MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber...
Transcript of MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber...
![Page 1: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/1.jpg)
International Telecommunication Union Geneva Centre for Security Sector Governance
Rimtautas Černiauskas
MISP INFORMATION SHARING PLATFORM
DEMO
Cyber security consultant, system architect
2019.10.02
![Page 2: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/2.jpg)
INFO SHARING BUILDING BLOCKS
MANDATE ( Legal framework )
Incident detection and analysis capabilities
Procedures and SOP
Sharing platform
![Page 3: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/3.jpg)
INFO SHARING MANDATE
High level legal act or MOU.
Allows to host information sharing platform.
Defines owner and participants.
Permits to process personal data for cyber security reasons.
![Page 4: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/4.jpg)
INCIDENT DETECTION AND ANALYSIS
Detection - consumes shared threat intelligence data
Incident analysis produces new threat indicators
Builds National threat landscape
Builds National situation awareness
![Page 5: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/5.jpg)
PROCEDURES AND SOP
Incident SOP
Post incident analysis SOP
Incident classification and taxonomy
Traffic Light Protocol for sensitive data protection
![Page 6: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/6.jpg)
SHARING PLATFORM
Integrated with international CERT community
Available to national critical infrastructure owners
Trusted and Secure
Easy manageable multi organization environment
![Page 7: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/7.jpg)
MISP PLATFORM
Created by MOD CERT BE
Developed by CERT LU and NATO
Used by more than 2000 organizations worldwide
Many different info sharing communities:
FIRST and Trusted Introducer
CIRCL MISP
NATO
![Page 8: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/8.jpg)
MISP ORGANISATIONS AND USERS CONCEPT
One main organization
Admin user to manage everything
Organization users with different rights
More organizations
Org Admin
Org users
![Page 9: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/9.jpg)
SINGLE MISP SERVER
MISP Server A
CERT
• Admin
• User
ORG1
• Org admin
• User
ORG2
• Org admin
• Users
![Page 10: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/10.jpg)
MISP COMMUNITIES
Your organization only
This community only
Connected communities
All communities
![Page 11: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/11.jpg)
MISP INFORMATION SHARING DEMO1
Local server case
![Page 12: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/12.jpg)
PRACTICAL MISP IMPLEMENTATION
Org1
Org2
Org3
CERT LAN
Public MISP
Expert
ExpertExpert
Internal MISP
Analysts
Analysts
Analysts
![Page 13: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/13.jpg)
2 MISP SERVERS CONCEPT
MISP Server B
CERT
• Admin
• Sync user
ORG1
• Org admin
• Users
ORG2
• Org Admin
• Users
MISP Server A
CERT
• Admin
• Users
Push-Pull
![Page 14: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/14.jpg)
MISP INFORMATION SHARING DEMO2
2 server synchronization demo
![Page 15: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/15.jpg)
INTERNATIONAL MISP
Org1
Org2
Org3
CERT LAN
Public MISP
Expert Expert
Internal MISP
Analysts
Analysts
Analysts
Org1
Org2
Org3
CERT LAN
Public MISP
Expert Expert
Internal MISP
Analysts
Analysts
Analysts
FIRSTMISP
![Page 16: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/16.jpg)
MISP INFORMATION SHARING DEMO3
3 server synchronization demo
![Page 17: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/17.jpg)
MISP SYNC FILTERS
Organization filters
Tag filters
Different MISP instances
Connected communities
All communities
![Page 18: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/18.jpg)
MISP INFORMATION SHARING DEMO4
2 server synchronization using filters demo
![Page 19: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/19.jpg)
SHARING EXAMPLES
![Page 20: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/20.jpg)
SHARING EXAMPLES
2018 : Security Service of Ukraine, Antonov sign memorandum on exchanging info
about cyber-attacks in real time …. to secure a real-time exchange of technical
information about cyber incidents between the two entities via the MISP-UA
platform…
https://en.interfax.com.ua/news/economic/517302.html
![Page 21: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/21.jpg)
Threat Monitoring
CERT \ GOV CERT \ MIL CERT
Common Cyber
Operational
picture
Building Common Cyber Operational picture
Threat Intelligence Threat Hunting
Government networksCritical infrastructure
networks
![Page 22: MISP INFORMATION SHARING PLATFORM DEMO - ITU · MISP INFORMATION SHARING PLATFORM DEMO Cyber security consultant, system architect 2019.10.02. INFO SHARING BUILDING BLOCKS MANDATE](https://reader031.fdocuments.net/reader031/viewer/2022013021/5f0ba8617e708231d4319558/html5/thumbnails/22.jpg)
2 2 I n r d c s . l t
CERT Experts
Full situation awareness across all networks:
1. Daily operations
2. CII situation monitoring
3. Both classified and unclassified networks
4. Static and deployable CIS
SITUATION AWARNESS AT ALL LEVELS
Local Analyst
Full visibility at local network level.
Mobile Location 1
Location 2
HQ Location 3
MIL CERT
Sensor
Sensor
Sensor
Central Unit
Expert
ExpertExpert
Threat Intel
Analysts
Analysts
Analysts