SlideShare une entreprise Scribd logo
1  sur  16
Télécharger pour lire hors ligne
*
The Role of Threat Intelligence
and Layered Security
for Intrusion Prevention in the
Post-Target Breach Era
Ted Gruenloh
Director of Operations
Sentinel IPS
 Review of the current Network Security landscape
 Quick overview of Layered Security
 What, exactly, is Threat Intelligence?
 Threat Intelligence and Layered Security, together
 Publicly shared sources of Threat Intelligence
 Conclusion and Q & A
Agenda
Current Network Security
Not Your Father’s Threats
Yesterday’s Threat Landscape…
 Perimeter was defined, and endpoints were easily managed
 Data and assets were static
 Malware/Trojans had limited points of entry
Current Network Security
Today’s Threat Landscape
 Perimeter? What perimeter? And with BYOD, it’s more like herding cats.
 Data and Assets are mobile, dynamic, and accessed by almost anyone
 Juxtaposition between privacy (SSL) and visibility (decryption, anyone?)
 Malware can manifest itself anywhere
Layered Security: Fact and Fiction
 The Big Boys like to bash each other
 Are there any silver bullets?
 Let’s have an honest conversation: Everyone has their
strengths
 We prefer a different approach. More like …
Layered Security: A Quick Inventory
From perimeter to endpoint, paralleling the “Cyber Kill Chain”:
 External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability
Scanning, and Penetration Testing
 Dedicated IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet
techniques
 Anti-virus, Personal Firewalls, Host-based IPS, patching, software
updates
 And one SIEM to log them all
“Prepare to be breached.”
Shift from preventative to detective? Sort
of.
Layered Security: “Defense in Depth”
Recommended by the NSA
;-)
What is Threat Intelligence?
“The real-time collection, normalization, and analysis of the
data generated by users, applications and infrastructure
that impacts the IT security and risk posture of an
enterprise.”
“The goal of Security Intelligence is to provide actionable and
comprehensive insight that reduces risk and operational
effort for any size organization.”
- John Burnham, IBM
Ummmm … What?
“The real-time collection, normalization, and analysis of the
data generated by users, applications and infrastructure
that impacts the IT security and risk posture of an
enterprise.”
“The goal of Security Intelligence is to provide actionable and
comprehensive insight that reduces risk and operational
effort for any size organization.”
- John Burnham, IBM
Ummmm … What?
“Threat Intelligence is network data that, when
put to good use, can protect you.”
- Me
No, really. What is Threat Intelligence?
This might get a little technical.
WARNING
No, really. What is Threat Intelligence?
Malware Exchanges & Sources
Malware Exchange (major NetSec vendors)
VirusTotal.com
VirusShare.com
IDS/IPS Event Feedback Loop
Universities
ISPs and Carriers
IDS/IPS Customer base
Sandnets
IDS/IPS
Rulesets
Other Proprietary
Information
DNS/Domain Lists
and Analytics
IP Reputation Lists
and Analytics
T h i s i s T h r e a t I n t e l l i g e n c e .
Data Engine
(Pcap analysis and data correlation)
Pcaps
OK. What does Threat Intelligence look like?
Lists of IPs and/or URLs
Could be as simple as a text file of IP addresses or
domains associated with bad actors and command &
control servers
STIX and TAXII
Comes from DHS, and designed and maintained by
MITRE. Provides a common markup language and
method of exchange for threat intelligence data. Many
companies provide their threat intelligence in STIX.
Proprietary Data
Takes many forms, from simple automated feeds to
complex databases and APIs. Companies trying to
differentiate themselves by providing unique insights, like
geolocation, business sector, threat classification, etc.
Explicit rules DPI/Pattern matching AV software, Host-based IPS
0% 10% to 40% 10% to 40%
Threat Intelligence and Layered Security
Security:
Blocked Malware:
~85%
BLOCKED MALWARE
“Actionable” Threat Intelligence
 SIEM consolidates data from multiple devices
 Might include Intelligence from external sources
 Used for analysis and incident response
SIEM
“Active” Threat Intelligence
 IP and/or Domain reputation lists
 Pushed out to security devices regularly
 Collaboration of InfoSec community
Internet
Firewall IDS/IPS Corporate LAN
Publicly Shared Threat Intelligence
The What.
Many Network Security vendors make their living selling threat
intelligence. Luckily, many of these vendors also offer at least
some of their intelligence up to the community at large, for free, no
strings attached. You can benefit from this.
The Why.
Why give it away? Online businesses often use the ‘Freemium’
business model to introduce their product to consumers. But more
importantly, many Network Security vendors feel a sense of duty
born out of the Internet’s implicit sense of community.
In other words, it’s the right thing to do.
And now, the Who and the How.
Publicly Shared Threat Intelligence
The Who.
A sampling of NetSec organizations that provide free Threat
Intelligence.
senderbase.org
http://shadowserver.org
http://rules.emergingthreats.net Open Threat Exchange CI Army list at http://cinsscore.com
Center for Internet Security http://dshield.org
(SANS Internet Storm Center)
Publicly Shared Threat Intelligence
The How.
Here’s how we do it.
CINS System
Active Sentinels
The Internet
and
NetSec
Community
CINS Lists
(“Active” Threat Intelligence)
csf firewalls, curl, python urllib,
etc.
And in conclusion…
Layered security doesn’t only make sense as a
network security strategy; its diversity also produces
better threat intelligence. And, active threat
intelligence can dramatically improve a network’s
protection from malware and other attacks.
Conclusion?
Layered Security and Active Threat Intelligence:
Two great tastes that taste great together.
Ted Gruenloh
Director of Operations
(972) 991-5005
tedg@econet.com
http://www.networkcloaking.com/free
Questions?
Ted Gruenloh
@tedgruenloh

Contenu connexe

Tendances

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...North Texas Chapter of the ISSA
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-EraJK Tech
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeSounil Yu
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionPECB
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayIvanti
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNorth Texas Chapter of the ISSA
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 

Tendances (20)

Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Cyber Security for Digital-Era
Cyber Security for Digital-EraCyber Security for Digital-Era
Cyber Security for Digital-Era
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
 
Thinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker VisionThinking like a hacker - Introducing Hacker Vision
Thinking like a hacker - Introducing Hacker Vision
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 1 - Overview by Brad Andrews
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 

Similaire à NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era by Ted Gruenloh

The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home NetworkAlexis Naranjo
 
Infa 610 Final Exam Solutions
Infa 610 Final Exam SolutionsInfa 610 Final Exam Solutions
Infa 610 Final Exam SolutionsChelsea Porter
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
Top 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebTop 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebSheila Guy
 
Taking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionTaking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionMaggie Cavanaugh
 
Cloud Computing Using Intrusion Detection And Prevention...
Cloud Computing Using Intrusion Detection And Prevention...Cloud Computing Using Intrusion Detection And Prevention...
Cloud Computing Using Intrusion Detection And Prevention...Veronica Smith
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilAndris Soroka
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source toolsterriert
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Growing Threat Of Computer Crimes
Growing Threat Of Computer CrimesGrowing Threat Of Computer Crimes
Growing Threat Of Computer CrimesTheresa Singh
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Jennifer Moser
 
Implementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallImplementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallGloria Young
 
Worldwide Network Security
Worldwide Network SecurityWorldwide Network Security
Worldwide Network SecurityAnn Johnson
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM
 

Similaire à NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era by Ted Gruenloh (20)

The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
 
Main Menu
Main MenuMain Menu
Main Menu
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
The Security Of A Home Network
The Security Of A Home NetworkThe Security Of A Home Network
The Security Of A Home Network
 
Infa 610 Final Exam Solutions
Infa 610 Final Exam SolutionsInfa 610 Final Exam Solutions
Infa 610 Final Exam Solutions
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
Top 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebTop 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On Web
 
Taking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionTaking A Look At Intrusion Detection
Taking A Look At Intrusion Detection
 
Cloud Computing Using Intrusion Detection And Prevention...
Cloud Computing Using Intrusion Detection And Prevention...Cloud Computing Using Intrusion Detection And Prevention...
Cloud Computing Using Intrusion Detection And Prevention...
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_April
 
Network security monitoring with open source tools
Network security monitoring with open source toolsNetwork security monitoring with open source tools
Network security monitoring with open source tools
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Growing Threat Of Computer Crimes
Growing Threat Of Computer CrimesGrowing Threat Of Computer Crimes
Growing Threat Of Computer Crimes
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
Implementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallImplementing An Automated Distributed Firewall
Implementing An Automated Distributed Firewall
 
Worldwide Network Security
Worldwide Network SecurityWorldwide Network Security
Worldwide Network Security
 
Sophos
SophosSophos
Sophos
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 

Plus de North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension   remediationNtxissacsc5 gold 4 beyond detection and prevension   remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from  incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from  incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 

Plus de North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension   remediationNtxissacsc5 gold 4 beyond detection and prevension   remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5  gold 1 mimecast e mail resiliencyNtxissacsc5  gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2   basic hacking tools ncc groupNtxissacsc5 red 1 & 2   basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from  incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from  incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Dernier

Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 

Dernier (12)

Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 

NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era by Ted Gruenloh

  • 1. * The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS
  • 2.  Review of the current Network Security landscape  Quick overview of Layered Security  What, exactly, is Threat Intelligence?  Threat Intelligence and Layered Security, together  Publicly shared sources of Threat Intelligence  Conclusion and Q & A Agenda
  • 3. Current Network Security Not Your Father’s Threats Yesterday’s Threat Landscape…  Perimeter was defined, and endpoints were easily managed  Data and assets were static  Malware/Trojans had limited points of entry
  • 4. Current Network Security Today’s Threat Landscape  Perimeter? What perimeter? And with BYOD, it’s more like herding cats.  Data and Assets are mobile, dynamic, and accessed by almost anyone  Juxtaposition between privacy (SSL) and visibility (decryption, anyone?)  Malware can manifest itself anywhere
  • 5. Layered Security: Fact and Fiction  The Big Boys like to bash each other  Are there any silver bullets?  Let’s have an honest conversation: Everyone has their strengths  We prefer a different approach. More like …
  • 6. Layered Security: A Quick Inventory From perimeter to endpoint, paralleling the “Cyber Kill Chain”:  External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability Scanning, and Penetration Testing  Dedicated IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet techniques  Anti-virus, Personal Firewalls, Host-based IPS, patching, software updates  And one SIEM to log them all “Prepare to be breached.” Shift from preventative to detective? Sort of. Layered Security: “Defense in Depth” Recommended by the NSA ;-)
  • 7. What is Threat Intelligence? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” - John Burnham, IBM Ummmm … What? “The real-time collection, normalization, and analysis of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise.” “The goal of Security Intelligence is to provide actionable and comprehensive insight that reduces risk and operational effort for any size organization.” - John Burnham, IBM Ummmm … What? “Threat Intelligence is network data that, when put to good use, can protect you.” - Me
  • 8. No, really. What is Threat Intelligence? This might get a little technical. WARNING
  • 9. No, really. What is Threat Intelligence? Malware Exchanges & Sources Malware Exchange (major NetSec vendors) VirusTotal.com VirusShare.com IDS/IPS Event Feedback Loop Universities ISPs and Carriers IDS/IPS Customer base Sandnets IDS/IPS Rulesets Other Proprietary Information DNS/Domain Lists and Analytics IP Reputation Lists and Analytics T h i s i s T h r e a t I n t e l l i g e n c e . Data Engine (Pcap analysis and data correlation) Pcaps
  • 10. OK. What does Threat Intelligence look like? Lists of IPs and/or URLs Could be as simple as a text file of IP addresses or domains associated with bad actors and command & control servers STIX and TAXII Comes from DHS, and designed and maintained by MITRE. Provides a common markup language and method of exchange for threat intelligence data. Many companies provide their threat intelligence in STIX. Proprietary Data Takes many forms, from simple automated feeds to complex databases and APIs. Companies trying to differentiate themselves by providing unique insights, like geolocation, business sector, threat classification, etc.
  • 11. Explicit rules DPI/Pattern matching AV software, Host-based IPS 0% 10% to 40% 10% to 40% Threat Intelligence and Layered Security Security: Blocked Malware: ~85% BLOCKED MALWARE “Actionable” Threat Intelligence  SIEM consolidates data from multiple devices  Might include Intelligence from external sources  Used for analysis and incident response SIEM “Active” Threat Intelligence  IP and/or Domain reputation lists  Pushed out to security devices regularly  Collaboration of InfoSec community Internet Firewall IDS/IPS Corporate LAN
  • 12. Publicly Shared Threat Intelligence The What. Many Network Security vendors make their living selling threat intelligence. Luckily, many of these vendors also offer at least some of their intelligence up to the community at large, for free, no strings attached. You can benefit from this. The Why. Why give it away? Online businesses often use the ‘Freemium’ business model to introduce their product to consumers. But more importantly, many Network Security vendors feel a sense of duty born out of the Internet’s implicit sense of community. In other words, it’s the right thing to do. And now, the Who and the How.
  • 13. Publicly Shared Threat Intelligence The Who. A sampling of NetSec organizations that provide free Threat Intelligence. senderbase.org http://shadowserver.org http://rules.emergingthreats.net Open Threat Exchange CI Army list at http://cinsscore.com Center for Internet Security http://dshield.org (SANS Internet Storm Center)
  • 14. Publicly Shared Threat Intelligence The How. Here’s how we do it. CINS System Active Sentinels The Internet and NetSec Community CINS Lists (“Active” Threat Intelligence) csf firewalls, curl, python urllib, etc.
  • 15. And in conclusion… Layered security doesn’t only make sense as a network security strategy; its diversity also produces better threat intelligence. And, active threat intelligence can dramatically improve a network’s protection from malware and other attacks. Conclusion? Layered Security and Active Threat Intelligence: Two great tastes that taste great together.
  • 16. Ted Gruenloh Director of Operations (972) 991-5005 tedg@econet.com http://www.networkcloaking.com/free Questions? Ted Gruenloh @tedgruenloh