How can organizations create an adaptive security program using targeted threat intelligence?
More accurate security decisions lead to impacts that effect a business less adversely. What are the key characteristics of contextually-aware security?
4. CONFIDENTIAL
A different take on Cyber-Security
4
12,000,000
Stolen
credential
and credit
cards
2,000,000
Crime
servers
500,000
Malware
samples
• What we do:
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence
for large enterprises, service providers, and security vendors.
Blueliv turns global threat data into predictive, actionable intelligence to identify, correlate
and remediate targeted cyber threats.
• Our Mission:
Maintaining our leading position in cyber threat intelligence by continuously developing
new solutions and adding new intelligence to the platform.
4
In 2015,
we’ve discovered:
8. CONFIDENTIAL
Botnets and
C&C
Targeted malware Credit card theft
Hacktivism Data leakage Phishing &
Cybersquatting
Rouge Mobile
Apps
The Different Types Of Threats
A Organisation Could Face In 2016
8
9. CONFIDENTIAL
Actionable Threat Intelligence
INFORMATION INTELLIGENCE
Unfiltered Should be processed
Not evaluated on delivery Evaluated
Can be incomplete, false or irrelevant Cross correlated for accuracy
Could be simply aggregated Relevant to your organisation
9
12. CONFIDENTIAL
Current Approaches
• MRTI – normally taken to be a feed – Open/propriety sources
• Can come in many shapes and sizes - Generic
• Traditional approach - feed into my SIEM
• Good as it goes but once its in your SIEM then what ?
• Then you have to spend time taking feed data and correlating
it with a bunch of other stuff (For e.g. Web server Logs source
IP)
12
14. CONFIDENTIAL
Current Approaches
• Could current approaches lead to the cost of protecting data
and technological infrastructure exceeding its value ?
• Integrate feeds – your own plus public = costs
• Detective work – Do you have time ???
• Different verticals have different needs in fact organisations
within the same vertical have different needs
• This gives rise to complexity and the inability to define clearly
what are my CTI needs
14
16. CONFIDENTIAL
Why does it matter ?
Adaptive
Security
Contextual
awareness
16
More accurate security decisions lead to impacts that effect a business
less adversely. What are the key characteristics of contextually aware
security?
21. CONFIDENTIAL
Deployed solution inside your network
• Tell your endpoint what it exactly needs to be looking for
• Forensic tool set
• Fingerprint network traffic
• SIEM
• DLP
21
22. CONFIDENTIAL
Existing tool set work smarter
• Collect compromised IP’s
• Compromised accounts
• Mule accounts
• Bespoke targeted customer security alerts
• Example - Pharming attacks
• DNS Fast Flux
22
24. CONFIDENTIAL
The Challenges of TI
• Volume, Velocity & Veracity
• Do I have time to worry about the 3 V’s
• Do I have the resource to process the 3 V’s
• Associated costs high
• Is there a simpler way
24
26. CONFIDENTIAL
Automation – Targeted Intelligence
• First Responders
• Who , What & Why
• Which Binary is attacking me
• Attacks constantly evolving Just In Time Malware
• Don’t think just act
• 3 R’s
26
28. CONFIDENTIAL
What Will Adaptive Security Give Me?
• Targeted Intelligence – Automation- Adaptive Security
• Attack vectors in a constant state of flux
• Can you afford to be in a constant change of flux
• Winter is coming prepare for it
• Detect – Investigate- Prioritize- Contain – Remediate
• Adaptive security allows you to fine tune your security posture
28
29. CONFIDENTIAL
What Will Adaptive Security Give Me?
• Ability to scale the complexity of the technical threats
you face
• Ability to scale the technical complexity of the response
• Build you a more rounded strategic response
• Devolve a security posture specific to your cyber risk
profile & quantify and qualify
• Reduce costs
29
30. CONFIDENTIAL
Wait & See
• Is the wait and see approach the best one ?
• “We thought we had taken security seriously. We were
underestimating the challenge,"
• "Being honest pays dividends”
• Don’t get caught out – adaptive security will help you
avoid costly mistakes
• Heat Map- action plan
30
32. CONFIDENTIAL
Additional Resources
Gartner has named Blueliv a Cool Vendor 2015
in Communications Service Provider Security
Report:
https://www.blueliv.com/blueliv-named-a-cool-vendor-in-
communications-service-provider-security/
32
Blueliv Q3 2015
Cyber Intelligence Report:
https://www.blueliv.com/downloads/docu
mentation/reports/Network_insights_of_
Dyre_and_Dridex_Trojan_bankers.pdf
Network Insights
of Dyre and Dridex Trojan
Bankers:
https://www.blueliv.com/downloads/docume
ntation/reports/Network_insights_of_Dyre_
and_Dridex_Trojan_bankers.pdf
33. CONFIDENTIAL
Join Blueliv Open Community!
33
Get access to our Live Crime Server map and benefit
from our free online malware analysis sandbox: https://map.blueliv.com