THREAT INTELLIGENCE JAYAKUMAR M

PRABHAKARAN S

Threat Intelligence (informally)

Information about “bad stuff” (threats)

Actors, Vulnerabilities, Exploits, Malware/Tools, etc. (“TTPs” & “IOCs”)

Why Intelligence?

You don’t know what you don’t know

You can’t act on what you don’t know

I’m sure they are Sun Tzu references

STIX_Phishing_Indicator.xml

A Sample feed of Phishing Indicator

Can you guess how much a TI data feed cost?

Symantec DeepSight security risk feed is approximately $27,500 per year

Symantec's 12-month retail subscription to its reputation feed costs $95,300

FireEye Threat Intelligence20% of the cost of the purchased appliance starting around $17,400 and increasing to more than $175,000 per unit.

LogRhythm, which does not offer data feed subscriptions, starts at about $28,000 per year

1. How many sources does the threat intelligence service pull from?

2. How frequently is the threat intelligence updated?

3. How are the threats evaluated?

4. How is the data formatted?

5. Can the threat data be correlated with information that the enterprise already has about its security posture?

Five Questions To Ask When Choosing A Threat Intelligence Service

CRITs - Collaborative Research Into Threats

CRITs is a web-based tool which combines an analytic

engine with a cyber threat database that not only

serves as a repository for attack data and malware, but

also provides analysts with a powerful platform for

conducting malware analyses, correlating malware, and

for targeting data.

Advantage of CRIT’s

Static analysis

Dynamic analysis

Services

Supports STIX and TAXII etc…

What value we add.?

Automation of tasks

Correlating past data

anb_service

carver_service

chminfo_service

chopshop_service

clamd_service

crits_scripts

cuckoo_service

data_miner_service

diffie_service

entropycalc_service

farsight_service

machoinfo_service

meta_checker

metacap_service

office_meta_service

opendns_service

passivetotal_service

pdfinfo_service

peinfo_service

pyew

pyinstaller_service

relationships_service

shodan_service

snugglefish_service

ssdeep_service

stix_validator_service

taxii_service

threatgrid_service

threatrecon_service

timeline_service

totalhash_service

unswf_service

upx_service

virustotal_service

whois_service

yara_service

zip_meta_service

Services forCRITs