session 7.3 implementing threat intelligence systems - moving from chaos to structure
TRANSCRIPT
Copyright 2015 © Information Security Forum Limited
1ISF’s 26th Annual World Congress - Atlanta
IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURESpeakers:
Puneet KukrejaPartner, Cyber Advisory, Deloitte
Chair:
Nick FrostISF
Demystifying Threat Intelligence -keeping it real
ISF World Congress – 2015 Atlanta U.S.A.
3
Our Discussion
Threat landscape
Defining threat intelligence
Threat intelligence lifecycle
Challenges of threat intelligence
What we need
What can I takeaway
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Threat LandscapeThe cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud.
Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Threat landscape
Distributed Denial of Service (DDoS)
Application Layer Attacks
Brute Force Attacks
Network Protocol Attacks
Known Vulnerability Exploitation
Zero Day Exploitation
Phishing
Rogue Update Attacks
Watering Hole Attacks
Types of Cyber
Attacks
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Threat landscape
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
“There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON
Defining threat intelligence?
Source: Gartner Definition – Threat Intelligence
Gartne
r
STRATEGIC TACTICAL TECHNICAL OPERATIONAL
TYPES OF THREAT INTELLIGENCE
SOURCE: Centre for the Protection of National Infrastructure – UK Government
Defining threat intelligence?
SOURCE: Centre for the Protection of National Infrastructure – UK Government
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Is it all about the Kill Chain?
Threat intelligence lifecycle
RECONNAISSANCE
WEAPONISATION
DELIVERY
EXPLOITATIONINSTALLATION
COMMAND & CONTROL
ACTIONS ON OBJECTIVES
THE KILL
CHAIN
1
2
3
45
6
7
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Is it just not another control process?
Threat intelligence lifecycle
PLANNING
DIRECTION
COLLECTION
PROCESSINGANALYSIS
PRODUCTION
DISSEMINATION
1
2
3
45
6
7
Standards supporting threat intelligence
The Trusted Automated eXchange of Indicator Information (TAXII™)
Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™)
Cyber Observable eXpression (CybOX™)
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/
STIX Architecture
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
STIX Use Case (sharing threat information)
Source: http://stixproject.github.io/getting-started/whitepaper/
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
Challenges of threat intelligenceWhy do I ask that question?
Attack Graphs
Stakeholders
Scenario Planning
Integrated Architecture
Business Case
Threat Modelling
Contextual
Requirements
Threat Actors
Actionable
Governance
Threat Feeds
What we needAttributes to measure threat intelligence
Accurate
Relevant
Aligned to Requirements
Tailored
Integrated
Timely
Predictive
Actionable
Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence
What can I take away
Improves visibility & reporting
Integration is required
across design, engineering
and operations
Begins with critical
systems and asset
inventory
Do not overlook security
operations process maturity
Is only as good as your
asset and threat profile classification
Vendors are only as good as “your” use
cases
It’s no Silver Bullet
Thank youPuneet Kukreja | Partner | Cyber Advisory
Deloitte Australia
Copyright 2015 © Information Security Forum Limited
19ISF’s 26th Annual World Congress - Atlanta
QUESTIONS?
Copyright 2015 © Information Security Forum Limited
20ISF’s 26th Annual World Congress - Atlanta
Please feel free to contact us for further discussion:Puneet Kukreja – Partner, Cyber Advisory, [email protected]
Nick Frost - [email protected]