Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Exploring Threat Intelligence: Insights and Too...

Exploring Threat Intelligence: Insights and Tools from Vertex Synapse

This presentation will delve into the world of threat intelligence, with a particular focus on the insights and tools provided by Vertex Synapse. The discussion will cover a range of concepts and techniques, including threat modeling, vulnerability scanning, and incident response. Through real-world examples and case studies, attendees will gain a better understanding of how to apply these concepts and tools to their own security operations. Additionally, the presentation will touch on emerging trends in the field, such as the use of machine learning and artificial intelligence in threat intelligence. By the end of the presentation, attendees will have a solid foundation for building a comprehensive and effective threat intelligence program.

Scott J. Roberts

July 06, 2023
Tweet

More Decks by Scott J. Roberts

Other Decks in Technology

Transcript

  1. Agenda Tell ‘em what you’re gonna tell ‘em… tell ‘em…

    tell ‘em what you told ‘em! • Me & Why You Should Listen to Me • The Briefest Intro to Threat Intelligence Imaginable • Synapse • Key Concepts • CRUD (actually RCUD) • Extras • A pile of homework to read later if you actually care…
  2. Who Am I Anyway? Scott Roberts • Head of Threat

    Research @ Interpres • Adjunct Prof & CTF Coach @ USU • Author, Developer, & CTI Bon Vivant • 20+ years Intrusion Detection, Incident Response, Cyber Threat Intel @ Symantec, Mandiant, GitHub, Apple, Splunk
  3. Cyber Threat Intelligence Analysis More like Q than James Bond…

    What I Actually Do What My Boss Thinks I Do What My Mom Thinks I Do What My Coworkers Think I Do
  4. Cyber Threat Intelligence (For Real) I’m required to have actual,

    useful information… • A set of models, techniques, and procedures to develop an operational & strategic understanding of adversaries • Almost always decision support (which is just what it sounds like) • Help SOC Analysts Identify Intrusions • Help Incident Responders React E ff ectively to Intrusions • Help Leadership & Architects Plan Better for the Next Intrusion • Should be making everyone else’s life easier…
  5. What is Synapse? It’s better than a spreadsheet… • Synapse

    is a versatile central intelligence and analysis system created to support analyst teams in every stage of the intelligence life cycle. • A hyper graph based data storage and manipulation layer. • Supports tons of integrations and automation.
  6. Synapse: Key Concepts Fix your brain… • Not a tool,

    not a database, more of a programming language • Nodes (Facts) vs Tags (Assessments) • Pivoting is Life! • Types of reasoning (if you want to be all philosophical…)
  7. Automation Making stu ff happen without making stu ff happen…

    • Macros: A macro is simply a stored Storm query / set of Storm code that can be executed on demand. • Cron: Within Synapse, cron jobs are used to create scheduled tasks, similar to the Linux/Unix “cron” utility. The task to be executed by the cron job is speci fi ed using the Storm query language. • Triggers: Within Synapse, a trigger is a Storm query that is executed automatically upon the occurrence of a speci fi ed event within a Cortex (such as adding a node or applying a tag). “Trigger” refers collectively to the event and the query fi red (“triggered”) by the event.
  8. Power-Ups Making data easy! • Power-Ups provide speci fi c

    add-on capabilities to Synapse via Storm Packages and Services. For example, Power-Ups may provide connectivity to external databases, third-party data sources, or enable functionality such as the ability to manage YARA rules, scans, and matches. • Can be built by hand, pulled from Synapse, or even added from 3rd parties.