University of Dallas Threat Intelligence

Transcript

1. 1 Threat Intelligence Awakens Rick Holland @rickhholland VP Strategy University

   of Dallas, 022416

2. 2

3. 3 Attending?

4. 4 Episode Derp

5. 5

6. 6 Threat intelligence defined: Details of the motivations, intent, and

   capabilities of internal and external threat actors. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513

7. 7 Threat intelligence defined: Threat intelligence includes specifics on the

   tactics, techniques, and procedures of these adversaries. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513

8. 8 Threat intelligence defined: Threat intelligence's primary purpose is to

   inform business decisions regarding the risks and implications associated with threats. Source: Forrester Research, Five Steps To Build An Effective Threat Intelligence Capability, 011513

9. 9 THREAT INTELLIGENCE OPERATIONS @rickhholland

10. 10 Indicators of Exhaustion There’s too many of them!

11. 11

12. 12 ‣  Before you invest in any commercial provider, you

    must scavenge your own intrusions ‣  No threat intel is more relevant than what is occurring within your own environment Rey is a scavenger

13. 13 > 35 years? And you’ve never fired a bowcaster?

    Really?

14. 14 The ship that made the Kessel Run in twelve

    parsecs

15. 15 ‣  You don’t have the best technology and most

    expensive intel sources to be effective ‣  The Millennium Falcon approach (DIY / Open Source tools) is perfectly acceptable She may not look like much, but she's got it where it counts

16. 16 Collaborate, find your Bros

17. 17 ‣  For most sharing is putting the cart before

    the horse ‣  Share processes & tradecraft Don’t just share indicators

18. 18 ANALYSTS @rickhholland

19. 19 That’s all she is, yes. A scavenger from that

    inconsequential Jakku.

20. 20 Fear leads to anger. Anger leads to hate. Hate

    leads to poor analysis.

21. 21 Avoid analytical pitfalls

22. 22 Avoid analytical pitfalls Daniel Kahneman reveals “where we can

    and cannot trust our intuitions and how we can tap into the benefits of slow thinking.”

23. 23 Easier to track down Luke than to hire analysts?

24. 24 ‣  Many are going to have to rely upon

    3rd parties (intel providers and MSSPs for support ) ‣  Look at providers who offer analysts on demand or tailored intelligence offerings Not enough analysts to go around

25. 25 You need younglings

26. 26 ‣  Work with universities ‣  Get on the advisory

    board for cyber security degree programs ‣  Help universities provide practical curriculum for their students Finding talent

27. 27 ‣  Maturity doesn’t just evolve, it can devolve ‣ 

    You must be creative with retention strategies: •  Remote workers •  Training (Individual & team) •  Career pathing •  Work with HR to create salary exceptions Retention is critical

28. 28 I’VE HAVE A BAD FEELING ABOUT THIS @rickhholland

29. 29 ‣  Buy Buy Buy! Chasing silver bullets ‣  Buy

    all the feedz! ‣  Not prepared to demonstrate the value of threat intelligence program Many security programs are setup for failure

30. 30 ‣  Conduct after action reviews post intrusion and capture

    intelligence ‣  Measure and track - Time to detection, containment, remediation Do this

31. 31 ‣  Analyze all intel sources and track sightings. Periodically

    reevaluate sources ‣  Produce your own strategic intelligence Do this

32. 32 Avoid this

33. 33 Thank you! @rickhholland https://speakerdeck.com/rick_holland