SlideShare a Scribd company logo

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Andreas Sfakianakis
Andreas Sfakianakis

This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)

1 of 40
Download to read offline
www.ecs.co.uk Threat Intelligence: State-of-the-art and trends Secure South West 5 Andreas Sfakianakis ECS 02/04/2015
ECS - Threat Management Strategy Build a picture of your adversaries. Understand their strategies, objectives, methodologies and attributes. Gain a clear understanding of your own network and systems alongside any weaknesses. Understand your countermeasures and contextual information. Bolster your countermeasures to deny attack channels. Establish and execute business as usual threat intelligence, vulnerability management, monitoring and response procedures. Review and report outcomes, deliverables, value and lessons learnt.
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
The Global Risk Landscape
What about …. Cyber? Number of breaches per threat actor category over time
What about …. Cyber?
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Threat Intelligence • "We don't know what it is, but we need it.” • Intelligence is the application of knowledge to information • Inform business decisions regarding the risks and implications associated with threats. • Data is not information, information is not knowledge, knowledge is not intelligence, intelligence is not wisdom. • Buzzword of 2014!
Information versus Intelligence
Characteristics of Intelligence
Why we need Threat Intelligence? • Dynamic threat landscape • Situational awareness (different sectors have different threats) • Defend better by knowing adversary • From reactive to proactive • Driving better investment strategies • After all it’s all about … context, context and context!
Types of Threat Intelligence Strategic Tactical Created by Humans Machines or humans + machines Consumed by Humans Machines and humans Delivery time frame Days – months Seconds to hours Useful lifespan Long Short (usually) Durability Durable Fragile (*) Ambiguity Possible; hypothesis and leads OK Undesirable; systems don’t tolerate it Focus Planning, decisions Detection, triage, response
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
How do we build it? • Fundamental cycle of intelligence processing • Civilian or military intelligence agency / law enforcement • Closed path consisting of repeating nodes.
Pyramid of Pain David Bianco
Embedding Threat Intelligence into the DNA of an organisation
Interrupting the kill chain “Kill Chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks.
Threat Intelligence Sources • Internal • Open source • Commercial • Community/Information sharing
Internally-sourced Threat Intelligence • Detailed analysis of locally caught malware • Detailed analysis of disk images, memory images • Threat actor profiles based on local data • Artifacts shared by other organizations • Fusing local data with shared data • Behavioural analysis
Open Source Threat Intelligence
Open Source Tactical Feeds
Remember! Sean Mason
Threat Intel Providers
What Threat Intel Providers deliver?
Information Sharing
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
What is a Threat Intel Platform?
But…
Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
CRITs (Collaborative Research into Threats)
Soltra Edge
The need for security automation
STIX standard What Activity are we seeing? What Threats should I be looking for and why? Where has this threat been Seen? What does it Do? What weaknesses does this threat Exploit? Why does it do this? Who is responsible for this threat? What can I do? Consider These Questions…..
Structured Threat Information Expression
STIX/TAXII Adoption
Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
Take aways • Current state of TI is still initial BUT has a great potential • Context is critical (makes everyone’s job easier) • Intelligence-led defense has significant operating costs • Do not blindly invest in intelligence (first think of requirements, DIY vs buy) • Look for upcoming automation/tool developments • Do not forget people and processes!!!!
Thank you for your attention! J Questions? @asfakian

Recommended

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe
 

Recommended

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
ssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
WPICPE
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
AmitPandey388410
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
bakhtinasiriav
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdf
ssuser4db968
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptx
ssuser4db968
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
Gregory McCardle
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
Gregory McCardle
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
TamaOlan1
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
Jeff Green
 
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Andreas Sfakianakis
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023
Andreas Sfakianakis
 

More Related Content

Similar to Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
WPICPE
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
AmitPandey388410
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
bakhtinasiriav
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdf
ssuser4db968
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptx
ssuser4db968
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
Gregory McCardle
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
Gregory McCardle
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
TamaOlan1
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
Jeff Green
 

Similar to Threat Intelligence: State-of-the-art and Trends - Secure South West 2015 (20)

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdf
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptx
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Cyber Crimes: The next five years.
Cyber Crimes: The next five years. Cyber Crimes: The next five years.
Cyber Crimes: The next five years.
 
2016 to 2021
2016 to 20212016 to 2021
2016 to 2021
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptxSOD-Presentation-Des-Moines-10.19.21-v2.pptx
SOD-Presentation-Des-Moines-10.19.21-v2.pptx
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Doten apt presentaiton (2)
Doten apt presentaiton (2)Doten apt presentaiton (2)
Doten apt presentaiton (2)
 

More from Andreas Sfakianakis

Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Andreas Sfakianakis
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023
Andreas Sfakianakis
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Andreas Sfakianakis
 
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
Andreas Sfakianakis
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Andreas Sfakianakis
 
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Andreas Sfakianakis
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 

More from Andreas Sfakianakis (7)

Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
Cyber Shield Up - They Shall Not Pass - Andreas Sfakianakis - Lecture at CSD ...
 
Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023Spin Your CTI Process Round - FIRST CTI Conference 2023
Spin Your CTI Process Round - FIRST CTI Conference 2023
 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
 
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022Setting Your CTI Process In Motion - ENISA CTI-EU 2022
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
 
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
Still thinking your Ex(cel)? Here are some TIPs - SANS CTI Summit 2021
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 

Recently uploaded

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 

Recently uploaded (20)

History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015

  • 1. www.ecs.co.uk Threat Intelligence: State-of-the-art and trends Secure South West 5 Andreas Sfakianakis ECS 02/04/2015
  • 2. ECS - Threat Management Strategy Build a picture of your adversaries. Understand their strategies, objectives, methodologies and attributes. Gain a clear understanding of your own network and systems alongside any weaknesses. Understand your countermeasures and contextual information. Bolster your countermeasures to deny attack channels. Establish and execute business as usual threat intelligence, vulnerability management, monitoring and response procedures. Review and report outcomes, deliverables, value and lessons learnt.
  • 3. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 4. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 5. The Global Risk Landscape
  • 6. What about …. Cyber? Number of breaches per threat actor category over time
  • 8. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 9. Threat Intelligence • "We don't know what it is, but we need it.” • Intelligence is the application of knowledge to information • Inform business decisions regarding the risks and implications associated with threats. • Data is not information, information is not knowledge, knowledge is not intelligence, intelligence is not wisdom. • Buzzword of 2014!
  • 12. Why we need Threat Intelligence? • Dynamic threat landscape • Situational awareness (different sectors have different threats) • Defend better by knowing adversary • From reactive to proactive • Driving better investment strategies • After all it’s all about … context, context and context!
  • 13. Types of Threat Intelligence Strategic Tactical Created by Humans Machines or humans + machines Consumed by Humans Machines and humans Delivery time frame Days – months Seconds to hours Useful lifespan Long Short (usually) Durability Durable Fragile (*) Ambiguity Possible; hypothesis and leads OK Undesirable; systems don’t tolerate it Focus Planning, decisions Detection, triage, response
  • 14. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 15. How do we build it? • Fundamental cycle of intelligence processing • Civilian or military intelligence agency / law enforcement • Closed path consisting of repeating nodes.
  • 17. Embedding Threat Intelligence into the DNA of an organisation
  • 18. Interrupting the kill chain “Kill Chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks.
  • 19. Threat Intelligence Sources • Internal • Open source • Commercial • Community/Information sharing
  • 20. Internally-sourced Threat Intelligence • Detailed analysis of locally caught malware • Detailed analysis of disk images, memory images • Threat actor profiles based on local data • Artifacts shared by other organizations • Fusing local data with shared data • Behavioural analysis
  • 21. Open Source Threat Intelligence
  • 25. What Threat Intel Providers deliver?
  • 27. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 28. What is a Threat Intel Platform?
  • 30. Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
  • 31. Threat Intelligence Platforms • ThreatConnect • Detica CyberReveal • IBM i2 Analyst Notebook • Lockheed Martin Palisade • Lookingglass ScoutPlatfom • MITRE CRITs • Palantir • ThreatQuotient • ThreatStream • Vorstack • Codenomicon • Soltra • Intelworks • ThreatQuotient • IID • ResilientSystems • Swimlane
  • 34. The need for security automation
  • 35. STIX standard What Activity are we seeing? What Threats should I be looking for and why? Where has this threat been Seen? What does it Do? What weaknesses does this threat Exploit? Why does it do this? Who is responsible for this threat? What can I do? Consider These Questions…..
  • 38. Roadmap • Threat Landscape • What is Threat Intelligence? • Threat Intelligence Management • Threat Intelligence Platforms • Take aways
  • 39. Take aways • Current state of TI is still initial BUT has a great potential • Context is critical (makes everyone’s job easier) • Intelligence-led defense has significant operating costs • Do not blindly invest in intelligence (first think of requirements, DIY vs buy) • Look for upcoming automation/tool developments • Do not forget people and processes!!!!
  • 40. Thank you for your attention! J Questions? @asfakian