sale • 0day +1 released and known • Vulnerability alerts • Patch update alerts • IDS and FW reports/logs • DMZ logs and alerts • Leveraging as many security feeds online as possible
your technical environment • The security landscape in the wild • The successes and failures of your technical measures • The successes and failures of the adversary
The status of your technical defense measures – The likelihood of compromise per vulnerabilites – The current adversaries and their successes – The current adversaries and their failures – Methods used in compromises (DFIR)
be integrated to see the threats to YOUR environment. It’s no good to be reporting that Anonymous is threatening BofA if you are not a bank or affiliated with them”
your defenses – Determine weak points in your defenses – Correct processes – Correct technical defenses (patches/rules etc) – Be ahead of the curve and proactive
Understand your security posture & improve it – Understand the attacks carried out against you – Understand the adversaries modus operandi – Proactively prevent attack success (hopefully)