SlideShare une entreprise Scribd logo

Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business Operations

Télécharger en tant que PPTX, PDF
SurfWatch Labs
SurfWatch Labs

Threat intelligence needs to be in a language the business understands. SurfWatch Labs can help connect cyber threat intelligence to business operations in order to help manage cyber risk.

Technologie
1  sur  34
1 Connecting the Dots Between Your Threat Intelligence Tradecraft and Business Operations John Pescatore, SANS Adam Meyer, SurfWatch Labs
2 Obligatory Agenda Slide • Housekeeping info • Here’s what we will do ○ 1:05 – 1:15 Overview – John Pescatore ○ 1:15 – 1:45 Threat Intelligence – Adam Meyer ○ 1:45 – 2:00 – Q&A Thanks to our sponsor:
3 Q & A •Please use GoToWebinar’s Questions tool to submit questions to our panel. •Send to “Organizers” and tell us if it’s for a specific speaker.
4 Making Security Advances During Turbulent Times  Threats aren’t standing still  Business/technology demands aren’t, either  Prevent more, detect faster, resolve with less disruption
5 Which Industries Are Most at Risk? Source: Symantec 2016
6 Or Are These Industries Most at Risk? Source: Fireye 2016
7 Or Maybe These? Source: Fireye 2016
8 Lifecycle of a Unicorn (CVE-2014-6332) Source: Microsoft Security Intelligence Report, 2015
9 Shifting Strategies Source: Intel Security 2016
10 Shield Eliminate Root Cause Monitor/ Report Policy Assess Risk Baseline Vuln Assessment/Pen Test Security Configuration Mitigate • FW/IPS • Anti-malware • NAC • Patch Management • Config Management • Change Management • Software Vuln Test • Training • Network Arch • Privilege Mgmt Discovery/Inventory • SIEM • Security Analytics • Incident Response Threats Regulations Requirements OTT Dictates Continuous Processes
11 Defining Situational Awareness • Pre-flight: plan safest route • In flight: Decreasing reaction time so that mission gets accomplished, pilot returns safely • Post-flight: do better next time
12 Plenty of Data • Threat feeds • Security Controls status/configuration • Log Monitoring • Asset Status ○ Network Scanning ○ Passive Discovery ○ Credentialed Access ○ Local agent drill-down
13 From Data to Action Bus. Intelligence Big Data Security Big Data Fraud/Transaction Big Data Threat Analytics Situational Awareness Security Controls Analytics Action!
14 Focus/Force Multiplication • Need to focus limited resources on the highest payback areas. • Turn floods of data into harvests of information. • False positives are not the problem – wasting time on them is. • Situational awareness vs. information/event management. • Action – prevent more, detect faster, resolve more surgically • Intelligence vs. voyeurism…
Connecting the Dots Between Your Threat Intelligence Tradecraft and Business Operations
Today’s Speaker 2 Adam Meyer Chief Security Strategist SurfWatch Labs
Gaining Visibility of Cyber Risks is Critical to the Viability of Your Business • A majority of attacks compromise defenses within minutes, but detecting the breach takes on average 200+ days • Leaders are struggling to align security strategies with real-world business strategies - 14% of corporations report that the Board is actively involved in cybersecurity preparedness - 52% report minimal involvement • Supply chain represents significant risk - 57% of breaches originate from partners and suppliers (PwC) 17
18 Cybercriminals shift tactics to hit targets that are: “Attractive” and “Soft” The Threat Balloon
19 There’s an Intel Gap Between Cyber Security and the Business
20 Source: http://ryanstillions.blogspot.com/2014/04/on-ttps.html Cyber Threat Intelligence Stack
21 Intelligence is regularly defined as information that can be acted upon to change outcomes. 1. Move from “unknown unknowns” to “known unknowns” by discovering the existence of threats, and then … 2. Shifting “known unknowns” to “known knowns”, where the threat is well understood and mitigated. Defining “Intelligence” While this is the norm for defenders, it’s not normal for decision makers.
Put Cyber Threat Intelligence into Terms the Business Can Understand 22 Organization Business Unit Products and Services Tools in Support of the Product/Service Infrastructure to Support the Tools Data in Support of the Business • Be Defendable • Executive Communications (Non-Technical) • Is the Business Unit “Well Positioned” Against Threats? Why Not? • What the Business Cares About • What is the Threat Surface? • What Investments are Needed? • Needs of the User Community • User Point of Presence • Public Facing / Adversary Exposure • IT Pain Points • Decentralized Oversight (Shadow IT, Disconnected IT Teams) • Adversary’s Target • Liability and Regulatory Impact
Put Cyber Threat Intelligence into Terms the Business Can Understand 23 Strategic • For Senior Leaders • Used to measure cyber risk and make investments Operational Tactical • Bridges the broad, non-technical, strategic needs with the narrow, technical inputs • Focuses on the immediate operating environment • Where On-the-Network actions take place • The efforts to Detect and Respond to on the wire events Decision Output Output
Internal vs. External Threat Intelligence 24 Internal • Necessary for tactical defense - Prevention - Detection - Incident Response - Information Exchange External • Necessary for managing overall organizational risk - Industry threat activity - Fraud/Extortion - Brand & Reputation - Targeting
25 • Start Simple – Good business managers run things on a foundation of the evaluated intelligence – it’s the thing you know. • Make Risks Learnable – Learnable risks are the ones we could make less uncertain if we took the time and resources to learn more about them. – Random risks are defined as those that had no analysis. – Separating learnable risks from random ones in business decisions for causes or drivers can make them less uncertain. – Tie Learnable risks to any characteristics that makes you “you”. Measuring Cyber Threat Intelligence
26 • Enable Good Analysis – If an intelligent human is conducting an attack, intelligent humans must be directing the defense.* – All operations in cyberspace begin with a human being.** • Ensure You are Defendable – Against malicious individuals and groups – In court and against regulatory action – Your brand, both personal and organizational * Defendable Architectures Lockheed Martin Achieving Cyber Security by Designing for Intelligence Driven Defense ** Intelligence and National Security Alliance (INSA) Measuring Cyber Threat Intelligence
The CISO’s Tug of War 27 Source: EMC Intelligence Operations (Tracking Threats) vs. Network Defense (Stop the Bleeding)
How a CISO Can Leverage Threat Intelligence to Mitigate Risk • Intelligence provides critical insights on ACTIVE threats to your business and can be applied to different areas of the business - Threat intelligence teams – know threat actors and their motivations to improve your defenses - Fraud teams – understand what commodities are being monetized so you can minimize fraud - Partners and Suppliers – understand the “presence” your vendors have to complement supply chain risk management - Breach Response – instead of waiting to “get the call” from law enforcement, get ahead of the curve 28
Mitigating Risk with a Practical Intelligence Operation • Co-Managed Intel – Complement your intel and facilitate faster, more effective risk management decisions • Focus on Analysis – It’s less about getting more data and more about enabling sound analysis • Link Intel to Business Impact – Avoid alert fatigue by worrying about threats specific to your business • People, Process, Technology – Good intelligence leverages automation, expert human analysis and a process for using the intel 29
30 SurfWatch Labs Bridges the Intelligence Gap
Additional SurfWatch Labs Resources SurfWatch Cyber Advisor: www.surfwatchlabs.com/cyber-advisor Dark Web Surveillance: www.surfwatchlabs.com/dark-web-intelligence Request a Demonstration: • Personal Demo: info.surfwatchlabs.com/request-demo • Demo Webinar: info.surfwatchlabs.com/Webcast/Threat-Intel- Live-Demo-Series Connecting Your Intelligence Tradecraft to Business Operations 31
32
33 Resources • SANS : https://www.sans.org/webcasts/archive/2016 • SANSFire– https://www.sans.org/event/sansfire- 2016 • SurfWatch Labs: https://www.surfwatchlabs.com • Questions: q@sans.org • @John_Pescatore
34 Acknowledgements Thanks to our sponsor: And also to our speakers and to our attendees: Thank you for joining us today © 2016 The SANS™ Institute – www.sans.org

Recommandé

Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
Christian Have
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
EnergySec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Enterprise Management Associates
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 

Recommandé

Building Human Intelligence – Pun Intended
Building Human Intelligence – Pun IntendedBuilding Human Intelligence – Pun Intended
Building Human Intelligence – Pun Intended
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
Christian Have
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
EnergySec
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
EnergySec
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Enterprise Management Associates
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
SurfWatch Labs
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
Booz Allen Hamilton
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
Naor Penso
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
George Goodall
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai
Quick Heal Technologies Ltd.
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
SurfWatch Labs
 

Contenu connexe

Tendances

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 

Tendances (20)

Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
Cybersecurity Crisis Management Introduction
Cybersecurity Crisis Management IntroductionCybersecurity Crisis Management Introduction
Cybersecurity Crisis Management Introduction
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 

En vedette

Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Puneet Kukreja
 

En vedette (19)

GITEX 2016, Dubai
GITEX 2016, Dubai GITEX 2016, Dubai
GITEX 2016, Dubai
 
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
How to Reduce Avenues of Attack: Using Intel to Plan for Cyber Threats in 2017
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical RisksGathering Intel from the Dark Web to Identify and Prioritize Critical Risks
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
 
25th Japan IT Week 2016
25th Japan IT Week 201625th Japan IT Week 2016
25th Japan IT Week 2016
 
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
Cyber Threat Intelligence: Knowing What Specific Threats Your Business Should...
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution Demo
 
Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools Create a Safer Learning Environment with Absolute Safe Schools
Create a Safer Learning Environment with Absolute Safe Schools
 
Treat Cyber Like a Disease
Treat Cyber Like a DiseaseTreat Cyber Like a Disease
Treat Cyber Like a Disease
 
SANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems TodaySANS Report: The State of Security in Control Systems Today
SANS Report: The State of Security in Control Systems Today
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemic
 
Point of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your BusinessPoint of Sale Insecurity: A Threat to Your Business
Point of Sale Insecurity: A Threat to Your Business
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 

Similaire à Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business Operations

Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
CNSHacking
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
Shritam Bhowmick
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 

Similaire à Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business Operations (20)

A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptxLogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
LogRhythm_-_Modern_Cyber_Threat_Pandemic.pptx
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital Risk
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 

Plus de SurfWatch Labs

How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
SurfWatch Labs
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...
SurfWatch Labs
 

Plus de SurfWatch Labs (9)

Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber ThreatsKnow Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
Know Your Adversary: Analyzing the Human Element in Evolving Cyber Threats
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 
Using Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence ProgramUsing Threat Information to Build Your Cyber Risk Intelligence Program
Using Threat Information to Build Your Cyber Risk Intelligence Program
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...Completing the Risk Picture: Adding a business intelligence and collaborative...
Completing the Risk Picture: Adding a business intelligence and collaborative...
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business Operations

  • 1. 1 Connecting the Dots Between Your Threat Intelligence Tradecraft and Business Operations John Pescatore, SANS Adam Meyer, SurfWatch Labs
  • 2. 2 Obligatory Agenda Slide • Housekeeping info • Here’s what we will do ○ 1:05 – 1:15 Overview – John Pescatore ○ 1:15 – 1:45 Threat Intelligence – Adam Meyer ○ 1:45 – 2:00 – Q&A Thanks to our sponsor:
  • 3. 3 Q & A •Please use GoToWebinar’s Questions tool to submit questions to our panel. •Send to “Organizers” and tell us if it’s for a specific speaker.
  • 4. 4 Making Security Advances During Turbulent Times  Threats aren’t standing still  Business/technology demands aren’t, either  Prevent more, detect faster, resolve with less disruption
  • 5. 5 Which Industries Are Most at Risk? Source: Symantec 2016
  • 6. 6 Or Are These Industries Most at Risk? Source: Fireye 2016
  • 8. 8 Lifecycle of a Unicorn (CVE-2014-6332) Source: Microsoft Security Intelligence Report, 2015
  • 10. 10 Shield Eliminate Root Cause Monitor/ Report Policy Assess Risk Baseline Vuln Assessment/Pen Test Security Configuration Mitigate • FW/IPS • Anti-malware • NAC • Patch Management • Config Management • Change Management • Software Vuln Test • Training • Network Arch • Privilege Mgmt Discovery/Inventory • SIEM • Security Analytics • Incident Response Threats Regulations Requirements OTT Dictates Continuous Processes
  • 11. 11 Defining Situational Awareness • Pre-flight: plan safest route • In flight: Decreasing reaction time so that mission gets accomplished, pilot returns safely • Post-flight: do better next time
  • 12. 12 Plenty of Data • Threat feeds • Security Controls status/configuration • Log Monitoring • Asset Status ○ Network Scanning ○ Passive Discovery ○ Credentialed Access ○ Local agent drill-down
  • 13. 13 From Data to Action Bus. Intelligence Big Data Security Big Data Fraud/Transaction Big Data Threat Analytics Situational Awareness Security Controls Analytics Action!
  • 14. 14 Focus/Force Multiplication • Need to focus limited resources on the highest payback areas. • Turn floods of data into harvests of information. • False positives are not the problem – wasting time on them is. • Situational awareness vs. information/event management. • Action – prevent more, detect faster, resolve more surgically • Intelligence vs. voyeurism…
  • 15. Connecting the Dots Between Your Threat Intelligence Tradecraft and Business Operations
  • 16. Today’s Speaker 2 Adam Meyer Chief Security Strategist SurfWatch Labs
  • 17. Gaining Visibility of Cyber Risks is Critical to the Viability of Your Business • A majority of attacks compromise defenses within minutes, but detecting the breach takes on average 200+ days • Leaders are struggling to align security strategies with real-world business strategies - 14% of corporations report that the Board is actively involved in cybersecurity preparedness - 52% report minimal involvement • Supply chain represents significant risk - 57% of breaches originate from partners and suppliers (PwC) 17
  • 18. 18 Cybercriminals shift tactics to hit targets that are: “Attractive” and “Soft” The Threat Balloon
  • 19. 19 There’s an Intel Gap Between Cyber Security and the Business
  • 21. 21 Intelligence is regularly defined as information that can be acted upon to change outcomes. 1. Move from “unknown unknowns” to “known unknowns” by discovering the existence of threats, and then … 2. Shifting “known unknowns” to “known knowns”, where the threat is well understood and mitigated. Defining “Intelligence” While this is the norm for defenders, it’s not normal for decision makers.
  • 22. Put Cyber Threat Intelligence into Terms the Business Can Understand 22 Organization Business Unit Products and Services Tools in Support of the Product/Service Infrastructure to Support the Tools Data in Support of the Business • Be Defendable • Executive Communications (Non-Technical) • Is the Business Unit “Well Positioned” Against Threats? Why Not? • What the Business Cares About • What is the Threat Surface? • What Investments are Needed? • Needs of the User Community • User Point of Presence • Public Facing / Adversary Exposure • IT Pain Points • Decentralized Oversight (Shadow IT, Disconnected IT Teams) • Adversary’s Target • Liability and Regulatory Impact
  • 23. Put Cyber Threat Intelligence into Terms the Business Can Understand 23 Strategic • For Senior Leaders • Used to measure cyber risk and make investments Operational Tactical • Bridges the broad, non-technical, strategic needs with the narrow, technical inputs • Focuses on the immediate operating environment • Where On-the-Network actions take place • The efforts to Detect and Respond to on the wire events Decision Output Output
  • 24. Internal vs. External Threat Intelligence 24 Internal • Necessary for tactical defense - Prevention - Detection - Incident Response - Information Exchange External • Necessary for managing overall organizational risk - Industry threat activity - Fraud/Extortion - Brand & Reputation - Targeting
  • 25. 25 • Start Simple – Good business managers run things on a foundation of the evaluated intelligence – it’s the thing you know. • Make Risks Learnable – Learnable risks are the ones we could make less uncertain if we took the time and resources to learn more about them. – Random risks are defined as those that had no analysis. – Separating learnable risks from random ones in business decisions for causes or drivers can make them less uncertain. – Tie Learnable risks to any characteristics that makes you “you”. Measuring Cyber Threat Intelligence
  • 26. 26 • Enable Good Analysis – If an intelligent human is conducting an attack, intelligent humans must be directing the defense.* – All operations in cyberspace begin with a human being.** • Ensure You are Defendable – Against malicious individuals and groups – In court and against regulatory action – Your brand, both personal and organizational * Defendable Architectures Lockheed Martin Achieving Cyber Security by Designing for Intelligence Driven Defense ** Intelligence and National Security Alliance (INSA) Measuring Cyber Threat Intelligence
  • 27. The CISO’s Tug of War 27 Source: EMC Intelligence Operations (Tracking Threats) vs. Network Defense (Stop the Bleeding)
  • 28. How a CISO Can Leverage Threat Intelligence to Mitigate Risk • Intelligence provides critical insights on ACTIVE threats to your business and can be applied to different areas of the business - Threat intelligence teams – know threat actors and their motivations to improve your defenses - Fraud teams – understand what commodities are being monetized so you can minimize fraud - Partners and Suppliers – understand the “presence” your vendors have to complement supply chain risk management - Breach Response – instead of waiting to “get the call” from law enforcement, get ahead of the curve 28
  • 29. Mitigating Risk with a Practical Intelligence Operation • Co-Managed Intel – Complement your intel and facilitate faster, more effective risk management decisions • Focus on Analysis – It’s less about getting more data and more about enabling sound analysis • Link Intel to Business Impact – Avoid alert fatigue by worrying about threats specific to your business • People, Process, Technology – Good intelligence leverages automation, expert human analysis and a process for using the intel 29
  • 30. 30 SurfWatch Labs Bridges the Intelligence Gap
  • 31. Additional SurfWatch Labs Resources SurfWatch Cyber Advisor: www.surfwatchlabs.com/cyber-advisor Dark Web Surveillance: www.surfwatchlabs.com/dark-web-intelligence Request a Demonstration: • Personal Demo: info.surfwatchlabs.com/request-demo • Demo Webinar: info.surfwatchlabs.com/Webcast/Threat-Intel- Live-Demo-Series Connecting Your Intelligence Tradecraft to Business Operations 31
  • 32. 32
  • 33. 33 Resources • SANS : https://www.sans.org/webcasts/archive/2016 • SANSFire– https://www.sans.org/event/sansfire- 2016 • SurfWatch Labs: https://www.surfwatchlabs.com • Questions: q@sans.org • @John_Pescatore
  • 34. 34 Acknowledgements Thanks to our sponsor: And also to our speakers and to our attendees: Thank you for joining us today © 2016 The SANS™ Institute – www.sans.org