Upload File

using threat intelligence to - champlain college saint-lambert · using threat intelligence to...

  • Home
  • Documents
  • Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski [email protected]
32

Upload: others

Post on 21-May-2020

8 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 2: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Using Threat Intelligence to Secure IoT

Threat Hunting with Open Source

Steve Skoronski [email protected]

Page 3: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Why?

• IoT is expanding rapidly, as is connectivity

• The stakes have never been higher

• The impact has never been so severe

Page 4: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

IoT Security Market Overview

Page 5: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 6: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

8©2018 Check Point Software Technologies Ltd.

Spectre and Meltdown

Page 7: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Proof of Concept

Page 8: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Firmware Emulation - Firmadyne

Page 9: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Cyber Kill Chain from Lockheed Martin

Page 10: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Where to Start?

• Security Professionals and Administrators alike are drowning in data

• This means there is a lack of situational awareness

• It also means a long time to react, amplifying the security event impact on the business, reputation and brand perception

Page 11: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

The Setup

Page 12: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 13: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 14: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Diagram credit to Corelight

Page 15: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 16: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 17: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

IoT Development Kits

Page 18: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Stage 1: Collection - Data Inputs

• The reference infrastructure has many data collection points we can ingest to start getting a wider and deeper view;• Network Firewall – providing information on layer 2-7 data

crossing that network perimeter

• Ubiquiti’s Unifi Software Defined Controller for UAP-AC-Lite Wireless Access Point

• Syslog from simpler network devices / bro for devices that cannot log (IoT)

Page 19: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 20: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Stage 2 – Normalization

• Search and Reporting App very helpful to validate correct collection and format• Apps were used in conjunction with data inputs to view

from several perspectives, IE, Splunk Security Essentials

•Validation with proxy indicators – other correlation and reporting tools as a starting point for asking questions of the dataset

Page 21: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 22: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 23: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Threat Feeds

Page 24: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 25: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 26: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 27: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Transportation

Manufacturing

Smart cities

Smart buildings

Banking

Utilities

Healthcare

Telecom

Automotive

Energy

Smart homes

cloud

AI ADAPTIVE SECURITY CONTROLS

Page 28: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com
Page 29: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

33©2018 Check Point Software Technologies Ltd.

Introducing the Micro Gateway

Centralized Management

Easy Deployment / Zero Touch Provisioning

Integrated FW & VPN in a Micro Gateway

Wired & Wireless Support

Monitoring & Control via Mobile App

Page 30: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

34©2018 Check Point Software Technologies Ltd.

Protection Against Known and Unknown Threats

Enforce defined security policies

Accurately detect anomalous behavior

and identify threats in real time

Granular protocol understanding

Discover all IoT devices

Page 31: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

35©2018 Check Point Software Technologies Ltd.

Page 32: Using Threat Intelligence to - Champlain College Saint-Lambert · Using Threat Intelligence to Secure IoT Threat Hunting with Open Source Steve Skoronski sskorons@checkpoint.com

Off to the Lab!

I appreciate your time!


CYBER THREAT INTELLIGENCE ESTIMATE 2017€¦ · 2017 THREAT LANDSCAPE REPORT Cyber Threat Intelligence 7 8. THREAT ACTORS When security professionals talk about threat actors, they

Threat Intelligence Briefing

CYBER THREAT INTELLIGENCE - Microsoft...Cyber threat intelligence supports the following cyber security ... Optiv’s Cyber Threat Intelligence Workshop was developed to advise and

THREAT INTELLIGENCE PLATFORMSdocs.media.bitpipe.com/io_12x/io_128188/item_1253423/ThreatCon… · Effective threat intelligence management is an ongoing effort. The threat landscape

Certified Threat Intelligence Analyst...04 Certified Threat Intelligence Analyst Why Organizations Need A Threat Intelligence Team Traditional approaches to malicious attacks are slowly

Threat intelligence platform explained

Cyber Threat Intelligence Training Series · 2020-05-13 · Cyber Threat Intelligence Training Series Course Introduction and Objective Cyber Threat Intelligence (CTI) Training Series

THREAT INTELLIGENCE PLATFORM...threat intelligence analysts, incident response (IR), and risk management and vulnerability teams with the curated threat intelligence they need to take

Kaspersky Threat Intelligence Portal...Threat Intelligence Resource Subscribers to Kaspersky’s Threat Intelligence Portal enjoy a single point of entry to: Kaspersky Threat Data

HITRUST Cyber Threat Intelligence and Incident ... · HITRUST Cyber Threat Intelligence and Incident Coordination ... HITRUST Cyber Threat Intelligence and Incident Coordination Center

Cyber Threat Intelligence Modeling Based on Heterogeneous ... · 2.1Cyber Threat Intelligence Cyber Threat Intelligence (CTI) extracted from security-related data is structured information

Nokia Threat Intelligence Report - Amazon S3 · 9 Nokia Threat Intelligence Report-H2 2016 Powered by Nokia Threat Intelligence Laboratories Malware in fixed residential networks

Building Successful Threat Intelligence Programs · Building Successful Threat Intelligence Programs Allan Thomson, LookingGlass CTO June 2017 ... “Threat Intelligence” –evidence-based

NETSCOUT THREAT INTELLIGENCE REPORT · NETSCOUT Threat Intelligence LETTER FROM NETSCOUT THREAT INTELLIGENCE Today, attackers can release enormous terabit-per second-scale DDoS attacks

Shellshock Threat Intelligence Report

THREAT INTELLIGENCE · 2020. 1. 28. · AlienVault’s Approach to Threat Intelligence AlienVault® takes a comprehensive approach to our threat intelligence. First, we collect millions

Solution Brief Core Threat Intelligence - · PDF fileCore’s Threat Intelligence, ... + Correlate with threat intelligence to provide context to a ... C&C Indicators of Compromise

Global Threat Intelligence Center (GTIC) 2017 … Security Q2 2017... · Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report Q2 2017. ... In previous editions

Cyber Threat Intelligence Enterprise & Cyber … Threat Intelligence Enterprise & Cyber Security August 2017 Copyright Fujitsu Limited 2017 Global Impact Fujitsu Cyber Threat Intelligence

Threat Intelligence

SMARTER Threat Intelligence · Our threat intelligence is derived from the Webroot® Threat Intelligence Platform, our proprietary cloud-based security analysis architecture designed

Certified Threat Intelligence Analyst - Koenig Solutions · Certified Threat Intelligence Analyst Course Outline Module 01: Introduction to Threat Intelligence Understanding Intelligence

Threat Intelligence - NCC Group · Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific

MACHINE READABLE THREAT INTELLIGENCE - CRNi.crn.com/custom/LookingGlass_MRTI Feeds_Final_Nov_2016.pdf · machine readable threat intelligence collecting internet intelligence for

Cyber Threat Intelligence Training Series · Cyber Threat Intelligence Training Series Course Introduction and Objective Cyber Threat Intelligence (CTI) Training Series is a 5-days

Standardizing Cyber Threat Intelligence …stixproject.github.io/about/STIX_Whitepaper_v1.1.pdfStandardizing Cyber Threat Intelligence Information with the Structured Threat Information

Threat monitor Threat Intelligence Report Q1 2020

Cyber Threat Intelligence

Cyber Threat Intelligence: Integrating the Intelligence Cycle · Cyber Threat Intelligence: Integrating the Intelligence Cycle Elias Fox and Michael Norkus, Cyber Threat Intelligence

Using Threat Intelligence

group-ib.com Threat Detection System Group−IB THREAT ... · group-ib.com How Threat Intelligence Works • Your security systems continuously detect threats. • Threat Intelligence

THREAT INTELLIGENCE REPORT - banduracyber.com · 2018 THREAT INTELLIGENCE REPORT 6 Organizations are leveraging their cyber threat intelligence data for a number of use cases. Easily

State of Threat Intelligence Studyf6ce14d4647f05e937f4-4d6abce208e5e17c2085b466b98c2083.r3.cf1.rackcdn.c…Operationalizing Threat Intelligence .....11 2016 Threat Intelligence Agenda

Threat Intelligence Solution Demonstration

What is Cyber Threat Intelligence and how is it used?€¦ · 6 What is Cyber Threat Intelligence and how is it used? What is cyber threat intelligence? Cyber Threat Intelligence