Threat Intelligence Gathering Situational Awareness
Transcript of Threat Intelligence Gathering Situational Awareness
Threat Intelligence Gathering
&
Situational Awareness Awesome! But how do I do this?
7th Annual API Cybersecurity Conference & Expo
13 November 2012
Halana Demarest
What is threat intelligence?
• Threat Intelligence is to be informed
of the latest global security threats
as well as specific threats directed
against your organization and how
those threats might manifest.
2
What exactly is situational
awareness?
• Situational awareness is the
perception of elements in the
environment within a volume of time
and space, the comprehension of
their meaning, and the projection of
their status in the near future.
3
Agenda
5 Basic Steps
1. Understanding the threats
2. Finding Sources of Information
3. When to perform these steps
(frequency)
4. Analyze the data
5. Distribute actionable data
4
WHAT ARE THE THREATS?!
Soooo…….
5
Threats
6
INFORMATION SOURCES
Ok… now where do I look to find out about the threats???
7
Information Sources
• Cyber Security Community
• Government Entities
• Internet
• Subscriber Services \ Security Services
• Internal Company Activity
*** Automate your searches ***
8
Cyber Security Community Where are they hiding?
9
Government Entities Don’t take my stuff!
10
Internet If it’s on the Internet, it must be true….
11
Subscriber Services\Security
Services You’re the customer!
12
Internal Company Activity
•Are there any new builds
in the environment?
•Who will be let go
today?
•Major business events
(deals, stocks,
acquisitions,
environmental issues,
etc.)
13
FREQUENCY
When and how often should I do this?
14
Frequency of Intelligence
Gathering
15
ANALYZE THE
DATA
Ok… so I have data and information gathered… what do I do with it now?
16
Analyze
“Major intelligence failures are
usually caused by failures of
analysis, not failures of collection.” - Richards Heuer, Jr., The Psychology of Intelligence Analysis
(Washington: Center for the Study of Intelligence, 1999)
17
DISTRIBUTE ACTIONABLE
INFORMATION
Data gathered – Check!
Data analyzed – Check!
Now what?
18
Information Dissemination
• Different audiences – different data
sets
• Conciseness (short and sweet)
• If there is nothing new, then there is
nothing to distribute!
Gather Data
Analyze Data
Disseminate Data
Request Audience Feedback
Improvement
19
TO PROTECT YOUR
COMPANY (INTELLECTUAL PROPERTY, REPUTATION, SYSTEMS, DATA, AND PEOPLE)
Remind me why I need to do this?
20
21