The Organized Mess & Business Ethics of Cyber Threat Intel Ron Schlecht
Introduction • Ron Schlecht , Managing Partner – 18 years of Information Security experience • G Contracting, Law Enforcement, Consulting, CISO • Founded BTB Security in 2006
Company Profile Company Profile • The BTB Group, LLC / BTB Security – Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners • Brian Bailey, Managing Partner (Chicago) • Chris McGinley, Managing Partner (Philly) • Ron Schlecht, Founder / Managing Partner (Philly/Chicago)
Cyber Threat Intel • Gartner definition: – evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.
Current State …with less yelling
Velocity and Volume • Disturbing Trends (continue) – Commercialization of malware – Attack kits readily available – Botnets readily available – spam/attack/DDoS – Adaptation is now the norm for attackers…not NEW
Who’s doing it? • National Governments • Terrorists • Organized Crime • Hacktivists • Hackers
What are ”WE” doing about it? ecurity Woman (or Man if you are one
Sources of Cyber Threat Intel (CTI) • Endpoint Security Vendor • UTM/Firewall/IDS Vendor • Vulnerability Management Vendor • SIEM Vendor • Application Security Vendor • Log Management Vendor • Forensics Vendor • Identity and Access Management Vendor • CTI Intel Platform Vendor • CTI Intel Subscription Feed Vendor
Improvements • Better context, accuracy and/or speed in handling incidents • Improved visibility into attack methodologies • Faster and more accurate detection and response • Reduction in incidents through early prevention • Plus it sounds really cool
The Problems • Vendor Driven • Standards and Interoperability around feeds • Ethics – G and Commercial won’t share! – Research input – Dark Web
Company Profile
What do we do? • Open Threat Exchange – Alienvault • OpenIOC - FireEye • STIX – Structured Threat Information Expression • Cybox – Cyber Observable eXpression • TAXII – Trusted Automated eXchange of Indicator Information • OASIS – A nonprofit consortium that drives the development, convergence and adoption of open standards for the global information security
OASIS
Why Is This Important? • Malware • Attack Kits • Botnets / Bad networks • Security data correlation • Plus it sounds really cool
Questions? Ron Schlecht ron.schlecht@btbsecurity.com
Recommend
More recommend