the making of a simple cyber threat intelligence gathering system
DESCRIPTION
The Making of a simple Cyber Threat Intelligence Gathering System. BrightTalk Webinar held in June 2013.TRANSCRIPT
The Making of a simple Cyber Threat Intelligence Gathering
System
Using open-source information gathering to create your own Cyber
Threat Intelligence gathering system.
Niran Seriki on Cyber Intelligence Gathering System
2
Presenter’s IntroPresenter: Niran Seriki
Role: Senior Security Consultant
Education: Industry Certifications plus Masters Degree in Information Security, Royal Holloway, University of London.
Specialised areas of interest: Cyber Security, Vulnerability Management & Cyber Threat Intelligence.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
3
Table of Contents1. Introduction2. Definitions3. Cyber Threat – More Real than ever4. Threat & Vulnerability Watch5. Open-Source Intelligence Gathering6. Creating Alerts & Feeds7. Intelligence Sorting8. Intelligence Sharing9. Conclusion
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
4
1. Introduction• This simple talk is meant to help throw some light
to how anyone, with little technical knowledge, can produce a Cyber Security Threat Intelligence Gathering System based purely on open-source information or feeds.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
5
2. Definitions
Important terms to note:1. Cyber Security2. Threat3. Intelligence Gathering4. Vulnerability5. Risk6. Severity Scores
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
6
3. Cyber Threat – More Real than Ever
• US assisting Middle Eastern allies against cyber threats from Iran, the Guardian Sunday 9 June, 2013.
• Banks get hacked, Government Institutions hacked, websites defaced, confidential data stolen, etc.
• And many other News on cyber attacks daily
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
7
4. Threat & Vulnerability Watch
1. Every organisation can have a Threat & Vulnerability Watch – monitoring threats, especially those ones that are serious enough to negatively impact business.
2. No doubt, it is a huge task, but it is not impossible!
3. Watching does not make us 100% secure but at least, it keeps us on our guard!
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
8
5. Open-Source Intelligence Gathering
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
9
6. Creating Alerts & Feeds
The Open Source Intelligence gathering list cannot be exhausted as there are new labs and researchers being added daily.
Next thing to do to make the job easier, is to create alerts and feeds.
Some of the websites have also made it easy by adding icons for easy subscriptions in form of:RSS Feeds Facebook Google+
LinkedIn Twitter
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
10
6b. Creating Alerts & Feeds
You can also set up:
1. Google Alerts with specific keywords2. iGoogle homepage can be used for feeds from
the various sites3. Internet explorer feeds4. MS Outlook RSS feeds5. Internet Explorer favourites6. Set up multiple screens for real time threat info,
etc.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
11
7. Intelligence SortingThe Information gathered can now be sorted into:1. Threats to watch and monitor2. Hacking activities, e.g. defacement, etc.3. Data Leakage & Theft4. New Malware5. New Vulnerabilities6. Zero day attacks7. Spam8. Botnets, etc.It all depends on what your organisation is interested in, to protect itself.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
12
8. Intelligence Sharing• Information or intelligence gathered can now be
shared with interested parties within the organisation.
• Using the RASCI model, some in the Organisation may need to be:
• Responsible to take immediate action• Accountable for approvals• Support sought to carry out specific tasks• Consulted because they may have knowledge of
specific subject• Informed of what is going on.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
13
9. ConclusionThis presentation simply shows how internally, we can carry out
certain tasks to help us to be aware of the Cyber attacks and warfare that have come to stay and at least, be proactive rather
than just being reactive.
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
14
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
15
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
16
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
17
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
18
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
19
Some Useful examples
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
20
10. Useful ResourcesNo doubt, there are more resources in the wild, both free and others also, that go with subscriptions.
Many Cyber Threat Intelligence labs and organisations also offer this as services (SaaS).
Please find out and do the best for your organisation and remain SAFE!
12 June 2013
Niran Seriki on Cyber Intelligence Gathering System
21
Questions?
•Thank you!
12 June 2013
Niran Seriki – Senior Security Consultant [email protected]