SlideShare uma empresa Scribd logo
1 de 22
Reduce the Attacker’s ROI with
Collaborative Threat Intelligence
@AlienVault2
Meet today’s presenters
INTRODUCTIONS
Jaime Blasco
Director, AlienVault Labs
AlienVault
@jaimeblascob
Wendy Nather
Research Director, Security
451 Research
@451Wendy
@AlienVault
What is Threat Intelligence?
Provides data that you did not already have
• Examples: reputation scoring, attack tools, threat actors
Provides data (or analysis of data) that helps you make more decisions
about defense
• Example: helping you figure out what else to look for, or what proactive
measures to take
Verizon Business VERIS taxonomy: includes both actor and action
Data sold separately; customer can decide how to apply it further
Platform or technology specifically for threat intel collection, analysis or
sharing
@AlienVault
Threat Intelligence is …
Additive – made to be collected
Secretive – part of the value is that not everyone else knows it
Transitive – built on transitive trust relationships
Elusive – can quickly expire, degrade or dry up
@AlienVault
36%
31%
28%
2%1%
3%
4%
2%
3%
1%
8%
53%
59%
61%
4%
6%
2H '13
2H '12
2H '11
Threat intelligence trends
@AlienVault
Threat Intelligence Trends
@AlienVault
Questions to Ask When Evaluating Threat
Intelligence
Which indicators are being offered?
Where does the TI come from?
How is the TI generated?
How rich is the metadata?
Is the information useful to my organization?
Does it help detect incidents?
Does it help me when responding to an incident?
Does it help triaging?
Am I able to consume the data with the technologies/tools within my enterprise?
@AlienVault
Evaluating Threat Intelligence Offerings
Origin
Variety
Freshness
Speed and scale
Relevance
False-positive rate
Confidence
Completeness
Consumability
@AlienVault
The Power of the “Crowd” for Threat Detection
Cyber criminals are reusing the same
tactics to attack multiple targets.
Collaborative threat intelligence makes
us all more secure.
 Identify, flag and block known
attackers
 Update policies/alerts to detect
threats
Reduce the attacker’s ROI
@AlienVault
Traditional Response
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
@AlienVault
Traditional Response
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
@AlienVault
Traditional Response
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
@AlienVault
Traditional Response
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Respond
@AlienVault
Traditional Response
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Respond
@AlienVault
Threat Sharing Enables Preventative response
Through an
automated, real-time,
threat exchange
framework
@AlienVault
A Real-Time Threat Exchange framework
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Open Threat Exchange
Puts Preventative Response Measures in Place Through Shared Experience
@AlienVault
A Real-Time Threat Exchange framework
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Open Threat Exchange
Protects Others in the Network With the Preventative Response Measures
@AlienVault
Global threat detection for local response
@AlienVault
Security Technologies Needed to Consume
Threat Intelligence
Proxy
Log Management
SIEM
Intrusion Detection System
Intrusion Prevention System
Network Monitoring
Firewall
End Point Protection
Forensic Tools
@AlienVault
powered by
AV Labs Threat
Intelligence
USM
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software
Inventory
VULNERABILITY ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SECURITY INTELLIGENCE
• SIEM Event Correlation
• Incident Response
THREAT DETECTION
• Network IDS
• Host IDS
• Wireless IDS
• File Integrity Monitoring
USM Product Capabilities
More Questions?
Tweet @AlienVault
NOW FOR SOME Q&A…
Join the Open Threat Exchange
http://www.alienvault.com/open-threat-exchange
Download a free 30-day trial of USM
http://www.alienvault.com/free-trial
Join us for a live demo
http://www.alienvault.com/marketing/alienvault-
usm-live-demo
@jaimeblascob @451Wendy

Mais conteúdo relacionado

Mais procurados

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
3 Hkcert Trend
3  Hkcert Trend3  Hkcert Trend
3 Hkcert Trend
SC Leung
 

Mais procurados (20)

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
Machine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedMachine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wanted
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surface
 
Medical Device Threat Modeling with Templates
Medical Device Threat Modeling with TemplatesMedical Device Threat Modeling with Templates
Medical Device Threat Modeling with Templates
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 
Threat Activity Groups - Dragos
Threat Activity Groups - Dragos Threat Activity Groups - Dragos
Threat Activity Groups - Dragos
 
Cybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already KnowCybersecurity: How to Use What We Already Know
Cybersecurity: How to Use What We Already Know
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of Cybercrime
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!Big data security in the cloud: Buzzword Bingo!
Big data security in the cloud: Buzzword Bingo!
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
3 Hkcert Trend
3  Hkcert Trend3  Hkcert Trend
3 Hkcert Trend
 

Destaque

Destaque (6)

Threat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a DestinationThreat Intelligence is a Journey; Not a Destination
Threat Intelligence is a Journey; Not a Destination
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence &  Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence &  Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 

Semelhante a Reduce the Attacker's ROI with Collaborative Threat Intelligence

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
Michael Klein
 

Semelhante a Reduce the Attacker's ROI with Collaborative Threat Intelligence (20)

A holistic view_of_enterprise_security
A holistic view_of_enterprise_securityA holistic view_of_enterprise_security
A holistic view_of_enterprise_security
 
FEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFOFEI Brisbane Lunch: Cybersecurity and the CFO
FEI Brisbane Lunch: Cybersecurity and the CFO
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdf
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
White hat march15 v2.2
White hat march15 v2.2White hat march15 v2.2
White hat march15 v2.2
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence +  SIEM: A Force to be Reckoned WithThreat Intelligence +  SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.Introduction to MicroSolved, Inc.
Introduction to MicroSolved, Inc.
 
DataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity Security Pop Quiz
DataGravity Security Pop Quiz
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 

Mais de AlienVault

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
AlienVault
 

Mais de AlienVault (20)

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?Malware Invaders - Is Your OS at Risk?
Malware Invaders - Is Your OS at Risk?
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworks
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Security operations center 5 security controls
 Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHICThe State of Incident Response - INFOGRAPHIC
The State of Incident Response - INFOGRAPHIC
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Improve Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation DirectivesImprove Security Visibility with AlienVault USM Correlation Directives
Improve Security Visibility with AlienVault USM Correlation Directives
 
How Malware Works
How Malware WorksHow Malware Works
How Malware Works
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Reduce the Attacker's ROI with Collaborative Threat Intelligence

  • 1. Reduce the Attacker’s ROI with Collaborative Threat Intelligence
  • 2. @AlienVault2 Meet today’s presenters INTRODUCTIONS Jaime Blasco Director, AlienVault Labs AlienVault @jaimeblascob Wendy Nather Research Director, Security 451 Research @451Wendy
  • 3. @AlienVault What is Threat Intelligence? Provides data that you did not already have • Examples: reputation scoring, attack tools, threat actors Provides data (or analysis of data) that helps you make more decisions about defense • Example: helping you figure out what else to look for, or what proactive measures to take Verizon Business VERIS taxonomy: includes both actor and action Data sold separately; customer can decide how to apply it further Platform or technology specifically for threat intel collection, analysis or sharing
  • 4.
  • 5. @AlienVault Threat Intelligence is … Additive – made to be collected Secretive – part of the value is that not everyone else knows it Transitive – built on transitive trust relationships Elusive – can quickly expire, degrade or dry up
  • 8. @AlienVault Questions to Ask When Evaluating Threat Intelligence Which indicators are being offered? Where does the TI come from? How is the TI generated? How rich is the metadata? Is the information useful to my organization? Does it help detect incidents? Does it help me when responding to an incident? Does it help triaging? Am I able to consume the data with the technologies/tools within my enterprise?
  • 9. @AlienVault Evaluating Threat Intelligence Offerings Origin Variety Freshness Speed and scale Relevance False-positive rate Confidence Completeness Consumability
  • 10. @AlienVault The Power of the “Crowd” for Threat Detection Cyber criminals are reusing the same tactics to attack multiple targets. Collaborative threat intelligence makes us all more secure.  Identify, flag and block known attackers  Update policies/alerts to detect threats Reduce the attacker’s ROI
  • 11. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products
  • 12. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack
  • 13. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect
  • 14. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • 15. @AlienVault Traditional Response First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Respond
  • 16. @AlienVault Threat Sharing Enables Preventative response Through an automated, real-time, threat exchange framework
  • 17. @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Puts Preventative Response Measures in Place Through Shared Experience
  • 18. @AlienVault A Real-Time Threat Exchange framework First Street Credit Union Alpha Insurance Group John Elway Auto Nation Regional Pacific Telecom Marginal Food Products Attack Detect Open Threat Exchange Protects Others in the Network With the Preventative Response Measures
  • 20. @AlienVault Security Technologies Needed to Consume Threat Intelligence Proxy Log Management SIEM Intrusion Detection System Intrusion Prevention System Network Monitoring Firewall End Point Protection Forensic Tools
  • 21. @AlienVault powered by AV Labs Threat Intelligence USM ASSET DISCOVERY • Active Network Scanning • Passive Network Scanning • Asset Inventory • Host-based Software Inventory VULNERABILITY ASSESSMENT • Continuous Vulnerability Monitoring • Authenticated / Unauthenticated Active Scanning BEHAVIORAL MONITORING • Log Collection • Netflow Analysis • Service Availability Monitoring SECURITY INTELLIGENCE • SIEM Event Correlation • Incident Response THREAT DETECTION • Network IDS • Host IDS • Wireless IDS • File Integrity Monitoring USM Product Capabilities
  • 22. More Questions? Tweet @AlienVault NOW FOR SOME Q&A… Join the Open Threat Exchange http://www.alienvault.com/open-threat-exchange Download a free 30-day trial of USM http://www.alienvault.com/free-trial Join us for a live demo http://www.alienvault.com/marketing/alienvault- usm-live-demo @jaimeblascob @451Wendy

Notas do Editor

  1. Need to add their photos
  2. Q: Let’s talk first about threat intelligence in general. How is it different from, say, a list of bad IPs for you to block at the firewall>
  3. Just about every security tool out there is claiming to include threat intelligence. If you have several of these products in-house, is that enough threat intelligence for the organization to get by? If you’re CISO at a small- or medium-size organization, and you’re shopping for threat intelligence, how would you evaluate the offerings? (move to next slide after asking question)
  4. Couldn’t an enterprise just subscribe to the same open source threat intelligence feeds that everyone else does? What more does collaborative threat-sharing bring to the table? (then go to next slide)
  5. Many threat-sharing groups are either ISACs (information sharing and analysis centers) or private groups where you have to know the right people to take part. How do SMBs get into the game? How do enterprises make sure that they’re not exposing confidential information when they share threat intelligence?
  6. Are large enterprises and small ones going to benefit from the same types of threat intelligence, or do they need different kinds? How does AlienVault’s product help security staff consume threat intelligence?