Upload
lamnhan
View
236
Download
6
Embed Size (px)
Citation preview
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
™
ePlus.WhereTechnologyMeansMore.™
Leveraging Threat Intelligence for Cyber Security in Education
LeeWaskevich
CCIE7764,CISSP
Sr Director- Architecture
August2016 1
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Security as Organizational Risk
+ Securityisjustanotheroperationalrisksimilarto:
+ Continuityrisk+ Consumerrisk+ Supplychainrisk+ Compliancerisk+ Legalrisk…etc
Untilnowwe’vehadnowaytolinkbusinessriskstoactualthreats
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Business & Organizational Risk is Why Threat Intelligence is so Important
“Gartner estimates this market will reach almost $1.5 billion
by 2018, from more than $250 million in 2013”
Ruggero Contu, Rob McMillanCompetitive Landscape: Threat Intelligence Services, Worldwide,
2015Published: 14 October 2014
Strategic Planning Assumption:“By 2018, 60% of large
enterprises globally will utilize commercial threat intelligence services to help inform their
security strategies.”Rob McMillan & Khushbu Pratap
Market Guide for Security Threat Intelligence ServicesPublished: 14 October 2014
“Many vendors can provide raw information, but there are only a comparative few that
provide true intelligence capabilities.”
Rob McMillan & Kelly KavanaghTechnology Overview for Security Threat Intelligence Service
ProvidersPublished: 16 October 2013
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary. ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
CommercialThreatIntelligenceischangingSecurityPrograms
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Defining Threat Intelligence
Threat intelligence is evidence-based knowledge, including context,mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.Gartner 16 May 2013 G00249251
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
IntelligenceisNothingNew
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Commercial Threat Intelligence Types
• Machine Real Time Intelligence (MRTI) fed through APIs
• Webroot• ThreatGrid• Centripital Networks
• Analytical / Contextual (people driven)• iSight (Now FireEye)• Crowdstrike
~nearly 100 vendors in this space today
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
HowThreatsareRealized“TheBreakDown”
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
ThreatIntelligenceVisualized
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary. ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
SensitiveData:DefiningtheRiskToEducational
Institutions
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Sensitive Data Identification
• Organizational leadership discussions• Administrators• Business Managers• Board Members
• State Compliance• Data Ownership• Operational Impact
Think big buckets, not detailed data classificationCould be Operational Systems, PII, intellectual
property…
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Sensitive Data Prioritization
+ Risk to Life and Safety+ Physical Security Systems+ Video, Alarms, Controls all Network based
+ Risk of Personal Information theft+ PII+ Credentials and Health Data
+ Operational Impact+ Online Testing & Learning Systems+ Unavailability of Educational Systems and Resources
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
™
ePlus.WhereTechnologyMeansMore.™
Utilizing Threat Intelligence
13
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Identifyingyourattacker
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Implementing an Intelligence Led Security Program
1. Understand your threat reality
2. Create intelligence collection requirements
3. Implement a proactive threat intelligence capability to monitor the relevant threat environment to your business
4. Integrate threat indicators delivered from intelligence provider(s) into your security technology, operations, workflow, and communications.
5. Correlate incident and threat indicators to the associated threat context to inform impact value and prioritization.
6. Train like you fight - Implement a custom training program that emulates the adversaries that pose the greatest risk to your business and train as a team.
Slide content courtesy of iSight Partners
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Language&Workflow
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
Shrink the Problem and Improve Prioritization
ThreatSources
AttackSurface
CustomerSidePeople,process,andtechnologyhelpsthemdeterminepossiblerisks.
CyberThreatIntelligenceIntelligencehelpsthemdeterminewhicheventsposethegreatestrisktotheiruniqueorganization.
17
VERIFIEDTHREATINDICATORS
PRE-PROCESSEDANALYSIS
RAWOBSERVATIONS
INCIDENTINDICATORS
CORRELATEDEVENTS
ATTACKALERTS
NoisetoSignal(10,000Events/Day**)
**Source: Damballa’s Q1 2014 State of Infections Report
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
BenefitstoThreatIntelligence
• Focused security spending on actual threats to your organization• Versus the current perceived threat model
• Verifying the reactive and improving the predictiveoverall threat response
• Improved risk threat mitigation metrics (is your security program effective?)
ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary. ePlus.WhereTechnologyMeansMore.™©2015ePlus inc. ConfidentialandProprietary.
LeeWaskevichSr Director- ArchitectureCCIE7764,CISSPePlus Technology,inc.130Futura DrivePottstown,[email protected]