Threat Intelligence Gathering Situational Awareness
Transcript of Threat Intelligence Gathering Situational Awareness
![Page 1: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/1.jpg)
Threat Intelligence Gathering
&
Situational Awareness Awesome! But how do I do this?
7th Annual API Cybersecurity Conference & Expo
13 November 2012
Halana Demarest
![Page 2: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/2.jpg)
What is threat intelligence?
• Threat Intelligence is to be informed
of the latest global security threats
as well as specific threats directed
against your organization and how
those threats might manifest.
2
![Page 3: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/3.jpg)
What exactly is situational
awareness?
• Situational awareness is the
perception of elements in the
environment within a volume of time
and space, the comprehension of
their meaning, and the projection of
their status in the near future.
3
![Page 4: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/4.jpg)
Agenda
5 Basic Steps
1. Understanding the threats
2. Finding Sources of Information
3. When to perform these steps
(frequency)
4. Analyze the data
5. Distribute actionable data
4
![Page 5: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/5.jpg)
WHAT ARE THE THREATS?!
Soooo…….
5
![Page 6: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/6.jpg)
Threats
6
![Page 7: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/7.jpg)
INFORMATION SOURCES
Ok… now where do I look to find out about the threats???
7
![Page 8: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/8.jpg)
Information Sources
• Cyber Security Community
• Government Entities
• Internet
• Subscriber Services \ Security Services
• Internal Company Activity
*** Automate your searches ***
8
![Page 9: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/9.jpg)
Cyber Security Community Where are they hiding?
9
![Page 10: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/10.jpg)
Government Entities Don’t take my stuff!
10
![Page 11: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/11.jpg)
Internet If it’s on the Internet, it must be true….
11
![Page 12: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/12.jpg)
Subscriber Services\Security
Services You’re the customer!
12
![Page 13: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/13.jpg)
Internal Company Activity
•Are there any new builds
in the environment?
•Who will be let go
today?
•Major business events
(deals, stocks,
acquisitions,
environmental issues,
etc.)
13
![Page 14: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/14.jpg)
FREQUENCY
When and how often should I do this?
14
![Page 15: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/15.jpg)
Frequency of Intelligence
Gathering
15
![Page 16: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/16.jpg)
ANALYZE THE
DATA
Ok… so I have data and information gathered… what do I do with it now?
16
![Page 17: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/17.jpg)
Analyze
“Major intelligence failures are
usually caused by failures of
analysis, not failures of collection.” - Richards Heuer, Jr., The Psychology of Intelligence Analysis
(Washington: Center for the Study of Intelligence, 1999)
17
![Page 18: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/18.jpg)
DISTRIBUTE ACTIONABLE
INFORMATION
Data gathered – Check!
Data analyzed – Check!
Now what?
18
![Page 19: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/19.jpg)
Information Dissemination
• Different audiences – different data
sets
• Conciseness (short and sweet)
• If there is nothing new, then there is
nothing to distribute!
Gather Data
Analyze Data
Disseminate Data
Request Audience Feedback
Improvement
19
![Page 20: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/20.jpg)
TO PROTECT YOUR
COMPANY (INTELLECTUAL PROPERTY, REPUTATION, SYSTEMS, DATA, AND PEOPLE)
Remind me why I need to do this?
20
![Page 21: Threat Intelligence Gathering Situational Awareness](https://reader033.fdocuments.us/reader033/viewer/2022043020/626bd7b4297dfb6a6e3b085b/html5/thumbnails/21.jpg)
21