Upgrade to Pro — share decks privately, control downloads, hide ads and more …

University of Dallas Threat Intelligence

University of Dallas Threat Intelligence

F0c9efd79ff9ea97a28f8552fae3b645?s=128

Rick Holland

February 24, 2016
Tweet

Transcript

  1. 1 Threat Intelligence Awakens Rick Holland @rickhholland VP Strategy University

    of Dallas, 022416
  2. 2

  3. 3 Attending?

  4. 4 Episode Derp

  5. 5

  6. 6 Threat intelligence defined: Details of the motivations, intent, and

    capabilities of internal and external threat actors. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513
  7. 7 Threat intelligence defined: Threat intelligence includes specifics on the

    tactics, techniques, and procedures of these adversaries. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513
  8. 8 Threat intelligence defined: Threat intelligence's primary purpose is to

    inform business decisions regarding the risks and implications associated with threats. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513
  9. 9 THREAT INTELLIGENCE OPERATIONS @rickhholland

  10. 10 Indicators of Exhaustion There’s too many of them!

  11. 11

  12. 12 ‣  Before you invest in any commercial provider, you

    must scavenge your own intrusions ‣  No threat intel is more relevant than what is occurring within your own environment Rey is a scavenger
  13. 13 > 35 years? And you’ve never fired a bowcaster?

    Really?
  14. 14 The ship that made the Kessel Run in twelve

    parsecs
  15. 15 ‣  You don’t have the best technology and most

    expensive intel sources to be effective ‣  The Millennium Falcon approach (DIY / Open Source tools) is perfectly acceptable She may not look like much, but she's got it where it counts
  16. 16 Collaborate, find your Bros

  17. 17 ‣  For most sharing is putting the cart before

    the horse ‣  Share processes & tradecraft Don’t just share indicators
  18. 18 ANALYSTS @rickhholland

  19. 19 That’s all she is, yes. A scavenger from that

    inconsequential Jakku.
  20. 20 Fear leads to anger. Anger leads to hate. Hate

    leads to poor analysis.
  21. 21 Avoid analytical pitfalls

  22. 22 Avoid analytical pitfalls Daniel Kahneman reveals “where we can

    and cannot trust our intuitions and how we can tap into the benefits of slow thinking.”
  23. 23 Easier to track down Luke than to hire analysts?

  24. 24 ‣  Many are going to have to rely upon

    3rd parties (intel providers and MSSPs for support ) ‣  Look at providers who offer analysts on demand or tailored intelligence offerings Not enough analysts to go around
  25. 25 You need younglings

  26. 26 ‣  Work with universities ‣  Get on the advisory

    board for cyber security degree programs ‣  Help universities provide practical curriculum for their students Finding talent
  27. 27 ‣  Maturity doesn’t just evolve, it can devolve ‣ 

    You must be creative with retention strategies: •  Remote workers •  Training (Individual & team) •  Career pathing •  Work with HR to create salary exceptions Retention is critical
  28. 28 I’VE HAVE A BAD FEELING ABOUT THIS @rickhholland

  29. 29 ‣  Buy Buy Buy! Chasing silver bullets ‣  Buy

    all the feedz! ‣  Not prepared to demonstrate the value of threat intelligence program Many security programs are setup for failure
  30. 30 ‣  Conduct after action reviews post intrusion and capture

    intelligence ‣  Measure and track - Time to detection, containment, remediation Do this
  31. 31 ‣  Analyze all intel sources and track sightings. Periodically

    reevaluate sources ‣  Produce your own strategic intelligence Do this
  32. 32 Avoid this

  33. 33 Thank you! @rickhholland https://speakerdeck.com/rick_holland