《2020分析、情报和响应Intelligent-Threat-Intel-LEAD-Framework》由会员分享,可在线阅读,更多相关《2020分析、情报和响应Intelligent-Threat-Intel-LEAD-Framework(22页珍藏版)》请在金锄头文库上搜索。
1、#RSAC SESSION ID: #RSAC SESSION ID: Filip Stojkovski Intelligent Threat Intel LEAD Framework AIR-W01 Threat Intel Manager Adobe AIR-W01 LEAD CTI Framework Threat Intel Pain Points Threat Intel Values CTI (Cyber Threat Intelligence) pain points Threat Intel - LEAD Framework - 101 Efficiently and effe
2、ctively solve the CTI problems. LEADing Threat Intelligence Program AIR-W01 Threat Intel Pain Points - Requirements No clear CTI Requirements = Time Bomb Source Ref: https:/www.sans.org/reading-room/whitepapers/threats/paper/38790 AIR-W01 Threat Intel Pain Points - Data List of the biggest pain poin
3、ts for CTI Source Ref: https:/www.sans.org/reading-room/whitepapers/threats/paper/38790 Satisfaction with CTINot Satisfied Analytics34.3% Cleanliness and quality of data37.4% Context35.4% Comprehensiveness of coverage37.4% Automation and integration of CTI information with detection and response sys
4、tems 39.4% Location-based visibility42.5% Identification and removal of expired indicators of compromise (IoCs) and other old data 47.6% Machine learning55.9% AIR-W01 The Threat Intel Problems AIR-W01 The Non-Essential Problem Ref: https:/www.sans.org/reading-room/whitepapers/ActiveDefense/sliding-s
5、cale-cyber-security-36240 MUST HAVEMUST HAVEMUST HAVEMUST HAVENICE TO HAVE AIR-W01 The Threat Intel Data #RSAC#RSAC Solving the CTI Problem AIR-W01 How To Solve The TI Problem RELEVANTEFFICIENTANALYST DRIVENDELIVERABLE AIR-W01 DELIVERABLE ANALYST DRIVEN EFFICIENT RELEVANT LEAD Framework Structure Th
6、reat Profile + TI Program Requirements TI Scoring + TI Categorization Feedback Loop + Machine Learning Standardized TI Data + Metrics AIR-W01 RELEVANT- Creating Threat Profile AIR-W01 RELEVANT TI Program Requirements AIR-W01 E-commerce (Fraudulent Payments) Code repositories (0-day exploits) Custome
7、r Content Moderation Piracy RELEVANT Non-IR TI Consumers AIR-W01 EFFICIENT - TI Scoring & Categorization Scoring Categorization AIR-W01 ANALYST DRIVEN - Feedback loop Automation Orchestration AIR-W01 ANALYST DRIVEN - Feedback loop & Machine Learning AIR-W01 ANALYST DRIVEN - Machine Learning Use-case
8、s Dynamic TI Apply ML on Feedback Loop for automated scoring and categorization Data Mining Predict Adversary TTPs and Infrastructure AIR-W01 DELIVERABLE - Standardized Threat Intel Format AIR-W01 Audience Tactical / Operational / Strategic Actor Driven Actor Driven metrics will betray you on the lo
9、ng run. How and Where Start by how and where is used Threat Intelligence. DELIVERABLE - Metrics #RSAC#RSAC LEAD CTI Framework Key Takeaways AIR-W01 “Apply” 21 Next week you should: Create Threat Profile and understand from whom and what you are trying to defend. Promote CTI within your organization
10、and find new stakeholders. In the first three months following this presentation you should: Set Threat Intel Program Requirements and use LEAD maturity model to understand where you stand. Try to make sense of your CTI data by applying scoring and categorization Use Security Orchestration and Machine Learning to get the best of CTI Use the results to create metrics that will justify and add value to your CTI Program #RSAC#RSAC Q&A
