Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat...
Transcript of Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat...
Trusted and Anonymized Threat Sharing Using Blockchain Technology
Feb 19, 2019
Dr. Yair Allouche
IBM Cyber Security Center of Excellence, Beer Sheva
2 IBM Security
Agenda
Blockchain hype cycle Visibility
Source: Gartner
3 IBM Security
Agenda
• Vision: Next generation threat sharing network
• Current Barriers for Threat Sharing
• Blockchain-based threat sharing platform
• Summary and Q&A Blockchain hype cycle Visibility
Source: Gartner
4 IBM Security
Vision: Next Generation Threat Sharing Network
• Global and flexible
• Trusted and reliable
• Automated and well integrated within existing workflow
• Built in anonymity
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
CERT
CERT
CERT
ISAC
ISAC
ISAC
5 IBM Security
Vision: Next Generation Threat Sharing Network
• Global and flexible
• Trusted and reliable
• Automated and well integrated within existing workflow
• Built-in anonymity
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
CERT
CERT
CERT
ISAC
ISAC
ISAC
6 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
configuration
configurationconfiguration
7 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
rulesrules
8 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
regex for PII
regex for PII
9 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoC
IoC
IoC
10 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoC
IoC
11 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoCIoC
12 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
mitigation
strategies
mitigation
strategies
mitigation
strategies
13 IBM Security
Next Generation Threat Sharing Network, Example 2
• Leveraging collective knowledge, experience, and capabilities
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
IMDDOS
THLD
Collective STIX report
14 IBM Security
Next Generation Threat Sharing Network, Example 2
Different views according to trust level
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
IMDDOS
THLD
Collective STIX report
15 IBM Security
Next Generation Threat Sharing Network, Example 2
IMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
Collective STIX report
Different views according to trust level
16 IBM Security
Next Generation Threat Sharing Network, Example 2
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS
THLD
Collective STIX report
Different views according to trust level
17 IBM Security
Current Barriers for Threat Sharing (Source: NIST SP 800-150)
• Establishing trust
• Achieving interoperability and automation
• Safeguarding sensitive info
• Protecting classified info
• Enabling information consumption and publication
Model 2:
Rely on Personal relationshipsModel 1:
Trusted Third Party
Threat Sharing Today: What are the Trust Models?
18 IBM Security
Why Blockchain
Provides anonymity with trust
Enable dynamic and flexible data exchange between any two organizations in the network
Uses smart contracts to enforce data exchange agreement
Automatic, objective and immutable audit of exchanged information
Transparency
19 IBM Security
Our Approach
• Blockchain is used to supervise access management
• Cyber Threat Intelligence is exchanged of chain
Blockchain Network
Org A Org B Org C
Org D Org E Org F
Access Permission
TokenCTI Server(s)
20 IBM Security
Our Approach
Org profile
• Issuer: I-Cert
• Role: CISO
• Sector: Finance
• Headquarter: New York
• FS-ISAC Member
• Splunk costumer
• Reputation score….
Blockchain Network
21 IBM Security
Our Approach
Consumption/ Sharing policy
• Issuer white/black list
• Reputation higher than …
Blockchain Network
22 IBM Security
Our Approach
Consumption/ Sharing policy
• ISAC members
• Geo white/blacklist
Blockchain Network
23 IBM Security
Our Approach
Consumption/ Sharing policy
• Splunk costumers
• white/black list of user
rule
Blockchain Network
24 IBM Security
Our Approach
Blockchain Network
CTI producer CTI Consumer
Producer Profile
Access
Permission
Token
Consumer
Consumption
Policy
Consumer Profile Producer Sharing
Policy
25 IBM Security
Our Approach
Sharing policy
• Issuer white/black list
• Reputation higher than …Blockchain Network
26 IBM Security
Our Approach
Sharing policy
• ISAC members
• Geo white/blacklistBlockchain Network
27 IBM Security
Our Approach
Sharing policy
• Splunk costumers
• white/black list of user
ruleBlockchain Network
28 IBM Security
Summary: The Next Generation Threat Sharing Platform
• Blockchain can provide real benefits for threat sharing
• Reaching a critical mass is the key challenge
• IBM is running pilots with several stake holders
• Working with partners to promote the solution globally
Contact information: [email protected]
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU