Network Defender First Principles · 2016. 11. 17. · Network Defender Problem Space First...
273
Network Defender First Principles Rick Howard - CSO
Transcript of Network Defender First Principles · 2016. 11. 17. · Network Defender Problem Space First...
Network Defender First Principles
Rick Howard - CSO
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Y-Axis: Hope
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
X-Axis: Time
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
I’ll just wait a bit; maybe it will come back
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Hmmm … this is taking too long
Geek Non-Geek
Non-Geeks – The Beautiful People
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Hmmm … this is taking too long
Geek Non-Geek
Non-Geeks – The Beautiful People
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
Call the ISP
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
Call the ISP
They Are Always so Helpful
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Call the ISP
Non-Geeks – The Beautiful People
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Non-Geeks – The Beautiful People
Call the ISP
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
Reload
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Call the ISP
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Call the ISP
They Are Always so Helpful
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
Geek Non-Geek
Geeks – My Peeps
ReloadReload
Try Another Site Reload
Check network settings
Switch WiFiOn/Off
That will fix everything
!@#^!@&^
pingifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Call the ISP
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
ReloadReload
Try Another Site Reload
Check network settings
That will fix everything
Switch WiFiOn/Off
ping
!@#^!@&^
ifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Hmmm … this is taking too long
Call the ISPCall the ISP
Geek Non-Geek
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
ReloadReload
Try Another Site Reload
Check network settings
That will fix everything
Switch WiFiOn/Off
ping
!@#^!@&^
ifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Hmmm … this is taking too long
Call the ISPCall the ISP
Geek Non-Geek
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
ReloadReload
Try Another Site Reload
Check network settings
That will fix everything
Switch WiFiOn/Off
ping
!@#^!@&^
ifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Hmmm … this is taking too long
Call the ISPCall the ISP
Geek Non-Geek
Time
Hope
Source: Bruno Oliveira
Geeks vs Non-Geeks: Reaction to flaky internet connection
ReloadReload
Try Another Site Reload
Check network settings
That will fix everything
Switch WiFiOn/Off
ping
!@#^!@&^
ifconfig
rebootdmesgtraceroute
iptables
I’ll just wait a bit; maybe it will come back
Hmmm … this is taking too long
Call the ISPCall the ISP
Geek Non-Geek
AUTHORITY: FEAR UNCERTAINTY AND DOUBT COMMITTEE
STATE OF CALIFORNIA
AUTHORITY: FEAR UNCERTAINTY AND DOUBT COMMITTEE
STATE OF CALIFORNIA
Network Defender First Principles
ElonMusk
ElonMusk
ElonMusk
ElonMusk
ElonMusk
ElonMusk
What is a First Principle?
Principia Mathematicapublished in 1913
What is a First Principle?
Principia Mathematicapublished in 1913
Principia Mathematicapublished in 1913
What is a First Principle?
Analogy vs First Principle
Analogy vs First Principle
Analogy vs First Principle
Leap Ahead
Analogy vs First Principle
Leap Ahead
Analogy vs First Principle
Leap Ahead
Analogy vs First Principle
Semantic Tree
Semantic Tree
Trunk
Semantic Tree
Limbs
Semantic Tree
LeavesSemantic Tree
What is a First Principle?
Fundamental
What is a First Principle?
Fundamental
SelfEvident
What is a First Principle?
Fundamental
SelfEvident
ExpertsAgree
What is a First Principle?
Fundamental
SelfEvident
ExpertsAgree
Atomic
What is a First Principle?
Fundamental
SelfEvident
ExpertsAgree
Atomic
What is a First Principle?
Fundamental
SelfEvident
ExpertsAgree
Atomic
New
What is a First Principle?
Fundamental
SelfEvident
ExpertsAgree
Atomic
New
FirstPrinciples
What is a First Principle?
What is a First Principle?
1+1=2
1+1=2
*Note:Mightbeusefultoknow
What is a First Principle?
Network Defender Problem SpaceTh
ird In
nova
tion
1994
First Intrusion Detection System
1985 1987 2004 2007 2010 2014
Third
Inno
vatio
n
1994
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
Network Defender Problem Space
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
Network Defender Problem Space
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987
First Detection System
2004 2007 2010 2014
Network Defender Problem Space
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2006 2010 2014
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004
First Data Loss Protection Systems
2006 2010 2014
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
Leap Ahead
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987 2004 2007 2010 2014
First Data Loss Protection Systems
Network Defender Problem Space
First Detection System
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Prefatory First Principle Statements
Victim
Prefatory First Principle Statements
Prefatory First Principle Statements
Victim
Threats
Wow! That’s a lot!
?
Prefatory First Principle Statements
Risk Matrix
Prefatory First Principle Statements
X-Axis: Likelihood
Prefatory First Principle Statements
Risk Matrix
Y-Axis: Impact
Prefatory First Principle Statements
Risk Matrix
What is a Network Defender First Principle?
What is a Network Defender First Principle?
What is a Network Defender First Principle?
What is a Network Defender First Principle?
What is a Network Defender First Principle?
What is a Network Defender First Principle?
What is a Network Defender First Principle?
Whatisit?
What is a Network Defender First Principle?
Whatisit?
Whatshoulditbe?
What is a Network Defender First Principle?
Whatisit?
Whatshoulditbe?
Whatdoweagreethatitshoulditbe?
What is a Network Defender First Principle?
“Wemustidentifythetrunkandthebigbranchesfirstsothatwhenwediscovertheleaveslater,wewillhavesomethingtohangthemon.”
What is a Network Defender First Principle?
Network Defender Semantic Tree
1Trunk
Network Defender Semantic Tree
5Limbs
Network Defender Semantic Tree
Leaves
Network Defender Semantic Tree
The Trunk
Network Defender Semantic Tree: The Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
PreventHighRiskMaterialImpactTrunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
Trunk
Network Defender Semantic Tree: The Trunk
High ProbabilityTrunk
Network Defender Semantic Tree: The Trunk
High damage
TrunkHigh Probability
Network Defender Semantic Tree: The Trunk
PreventHighRiskMaterialImpact
Network Defender Semantic Tree: The Trunk
The First Limb
Network Defender Semantic Tree: First Limb
EstablishaRobustThreatPreventionprogram
Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
NEW
Network Defender Semantic Tree: First Limb
NEW
Network Defender Semantic Tree: First Limb
NEW
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Victim
Network Defender Semantic Tree: First Limb
Victim
Network Defender Semantic Tree: First Limb
IndicatorsofCompromise areforensicartifactsthatdescribeanadversary’smethodology;digitalcluesleftbehindbytheadversarygroupasitworksitswaythroughthephasesoftheattacklifecycle.
Network Defender Semantic Tree: First Limb
IndicatorsofCompromise areforensicartifactsthatdescribeanadversary’smethodology;digitalcluesleftbehindbytheadversarygroupasitworksitswaythroughthephasesoftheattacklifecycle.
Network Defender Semantic Tree: First Limb
IndicatorsofCompromise areforensicartifactsthatdescribeanadversary’smethodology;digitalcluesleftbehindbytheadversarygroupasitworksitswaythroughthephasesoftheattacklifecycle.
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Theattacklifecycle isaphasedmodelthatdescribesthetasksanadversarygroupmustaccomplishinordertocompletetheirmission
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
MOST
Network Defender Semantic Tree: First Limb
MOST
Network Defender Semantic Tree: First Limb
ThreatPrevention istheactofturningknownindicatorsofcompromiseintooneormoredeployedpreventioncontrols.
Network Defender Semantic Tree: First Limb
ThreatPrevention istheactofturningknownindicatorsofcompromiseintooneormoredeployedpreventioncontrols.
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Precision
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
99% Guarantee
Network Defender Semantic Tree: First Limb
99% Guarantee
Network Defender Semantic Tree: First Limb
Network Defender Semantic Tree: First Limb
EstablishaRobustThreatPreventionprogram
1st Limb
Network Defender Semantic Tree: First Limb
The Second Limb
EstablishaRobustThreatDetectionProgram
Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
178
Network Defender Semantic Tree: 2d Limb
179
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
Network Defender Semantic Tree: 2d Limb
EstablishaRobustThreatDetectionProgram
2nd Limb
Network Defender Semantic Tree: 2d Limb
The Third Limb
EstablishaRobustThreatEradicationProgram
3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Threateradication istheactofminimizing theeffectivenessofnewlydiscoveredadversarycampaignactivitybyblocking futureactivitythroughtheThreatPreventionprogram,analyzingthepurposeofthisnewcampaign,andinstallingadditionalcountermeasuresthatwilllikelythwarttheaccomplishmentofthecampaignobjectives.
Network Defender Semantic Tree: 3rd Limb
Threateradication istheactofminimizingtheeffectivenessofnewlydiscoveredadversarycampaignactivitybyblockingfutureactivitythroughtheThreatPreventionprogram,analyzingthepurposeofthisnewcampaign,andinstallingadditionalcountermeasuresthatwilllikelythwarttheaccomplishmentofthecampaignobjectives.
Impact Mitigation
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
Network Defender Semantic Tree: 3rd Limb
EstablishaRobustThreatEradicationProgram
3rd Limb
Network Defender Semantic Tree: 3rd Limb
The Fourth Limb
CreatetheNetworkDefender’sTrinity.
4th Limb
Network Defender Semantic Tree: 4th Limb
Network Defender Semantic Tree: 4th Limb
Network Defender Semantic Tree: 4th Limb
Inextricablylinked
Network Defender Semantic Tree: 4th Limb
Inextricablylinked
Network Defender Semantic Tree: 4th Limb
Inextricablylinked
Network Defender Semantic Tree: 4th Limb
Trinity
Network Defender Semantic Tree: 4th Limb
CreatetheNetworkDefender’sTrinity.
4thLimb
Network Defender Semantic Tree: 4th Limb
The Last Limb
Embracecybersecurityintelligencecollectionandubiquitoussharing
5thLimb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Collected
Network Defender Semantic Tree: 5th Limb
Collected
Sorted
Network Defender Semantic Tree: 5th Limb
Collected
Sorted
Evaluated
Network Defender Semantic Tree: 5th Limb
Collected
Sorted
Evaluated
Prioritized
Network Defender Semantic Tree: 5th Limb
Intelligencecollection istheactofgatheringIndicatorsofCompromise fromnetworkandendpointsystemsthroughouttheenterpriseanddiscoveringanysupplementalinformationfrominternalandexternalsourcesthatcanaddcontextaboutwhattheadversarygroupisabout.
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Intelligencecollection istheactofgatheringIndicatorsofCompromise fromnetworkandendpointsystemsthroughouttheenterpriseanddiscoveringanysupplementalinformationfrominternalandexternalsourcesthatcanaddcontextaboutwhattheadversarygroupisabout.
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Maximize
Maximize
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
BenefitsAll
Network Defender Semantic Tree: 5th Limb
Network Defender Semantic Tree: 5th Limb
Benefits
Embracecybersecurityintelligencecollectionandubiquitoussharing
Limb
Network Defender Semantic Tree: 5th Limb
The Cyber Threat Alliance
Founding CEOs
Mark McLaughlin Michael Brown Ken Xie Chris Young
Founding Members:
Purpose: The Cyber Threat Alliance is a group of cyber security practitioners that have chosen to share threat information with each other for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers.
Rick Howard Vishaal Hariprasad Derek MankyJoe Chen Jeannette JarvisVincent Weafer
Working Committee
2 Initial Issues
Build Trust
Build Infrastructure
Rick Howard Vishaal Hariprasad Derek MankyJoe Chen Jeannette JarvisVincent Weafer
New Contributing Members:
Membership: Open to any organization that can share a minimum volume of threat intelligence designed by the Alliance.
New Contributing Members:
Membership: Open to any organization that can share a minimum volume of threat intelligence designed by the Alliance.
White House Summit on Cybersecurity and Consumer Protection held at Stanford University
Two Unique Organizing Principles:
• Must Contribute.
• Whatever is shared goes directly into the product line.
Result: Automatic Prevention Controls.
Mark McLaughlin Michael Brown Ken Xie Chris Young
Founding CEOs
Founding CEOs
Mark McLaughlin Michael Brown Ken Xie Chris Young
Mark McLaughlin Michael Brown Ken Xie Chris Young
Mark McLaughlin Michael Brown Ken Xie Chris Young
The only smart thing for the network defender to do is to share everything; crowd source threat intelligence so that only the advanced adversary can keep up.K
ey T
ake-
Aw
ay:
Shar
e Ev
eryt
hing
Where We Need to Go
Conclusion
Third
Inno
vatio
n
1994
First Firewall
First Intrusion Detection System
1985
First Anti-Virus System
1987
First Detection System
2004 2007 2010 2014
First Data Loss Protection Systems
25 Years of Incremental Improvement
Rethink the Network Defender Problem Space
Leap Ahead
Third
Inno
vatio
n
ElonMusk
Rethink the Network Defender Problem Space
Fundamental
SelfEvident
ExpertsAgree
AtomicFirstPrinciples
Rethink the Network Defender Problem Space
Semantic Tree
Limbs
Trunk
Network Defender First Principles
PreventHighRiskMaterialImpact
EstablishaRobustThreatPreventionprogram
1st Limb
Network Defender First Principles
EstablishaRobustThreatDetectionProgram
2nd Limb
Network Defender First Principles
EstablishaRobustThreatEradicationProgram
3rd Limb
Network Defender First Principles
TheNetworkDefender’strinityisinextricablylinked,atomic,andirreducible
4th Limb
Network Defender First Principles
Embracecybersecurityintelligencecollectionandubiquitoussharing
5th Limb
Network Defender First Principles
More Information
Rick Howard: CSO Palo Alto NetworksEmail: [email protected]: @raceBannon99
https://paloaltonetworks.com/threat-research.html
https://paloaltonetworks.com/threat-research/cybercanon.html
http://cyberthreatalliance.org/
Con
tact
Info
rmat
ion
Call to Action
First Principle White Paper:http://researchcenter.paloaltonetworks.com/2016/03/first-principles-for-network-defenders-a-unified-theory-for-security-practitioners/
End
