cyber threat intelligence - heanet · cyber threat intelligence (cti) is the analysis of an...
TRANSCRIPT
C Y B E R T H R E AT I N T E L L I G E N C EJ U L I E M U R P H Y
W H AT I S C Y B E R T H R E AT I N T E L L I G E N C E ?
Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently,
“intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap
SANS, 2018
I N F O R M AT I O N V I N T E L L I G E N C E
Raw Processed
Unevaluated Evaluated And Interpreted
All Sources Reliable Sources
Unknown Data IntegrityComplete, Accurate, Relevant,
Timely
Not Actionable Actionable
Enisa, 2016
C AT E G O R I S I N G C Y B E R T H R E AT I N T E L L I G E N C E
• IP’s, signatures, logs, URL’s
• Tactics, techniques and procedures
• Financial implications / Business impact
T H R E AT S
What We Know
What We Know We Don’t Know
What We Don’t Know We Don’t Know
Bromiley, 2016
K N O W L E D G E
‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.
Waltz, 1998
E M E R G I N G T H R E AT S
: https://www.accessnow.org/doubleswitch-attack/
B R E X I T
https://www.independent.co.uk/news/uk/home-news/brexit-nhs-350m-a-week-eu-change-britain-gisela-stuart-referendum-bus-a7236706.html
https://news.sky.com/story/ministers-forced-to-publish-leaked-brexit-impact-study-11230715
https://www.independent.co.uk/news/uk/politics/brexit-latest-live-updates-finances-money-worse-off-
article-50-a7468411.html
T R U M P
http://uk.businessinsider.com/donald-trump-trademarked-make-america-great-again-2015-5?r=US&IR=T
Y O U C A N ’ T ‘ U N S E E ’ S O M E T H I N G
• Hashtag poisoning
• Positive, negative and neutral posts
• Targeting individuals
• Trolling and harassment
• Multiple channels
• False reports of malicious accounts
S A M P L E TA C T I C S
I T TA K E S A V I L L A G E T O R A I S E A C H I L D
Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap
‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.
Communication Multi-disciplinary
From the top Intelligence led
Security Maturity = Key Selling Point
Intelligence requires context and anticipation of future situations to inform decisions by identifying an available course of action
http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf
T H E R E S P O N S E D E T E R M I N E S T H E I M PA C T
?