threat mosaic: using cti to improve collaboration and ... · threat mosaic: the importance of...
TRANSCRIPT
![Page 1: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/1.jpg)
Threat Mosaic:The Importance of Threat Collaboration &
Intelligence Sharing
Jonathan Couch, SVP Strategy29 August 2019
![Page 2: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/2.jpg)
2
Threat Intelligence: Understand Your Threat
©2019 ThreatQuotient - Confidential
![Page 3: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/3.jpg)
3
The Threat Mosaic
©2019 ThreatQuotient - Confidential
![Page 4: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/4.jpg)
4
The Threat Mosaic
©2019 ThreatQuotient - Confidential
![Page 5: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/5.jpg)
5
Cyber Situation Room: Creating the Mosaic
©2019 ThreatQuotient - Confidential
![Page 6: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/6.jpg)
6
Collaboration and Workflow
©2019 ThreatQuotient - Confidential
![Page 7: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/7.jpg)
7©2019 ThreatQuotient - Confidential
SOC
Incident Response
Threat Intelligence
Hunt Team
Vuln Management
Maintain Security Monitoring Tools*Triage
Initial ScopeMinor RemediationCreate Incidents
ScopeRemediate
Recommend
ContextRelevance
IdentifyInform
IdentifyTargetDetect
Remediate
Patch Prioritization*Business Impact
Risk Management
ADDED VALUE OF INTEL:Context
RelevanceAdversary-focused Campaigns
Full-scope indicator sets
COLLABORATION:Sightings
Adversary Analysis“Single Source of Truth”
![Page 8: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/8.jpg)
8
Overcoming Fragmentation
©2019 ThreatQuotient - Confidential
Internal System Events & Data
Endpoint
Detection &
Response
Network
Security
Malware
Analysis
SIEM
Log
Repository
Incident
Response /
Ticketing
Incident
Responders
Threat
Analysts
Network
Security
Analysts
Malware
Analysts
Security
Operators
End-User
Operations
Industry
Open
Source
Sharing
Commercial
Enrichment
Services
External Threat Data
Collaboration
Workflow
Automation
Integration
ThreatOperations
CENTRAL REPOSITORY
ANALYST WORKBENCH
SYSTEM INTEGRATION
![Page 9: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused](https://reader035.vdocuments.mx/reader035/viewer/2022070912/5fb461ff8576421ff5480e64/html5/thumbnails/9.jpg)
9
Putting the Mosaic Together
©2019 ThreatQuotient - Confidential