SlideShare a Scribd company logo

Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure

Download as PPTX, PDF
Puneet Kukreja, profile picture
Puneet Kukreja

Puneet Kukreja of Deloitte gave a presentation at the ISF's 26th Annual World Congress on implementing threat intelligence systems. He discussed defining threat intelligence, the threat landscape facing organizations, and challenges in threat intelligence. Kukreja also covered the threat intelligence lifecycle, standards like STIX and TAXII, using cases studies and attributes to measure threat intelligence effectiveness. The presentation emphasized that threat intelligence requires integration across security operations and is one part of an overall security strategy.

1 of 20
Downloaded 60 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Copyright 2015 © Information Security Forum Limited 1ISF’s 26th Annual World Congress - Atlanta IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURE Speakers: Puneet Kukreja Partner, Cyber Advisory, Deloitte Chair: Nick Frost ISF
Demystifying Threat Intelligence -keeping it real ISF World Congress – 2015 Atlanta U.S.A.
Our Discussion 3 Threat landscape Defining threat intelligence Threat intelligence lifecycle Challenges of threat intelligence What we need What can I takeaway
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat Landscape The cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud. Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape Distributed Denial of Service (DDoS) Application Layer Attacks Brute Force Attacks Network Protocol Attacks Known Vulnerability Exploitation Zero Day Exploitation Phishing Rogue Update Attacks Watering Hole Attacks Types of Cyber Attacks
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence “There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON Defining threat intelligence? Source: Gartner Definition – Threat Intelligence Gartner STRATEGIC TACTICAL TECHNICAL OPERATIONAL TYPES OF THREAT INTELLIGENCE SOURCE: Centre for the Protection of National Infrastructure – UK Government
Defining threat intelligence? SOURCE: Centre for the Protection of National Infrastructure – UK Government
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it all about the Kill Chain? Threat intelligence lifecycle RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATIONINSTALLATION COMMAND & CONTROL ACTIONS ON OBJECTIVES THE KILL CHAIN 1 2 3 45 6 7
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it just not another control process? Threat intelligence lifecycle PLANNING DIRECTION COLLECTION PROCESSINGANALYSIS PRODUCTION DISSEMINATION 1 2 3 45 6 7
Standards supporting threat intelligence The Trusted Automated eXchange of Indicator Information (TAXII™) Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) Cyber Observable eXpression (CybOX™)
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/ STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Use Case (sharing threat information) Source: http://stixproject.github.io/getting-started/whitepaper/
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Challenges of threat intelligence Why do I ask that question? Attack Graphs Stakeholders Scenario Planning Integrated Architecture Business Case Threat Modelling Contextual Requirements Threat Actors Actionable Governance Threat Feeds
What we need Attributes to measure threat intelligence Accurate Relevant Aligned to Requirements Tailored Integrated Timely Predictive Actionable
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence What can I take away Improves visibility & reporting Integration is required across design, engineering and operations Begins with critical systems and asset inventory Do not overlook security operations process maturity Is only as good as your asset and threat profile classification Vendors are only as good as “your” use cases It’s no Silver Bullet
Thank you Puneet Kukreja | Partner | Cyber Advisory Deloitte Australia
Copyright 2015 © Information Security Forum Limited 19ISF’s 26th Annual World Congress - Atlanta QUESTIONS?
Copyright 2015 © Information Security Forum Limited 20ISF’s 26th Annual World Congress - Atlanta Please feel free to contact us for further discussion: Puneet Kukreja – Partner, Cyber Advisory, Deloitte pkukreja@deloitte.coma.au Nick Frost - ISF nick.frost@securityforum.org

More Related Content

PDF
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
PPTX
2016 ISSA Conference Threat Intelligence Keynote philA
Phil Agcaoili
 
PDF
Cyber Threat Intelligence
mohamed nasri
 
PPTX
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
PDF
Cyber intelligence for corporate security
G3 intelligence Ltd
 
PPTX
Cyber Threat Intelligence
Prachi Mishra
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PDF
Cyber Threat Intelligence
Marlabs
 
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
2016 ISSA Conference Threat Intelligence Keynote philA
Phil Agcaoili
 
Cyber Threat Intelligence
mohamed nasri
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Cyber Threat Intelligence
Prachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Intelligence
Marlabs
 

What's hot (20)

PPTX
Threat intelligence in security
Osama Ellahi
 
PDF
Cyber Threat Intelligence
ZaiffiEhsan
 
PPTX
The Sweet Spot of Cyber Intelligence
Tieu Luu
 
PDF
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
PPTX
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
PDF
Threat Intelligence Workshop
Priyanka Aash
 
PDF
TiC
Cory Kennedy
 
PDF
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
PPTX
6 Steps for Operationalizing Threat Intelligence
Sirius
 
PPTX
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM
 
PDF
Sans cyber-threat-intelligence-survey-2015
Roy Ramkrishna
 
PPTX
Cyber threat intelligence: maturity and metrics
Mark Arena
 
PPTX
Actionable Threat Intelligence
OWASP Delhi
 
PDF
Insa cyber intelligence 2011
Mousselmal Tarik
 
PPTX
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
 
PDF
Cyber threat intelligence ppt
Kumar Gaurav
 
PPTX
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 
PDF
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
PPTX
Threat Intelligence Data Collection & Acquisition
EC-Council
 
Threat intelligence in security
Osama Ellahi
 
Cyber Threat Intelligence
ZaiffiEhsan
 
The Sweet Spot of Cyber Intelligence
Tieu Luu
 
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Intelligence | Information to Insight
Deep Shankar Yadav
 
Threat Intelligence Workshop
Priyanka Aash
 
TiC
Cory Kennedy
 
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
6 Steps for Operationalizing Threat Intelligence
Sirius
 
The Making of a simple Cyber Threat Intelligence Gathering System
Niran Seriki, CCISO, CISM
 
Sans cyber-threat-intelligence-survey-2015
Roy Ramkrishna
 
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Actionable Threat Intelligence
OWASP Delhi
 
Insa cyber intelligence 2011
Mousselmal Tarik
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
 
Cyber threat intelligence ppt
Kumar Gaurav
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Santiago Bassett
 
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Threat Intelligence Data Collection & Acquisition
EC-Council
 
Ad

Viewers also liked (20)

PDF
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
PDF
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
PDF
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
PDF
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
Dr David Probert
 
PPTX
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
SurfWatch Labs
 
PDF
Pivotal role of intelligence analysis in ILP
dalened
 
PPTX
Information Fusion Methods for Location Data Analysis
Alket Cecaj
 
PPT
Competitive intelligence-analysis-tools-for-economic-development
Praxis Gnosis
 
PDF
Ontologijos, semantinis saitynas ir semantinė paieška
Saulius Maskeliunas
 
PDF
Cyber Threat Intelligence: Who is Targeting your Information?
Control Risks
 
PDF
Executive Communications
Pat Scherer
 
PDF
Data Fusion for Dealing with the Recommendation Problem
Denis Parra Santander
 
PPT
2004 06 intelligence analysis seminar
Robert David Steele Vivas
 
PDF
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
Pierre Memheld
 
PPTX
What can go wrong in executive communications
Executive Communications
 
PPT
Eidws 110 operations
IT2Alcorn
 
PPT
Eidws 109 communications
IT2Alcorn
 
PPT
Eidws 111 opsec
IT2Alcorn
 
PPT
Eidws 112 intelligence
IT2Alcorn
 
PPT
intelligence report format
Maynard Wright
 
Bridging the Gap Between Threat Intelligence and Risk Management
Priyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
Dr David Probert
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
SurfWatch Labs
 
Pivotal role of intelligence analysis in ILP
dalened
 
Information Fusion Methods for Location Data Analysis
Alket Cecaj
 
Competitive intelligence-analysis-tools-for-economic-development
Praxis Gnosis
 
Ontologijos, semantinis saitynas ir semantinė paieška
Saulius Maskeliunas
 
Cyber Threat Intelligence: Who is Targeting your Information?
Control Risks
 
Executive Communications
Pat Scherer
 
Data Fusion for Dealing with the Recommendation Problem
Denis Parra Santander
 
2004 06 intelligence analysis seminar
Robert David Steele Vivas
 
Intelligence Analysis & Cognitive Biases: an Illustrative Case Study
Pierre Memheld
 
What can go wrong in executive communications
Executive Communications
 
Eidws 110 operations
IT2Alcorn
 
Eidws 109 communications
IT2Alcorn
 
Eidws 111 opsec
IT2Alcorn
 
Eidws 112 intelligence
IT2Alcorn
 
intelligence report format
Maynard Wright
 
Ad

Similar to Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure (20)

PDF
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Andreas Sfakianakis
 
PDF
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
 
PDF
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
JoAnna Cheshire
 
PPTX
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
PPT
13734729.ppt
AmitPandey388410
 
PDF
Threat_intelligence_Handbook
Bruno Rafael
 
DOCX
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
manas23pgdm157
 
PPTX
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
PPTX
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
 
PDF
Road map for actionable threat intelligence
abhisheksinghcs
 
PPTX
Intelligence-based computer network defence: Understanding the cyber kill cha...
Huntsman Security
 
PDF
Journey to the Center of Security Operations
♟Sergej Epp
 
PPTX
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
Anthony Melfi
 
PPTX
Hands-On Security - ES Guided Tour
Splunk
 
PPTX
What i learned at issa international summit 2019
Ulf Mattsson
 
PDF
SplunkLive Wellington 2015 - Splunk for Security
Splunk
 
PDF
SplunkLive Auckland 2015 - Splunk for Security
Splunk
 
PDF
Splunk for Security
Gabrielle Knowles
 
PPTX
Operational Security Intelligence
Splunk
 
PDF
Addressing the cyber kill chain
Symantec Brasil
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Andreas Sfakianakis
 
ISF Congress 2016 - Session 7.2_Kukreja
Puneet Kukreja
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
JoAnna Cheshire
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
13734729.ppt
AmitPandey388410
 
Threat_intelligence_Handbook
Bruno Rafael
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
manas23pgdm157
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
 
Road map for actionable threat intelligence
abhisheksinghcs
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Huntsman Security
 
Journey to the Center of Security Operations
♟Sergej Epp
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
Anthony Melfi
 
Hands-On Security - ES Guided Tour
Splunk
 
What i learned at issa international summit 2019
Ulf Mattsson
 
SplunkLive Wellington 2015 - Splunk for Security
Splunk
 
SplunkLive Auckland 2015 - Splunk for Security
Splunk
 
Splunk for Security
Gabrielle Knowles
 
Operational Security Intelligence
Splunk
 
Addressing the cyber kill chain
Symantec Brasil
 

Session 7.3 Implementing threat intelligence systems - Moving from chaos to structure

  • 1. Copyright 2015 © Information Security Forum Limited 1ISF’s 26th Annual World Congress - Atlanta IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURE Speakers: Puneet Kukreja Partner, Cyber Advisory, Deloitte Chair: Nick Frost ISF
  • 2. Demystifying Threat Intelligence -keeping it real ISF World Congress – 2015 Atlanta U.S.A.
  • 3. Our Discussion 3 Threat landscape Defining threat intelligence Threat intelligence lifecycle Challenges of threat intelligence What we need What can I takeaway
  • 4. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat Landscape The cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud. Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth
  • 5. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape Distributed Denial of Service (DDoS) Application Layer Attacks Brute Force Attacks Network Protocol Attacks Known Vulnerability Exploitation Zero Day Exploitation Phishing Rogue Update Attacks Watering Hole Attacks Types of Cyber Attacks
  • 6. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Threat landscape
  • 7. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence “There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON Defining threat intelligence? Source: Gartner Definition – Threat Intelligence Gartner STRATEGIC TACTICAL TECHNICAL OPERATIONAL TYPES OF THREAT INTELLIGENCE SOURCE: Centre for the Protection of National Infrastructure – UK Government
  • 8. Defining threat intelligence? SOURCE: Centre for the Protection of National Infrastructure – UK Government
  • 9. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it all about the Kill Chain? Threat intelligence lifecycle RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATIONINSTALLATION COMMAND & CONTROL ACTIONS ON OBJECTIVES THE KILL CHAIN 1 2 3 45 6 7
  • 10. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Is it just not another control process? Threat intelligence lifecycle PLANNING DIRECTION COLLECTION PROCESSINGANALYSIS PRODUCTION DISSEMINATION 1 2 3 45 6 7
  • 11. Standards supporting threat intelligence The Trusted Automated eXchange of Indicator Information (TAXII™) Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) Cyber Observable eXpression (CybOX™)
  • 12. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Architecture
  • 13. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/ STIX Architecture
  • 14. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence STIX Use Case (sharing threat information) Source: http://stixproject.github.io/getting-started/whitepaper/
  • 15. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Challenges of threat intelligence Why do I ask that question? Attack Graphs Stakeholders Scenario Planning Integrated Architecture Business Case Threat Modelling Contextual Requirements Threat Actors Actionable Governance Threat Feeds
  • 16. What we need Attributes to measure threat intelligence Accurate Relevant Aligned to Requirements Tailored Integrated Timely Predictive Actionable
  • 17. Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence What can I take away Improves visibility & reporting Integration is required across design, engineering and operations Begins with critical systems and asset inventory Do not overlook security operations process maturity Is only as good as your asset and threat profile classification Vendors are only as good as “your” use cases It’s no Silver Bullet
  • 18. Thank you Puneet Kukreja | Partner | Cyber Advisory Deloitte Australia
  • 19. Copyright 2015 © Information Security Forum Limited 19ISF’s 26th Annual World Congress - Atlanta QUESTIONS?
  • 20. Copyright 2015 © Information Security Forum Limited 20ISF’s 26th Annual World Congress - Atlanta Please feel free to contact us for further discussion: Puneet Kukreja – Partner, Cyber Advisory, Deloitte pkukreja@deloitte.coma.au Nick Frost - ISF nick.frost@securityforum.org