Using Threat Intelligence to Address Your Growing Digital Risk

Using Threat Intelligence
to Address Your
Growing Digital Risk

Today’s Speaker
Adam Meyer
Chief Security Strategist
SurfWatch Labs
2

The Fabric of Cyber
3
• Cyber is tied to the fabric of everything
necessary to run a business,
connecting or enabling your:
- Supply chain
- Customer base
- Business support applications
- Financials
- IT Infrastructure
- Marketing and Sales
- Communications

The Threat Balloon
4
Cybercriminals
shift their tactics to hit
targets that are:
“Attractive” and “Soft”
This is a blind spot
in your risk program

The CISO’s Tug of War
5
Intelligence Operations (Tracking threats) vs. Network Defense (Stop the Bleeding)
All of the Breached Companies Had Security Tools and Staff…
Why is it that spending keeps increasing but nothing ever changes?
Source: EMC

Your Digital Footprint is Expanding
Beyond Traditional Corporate Walls
6

Increased Risk From
Your Physical Infrastructure
7
• Building Automation
- “Smart” Consumables
- Facilities Devices
- HVAC
• Operational Technology
- ICS/SCADA Devices
• Physical Security
- CCTV
- Access Control

Increased Risk From
Your Employees
8
• Insider Risk
- Malicious Data Leakage
- Extortion
- Fraud
• Identity/Access Management
- Exposed Credentials
- Employee Doxing
• Social Engineering
- Phishing
- Phone Scams
- Help Desk Scams

Increased Risk From
Your Public-Facing Presence
9
• Customer Portals
- Brute Force Attempts
- Customer Account Takeover
- Customer Account Transfer
• Social Media
- Account Takeover
- Malicious Followers
- Social Media Threat “Chatter”
• Company Site and Blog
- Brand Profiling
- Domain Hijack/Theft
- Account Takeover

Increased Risk From
Your Supply Chain
10
• Partners
- Data Exchange
- Connectivity
- Data “Custodianship”
• As-a-Service Vendors
- Customer Impact
- Brand Impact
- Service Impact
• Suppliers
- Financials Transactions
- Data Exchange
- Availability

Increased Risk From
Criminal/Fraud Activity
11
• Dark Web Markets
- Sale of Commodities
- Counterfeit Efforts
- Fraud Efforts
• Cybercrime Forums
- Discussion About “You”
- Sharing of Sensitive Information
• Open Source
- Blogs
- Forums
- Social Media
- Paste Sites

Increased Risk From
Your Technology Infrastructure
12
• Devices
- Threats Targeting Your Devices
- Threats Targeting Your Device Vendors
• Applications
- Vulnerabilities Affecting Your Apps
- Threats Targeting Your Apps
• Software (A Stack)
- Vulnerabilities Affecting Your Software
Suites and Capabilities
- Threats Targeting Your Software Suites
and Capabilities

How Does Your Digital Footprint
Translate into Increased Risk?
13
• Network-enabled or "smart" IOT
devices are commonplace
• The potential of having numerous
devices per building potentially
translates into the largest digital
footprint that is NOT under proper
security management
• According to IDC forecasts, 40
percent of the information in the
digital universe requires some level
of protection, but only half of that
data is protected.

IoT Threat Examples
14
Rise of the IoT Botnets
• Proliferation of devices
• DDoS attacks
• Ease of weaponization –
ala Mirai, which
weaponizes vulnerable IoT
devices
Distribution of Mirai Botnet in October attack

Dark Web Forum Example
15
Sentry MBA is a credential-stuffing tool that tests stolen
credentials against the authentication mechanisms on websites
and mobile application API servers to discover instances of
password reuse across those applications, and enable large-
scale account takeovers.

Dark Web Market Example
16
Fake Web Pages to use in phishing attacks – Bank of Montreal

Physical Infrastructure Example
17
BACnet was designed to allow communication of building automation and control
systems for applications such as heating, ventilating, and air-conditioning control
(HVAC), lighting control, access control, and fire detection systems and their
associated equipment. The BACnet protocol provides mechanisms for
computerized building automation devices to exchange information, regardless
of the particular building service they perform.

Physical Infrastructure Example
18
Tridium Niagara is an IoT Building Automation Manufacturer
Device
belongs to
an Assisted
Living
Facility in
NY

Using Threat Intelligence to Drive
More Effective Risk Decisions
19
Gain critical insights on ACTIVE threats and risks to
your business and can be applied to different areas
• Threat Intel teams – know threat actors and their motivations
to improve your defenses
• Fraud teams – understand what commodities are being
monetized so you can minimize fraud
• Partners and Suppliers – understand the “presence” your
vendors have to complement supply chain risk management
• Breach Response – improve your planning and preparation
instead of waiting to “get the call” from law enforcement
• Executives and BoDs – understand the impact of cyber risk on
your business and know where/how to best allocate resources
to effectively mitigate risk
• Brand Management – understand and mitigate brand risks
from open and dark web sources

20
SurfWatch Cyber Advisor:
Strategic and Operational CTI
• Establish a unique, in-depth cyber risk profile
• Collect relevant threat data from a wide
range of open, deep and dark web sources
• Continuously and proactively monitor for
new, emerging or trending threats to your
business, supply chain and industry
• Produce “to-the-point” cyber threat alerts
and reports with risk mitigation
recommendations
• Establish and/or extend your cyber threat
intel operation with automated data
collection and processing, a team of expert
analysts and SaaS visualization software

21
Gain a Complete Picture of Your
Digital Risk Landscape
How do cyber risks impact your…
• Business processes
• Critical IT infrastructure
• Brand
• Finances
• Customers
• Suppliers
• and More…

22
Aggregate and Standardize Cyber
Data from Thousands of Sources
• Social Media
• Cyber Expert Blogs and News Feeds
• Vulnerability Reports
• PII Release Reports
• Phishing and Breach Reports
• Deep Web, Dark Web Markets and Forums
• Paste Sites
• Customers

23
Team of Human Experts
• Former U.S. Intelligence Analysts
• Operational Cybersecurity Practitioners
• Relevant Threats are Mapped to Your
Key Business Areas so You Know Your
Cyber Strengths and Weaknesses
• Analysis of Actors, Threat Campaigns,
etc. includes Specific Best Practice
Recommendations to Take Meaningful
Action and Mitigate Risk

24
Stay Ahead of Cyber Criminals
• Receive actionable alerts on ONLY cyber
threats relevant to your business
• Read personalized risk reports, written in
plain English and based on your profile
• Easy to understand and share with key
business and technical stakeholders
across the enterprise
- Executives and Board of Directors
- Legal
- IT Operations
- Information Security
- Enterprise Risk Management
- Fraud Department

25
Keep Up with Evolving Risk
• Proactively monitor changes in your cyber
risk profile
• Access to SurfWatch Threat Analyst so
your team can review, monitor and analyze
relevant intel
• Ongoing alerts and reports when a relevant
threat matches your risk profile
• Analyst team on standby for specific
questions including threat impact
assessment, actor profiles, TTPs, and more
• Receive updated list of phishing URLs and
IPs based on SurfWatch collected data,
along with assistance in notifying providers
to initiate “takedown”

Q&A and Additional
SurfWatch Labs Resources
26
SurfWatch Cyber Advisor:
www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:
www.surfwatchlabs.com/threat-intel
Dark Web Intelligence:
www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:
info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence

Using Threat Intelligence to Address Your Growing Digital Risk

More Related Content

What's hot

Similar to Using Threat Intelligence to Address Your Growing Digital Risk

More from SurfWatch Labs

Recently uploaded

Using Threat Intelligence to Address Your Growing Digital Risk