O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

CYB205-1 Evolving Threat Landscapes_01.pptx

Carregando em…3

Confira estes a seguir

1 de 14 Anúncio

Mais Conteúdo rRelacionado

Semelhante a CYB205-1 Evolving Threat Landscapes_01.pptx (20)

Mais recentes (20)


CYB205-1 Evolving Threat Landscapes_01.pptx

  1. 1. Click Here CYB205-1 Evolving Threat Landscapes Lec. 01
  2. 2. COURSE LEARNING OUTCOMES  Describe the evolving cybersecurity threat landscape.  Explain cybersecurity mitigation and defense strategies.  Discuss modern-day cybersecurity trends.  Define cyber security policy, enforcement and compliance.  Define Artificial Intelligence (AI).
  3. 3. COURSE EVALUATION  Discussion Forums & Debate: 30%  Individual Assignment: 15%  Group Project (Case Study): 25%  Final quiz/exam: 30%
  4. 4. Threat, Vulnerability, and Risk Threat Actor Threat intelligence types Threat Intelligence Feeds Threat intelligence sources Traffic Light Protocol (TLP) Agenda
  5. 5. Threat, Vulnerability, and Risk Threat Any circumstance or event with the potential to adversely impact organizational operations, assets, or individuals. Vulnerability Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered. Risk A measure of the extent to which an entity is threatened by a potential circumstance or event.
  6. 6. Threat intelligence types Strategic High level info on changing risks Tactical Attacker Tools Tactics, Procedures Operational Incoming attacks against company or industry Technical Indicators of Compromise High level Low level Low Time-to-Live High Time-to-Live
  7. 7. • What? • Threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. • Why? • Help organizations to understand the threats that have, will, or are currently targeting the organization. • How? • Open-source intelligence • Commercial intelligence Threat Intelligence Feeds
  8. 8. OSINT Open Source Intelligence • Derived from open sources (e.g. mainstream media, Internet forums, paste sites, etc. • Pros: good for ‘context’ and ‘big picture’ • Cons: multiple languages, interpretation, noise TECHINT Technical Intelligence • Technical indicators (e.g. IP addresses, hashes, domains, tools & techniques) • Pros: easy to consume and drive automation • Cons: difficult to ‘contextualize’ SIGINT Signals Intelligence • Derived from analysis of communications, often in one’s own environment • Pros: low noise; if you’re seeing it, you’re experiencing it • Cons: requires extensive apparatus Threat intelligence sources
  9. 9. • Canadian Center for cyber Security CCCS • Department of Homeland Security: Automated Indicator Sharing • FBI: InfraGard Portal • @abuse.ch: Ransomware Tracker • SANS: Internet Storm Center • VirusTotal: VirusTotal • Cisco: Talos Intelligence • VirusShare: VirusShare Malware Repository • Google: Safe Browsing • National Council of ISACs: Member ISACs • The Spamhaus Project: Spamhaus Open-source Intelligence Feeds Commercial Intelligence Feeds  Recorded Future
  10. 10. NIST 800-150 “Guide to Threat Information Sharing” • Threat information that has been aggregated, transformed, analysed, interpreted, or enriched to provide the necessary context for decision-making processes.
  11. 11. Thank You

Notas do Editor

  • The threat landscape is the entirety of potential and identified cyberthreats affecting a particular sector, group of users, time period, and so forth.
    ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis.
  • 1. Department of Homeland Security: Automated Indicator Sharing

    Private companies are able to report cyber threat indicators with the DHS, which are then distributed via the Automated Indicator Sharing website. This database helps reduce the effectiveness of simple attacks by exposing malicious IP addresses, email senders, and more.

    2. FBI: InfraGard Portal

    The FBI’s InfraGard Portal provides information relevant to 16 sectors of critical infrastructure. Private and public sector organizations can share information and security events, and the FBI also provides information on cyber attacks and threats that they are tracking.

    3. @abuse.ch: Ransomware Tracker

    Ransomware Tracker collects data related to ransomware attacks so that security teams can check IP addresses and URLs against those that are known to be involved in attacks. The tracker provides detailed information on the servers, sites, and infrastructure that have been exploited by ransomware actors, as well as recommendations for preventing attacks.

    4. SANS: Internet Storm Center

    The Internet Storm Center, formerly known as the Consensus Incidents Database, came to prominence in 2001, when it was responsible for the detection of the “Lion” worm. It uses a distributed sensor network that takes in over 20 million intrusion detection log entries per day to generate alerts regarding security threats. The site also provides analysis, tools, and forums for security professionals.

    5. VirusTotal: VirusTotal

    VirusTotal uses dozens of antivirus scanners, blacklisting services, and other tools to analyze and extract data from files and URLs submitted by users. The service can be used to quickly check incidents like suspected phishing emails, and every submission is retained in its database to build a global picture of cyber threats.

    6. Cisco: Talos Intelligence

    The Talos threat intelligence team protects Cisco customers, but there is a free version of their service available. Talos’ unmatched tools and experience provide information about known threats, new vulnerabilities, and emerging dangers. Talos also provides research and analysis tools.

    7. VirusShare: VirusShare Malware Repository

    VirusShare is an online repository of malware created and maintained by J-Michael Roberts, a digital forensics examiner. The site gives researchers, incident responders, and forensic investigators access millions of malware samples.

    8. Google: Safe Browsing

    The Safe Browsing service identifies dangerous websites and shares the information to raise awareness of security risks. Safe Browsing finds thousands of unsafe sites every day, many of which are legitimate sites that have been compromised by hackers.

    9. National Council of ISACs: Member ISACs

    While some ISAC feeds are quite expensive, others are free. The National Council of ISACs provides a comprehensive list.

    10. The Spamhaus Project: Spamhaus

    Spamhaus is a European non-profit that tracks cyber threats and provides real-time threat intelligence. Spamhaus has developed comprehensive block-lists for known spammers and malware distributors, which they provide to ISPs, email service providers, and individual organizations.