Upload File

gavin reid - lancope - first · 6/15/2015  · cybersecurity threats. • reid also created and led...

  • Home
  • Documents
  • Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization
13
Threat Intelligence? Gavin Reid - Lancope

Upload: others

Post on 18-Aug-2020

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

Threat Intelligence?

Gavin Reid - Lancope

Page 2: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Presenter• Gavin Reid is Vice President of Threat Intelligence at

Lancope, With over 25 years of experience in threat intelligence, Reid was a driving force behind the development of big data analytics and threat identification.

• While serving at Cisco Systems as director of threat research for Security Intelligence Operations, he led a team that developed new data analytics technologies to detect and remediate advanced cybersecurity threats.

• Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization of information security professionals responsible for monitoring, investigating and responding to cybersecurity incidents.

• In addition to his time at Cisco, Reid also served as the vice president of threat intelligence at Fidelity Investments and oversaw IT security at NASA’s Johnson Space Center.

Page 3: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Where are we with security 2015?

Page 4: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

State of the industry

Page 5: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

State of the industry

Page 6: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

What we need to do differently

Page 7: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

IP with no or invalid context

8.8.8.8

What is Threat?

What is intelligence

Malware: Dridex

Analysis:Attachment File Name: RZZA3440.docAttachment MD5s:b4fe7224da594703e78d62d9cb85c5f4c3a00c36ea51040c3a10c557154bc7b15b9acbcd65555398a7e3fd0f0a389cf9582b75b4f8855dbe555bff080c57808abe699ba4855340adf5c9d7092e9df08b

Payload URLs:hxxp://internetz1[.]com/03/39.exehxxp://gggrp[.]com/03/59.exehxxp://fefg[.]com/03/39.exehxxp://woofe[.]com/03/39.exehxxp://contestswin[.]net/03/39.exe

Payload MD5:5e91af2e44c17de55134ff935c0f30f1

C2:130.0.133[.]35

Page 8: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Can you protect what you can’t see?

010101001011

010101001011

010101001011

010101001011

Page 9: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Page 10: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Data Jockey

Getting data ready

vs

Working on data

Page 11: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Concerns

Page 12: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

© 2015 Lancope, Inc. All rights reserved.

Make Sure you have deliverables beyond needle and haystack• Prove the negative• Deliver a

daily/weekly/monthly • Lead the organizations

perspective on threat

Page 13: Gavin Reid - Lancope - FIRST · 6/15/2015  · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization

Thanks!


Innovationskult oder Kultur? Building Cisco’s Innovation Story

Lancope StealthWatch Technology

Evolution of Cisco’s Corporate Facebook - PR News › Assets › File › socialmediasummit20… · Evolution of Cisco’s Corporate ... •Timeline Do’s and Don’ts •How timeline

Closed Captioning in Games ● Reid Kimball ● Games[CC] ● [email protected] [email protected]

Self-Defending Network Service Provider Cisco’s

Foundry - Lancope Security Alliance · 1 Foundry - Lancope Security Alliance The Security Benefits of sFlow Integration AGENDA Foundry Networks & Lancope Partnership Overview (15mins)

Cisco’s Cloud Strategy, including our acquisition of CliQr

Security Through Network Intelligence Lancope StealthWatch Technology

CISCO’s Cloud Journey (Keynote at Cloud Symposium)

Cisco’s Made-for- Midmarket Portfolio

activate network security everywhere - Tego Data …...activate network security everywhere 1. “Cisco & Lancope Partnership,” Lancope, 2015. Bolster your branches. It’s hard

Cisco’s Organization Culture

Cisco’s Borderless Network Architecture Vision and Strategy

Cisco’s Customer Response Solutions(CRS) IP Integrated ... · Cisco’s Customer Response Solutions(CRS) & IP Integrated Contact Distribution (ICD) Standard & Enhanced Systems Engineer

© 2006 Property of Lancope. Proprietary and Confidential. Lancope and Emory University: Illuminating (and Securing) the Network Andy Wilson Senior Systems

Using Cisco’s Vmdc to Facilitate FISMA Compliance

The Network as a Sensor, Cisco and Lancope

Cisco’s Supply Chain Digitized (Sept18) · Cisco’s Supply Chain Digitized Drive an Agile and Adaptive Supply Chain SrDirector Supply Chain Operations EMEAR. ... Cisco’s Supply

Cisco’s Application Development Transformation to Openstack - Retrospective

Stealth Watch von Lancope...Lancope hingegen setzt durch die Stealth Watch Appliance das so genannte NBAD „Network Behaviour Anomaly Detection“-System ein. Versucht ein neu entwickelter

Module Support on Cisco’s Integrated Services Routers ... · Module Support on Cisco’s Integrated Services Routers ... HWIC-1T IP Base 1941 ... Module Support on Cisco’s Integrated

Cisco’s Secure Access Control Server (ACS) ACS: Cisco’s AAA server A centralized access control solution Supports both RADIUS and TACACS+ Supports Cisco’s

Enabling the Internet of Everything: Cisco’s IoT Architecture

Lancope Infographic: Command & Control Botnet Behavior

Internet of Things – Cisco’s Vision & Approach...Internet of Things – Cisco’s Vision & Approach . Ted Ogonda, Regional Engineering Leader – Nigeria, The Maghreb, Eastern

Enabling Cisco’s Advanced Service Deliverables Through ... Conference 2010... · Enabling Cisco’s Advanced Service Deliverables Through Knowledge. ... Enabling Cisco’s Advanced

Independent Validation of Cisco’s Multi Vendor Support

Cisco’s acquisition strategy

Cisco’s IOS

Module Support on Cisco’s

Understanding Cisco’s Security Focus And Its Integrated Architectural Approach · 2020-03-22 · Understanding Cisco’s Security Focus And Its Integrated Architectural Approach

Lancope StealthWatch Security Target - Common Criteria

Cisco’s Cloud Ready Infrastructure

Lancope and-cisco-asa-for-advanced-security

Cisco’s BYOD / Mobility - CODELCO - Corporación ... · Cisco’s BYOD / Mobility ... Manual Channel Assignment Manual Transmit Power Adjustment ... radio pathloss calculation when