Threat Intelligence Gathering

&

Situational Awareness Awesome! But how do I do this?

7th Annual API Cybersecurity Conference & Expo

13 November 2012

Halana Demarest

What is threat intelligence?

• Threat Intelligence is to be informed

of the latest global security threats

as well as specific threats directed

against your organization and how

those threats might manifest.

2

What exactly is situational

awareness?

• Situational awareness is the

perception of elements in the

environment within a volume of time

and space, the comprehension of

their meaning, and the projection of

their status in the near future.

3

Agenda

5 Basic Steps

1. Understanding the threats

2. Finding Sources of Information

3. When to perform these steps

(frequency)

4. Analyze the data

5. Distribute actionable data

4

WHAT ARE THE THREATS?!

Soooo…….

5

Threats

6

INFORMATION SOURCES

Ok… now where do I look to find out about the threats???

7

Information Sources

• Cyber Security Community

• Government Entities

• Internet

• Subscriber Services \ Security Services

• Internal Company Activity

*** Automate your searches ***

8

Cyber Security Community Where are they hiding?

9

Government Entities Don’t take my stuff!

10

Internet If it’s on the Internet, it must be true….

11

Subscriber Services\Security

Services You’re the customer!

12

Internal Company Activity

•Are there any new builds

in the environment?

•Who will be let go

today?

•Major business events

(deals, stocks,

acquisitions,

environmental issues,

etc.)

13

FREQUENCY

When and how often should I do this?

14

Frequency of Intelligence

Gathering

15

ANALYZE THE

DATA

Ok… so I have data and information gathered… what do I do with it now?

16

Analyze

“Major intelligence failures are

usually caused by failures of

analysis, not failures of collection.” - Richards Heuer, Jr., The Psychology of Intelligence Analysis

(Washington: Center for the Study of Intelligence, 1999)

17

DISTRIBUTE ACTIONABLE

INFORMATION

Data gathered – Check!

Data analyzed – Check!

Now what?

18

Information Dissemination

• Different audiences – different data

sets

• Conciseness (short and sweet)

• If there is nothing new, then there is

nothing to distribute!

Gather Data

Analyze Data

Disseminate Data

Request Audience Feedback

Improvement

19

TO PROTECT YOUR

COMPANY (INTELLECTUAL PROPERTY, REPUTATION, SYSTEMS, DATA, AND PEOPLE)

Remind me why I need to do this?

20

21