AlienVault, profile picture
Uploaded byAlienVault
PPTX, PDF1,227 views

Otx introduction sw

Open Threat Exchange (OTX) is an open information-sharing network that allows security professionals to access and share real-time threat data globally. It hosts the largest crowd-sourced repository for threat data, which expires after 30 days without additional evidence, and is focused on privacy by not collecting personal or internal information. OTX facilitates collaboration among users to enhance threat response through validated threat intelligence and analysis.

Embed presentation

Downloaded 21 times
INTRODUCTION TO OPEN THREAT EXCHANGE
WHAT IS OTX? An open information sharing and analysis network Provides access to real-time, detailed information about threats and incidents around the world Enables security professionals to share threat data and benefit from data shared by others At the heart of OTX is the world’s largest, crowd-sourced repository for threat data.
OTX + ALIENVAULT LABS
SCORING AND ANALYSIS  Confirmation by other sources  Voting based on known abuse patterns  White-listing known sources of false positives
THE THREAT LANDSCAPE CHANGES • IPs Change IPs may be rebound to a different server, owner • Threats Get Remediated In the case of compromised/slaved servers, system owners may remediate threat • Threats Naturally Expire Campaigns and targeted attacks end per orchestrator’s plans
DATA EXPIRY  Contributed Data: expires after 30 days  Scanning: expires after 30 days without additional evidence  Malware: validate ongoing hosting  Web-based Threats: confirm ongoing activity
DATA PRIVACY IN OTX 122.225.118.219 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 122.225.118.66 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0 211.87.176.197 # Scanning Host CN,,35.0,105.0 95.163.107.201 # Spamming RU,,60.0,100.0 188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0 72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,- 111.890602112 174.120.172.125 # Malware IP US,Houston,29.7523002625,- 95.3669967651 210.148.165.67 # Malware IP JP,,36.0,138.0 75.75.253.84 # Spamming US,Henderson,36.0312004089,- 115.073898315 What OTX Collects • External IPs connecting to system • Traffic Patterns (Timestamps) What OTX Does NOT Collect • System data • System information • Internal IP traffic • Any personally identifiable information OTX API Example
Otx introduction sw

More Related Content

PPTX
How Malware Works
byAlienVault
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
PPTX
Incident response live demo slides final
byAlienVault
 
How Malware Works
byAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
Incident response live demo slides final
byAlienVault
 

What's hot

PPTX
Beginner's Guide to SIEM
byAlienVault
 
PPTX
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
PPTX
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
PPTX
Effective Cyber Defense Using CIS Critical Security Controls
byBSides Delhi
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPTX
Alienvault threat alerts in spiceworks
byAlienVault
 
PPTX
Creating Correlation Rules in AlienVault
byAlienVault
 
PDF
20 Security Controls for the Cloud
byNetStandard
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
PPTX
The CIS Critical Security Controls the International Standard for Defense
byEnclaveSecurity
 
PPTX
Configuring Data Sources in AlienVault
byAlienVault
 
PPTX
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
PPTX
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
PPTX
How to Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
PDF
Avoid Meltdown from the Spectre - How to measure impact and track remediation
byQualys
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PDF
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
byCam Fulton
 
Beginner's Guide to SIEM
byAlienVault
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
byAlienVault
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
Effective Cyber Defense Using CIS Critical Security Controls
byBSides Delhi
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
Alienvault threat alerts in spiceworks
byAlienVault
 
Creating Correlation Rules in AlienVault
byAlienVault
 
20 Security Controls for the Cloud
byNetStandard
 
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
The CIS Critical Security Controls the International Standard for Defense
byEnclaveSecurity
 
Configuring Data Sources in AlienVault
byAlienVault
 
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
Automating Critical Security Controls for Threat Remediation and Compliance
byQualys
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
How to Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
byQualys
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
byCam Fulton
 

Viewers also liked

PPTX
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 
PPTX
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
PPTX
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
byAlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
PPTX
The Evolution of IDS: Why Context is Key
byAlienVault
 
PPTX
AlienVault Threat Alerts in Spiceworks
byAlienVault
 
PPTX
SIEM 101: Get a Clue About IT Security Analysis
byAlienVault
 
PPTX
The Attackers Advantage
byShiv Shivakumar
 
PPTX
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
byAlienVault
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
PPTX
Crowd-Sourced Threat Intelligence
byAlienVault
 
PDF
Jovenes en el mundo digital
byRene Cotto Strems
 
PPTX
Worldwide User Group & Summit 2016 Highlights | Final day
byWeDo Technologies
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
byAlienVault
 
How to Detect System Compromise & Data Exfiltration with AlienVault USM
byAlienVault
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
byAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
The Evolution of IDS: Why Context is Key
byAlienVault
 
AlienVault Threat Alerts in Spiceworks
byAlienVault
 
SIEM 101: Get a Clue About IT Security Analysis
byAlienVault
 
The Attackers Advantage
byShiv Shivakumar
 
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
byAlienVault
 
Demo how to detect ransomware with alien vault usm_gg
byAlienVault
 
Crowd-Sourced Threat Intelligence
byAlienVault
 
Jovenes en el mundo digital
byRene Cotto Strems
 
Worldwide User Group & Summit 2016 Highlights | Final day
byWeDo Technologies
 

More from AlienVault

PPTX
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
PDF
Security operations center 5 security controls
byAlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PDF
Alien vault sans cyber threat intelligence
byAlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PPTX
Spice world 2014 hacker smackdown
byAlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
PPTX
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
PPTX
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
PDF
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
Security operations center 5 security controls
byAlienVault
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Insider Threat Detection Recommendations
byAlienVault
 
Alien vault sans cyber threat intelligence
byAlienVault
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
Spice world 2014 hacker smackdown
byAlienVault
 
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
Prepare to Be Breached: How to Adapt your Security Controls to the “New Normal”
byAlienVault
 
Security by Collaboration: Rethinking Red Teams versus Blue Teams
byAlienVault
 
Malware Invaders - Is Your OS at Risk?
byAlienVault
 

Otx introduction sw

  • 1.
    INTRODUCTION TO OPEN THREAT EXCHANGE
  • 2.
    WHAT IS OTX? An open information sharing and analysis network Provides access to real-time, detailed information about threats and incidents around the world Enables security professionals to share threat data and benefit from data shared by others At the heart of OTX is the world’s largest, crowd-sourced repository for threat data.
  • 3.
  • 4.
    SCORING AND ANALYSIS  Confirmation by other sources  Voting based on known abuse patterns  White-listing known sources of false positives
  • 5.
    THE THREAT LANDSCAPE CHANGES • IPs Change IPs may be rebound to a different server, owner • Threats Get Remediated In the case of compromised/slaved servers, system owners may remediate threat • Threats Naturally Expire Campaigns and targeted attacks end per orchestrator’s plans
  • 6.
    DATA EXPIRY Contributed Data: expires after 30 days  Scanning: expires after 30 days without additional evidence  Malware: validate ongoing hosting  Web-based Threats: confirm ongoing activity
  • 7.
    DATA PRIVACY INOTX 122.225.118.219 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 122.225.118.66 # Scanning Host CN,Hangzhou,30.2936000824,120.161399841 188.138.100.156 # Malware IP;Scanning Host DE,,51.0,9.0 211.87.176.197 # Scanning Host CN,,35.0,105.0 95.163.107.201 # Spamming RU,,60.0,100.0 188.138.110.48 # Malicious Host;Scanning Host DE,,51.0,9.0 72.167.131.220 # Malware IP US,Scottsdale,33.6119003296,- 111.890602112 174.120.172.125 # Malware IP US,Houston,29.7523002625,- 95.3669967651 210.148.165.67 # Malware IP JP,,36.0,138.0 75.75.253.84 # Spamming US,Henderson,36.0312004089,- 115.073898315 What OTX Collects • External IPs connecting to system • Traffic Patterns (Timestamps) What OTX Does NOT Collect • System data • System information • Internal IP traffic • Any personally identifiable information OTX API Example