reduce the attacker's roi with collaborative threat intelligence
DESCRIPTION
The cost to attack and compromise a system is orders of magnitude less than the cost to defend. A single machine can target thousands of targets searching for one with susceptible defenses while each new attack vector requires defenders to deploy and maintain additional security controls. So, how can we increase the cost for the attacker? One way is through collaborative threat intelligence. Join Wendy Nather of 451 Research and Jaime Blasco, Director of AlienVault Labs for a discussion of the value of collaborative threat intelligence. Wendy and Jaime will discuss how a collaborative approach differs from other threat intelligence sources, along with practical considerations to help you evaluate threat intelligence offerings and protect your environment.TRANSCRIPT
Reduce the Attacker’s ROI with Collaborative Threat Intelligence
@AlienVault2
Meet today’s presenters
INTRODUCTIONS
Jaime BlascoDirector, AlienVault Labs
AlienVault@jaimeblascob
Wendy NatherResearch Director, Security
451 Research@451Wendy
@AlienVault
What is Threat Intelligence?
Provides data that you did not already have• Examples: reputation scoring, attack tools, threat actors
Provides data (or analysis of data) that helps you make more decisions about defense
• Example: helping you figure out what else to look for, or what proactive measures to take
Verizon Business VERIS taxonomy: includes both actor and action
Data sold separately; customer can decide how to apply it further
Platform or technology specifically for threat intel collection, analysis or sharing
@AlienVault
Threat Intelligence is …
Additive – made to be collectedSecretive – part of the value is that not everyone else knows itTransitive – built on transitive trust relationshipsElusive – can quickly expire, degrade or dry up
@AlienVault
2H '13
2H '12
2H '11
36%
31%
28%
2%1%
3%
4%
2%
3%
1%
8%
53%
59%
61%
4%
6%
Threat intelligence trends
@AlienVault
Threat Intelligence Trends
@AlienVault
Questions to Ask When Evaluating Threat Intelligence
Which indicators are being offered? Where does the TI come from? How is the TI generated?How rich is the metadata?Is the information useful to my organization?Does it help detect incidents?Does it help me when responding to an incident?Does it help triaging?Am I able to consume the data with the technologies/tools within my enterprise?
@AlienVault
Evaluating Threat Intelligence Offerings
OriginVarietyFreshnessSpeed and scaleRelevanceFalse-positive rateConfidenceCompletenessConsumability
@AlienVault
The Power of the “Crowd” for Threat Detection
Cyber criminals are reusing the same tactics to attack multiple targets.
Collaborative threat intelligence makes us all more secure.
Identify, flag and block known attackers
Update policies/alerts to detect threats
Reduce the attacker’s ROI
@AlienVault
Traditional Response
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
@AlienVault
Traditional Response
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
@AlienVault
Traditional Response
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
@AlienVault
Traditional Response
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
DetectRespond
@AlienVault
Traditional Response
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
DetectRespond
@AlienVault
Threat Sharing Enables Preventative response
Through an automated, real-
time, threat exchange framework
@AlienVault
A Real-Time Threat Exchange framework
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
Open Threat Exchange
Puts Preventative Response Measures in Place Through Shared Experience
@AlienVault
A Real-Time Threat Exchange framework
First Street Credit Union
Alpha Insurance Group
John Elway Auto Nation
Regional Pacific Telecom
Marginal Food Products
Attack
Detect
Open Threat Exchange
Protects Others in the Network With the Preventative Response Measures
@AlienVault
Global threat detection for local response
@AlienVault
Security Technologies Needed to Consume Threat Intelligence
Proxy
Log Management
SIEM
Intrusion Detection System
Intrusion Prevention System
Network Monitoring
Firewall
End Point Protection
Forensic Tools
@AlienVault
powered by AV Labs Threat
Intelligence
USMASSET DISCOVERY• Active Network Scanning• Passive Network Scanning• Asset Inventory• Host-based Software
Inventory
VULNERABILITY ASSESSMENT• Continuous
Vulnerability Monitoring• Authenticated /
Unauthenticated Active Scanning
BEHAVIORAL MONITORING• Log Collection• Netflow Analysis• Service Availability Monitoring
SECURITY INTELLIGENCE• SIEM Event Correlation• Incident Response
THREAT DETECTION• Network IDS• Host IDS• Wireless IDS• File Integrity Monitoring
USM Product Capabilities
More Questions? Tweet
@AlienVault
NOW FOR SOME Q&A…
Join the Open Threat Exchange
http://www.alienvault.com
/open-threat-exchange
Download a free 30-day trial of USM
http://www.alienvault.com/free-trial
Join us for a live demo
http
://www.alienvault.com/marketing/alienvau
lt-usm-live-demo
@jaimeblascob @451Wendy