• Home

  • Documents

  • Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of...
10
Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy 29 August 2019

Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

Threat Mosaic:The Importance of Threat Collaboration &

Intelligence Sharing

Jonathan Couch, SVP Strategy29 August 2019

Page 2: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

2

Threat Intelligence: Understand Your Threat

©2019 ThreatQuotient - Confidential

Page 3: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

3

The Threat Mosaic

©2019 ThreatQuotient - Confidential

Page 4: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

4

The Threat Mosaic

©2019 ThreatQuotient - Confidential

Page 5: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

5

Cyber Situation Room: Creating the Mosaic

©2019 ThreatQuotient - Confidential

Page 6: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

6

Collaboration and Workflow

©2019 ThreatQuotient - Confidential

Page 7: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

7©2019 ThreatQuotient - Confidential

SOC

Incident Response

Threat Intelligence

Hunt Team

Vuln Management

Maintain Security Monitoring Tools*Triage

Initial ScopeMinor RemediationCreate Incidents

ScopeRemediate

Recommend

ContextRelevance

IdentifyInform

IdentifyTargetDetect

Remediate

Patch Prioritization*Business Impact

Risk Management

ADDED VALUE OF INTEL:Context

RelevanceAdversary-focused Campaigns

Full-scope indicator sets

COLLABORATION:Sightings

Adversary Analysis“Single Source of Truth”

Page 8: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

8

Overcoming Fragmentation

©2019 ThreatQuotient - Confidential

Internal System Events & Data

Endpoint

Detection &

Response

Network

Security

Malware

Analysis

SIEM

Log

Repository

Incident

Response /

Ticketing

Incident

Responders

Threat

Analysts

Network

Security

Analysts

Malware

Analysts

Security

Operators

End-User

Operations

Industry

Open

Source

Sharing

Commercial

Enrichment

Services

External Threat Data

Collaboration

Workflow

Automation

Integration

ThreatOperations

CENTRAL REPOSITORY

ANALYST WORKBENCH

SYSTEM INTEGRATION

Page 9: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

9

Putting the Mosaic Together

©2019 ThreatQuotient - Confidential

Page 10: Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

Questions?

[email protected]


Creating value from collaboration with entrepreneurs in ... · Creating value from collaboration with entrepreneurs ... buster Circuit . Examples of ... App store . MOSAIC - internet

Creating value from collaboration with entrepreneurs in ... · Creating value from collaboration with entrepreneurs ... buster Circuit . Examples of ... App store . MOSAIC - internet

Documents
Security Operations Maturity Model€¦ · To facilitate collaboration across members of the threat detection, threat investigation, and incident response teams, security teams likely

Security Operations Maturity Model€¦ · To facilitate collaboration across members of the threat detection, threat investigation, and incident response teams, security teams likely

Documents
Launch of MOSAIC Mashriq MOSAIC in Horizon 2020 draf… · Launch of MOSAIC Mashriq MOSAIC in Horizon 2020 December 3rd, ... Chamber of Commerce, ... Launch of MOSAIC Mashriq MOSAIC

Launch of MOSAIC Mashriq MOSAIC in Horizon 2020 draf… · Launch of MOSAIC Mashriq MOSAIC in Horizon 2020 December 3rd, ... Chamber of Commerce, ... Launch of MOSAIC Mashriq MOSAIC

Documents
TheBookofTheWatchers(1Enoch1-36): ananti-Mosaic,non-Mosaic

TheBookofTheWatchers(1Enoch1-36): ananti-Mosaic,non-Mosaic

Documents
Maintenance of mosaic background wall cp mosaic

Maintenance of mosaic background wall cp mosaic

Documents
 · WWW Mosaic WWW WWW Mosaic Cello, Chimera 0 GNU Mosaic X-Window MS-INindows Z W IN W Mosaic òo X WWW V WWW Mosaic 13 0 Mosaic WWW Mosaic < WWW NTT

 · WWW Mosaic WWW WWW Mosaic Cello, Chimera 0 GNU Mosaic X-Window MS-INindows Z W IN W Mosaic òo X WWW V WWW Mosaic 13 0 Mosaic WWW Mosaic < WWW NTT

Documents
GLOBAL THREAT INTELLIGENCE REPORT - PhishingBox · 2018. 9. 24. · Threat intelligence platforms and collaboration tools supercharge NTT Security's capability to provide intelligence

GLOBAL THREAT INTELLIGENCE REPORT - PhishingBox · 2018. 9. 24. · Threat intelligence platforms and collaboration tools supercharge NTT Security's capability to provide intelligence

Documents
Memorandum Of understanding to Strengthen Accountancy and Improve Collaboration · 2011. 11. 30. · MOSAIC Memorandum Of understanding to Strengthen Accountancy and Improve Collaboration

Memorandum Of understanding to Strengthen Accountancy and Improve Collaboration · 2011. 11. 30. · MOSAIC Memorandum Of understanding to Strengthen Accountancy and Improve Collaboration

Documents
Health Industry Cyber Threat Exercise, Spring 2014 · Health Industry Cyber Threat Exercise, Spring 2014 Call for Action and Collaboration Preliminary Findings and Recommendations

Health Industry Cyber Threat Exercise, Spring 2014 · Health Industry Cyber Threat Exercise, Spring 2014 Call for Action and Collaboration Preliminary Findings and Recommendations

Documents
Corona - Porcelain tiles · Mosaic 3D Mosaic Corona offers three mosaic options including the stunning 3D Mosaic that dazzles as light reflects across its undulated surface. 3D Mosaic

Corona - Porcelain tiles · Mosaic 3D Mosaic Corona offers three mosaic options including the stunning 3D Mosaic that dazzles as light reflects across its undulated surface. 3D Mosaic

Documents
Rose Mosaic Virus - agrilifeextension.tamu.eduagrilifeextension.tamu.edu/.../2018/10/EPLP-027-rose-mosaic-virus.pdf · mosaic virus (ApMV), and Arabis mosaic virus (ArMV). These viruses

Rose Mosaic Virus - agrilifeextension.tamu.eduagrilifeextension.tamu.edu/.../2018/10/EPLP-027-rose-mosaic-virus.pdf · mosaic virus (ApMV), and Arabis mosaic virus (ArMV). These viruses

Documents
How Collaboration Can Optimize Security Operations · How Collaboration Can Optimize Security Operations | 4 Advanced Threat and Incident Management: Ripe for Collaboration As enterprises

How Collaboration Can Optimize Security Operations · How Collaboration Can Optimize Security Operations | 4 Advanced Threat and Incident Management: Ripe for Collaboration As enterprises

Documents
Water Hyacinth: a threat to - Bahir Dar University...Water Hyacinth: a threat to Lake Tana Geospatial Data & Technology Center (GDTC) in collaboration with V/President for Research

Water Hyacinth: a threat to - Bahir Dar University...Water Hyacinth: a threat to Lake Tana Geospatial Data & Technology Center (GDTC) in collaboration with V/President for Research

Documents
Mosaic System-Control Room Technology€¦ · Mosaic Systems/Control Room Technology Mosaic systems M Mosaic systems K Mosaic systems T Mosaic systems MK Mosaic accessory parts Display

Mosaic System-Control Room Technology€¦ · Mosaic Systems/Control Room Technology Mosaic systems M Mosaic systems K Mosaic systems T Mosaic systems MK Mosaic accessory parts Display

Documents
Quantifying the threat from ozone pollution to food security ICP Vegetation – EMEP collaboration

Quantifying the threat from ozone pollution to food security ICP Vegetation – EMEP collaboration

Documents
White mosaic - Marbles Tiles and Mosaic

White mosaic - Marbles Tiles and Mosaic

Real Estate
Running Head: CREATING COMMUNITY: A MOSAIC ART ......CREATING COMMUNITY: A MOSAIC ART PROJECT 5! the project aims to enhance are communication and social skills, flexibility and collaboration,

Running Head: CREATING COMMUNITY: A MOSAIC ART ......CREATING COMMUNITY: A MOSAIC ART PROJECT 5! the project aims to enhance are communication and social skills, flexibility and collaboration,

Documents
MOSAIC Mosaic Minder

MOSAIC Mosaic Minder

Documents
CLAREMONT w. · Imperial Rome saw in the rise of Christianity a threat to its ruthless law, just as His amazing teaching seemed, to the Hebrews, a threat to the Mosaic Law in Christ's

CLAREMONT w. · Imperial Rome saw in the rise of Christianity a threat to its ruthless law, just as His amazing teaching seemed, to the Hebrews, a threat to the Mosaic Law in Christ's

Documents
INSTALLATION MOSAIC TILE INSTALLATION MOSAIC TILE STEP …pdf.lowes.com/installationguides/081516694587_install.pdf · 2019-04-02 · Mosaic Tile Installation Mosaic Tile Installation

INSTALLATION MOSAIC TILE INSTALLATION MOSAIC TILE STEP …pdf.lowes.com/installationguides/081516694587_install.pdf · 2019-04-02 · Mosaic Tile Installation Mosaic Tile Installation

Documents
Mosaic Mosaic Mosaic - New West End Synagogue · Mosaic Mosaic Magazine of the New West End Synagogue Rosh Hashanah 5773 / 2012 ... - Sunday 18th November - and keep it free in your

Mosaic Mosaic Mosaic - New West End Synagogue · Mosaic Mosaic Magazine of the New West End Synagogue Rosh Hashanah 5773 / 2012 ... - Sunday 18th November - and keep it free in your

Documents
TRACT: Threat Rating and Assessment Collaboration Tool · TRACT: Threat Rating and Assessment Collaboration Tool Robert Hollinger and Doran Smestad Advised by: George Heineman (WPI),

TRACT: Threat Rating and Assessment Collaboration Tool · TRACT: Threat Rating and Assessment Collaboration Tool Robert Hollinger and Doran Smestad Advised by: George Heineman (WPI),

Documents
Executive Security Advisor Cybercrime Collaboration - … ID: #RSAC Tal Darsan Cybercrime Collaboration - The Changing APAC Threat Landscape TTA1-F01 Threat Research Team Leader IBM

Executive Security Advisor Cybercrime Collaboration - … ID: #RSAC Tal Darsan Cybercrime Collaboration - The Changing APAC Threat Landscape TTA1-F01 Threat Research Team Leader IBM

Documents