Upload
doandan
View
213
Download
1
Embed Size (px)
Citation preview
CYBER THREAT INTELLIGENCE: IS LESS MORE?
CYBER NEXT FORUM
Presented by Lance Dubsky
Copyright © 2018 CYBER OAK SOLUTIONS LLC. All rights reserved.
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 2
Agenda
• Active Cyber Defense
• Informing Active Defenses
• Fixing Vulnerabilities
• Tools, Tools, Tools
• Mission Impact and Security Posture
• The role of AI and Machine Learning
• Your SOC
• Recommendations
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 3
Active Cyber Defense
• A definition of active cyber defense?
• Action and remediation functions are in place
• Cyber Defense and Network Management closely work
together
• Ongoing situational awareness of all assets
• You have the ability to take in new information, rapidly
assess the risk, and take action
• Paths for adopting active cyber defense solutions?
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED. 4
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 5
Informing Active Defenses
In 2017, several speakers
spoke of the need to leverage
cyber intelligence to inform
active defenses and accelerate
“hunt” capabilities.
• What is important regarding
the maturity of cyber
intelligence capabilities and
the ability to share intelligence
machine-to-machine?
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 6
Your SOC Team comes to work
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 7
Your SOC team fighting the good fight
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 8
Fixing Vulnerabilities
• Should cyber operations and investments be directed
more towards managing and fixing vulnerabilities or
identifying and mitigating threats?
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 9
Tools, Tools, Tools
• A growing problem, generally, for SOC operators relates
to the increasing number of tools, scripts, and
corresponding complexity / costs for accomplishing the
security mission.
• Are we maxed out in terms of tools a SOC can handle?
• To what extent will process automation help to relieve this
burden? AI/ML
• How will the workload shift for the SOC operator when
greater utilization of process automation is achieved?
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 10
So Many Solutions
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 11
Mission Impact and Security Posture
Tying security concerns to mission
objectives is a recurring theme these days.
Risk and resilience are often used as
metrics to tie these concerns together.
However, mission objectives and
operations and security posture can
change almost on a daily basis.
• What approaches are available to ensure
the metrics for mission impact and
security posture are reported accurately
and understood by stakeholders in such
a dynamic environment?
RE
SIL
IEN
CE
RIS
K
Security Posture
Mission Impact
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 12
The role of AI and Machine Learning
Artificial intelligence and machine learning are being
discussed as the next big thing to improve cyber security.
• What role does machine learning play or should play to
support active defenses?
• What about broad adoption of AI & ML technologies in
cyber defenses?
Credit: IBM
Smarter Algorithms
and Analytics
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 13
Internet of Things
The Internet of Things (IoT) promises to bring billions of
more devices to the network to be securely managed.
• What types of changes might a SOC need as the IoT
comes on line?
MACHINE LEARNING
Algorithms whose performance improve
as they are exposed to more data over time
ARTIFICIAL INTELLIGENCE
A program that can sense, reason,
Act, and adapt
Your SOC?
SECURITY CAPABILITY
SO
PH
IST
ICA
TIO
N O
F T
HE
TH
RE
AT
TOOLS-BASED
INTEGRATED FRAMEWORK
ADAPTIVE DEFENSE
RESILIENT
CONVENTIONAL THREATS
CYBERCRIME
CYBER ESPIONAGE
NATION STATE ATTACKS
COMPLIANT
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. Credit: FireEye
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED. 15
Recommendations
• For Threat Intelligence to be effective you need trusted sources.
• Need to have the foundational apparatus of cyber information management,
to include action/remediation (fixing).
• Need to have close integration between system/network management and
cyber defense.
• Need to have ongoing situational awareness of all assets (hardware and
software), the ability to take in new information (IOCs, alerts, bulletins, et.)
rapidly assess the applicability and risk, and take action.
• Need to decide “How Much” Cyber Threat Intelligence is enough for you to
effectively make use of
• Need to decide the cyber threat sharing model you will receive from and
possibly contribute to. Threat sharing can be useful and a burden.
COPYRIGHT © 2018 CYBER OAK SOLUTIONS LLC. ALL RIGHTS RESERVED.
THANK YOU
LANCE DUBSKY
FOUNDER & CISO
www.cyberoaksolutions.com