session 7.3 implementing threat intelligence systems - moving from chaos to structure

Copyright 2015 © Information Security Forum Limited

1ISF’s 26th Annual World Congress - Atlanta

IMPLEMENTING THREAT INTELLIGENCE SYSTEMS: MOVING FROM CHAOS TO STRUCTURESpeakers:

Puneet KukrejaPartner, Cyber Advisory, Deloitte

Chair:

Nick FrostISF

Demystifying Threat Intelligence -keeping it real

ISF World Congress – 2015 Atlanta U.S.A.

3

Our Discussion

Threat landscape

Defining threat intelligence

Threat intelligence lifecycle

Challenges of threat intelligence

What we need

What can I takeaway

Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence

Threat LandscapeThe cyber threat landscape will continue to deteriorate as the attack surface expands with advances through digital innovation via IoT, consumerisation of enterprise mobility and cloud.

Source: http://blogs.cisco.com/ciscoit/cisco-security-intelligence-operations-defense-in-depth


Threat landscape

Distributed Denial of Service (DDoS)

Application Layer Attacks

Brute Force Attacks

Network Protocol Attacks

Known Vulnerability Exploitation

Zero Day Exploitation

Phishing

Rogue Update Attacks

Watering Hole Attacks

Types of Cyber

Attacks


Threat landscape


“There is nothing more necessary than good intelligence to frustrate a designing enemy & nothing requires greater pains to obtain” - - GEORGE WASHINGTON

Defining threat intelligence?

Source: Gartner Definition – Threat Intelligence

Gartne

r

STRATEGIC TACTICAL TECHNICAL OPERATIONAL

TYPES OF THREAT INTELLIGENCE

SOURCE: Centre for the Protection of National Infrastructure – UK Government

Defining threat intelligence?

SOURCE: Centre for the Protection of National Infrastructure – UK Government


Is it all about the Kill Chain?


RECONNAISSANCE

WEAPONISATION

DELIVERY

EXPLOITATIONINSTALLATION

COMMAND & CONTROL

ACTIONS ON OBJECTIVES

THE KILL

CHAIN

1

2

3

45

6

7


Is it just not another control process?


PLANNING

DIRECTION

COLLECTION

PROCESSINGANALYSIS

PRODUCTION

DISSEMINATION

1

2

3

45

6

7

Standards supporting threat intelligence

The Trusted Automated eXchange of Indicator Information (TAXII™)

Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™)

Cyber Observable eXpression (CybOX™)


STIX Architecture

Deloitte Touche Tohmatsu © 2015 - Demystifying Threat Intelligence Source: http://stix.mitre.org/

STIX Architecture


STIX Use Case (sharing threat information)

Source: http://stixproject.github.io/getting-started/whitepaper/


Challenges of threat intelligenceWhy do I ask that question?

Attack Graphs

Stakeholders

Scenario Planning

Integrated Architecture

Business Case

Threat Modelling

Contextual

Requirements

Threat Actors

Actionable

Governance

Threat Feeds

What we needAttributes to measure threat intelligence

Accurate

Relevant

Aligned to Requirements

Tailored

Integrated

Timely

Predictive

Actionable


What can I take away

Improves visibility & reporting

Integration is required

across design, engineering

and operations

Begins with critical

systems and asset

inventory

Do not overlook security

operations process maturity

Is only as good as your

asset and threat profile classification

Vendors are only as good as “your” use

cases

It’s no Silver Bullet

Thank youPuneet Kukreja | Partner | Cyber Advisory

Deloitte Australia



QUESTIONS?



Please feel free to contact us for further discussion:Puneet Kukreja – Partner, Cyber Advisory, [email protected]

Nick Frost - [email protected]

mailto:[email protected]





session 7.3 implementing threat intelligence systems - moving from chaos to structure

Documents