Priyanka Aash, profile picture
Uploaded byPriyanka Aash
3,602 views

Threat Intelligence Workshop

The CISO Platform Decision Summit, held in New Delhi, focused on the growing field of threat intelligence, projected to reach $1.5 billion in 2018. The discussions included key elements of actionable intelligence, types of intelligence, and a structured five-stage process for threat intelligence management. Prominent vendors were analyzed across various categories, and the document emphasized the importance of sharing and integration in building effective threat intelligence programs.

Embed presentation

CISO Platform Decision Summit June 4-5, New Delhi
Threat Intelligence Bikash Barai
Threat Intelligence Drivers
Overview • Growing field. Expected to be 1.5 Billion in 2018 • Top buzzword for last 3 years • High adoption in mature organizations
Threat Intelligence Basics
Key Elements of Threat Intel
What is actionable intelligence? • Accurate • Relevant • Timely • Aligned • Predictive • Integrated
Types of Intel • Strategic Intel • Operational Intel • Tactical Intel • Technical Intel
What is pyramid of pain?
Intel 101 • Data vs Intelligence – Context, Intent, Capability • Tactical vs Strategic – How and what? – Who and why? • Atomic vs Composite – IP, packet string, hash – Combine multiple things • TTP- Tactics, Techniques and Procedures
People
Organization Chart CISO SOC VM Planning Collection Analysis Technical Strategic Presentation IR
Process
Planning • What issues to be addressed? • What info to be gathered? • What is the leadership and business priority?
5 stage process • Planning – What are you looking for? • Collection – OSINT/HUMINT – Logs/Data points inside the org – Honeypots/nets/docs, social networks – FM-5 • Processing – Synthesis so that intelligence analysts can use • Analysis – Finished Intel- Top of the pyramid of pain • Dissemination – Customize and present to the right audience
Technology
Taxonomy for Threat Intelligence Threat intelligence Threat Intelligence Platform Threat Intelligence Enrichment Threat Intelligence Integration Open Source Intel Human Intel Technical Intel Adversary Intel Vulnerability Intel Strategic Intel
Critical Technological capabilities Key Critical Technologies Capabilities Host Based Collection Network Based Collection External Threat Collection Threat Intelligence Ingestion Threat Intelligence Analysis Threat Intelligence Enrichment Threat Intelligence Internal Threat Intelligence Collaboration and sharing External Threat Intelligence Collaboration and sharing
Vendor Landscape • Total Vendors studied: 23 • Prominent Vendors – Open Source Intel: Recorded Future, Digital Shadows, Cyveillance – Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Cyveillance – Technical Intel: Norse Corporation , Anubis Networks, Emerging Threats – Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Symantec Deepsight – Vulnerability Intel: iSIGHT Partners, Verisign iDefence – Strategic Intel: , Surfwatch labs, Cytegic
Vendor Landscape • Threat Intelligence Platform: Lookingglass ScoutPlatform, Threat Stream Optic, ThreatQuotient ThreatQ, ThreatConnect Threat Intelligence Platorm, Vorstack Automated and Collaborated threat Intelligence. • Threat Intelligence Enrichment: Passive DNS( Farsight Security), GeoIP (MaxMind), WhoisData(Domain Tools) • Threat Intelligence Integration: Centripetal Networks, Lookingglass CloudShield
Vendor Analysis
Integrating Threat Intel
STIX • STIX provides a common language for describing cyber threat information so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation.
TAXII • Trusted Automated eXchange of Indicator Information (TAXII™) is a U.S. Department of Homeland Security (DHS)-led, community- driven effort to standardize the trusted, automated exchange of cyber threat information.
How to build a program?
Let’s do it next time…
But what can we do today?
Let’s start sharing- CISO Platform ISG
Thank You

More Related Content

PDF
Cyber threat intelligence ppt
byKumar Gaurav
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
PDF
Cyber Threat Intelligence
byZaiffiEhsan
 
PDF
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Cyber threat intelligence ppt
byKumar Gaurav
 
Threat Intelligence
byDeepak Kumar (D3)
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
byOWASP Delhi
 
Cyber Threat Intelligence
byZaiffiEhsan
 
Global Cyber Threat Intelligence
byNTT Innovation Institute Inc.
 
Cyber Threat Intelligence
bymohamed nasri
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 

What's hot

PPTX
SIEM Primer:
byAnton Chuvakin
 
PPTX
Cyber Threat Intelligence | Information to Insight
byDeep Shankar Yadav
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
6 Steps for Operationalizing Threat Intelligence
bySirius
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
PPTX
Security operation center (SOC)
byAhmed Ayman
 
PPSX
Next-Gen security operation center
byMuhammad Sahputra
 
PPTX
SOAR and SIEM.pptx
byAjit Wadhawan
 
PPTX
Optimizing Security Operations: 5 Keys to Success
bySirius
 
PDF
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
PPTX
Cyber Threat Intelligence
byPrachi Mishra
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
PDF
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PDF
Threat Hunting with Splunk Hands-on
bySplunk
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PDF
Welcome to the world of Cyber Threat Intelligence
byAndreas Sfakianakis
 
PPTX
Cyber kill chain
byAnkita Ganguly
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 
SIEM Primer:
byAnton Chuvakin
 
Cyber Threat Intelligence | Information to Insight
byDeep Shankar Yadav
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
6 Steps for Operationalizing Threat Intelligence
bySirius
 
Introduction to Cybersecurity
byKrutarth Vasavada
 
Security operation center (SOC)
byAhmed Ayman
 
Next-Gen security operation center
byMuhammad Sahputra
 
SOAR and SIEM.pptx
byAjit Wadhawan
 
Optimizing Security Operations: 5 Keys to Success
bySirius
 
Building Security Operation Center
byS.E. CTS CERT-GOV-MD
 
Cyber Threat Intelligence
byPrachi Mishra
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
What is SIEM? A Brilliant Guide to the Basics
bySagar Joshi
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Threat Hunting with Splunk Hands-on
bySplunk
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Welcome to the world of Cyber Threat Intelligence
byAndreas Sfakianakis
 
Cyber kill chain
byAnkita Ganguly
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
byEdureka!
 

Similar to Threat Intelligence Workshop

PDF
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
byAndreas Sfakianakis
 
PDF
Road map for actionable threat intelligence
byabhisheksinghcs
 
PPTX
Threat Intelligence (CTI) Blue Teams.pptx
byPhongTrn639136
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
PDF
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
byIBM Security
 
PDF
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
byJoAnna Cheshire
 
PPTX
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
PDF
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
byDean Evans
 
PPTX
Need for Threat Intelligence & How to Operationalize it for your Organisation.
byAditya Mukherjee Information Security
 
PPTX
Actionable Threat Intelligence
byOWASP Delhi
 
PDF
Cyber Threat Intelligence
byMarlabs
 
DOCX
Threat Intelligence Platform_ The Future of Cybersecurity Defense.docx
bydexposewebcast
 
PDF
Embracing Threat Intelligence and Finding ROI in Your Decision
byCylance
 
DOCX
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
bymanas23pgdm157
 
PPTX
Episode IV: A New Scope
byThreatConnect
 
PDF
ISF Congress 2016 - Session 7.2_Kukreja
byPuneet Kukreja
 
PPT
13734729.ppt
byAmitPandey388410
 
PPTX
Reduce the Attacker's ROI with Collaborative Threat Intelligence
byAlienVault
 
PPTX
07 - Indicators and Intelligence .pptx new
byssuser18349f1
 
PPTX
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
bySurfWatch Labs
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
byAndreas Sfakianakis
 
Road map for actionable threat intelligence
byabhisheksinghcs
 
Threat Intelligence (CTI) Blue Teams.pptx
byPhongTrn639136
 
Threat Intelligence 101 - Steve Lodin - Submitted
bySteve Lodin
 
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
byIBM Security
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
byJoAnna Cheshire
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
byNorth Texas Chapter of the ISSA
 
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
byDean Evans
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
byAditya Mukherjee Information Security
 
Actionable Threat Intelligence
byOWASP Delhi
 
Cyber Threat Intelligence
byMarlabs
 
Threat Intelligence Platform_ The Future of Cybersecurity Defense.docx
bydexposewebcast
 
Embracing Threat Intelligence and Finding ROI in Your Decision
byCylance
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
bymanas23pgdm157
 
Episode IV: A New Scope
byThreatConnect
 
ISF Congress 2016 - Session 7.2_Kukreja
byPuneet Kukreja
 
13734729.ppt
byAmitPandey388410
 
Reduce the Attacker's ROI with Collaborative Threat Intelligence
byAlienVault
 
07 - Indicators and Intelligence .pptx new
byssuser18349f1
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
bySurfWatch Labs
 

More from Priyanka Aash

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
byPriyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
byPriyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
byPriyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
byPriyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
byPriyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
byPriyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
byPriyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
byPriyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
byPriyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
byPriyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
byPriyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
byPriyanka Aash
 
Keynote : Presentation on SASE Technology
byPriyanka Aash
 
Keynote : AI & Future Of Offensive Security
byPriyanka Aash
 
Redefining Cybersecurity with AI Capabilities
byPriyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
byPriyanka Aash
 
Finetuning GenAI For Hacking and Defending
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
byPriyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
byPriyanka Aash
 

Recently uploaded

PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
PDF
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
Certified AI-Empowered SAFe Release Train Engineer.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 

Threat Intelligence Workshop

  • 1.
  • 2.
  • 3.
  • 4.
    Overview • Growing field.Expected to be 1.5 Billion in 2018 • Top buzzword for last 3 years • High adoption in mature organizations
  • 5.
  • 6.
    Key Elements ofThreat Intel
  • 7.
    What is actionableintelligence? • Accurate • Relevant • Timely • Aligned • Predictive • Integrated
  • 8.
    Types of Intel •Strategic Intel • Operational Intel • Tactical Intel • Technical Intel
  • 9.
  • 10.
    Intel 101 • Datavs Intelligence – Context, Intent, Capability • Tactical vs Strategic – How and what? – Who and why? • Atomic vs Composite – IP, packet string, hash – Combine multiple things • TTP- Tactics, Techniques and Procedures
  • 11.
  • 12.
    Organization Chart CISO SOC VM Planning CollectionAnalysis Technical Strategic Presentation IR
  • 13.
  • 14.
    Planning • What issuesto be addressed? • What info to be gathered? • What is the leadership and business priority?
  • 15.
    5 stage process •Planning – What are you looking for? • Collection – OSINT/HUMINT – Logs/Data points inside the org – Honeypots/nets/docs, social networks – FM-5 • Processing – Synthesis so that intelligence analysts can use • Analysis – Finished Intel- Top of the pyramid of pain • Dissemination – Customize and present to the right audience
  • 16.
  • 17.
    Taxonomy for ThreatIntelligence Threat intelligence Threat Intelligence Platform Threat Intelligence Enrichment Threat Intelligence Integration Open Source Intel Human Intel Technical Intel Adversary Intel Vulnerability Intel Strategic Intel
  • 18.
    Critical Technological capabilities KeyCritical Technologies Capabilities Host Based Collection Network Based Collection External Threat Collection Threat Intelligence Ingestion Threat Intelligence Analysis Threat Intelligence Enrichment Threat Intelligence Internal Threat Intelligence Collaboration and sharing External Threat Intelligence Collaboration and sharing
  • 19.
    Vendor Landscape • TotalVendors studied: 23 • Prominent Vendors – Open Source Intel: Recorded Future, Digital Shadows, Cyveillance – Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Cyveillance – Technical Intel: Norse Corporation , Anubis Networks, Emerging Threats – Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Symantec Deepsight – Vulnerability Intel: iSIGHT Partners, Verisign iDefence – Strategic Intel: , Surfwatch labs, Cytegic
  • 20.
    Vendor Landscape • ThreatIntelligence Platform: Lookingglass ScoutPlatform, Threat Stream Optic, ThreatQuotient ThreatQ, ThreatConnect Threat Intelligence Platorm, Vorstack Automated and Collaborated threat Intelligence. • Threat Intelligence Enrichment: Passive DNS( Farsight Security), GeoIP (MaxMind), WhoisData(Domain Tools) • Threat Intelligence Integration: Centripetal Networks, Lookingglass CloudShield
  • 21.
  • 22.
  • 23.
    STIX • STIX providesa common language for describing cyber threat information so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation.
  • 24.
    TAXII • Trusted AutomatedeXchange of Indicator Information (TAXII™) is a U.S. Department of Homeland Security (DHS)-led, community- driven effort to standardize the trusted, automated exchange of cyber threat information.
  • 25.
    How to builda program?
  • 26.
    Let’s do itnext time…
  • 27.
    But what canwe do today?
  • 28.
    Let’s start sharing-CISO Platform ISG
  • 29.