zero-day threats: how to get ahead of attackers with threat intelligence
TRANSCRIPT
3
Challenges to detect and respond to Cyberthreats
Advanced attacks—harder to detect and faster compromises
Limited resources/time – need better prioritization, what is at risk? what do I fix first?
Limited context from fragmented tools — need high-confidence actionable intelligence
Spending Trends in Threat Intelligence
4
39%
36%
31%
28%
2%
2%
4%
1%
3%
2%
4%
2%
3%
1%
8%
50%
53%
59%
61%
4%
4%
6%
2H '14
2H '13
2H '12
2H '11
5
What is threat
intelligence?
Provides data that you did not already have
Examples: reputation scoring, attack tools, threat actors
Provides data (or analysis of data) that helps you make more decisions about defense
Example: helping you figure out what else to look for, or what proactive measures to take
Data sold separately; customer can decide how to apply it further
Threat intelligence is: Additive – made to be collected
Secretive – part of the value is that not
everyone else knows it
Transitive – built on transitive trust
relationships
Elusive – can quickly expire, degrade or dry
up
6
Key Evaluation Criteria
7
Origin Variety Freshness Speed and Scale Relevance
False Positive Rate
Confidence Completeness Consumability
How to make the best use of threat
intelligence:
Automate what you can: automated
attacks need automated defenses
Save analyst resources for the subtle,
complex data that helps you pinpoint
what’s most probable for you
8
Use threat intelligence to:
Perform a reality check on your risk
assessments
Prioritize your projects
Make the best use of staff time
Support your spending
Overcome information asymmetry
Put the attacker on the defensive
10
Threat Intelligence – detect, analyze and verify zero-day and advanced persistent threats
Vulnerability Intelligence – automate vulnerability and risk information for prioritized response
Endpoint Intelligence – high-fidelity configuration, integrity and system-state information
Log / Event Intelligence – capture all events, enable analytics, forensics and compliance
Threat Analytics – helps analyze, detect and respond with speed and precision
Advanced Detection – threat intelligence helps verify new and advanced threat detection
Forensics – combine network log/event and endpoint security intelligence for deeper context
Threat Response – confidently prioritize to reduce attack surface and minimize risk/loss
Identify suspicious files
on critical assets
Send files to partner for
analysis
Update controls based
on identified threats
!
Advanced Threat
Detection Real-Time File Monitoring
Support for multiple Threat
Intelligence services
Automates analysis
Identifies zero-day, known
and unknown threats
Automatically download
Indicators of Compromise
Apply Tripwire policies
to monitor for IOCs
Drive workflow for
remediation
IOCs
Advanced Monitoring Standards-based
integration
Industry specific threat
identification
Automates analysis
Identifies potentially
compromised assets
Continuously reduce
attack surface
Adaptive
Threat
ProtectionEndpoint Intelligence
Vulnerability Intelligence
Threat Intelligence
Threat Analytics
Forensics
Zero-Day Detection
Threat Response
Log & Event Intelligence