3

Challenges to detect and respond to Cyberthreats

Advanced attacks—harder to detect and faster compromises

Limited resources/time – need better prioritization, what is at risk? what do I fix first?

Limited context from fragmented tools — need high-confidence actionable intelligence

Spending Trends in Threat Intelligence

4

39%

36%

31%

28%

2%

2%

4%

1%

3%

2%

4%

2%

3%

1%

8%

50%

53%

59%

61%

4%

4%

6%

2H '14

2H '13

2H '12

2H '11

5

What is threat

intelligence?

Provides data that you did not already have

Examples: reputation scoring, attack tools, threat actors

Provides data (or analysis of data) that helps you make more decisions about defense

Example: helping you figure out what else to look for, or what proactive measures to take

Data sold separately; customer can decide how to apply it further

Threat intelligence is: Additive – made to be collected

Secretive – part of the value is that not

everyone else knows it

Transitive – built on transitive trust

relationships

Elusive – can quickly expire, degrade or dry

up

6

Key Evaluation Criteria

7

Origin Variety Freshness Speed and Scale Relevance

False Positive Rate

Confidence Completeness Consumability

How to make the best use of threat

intelligence:

Automate what you can: automated

attacks need automated defenses

Save analyst resources for the subtle,

complex data that helps you pinpoint

what’s most probable for you

8

Cheeseburger risk management

9

Use threat intelligence to:

Perform a reality check on your risk

assessments

Prioritize your projects

Make the best use of staff time

Support your spending

Overcome information asymmetry

Put the attacker on the defensive

10

Threat Intelligence – detect, analyze and verify zero-day and advanced persistent threats

Vulnerability Intelligence – automate vulnerability and risk information for prioritized response

Endpoint Intelligence – high-fidelity configuration, integrity and system-state information

Log / Event Intelligence – capture all events, enable analytics, forensics and compliance

Threat Analytics – helps analyze, detect and respond with speed and precision

Advanced Detection – threat intelligence helps verify new and advanced threat detection

Forensics – combine network log/event and endpoint security intelligence for deeper context

Threat Response – confidently prioritize to reduce attack surface and minimize risk/loss

Identify suspicious files

on critical assets

Send files to partner for

analysis

Update controls based

on identified threats

!

Advanced Threat

Detection Real-Time File Monitoring

Support for multiple Threat

Intelligence services

Automates analysis

Identifies zero-day, known

and unknown threats

Automatically download

Indicators of Compromise

Apply Tripwire policies

to monitor for IOCs

Drive workflow for

remediation

IOCs

Advanced Monitoring Standards-based

integration

Industry specific threat

identification

Automates analysis

Identifies potentially

compromised assets

Continuously reduce

attack surface

Adaptive

Threat

ProtectionEndpoint Intelligence

Vulnerability Intelligence

Threat Intelligence

Threat Analytics

Forensics

Zero-Day Detection

Threat Response

Log & Event Intelligence

tripwire.com | @TripwireInc

Thank You!

tripwire.com | @TripwireInc