The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each new attack vector requires defenders to deploy and maintain additional security controls. So, how can we increase the cost for the attacker? One way is through collaborative threat intelligence.
Join Wendy Nather of 451 Research and Jaime Blasco, Director of AlienVault Labs for a discussion of the value of collaborative threat intelligence. Wendy and Jaime will discuss how a collaborative approach differs from other threat intelligence sources, along with practical considerations to help you evaluate threat intelligence offerings and protect your environment.
3. @AlienVault
What is Threat Intelligence?
Provides data that you did not already have
• Examples: reputation scoring, attack tools, threat actors
Provides data (or analysis of data) that helps you make more decisions
about defense
• Example: helping you figure out what else to look for, or what proactive
measures to take
Verizon Business VERIS taxonomy: includes both actor and action
Data sold separately; customer can decide how to apply it further
Platform or technology specifically for threat intel collection, analysis or
sharing
4.
5. @AlienVault
Threat Intelligence is …
Additive – made to be collected
Secretive – part of the value is that not everyone else knows it
Transitive – built on transitive trust relationships
Elusive – can quickly expire, degrade or dry up
8. @AlienVault
Questions to Ask When Evaluating Threat
Intelligence
Which indicators are being offered?
Where does the TI come from?
How is the TI generated?
How rich is the metadata?
Is the information useful to my organization?
Does it help detect incidents?
Does it help me when responding to an incident?
Does it help triaging?
Am I able to consume the data with the technologies/tools within my enterprise?
10. @AlienVault
The Power of the “Crowd” for Threat Detection
Cyber criminals are reusing the same
tactics to attack multiple targets.
Collaborative threat intelligence makes
us all more secure.
Identify, flag and block known
attackers
Update policies/alerts to detect
threats
Reduce the attacker’s ROI
17. @AlienVault
A Real-Time Threat Exchange framework
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Open Threat Exchange
Puts Preventative Response Measures in Place Through Shared Experience
18. @AlienVault
A Real-Time Threat Exchange framework
First Street
Credit Union
Alpha Insurance
Group
John Elway
Auto Nation
Regional Pacific
Telecom
Marginal Food
Products
Attack
Detect
Open Threat Exchange
Protects Others in the Network With the Preventative Response Measures
22. More Questions?
Tweet @AlienVault
NOW FOR SOME Q&A…
Join the Open Threat Exchange
http://www.alienvault.com/open-threat-exchange
Download a free 30-day trial of USM
http://www.alienvault.com/free-trial
Join us for a live demo
http://www.alienvault.com/marketing/alienvault-
usm-live-demo
@jaimeblascob @451Wendy
Notes de l'éditeur
Need to add their photos
Q: Let’s talk first about threat intelligence in general. How is it different from, say, a list of bad IPs for you to block at the firewall>
Just about every security tool out there is claiming to include threat intelligence. If you have several of these products in-house, is that enough threat intelligence for the organization to get by?
If you’re CISO at a small- or medium-size organization, and you’re shopping for threat intelligence, how would you evaluate the offerings? (move to next slide after asking question)
Couldn’t an enterprise just subscribe to the same open source threat intelligence feeds that everyone else does? What more does collaborative threat-sharing bring to the table?
(then go to next slide)
Many threat-sharing groups are either ISACs (information sharing and analysis centers) or private groups where you have to know the right people to take part. How do SMBs get into the game?
How do enterprises make sure that they’re not exposing confidential information when they share threat intelligence?
Are large enterprises and small ones going to benefit from the same types of threat intelligence, or do they need different kinds?
How does AlienVault’s product help security staff consume threat intelligence?