Server 4% Weak/No HTTPS cache policy 4% Cookie without HTTPOnly attribute set 3% SSL Certificate Signed using Weak Hashing Algorithm 3% Top 10 Internal Vulnerabilities Outdated Java Version 51% Outdated Adobe Flash Player 11% Outdated Adobe Reader and Acrobat 5% Outdated Microsoft Windows 3% Outdated Microsoft Internet Explorer 3% Outdated Mozilla Firefox 2% Outdated Microsoft Office 1% Outdated Linux Kernel 1% Outdated Novell Client 1% Outdated OpenSSH Version 1% The data presented is based on information gathered through 2015 Vulnerabilities 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 5. 5 THE GLOBAL THREATS LANDSCAPE IN 2016 Attacks The data presented is based on information gathered through 2015 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 6. 6 THE GLOBAL THREATS LANDSCAPE IN 2016 Incidents The data presented is based on information gathered through 2015 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 7. 7 HACKING FOR PROFIT – THE JP MORGAN CYBERATTACK 100 million customers of 12 companies in the US 8 years of operation 2007-2015 $100Ms in illicit proceeds Global cybercrime network 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 8. 8 RANSOM32: RANSOMWARE AS A SERVICE (source: http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/) 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 9. 9 THE CYBERCRIME INFRASTRUCTURE OF BOTNETS • Consists of thousands of victimized computers (”nodes”) • Buy or rent tools, data, services, and talents on the cyber black market using bitcoins • Recycled in 30 – 90 day cycle 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 10. 10 CYBER KILL CHAIN THE SEVEN PHASES OF A CYBER ATTACK *1: “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” by E. Hutchins, M. Cloppert, R. Amin, Lockheed Martin Corporation, 2011. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf Cyber Kill Chain is a registered trademark of Lockheed Martin Corporation. RECONNAISSANCE WEAPONIZATION DELIVERY EXPLOITATION INSTALLATION COMMAND & CONTROL ACTIONS & OBJECTIVES 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 11. 11 CYBER KILL CHAIN: CASE STUDY RECONNAISSANCE Recon, PHP and SQL fingerprinting 0 DELIVERY & Delivery of SQL injection via Havij tool & Exploitation of injection attack Command & Control Establish and maintain C2 WEAPONIZATION Recon data analyzed and Havij tool selected and configured for attack Creation of accounts and installation of RAT EXPLOITATION 46 53 58 51 55 ACTIONS & OBJECTIVES 0 6059 65 First Identified Log Public Disclosure Observed 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. Data exfiltration INSTALLATION
  • 12. 12 CKC AS A GUIDELINE FOR THREAT INTELLIGENCE • Analysis of earlier phase provides threat intelligence for later phases • Attribution underpins the analysis of CKC phases § Victims § Capabilities § Resources § Objectives • Strategic priority and focus are essential § Systems, services, data, and people of importance
  • 13. 13 WHAT CONSTITUTE THREAT INTELLIGENCE Threat intelligence is gathered from disparate sources and synthesized by human analysts to identify a specific threat and its target in advance of an incident. 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 14. 14 THREAT INTELLIGENCE EVOLVING SECURITY FROM REACTION TO PREDICTION A new approach to addressing global threats requires: 1 Creation of potential victim/target profiles 2 Prediction of threats based on the real-time analysis of a variety of data sources 3 Deployment of security control to monitor and block both predicted and existing threats 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 15. 15 GLOBAL THREAT INTELLIGENCE PLATFORM • Single holistic view of the real-time evolution of the dynamic threat landscape • Global dataset of more than 18 million attacks gathered from a wide variety of sources, across geographical and organizational boundaries • Advanced analytics driven by machine learning (including malware taint analysis) • API for seamless integration into applications, services and systems • Support led by managed security service professionals 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 16. 16 DEMO 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 17. CONTEXTUALIZATION Provide the “right” information best fit to user context • Context can be expressed by vertical industry, geographical region, CKC phases, attack type, victim profile, used resources (IP addresses, URLs/domains, malware, etc.) Enable users to formulate contextualized queries • Users can save and manage queries The information is further enriched • Gathering the data from multiple non threat sources • Put them into consistent format • Pivoting Facilitate collaboration among security experts • Annotation, Labeling 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. 17
  • 18. 18 GTIP – MALWARE TAINT ANALYSIS ENGINE Dynamic data flow analysis by tracking down every movement of every bit of data by malware on a computer. Keep track of the trace of “tags” • Tags are identifiers placed on data, and are propagated as data moves inside computer, automatically tracking and identifying data provenance. BLACKLIST ANALYTICS ENGINE MALWARE BINARIES 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 19. 19 IMPORTANT ISSUES FOR THE FUTURE OF CYBERSECURITY • Information Sharing • Big Data and Machine Learning for Malware and Traffic Analysis • Software Defined Security Orchestration 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 20. 20 INFORMATION SHARING 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 21. 21 MALWARE CLASSIFICATION BY MACHINE LEARNING Applying Machine Learning to both dynamic and static analysis • Features from execution in GTIP Malware Taint Analysis Engine (dynamic analysis) • Features extracted from raw files (static analysis) Preliminary experiments result in promising 98% accuracy • 4,000 malware files and 3,000 benign files • Windows binaries Same approach can be applied to other types of malware • Mobile (.apk), PDF, JavaScript, MS Office, etc. 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 22. TEMPORAL VISUALIZATION AND ANALYSIS • Different types of attacks and CKC phases show distinguishing temporal patterns. • By visualizing and analyzing the patterns, we are exploring a way of taking actions in an earlier, quicker and effective manner. SSH attacks access many targets in Reconnaissance phase A malware attacks accesses only one target in Exploitation phase 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved. 22
  • 23. 23 TRAFFIC ANALYSIS: BOTNET INFRASTRUCTURE DETECTION Network providers, vendors, and law enforcements could detect bot masters and their infrastructures by working together Information sharing and massively scalable analytics are the key • Streaming analytics • Machine learning ML outlier detection Black lists, DNS sink holes, Passive DNS, DNS Cache, Domain Generation Algorithm (DGA), Domain profiling, ML clustering Netflow analysis, Behavior analysis 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.
  • 24. 24 BENDABLE NETWORKS: SOFTWARE DEFINED SECURITY ORCHESTRATION The integration of ESI and GTIP takes security operation integrity and agility to a new level. DEVICES GTIP + ESI SOURCES FW, IPS, IDS, SIEM… On-demand installation On-demand policy and configuration Detect Install and update SDN + NFV + Threat Intelligence BENDABLE NETWORKS
  • 25. 25 ACCELERATING THE TRANSFORMATION OF IDEAS FROM LAB TO MARKET h t t p : / / www. n t t i3 . co m h t t p s: / / t wit t e r. co m / n t t i3 h t t p s: / / www. lin ke d in . c o m / co m p a n y / n t t in n o va t io n i n st it u t e h t t p s: / / www. f a ce b o o k. co m / n t t in n o va t io n h t t p s: / / www. yo u t u b e . co m / u se r / NT Ti3 Ch a n n e l 2016 CopyrightNTT Innovation Institute, Inc. All rights reserved.