Blueliv is a leading provider of targeted cyber threat intelligence aimed at large enterprises and security vendors, focusing on converting global threat data into actionable intelligence. The document discusses the importance of adaptive security, contextual awareness, and automation in modern cybersecurity, highlighting the complexity and costs associated with traditional security measures. It emphasizes the need for organizations to evolve their security posture to combat the continuously changing landscape of cyber threats.

1. Agenda

2. Agenda
• Blueliv-Intro
• Quick Recap TI
• Contextual Awareness
• Integration with existing security products
• Automated Threat Response
• Why Adaptive Security Matters
• Q&A
2

3. Blueliv Intro

4. CONFIDENTIAL
A different take on Cyber-Security
4
12,000,000
Stolen
credential
and credit
cards
2,000,000
Crime
servers
500,000
Malware
samples
• What we do:
Blueliv is a leading provider of targeted cyber threat information and analysis intelligence
for large enterprises, service providers, and security vendors.
Blueliv turns global threat data into predictive, actionable intelligence to identify, correlate
and remediate targeted cyber threats.
• Our Mission:
Maintaining our leading position in cyber threat intelligence by continuously developing
new solutions and adding new intelligence to the platform.
4
In 2015,
we’ve discovered:

5. CONFIDENTIAL
Alliances
5
Blueliv Threat Intelligence solutions integrates with CERT, SOC, and SIEMs via API &
Plug-ins.

6. CONFIDENTIAL
6
Partners
18 Fortune 2000 satisfied clients
Financial Institutions
Insurance
MSSP´s
Utilities
Retail
Italy Canada
6
They rely on us…

7. Quick Recap Targeted TI

8. CONFIDENTIAL
Botnets and
C&C
Targeted malware Credit card theft
Hacktivism Data leakage Phishing &
Cybersquatting
Rouge Mobile
Apps
The Different Types Of Threats
A Organisation Could Face In 2016
8

9. CONFIDENTIAL
Actionable Threat Intelligence
INFORMATION INTELLIGENCE
Unfiltered Should be processed
Not evaluated on delivery Evaluated
Can be incomplete, false or irrelevant Cross correlated for accuracy
Could be simply aggregated Relevant to your organisation
9

10. CONFIDENTIAL
Adaptive Security
Adaptive
Security
Contextual
awareness Integration with
existing
security real
estate
Automation
out of the
box
Automated
threat
response
10

11. Traditional Security Models

12. CONFIDENTIAL
Current Approaches
• MRTI – normally taken to be a feed – Open/propriety sources
• Can come in many shapes and sizes - Generic
• Traditional approach - feed into my SIEM
• Good as it goes but once its in your SIEM then what ?
• Then you have to spend time taking feed data and correlating
it with a bunch of other stuff (For e.g. Web server Logs source
IP)
12

13. CONFIDENTIAL
Current Approaches
13
Costly in terms of
human input needed
SIEM
Feed
Analys
t

14. CONFIDENTIAL
Current Approaches
• Could current approaches lead to the cost of protecting data
and technological infrastructure exceeding its value ?
• Integrate feeds – your own plus public = costs
• Detective work – Do you have time ???
• Different verticals have different needs in fact organisations
within the same vertical have different needs
• This gives rise to complexity and the inability to define clearly
what are my CTI needs
14

15. Contextual Awareness

16. CONFIDENTIAL
Why does it matter ?
Adaptive
Security
Contextual
awareness
16
More accurate security decisions lead to impacts that effect a business
less adversely. What are the key characteristics of contextually aware
security?

17. CONFIDENTIAL
IOC’s
17
Contextual
Awareness
Targeted
Users
File
Hashes
URL IP
Malware
Type
Host
Names

18. CONFIDENTIAL
What Can I do With It – Response Types ?
18
Operational
Tactical

19. Integration With
Existing Security Real Estate

20. CONFIDENTIAL
Think differently
20
Fraud
Engine
Firewalls
IPS/IDS SIEM

21. CONFIDENTIAL
Deployed solution inside your network
• Tell your endpoint what it exactly needs to be looking for
• Forensic tool set
• Fingerprint network traffic
• SIEM
• DLP
21

22. CONFIDENTIAL
Existing tool set work smarter
• Collect compromised IP’s
• Compromised accounts
• Mule accounts
• Bespoke targeted customer security alerts
• Example - Pharming attacks
• DNS Fast Flux
22

23. Automation Out Of The Box

24. CONFIDENTIAL
The Challenges of TI
• Volume, Velocity & Veracity
• Do I have time to worry about the 3 V’s
• Do I have the resource to process the 3 V’s
• Associated costs high
• Is there a simpler way
24

25. CONFIDENTIAL
What Automation Gives Me
25
Technical
complexity
Volume
Identify RC
faster
Faster
Remediation

26. CONFIDENTIAL
Automation – Targeted Intelligence
• First Responders
• Who , What & Why
• Which Binary is attacking me
• Attacks constantly evolving Just In Time Malware
• Don’t think just act
• 3 R’s
26

27. Why Adaptive Security Matters

28. CONFIDENTIAL
What Will Adaptive Security Give Me?
• Targeted Intelligence – Automation- Adaptive Security
• Attack vectors in a constant state of flux
• Can you afford to be in a constant change of flux
• Winter is coming prepare for it
• Detect – Investigate- Prioritize- Contain – Remediate
• Adaptive security allows you to fine tune your security posture
28

29. CONFIDENTIAL
What Will Adaptive Security Give Me?
• Ability to scale the complexity of the technical threats
you face
• Ability to scale the technical complexity of the response
• Build you a more rounded strategic response
• Devolve a security posture specific to your cyber risk
profile & quantify and qualify
• Reduce costs
29

30. CONFIDENTIAL
Wait & See
• Is the wait and see approach the best one ?
• “We thought we had taken security seriously. We were
underestimating the challenge,"
• "Being honest pays dividends”
• Don’t get caught out – adaptive security will help you
avoid costly mistakes
• Heat Map- action plan
30

31. Questions?
?
?
?
?
?

32. CONFIDENTIAL
Additional Resources
Gartner has named Blueliv a Cool Vendor 2015
in Communications Service Provider Security
Report:
https://www.blueliv.com/blueliv-named-a-cool-vendor-in-
communications-service-provider-security/
32
Blueliv Q3 2015
Cyber Intelligence Report:
https://www.blueliv.com/downloads/docu
mentation/reports/Network_insights_of_
Dyre_and_Dridex_Trojan_bankers.pdf
Network Insights
of Dyre and Dridex Trojan
Bankers:
https://www.blueliv.com/downloads/docume
ntation/reports/Network_insights_of_Dyre_
and_Dridex_Trojan_bankers.pdf

33. CONFIDENTIAL
Join Blueliv Open Community!
33
Get access to our Live Crime Server map and benefit
from our free online malware analysis sandbox: https://map.blueliv.com

34. THANK YOU
info@blueliv.com @blueliv linkedin.com/company/blueli
v
www.blueliv.co
m

35. © 2016 Leap In Value S.L. All rights reserved.
The information provided in this document is the property of Blueliv, and any modification or
use of all or part of the content of this document without the express written consent of
Blueliv is strictly prohibited. Failure to reply to a request for consent shall in no case be
understood as tacit authorization for the use thereof.
Blueliv ® is a registered trademark of Leap In Value S.L. in the United States and other
countries. All other brand names, product names or trademarks belong to their respective
owners.
35