View
102
Download
4
Tags:
Embed Size (px)
Citation preview
THREAT INTELLIGENCE JAYAKUMAR M
PRABHAKARAN S
Threat Intelligence (informally)
Information about “bad stuff” (threats)
Actors, Vulnerabilities, Exploits, Malware/Tools, etc. (“TTPs” & “IOCs”)
Why Intelligence?
You don’t know what you don’t know
You can’t act on what you don’t know
I’m sure they are Sun Tzu references
STIX_Phishing_Indicator.xml
A Sample feed of Phishing Indicator
Can you guess how much a TI data feed cost?
Symantec DeepSight security risk feed is approximately $27,500 per year
Symantec's 12-month retail subscription to its reputation feed costs $95,300
FireEye Threat Intelligence20% of the cost of the purchased appliance starting around $17,400 and increasing to more than $175,000 per unit.
LogRhythm, which does not offer data feed subscriptions, starts at about $28,000 per year
1. How many sources does the threat intelligence service pull from?
2. How frequently is the threat intelligence updated?
3. How are the threats evaluated?
4. How is the data formatted?
5. Can the threat data be correlated with information that the enterprise already has about its security posture?
Five Questions To Ask When Choosing A Threat Intelligence Service
CRITs - Collaborative Research Into Threats
CRITs is a web-based tool which combines an analytic
engine with a cyber threat database that not only
serves as a repository for attack data and malware, but
also provides analysts with a powerful platform for
conducting malware analyses, correlating malware, and
for targeting data.
Advantage of CRIT’s
Static analysis
Dynamic analysis
Services
Supports STIX and TAXII etc…
What value we add.?
Automation of tasks
Correlating past data
anb_service
carver_service
chminfo_service
chopshop_service
clamd_service
crits_scripts
cuckoo_service
data_miner_service
diffie_service
entropycalc_service
farsight_service
machoinfo_service
meta_checker
metacap_service
office_meta_service
opendns_service
passivetotal_service
pdfinfo_service
peinfo_service
pyew
pyinstaller_service
relationships_service
shodan_service
snugglefish_service
ssdeep_service
stix_validator_service
taxii_service
threatgrid_service
threatrecon_service
timeline_service
totalhash_service
unswf_service
upx_service
virustotal_service
whois_service
yara_service
zip_meta_service
Services forCRITs