Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UNITED Security Summit: Fantastic Threat Intell...

Rick Holland
November 03, 2016
Technology
1
79

UNITED Security Summit: Fantastic Threat Intelligence and Where to Find it

Threat intelligence supports incident prevention, detection, and response and can contribute to an organization’s risk-based security posture. However, there is a big difference between having intelligence and using intelligence. The value you get from threat intelligence depends not just on the intelligence itself, but how it is applied and used throughout the entire security process. This talk will cover how to select and implement a strategy that works for your environment, common pitfalls when applying intelligence, and how to develop meaningful metrics to measure success. We’ll discuss practical strategies for identifying how threat intelligence can best support the detection, validation, and investigation of known and unknown threats. Attendees will walk away armed with the knowledge and confidence to evolve their detection and response capabilities. https://www.unitedsummit.org/agenda.jsp

Rick Holland

November 03, 2016
Tweet

More Decks by Rick Holland

See All by Rick Holland
DFW CTI Pros: Inglorious Threat Intelligence
rick_holland
1
170
SANS CTI Summit Inglorious Threat Intelligence
rick_holland
1
120
Tactical threat intelligence gotcha down? There is a better way.
rick_holland
1
130
Archc0n 2016 - Doctor's Orders: Cybersecurity programs need an intervention
rick_holland
1
120
MACH37 Dinner Series: Engaging industry analysts for fun and profit
rick_holland
4
1.6k
University of Dallas Threat Intelligence
rick_holland
1
83
Threat Intelligence Awakens
rick_holland
2
980
Threat Intelligence is Like Three Day Potty Training
rick_holland
1
240
State of Cyber Threat Intelligence Address
rick_holland
2
130

Other Decks in Technology

See All in Technology
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.8k
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
510
アジャイルでの品質の進化 Agile in Motion vol.1/20241118 Hiroyuki Sato
shift_evolve
0
140
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120

Featured

See All Featured
Practical Orchestrator
shlominoach
186
10k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
A designer walks into a library…
pauljervisheath
204
24k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Site-Speed That Sticks
csswizardry
0
25

Transcript

  1. Fantastic Threat Intelligence and Where to Find it Rebekah Brown,

    Rapid7 Rick Holland, Digital Shadows
  2. None

  3. SORTING TIME!

  4. CISOs/Management You use threat intelligence to understand the threats facing

    you and make strategic decisions. 1 SET DIRECTION STRATEGIC 2 ANSWER TOUGH QUESTIONS 3

  5. Pentesters You use threat intelligence to emulate the attackers to

    make sure networks can stand up against real-world attacks. 1 2 3 CLEVER SNEAKY USE POWERS FOR GOOD

  6. Incident Responders You use threat intelligence to prevent, detect and

    respond to attacker activity. 1 2 3 FIND PROTECT ERADICATE

  7. Operations/IT You use threat intelligence to prioritize efforts and stay

    ahead of threats. 1 2 3 STEADFAST CONSISTENT CRITICAL

  8. WHAT HOUSE ARE YOU? •  Ravenclaw •  Slytherin •  Gryffindor

    •  Hufflepuff SURVEY TIME!
  9. None
  10. None
  11. None
  12. None

  13. “Threat intelligence helps make decisions about preventing and detecting attackers.”

    Rebekah Brown & Rick Holland
  14. None
  15. None
  16. None

  17. Everyone gets excited about Hungarian Horntails

  18. Meanwhile, dementors have actually attacked YOUR organization

  19. THREAT_NOTE

  20. THREAT_NOTE

  21. Motivations: Make Wizarding Great Again Target sector: Muggles, Half- Bloods,

    Ministry of Magic Tactics: Crucio, Imperio, Avada Kedavra Threat Actor Profile: Death Eaters

  22. Which critical business activities must you protect?

  23. SEC Form 10-K Risk Factors

  24. SURVEY TIME! Have you ever reviewed your company’s Form 10-

    K? •  A - Yes •  B – No

  25. What is the digital footprint for these risks?

  26. None
  27. None

  28. Where do you get threat intelligence? • A - Commercial Feeds

    • B – Open Source Feeds • C – Commercial Tools • D – Threat Actor Reports/Blogs • E – I don’t use it or I don’t know SURVEY TIME!

  29. “Never trust anything that can think for itself if you

    can’t see where it keeps its brain.” Harry Potter and the Chamber of Secrets

  30. http://iplists.firehol.org/ • Not all created equal • Handling/maintenance varies • Nearly useless without

    context • Can be useful if implemented correctly
  31. None
  32. None
  33. None

  34. ThreatCrowd.org

  35. APT Notes – Strategic Intelligence

  36. Tying Everything Together

  37. Demo Slides for IDR • I WILL GET THESE NEXT WEEK!

  38. Demo Slide 2

  39. Demo Slide 3

  40. None