Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
THREATINTELLIGENCE
Threat Intelligence
Thre
at D
etec
tion
Sys
tem
Secu
re B
ank
/ Secure P
ortal
Group−IB
Attack attribution based on Threat Intelligence data.
Threat actor map Threat IntelligenceThreat attribution tools
group-ib.com
Evolution of Threat Detection Approach
Threat Intelligence
Threat Intelligence
From Indicator Management to Attacker Management
Threat Intelligence is a solution for analyzing and managing adversaries and threats that could affect your business.
Act on answers to:• Who and what are your security systems detecting?
• Who poses a threat to your business?
• What tools can be used to attack your organisation and how?
• Can your security system withstand a cyberattack?
• What security measures should be taken to ensure adequate protection?
The best approach is to manage attackers rather than indicators, which are often irrelevant to your organisation, and build a security system based on that knowledge.
Attacker management in lieu of indicator management.
1 Protection against attackers rather than irrelevant or general threats.
2 In-depth research into attackers instead of raw data analysis.
3 The most relevant data with up-to-date context.
4
Key differences:
New approach by Group-IB
Adversaries
Attacks
TTPs
Security tests
Matrix of threat actors targeting you, your industry, and partners.
Timeline of attacks performed by relevant threat actors. Focused research and hunting.
Deep analysis of tools and procedures matched with MITRE ATT&CK Matrix.
Test your environment with intelligence-driven Red team against TTPs of relevant threat actors.
group-ib.com
How Threat Intelligence Works
• Your security systems continuously detect threats.
• Threat Intelligence exposes what is overlooked by current solutions.
• All detected threats undergo attribution.
Detection1
• Raw data from web servers and malware is fed into the system.
• Attacks are matched to known threats through correlation between raw data and Threat Intelligence.
• Tools for analyzing malware and searching for hidden links make it possible to attribute yet unknown threats.
• Enriched indicators are integrated into security systems for more effective threat detection.
Attribution and enrichment
3
• Attackers are ranked according to their relevance.
• Threat hunting for new data is built around these attackers.
• Data on attackers is converted into their TTPs for future checks.
Ranking2
• New and relevant techniques are used for testing security systems.
• Testing is carried out by either a local team or Group-IB’s Red Team.
Testing4
Key advantages
Built-in attribution tool
Personalized and the most relevant threat intelligence
Integration with built-in security solutions with STIX /TAXII, API/JSON support
Collaboration with experts in various fields
In-depth analysis of attackers
Automated threat hunting, incident response, and malware research
Group-IB is ranked among the best threat intelligence vendors in the world by Gartner, IDC, Forrester, Cyber Defense Magazine, and SC Media.
GROUP–IB THREAT INTELLIGENCE
DetectLocal Threats
Attribute
Attack Timelines
Incident Response &
Investigations
Threat Detection
SystemISP sensors& Honeypots
Phishing& Malware
Botnet & PhishingExfiltration
Dark Web& Leaks
DistributedInternet Scanners
Passive DNS, SSL
Technical Indicators Compromised Data Internet Snapshots
AdversaryProfiles Threat Actor Infrastructure Exposure
HuntCollect
IntelligenceAnalyse
TTPsProtect
Group–IB is a leading provider of advanced Threat Intelligence, best–in–class anti–APT and anti–fraud solutions.
Group–IB is ranked among the best threat intelligence vendors in the world by Gartner, IDC, Forrester, Cyber Defense Magazine and SC Media.
We have provided professional development training to Europol, INTERPOL, law enforcement agencies and corporate security teams on four continents.
group-ib.com
Learn moreabout Threat Intelligence
Contact us to test Threat Intelligence
[email protected]/GroupIB_GIB
Get to know us
INTERPOL EUROPOL
Official partners
16 years 60 000+
of hands−on experience
1 000+ 360+
hours of incident response
cybercrime investigations
worldwide
world−class cybersecurity
experts
group-ib.com
Security & Risk Assessment
• Penetration Testing • Vulnerability Assessment• Source Code Analysis• Compromise Assessment• Red Teaming • Pre–IR Assessment• Compliance Audit
Cyber Education
• Digital Forensics• Incident Response• Malware Analysis
Digital Forensics
• Digital Forensics• Investigations of hi–tech financial
& corporate crimes, critical infrastructure attacks
Threat Hunting & Response
• 24/7 CERT–GIB• External and Internal Threat
Hunting• Onsite Incident Response• Incident Response Retainer
Strengthen your cybersecurity posture with services and advice from experienced specialists with ‘boots on the ground’ and access to one of the most advanced threat intelligence gathering infrastructures in the world.
Intelligence–Driven Services