threat mosaic: using cti to improve collaboration and ... · threat mosaic: the importance of...
TRANSCRIPT
Threat Mosaic:The Importance of Threat Collaboration &
Intelligence Sharing
Jonathan Couch, SVP Strategy29 August 2019
2
Threat Intelligence: Understand Your Threat
©2019 ThreatQuotient - Confidential
3
The Threat Mosaic
©2019 ThreatQuotient - Confidential
4
The Threat Mosaic
©2019 ThreatQuotient - Confidential
5
Cyber Situation Room: Creating the Mosaic
©2019 ThreatQuotient - Confidential
6
Collaboration and Workflow
©2019 ThreatQuotient - Confidential
7©2019 ThreatQuotient - Confidential
SOC
Incident Response
Threat Intelligence
Hunt Team
Vuln Management
Maintain Security Monitoring Tools*Triage
Initial ScopeMinor RemediationCreate Incidents
ScopeRemediate
Recommend
ContextRelevance
IdentifyInform
IdentifyTargetDetect
Remediate
Patch Prioritization*Business Impact
Risk Management
ADDED VALUE OF INTEL:Context
RelevanceAdversary-focused Campaigns
Full-scope indicator sets
COLLABORATION:Sightings
Adversary Analysis“Single Source of Truth”
8
Overcoming Fragmentation
©2019 ThreatQuotient - Confidential
Internal System Events & Data
Endpoint
Detection &
Response
Network
Security
Malware
Analysis
SIEM
Log
Repository
Incident
Response /
Ticketing
Incident
Responders
Threat
Analysts
Network
Security
Analysts
Malware
Analysts
Security
Operators
End-User
Operations
Industry
Open
Source
Sharing
Commercial
Enrichment
Services
External Threat Data
Collaboration
Workflow
Automation
Integration
ThreatOperations
CENTRAL REPOSITORY
ANALYST WORKBENCH
SYSTEM INTEGRATION
9
Putting the Mosaic Together
©2019 ThreatQuotient - Confidential
Questions?