Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | phil-huggins |
View: | 332 times |
Download: | 2 times |
Intelligence-led CybersecurityPhil Huggins at 44con
2 September 2011
Intelligence-led Cybersecurity
Agenda
► Changes to the Threat Landscape► Risk Management► Threat Management► Intelligence Process► Access► Problems to watch for► Integration with Information Security
Page 2
Intelligence-led Cybersecurity
Changes to the Threat Landscape
Unsophisticated attackers; targets are
anyone with a vulnerability
Increasing sophistication and
organisation; criminally motivated
Corporate espionage Advanced persistent threat
‘Hobbyists’► Fun► Challenge
Organised crime► Criminal intent► More coordinated
attacksFinancially motivated
(e.g., theft of credit card numbers for use or sale)
Corporate espionage► Economically
motivated► Theft of intellectual
property
Advanced PersistentThreat (APT)► Long-term pattern of
targeted, sophisticated attacks aimed at governments, companies and political activists
► Politically and economically motivated
► Well-funded, sophisticated resources
Page 3
Intelligence-led Cybersecurity
Risk Management
► Media coverage indicates an increase in threats► Impacts can be limited by collecting less assets
► Less opportunities for managing the risk► Vulnerabilities are the focus of vulnerability management
► Maturing approaches in industry, not solved► Threats are mostly unmanaged
► Opportunities:► Prevent► Disrupt► Degrade► Divert
Page 4
Intelligence-led Cybersecurity
Intelligence-driven Threat Management
► Threat characteristics► ‘What they are’► Intent► Opportunity► Capability
► Threat descriptions► ‘What we can know’► Targets► Behaviours
► Targets and Behaviours leave Attack Indicators
Page 5
Intelligence-led Cybersecurity
The Security Intelligence Process
Direction
Access
Analysisand
assessmentDissemination
Action Customer
Page 6
Intelligence-led Cybersecurity
AccessIn
tern
alEx
tern
al
Secrets Open Sources
ProtectiveMonitoring
BusinessInformation
IncidentReports
Newspapers
Blogs
SocialNetworks
PublicForums
HumanIntelligence
IndustryLiaison
Gov/LEALiaison
WebAnalytics
PrivateForums
StaffForums
ChangeRequests
Page 7
Intelligence-led Cybersecurity
Problems to watch for
► Lack of access to necessary sources► Errors in interpreting reliability of sources► Errors in interpreting meaning from sources► Taking too long to analyse► Policy over-influencing analysis► Not getting the right product to the right customers► Not able to communicate uncertainty to customers► Not being able to act effectively on product► Not tracking or planning for strategic changes
Page 8
Intelligence-led Cybersecurity
Integrating Security Intelligence
VisionStrategyPolicy
Standards
Dev
elop
men
t
Eng
inee
ring
Gov
erna
nce
Eng
agem
ent
IntelligenceR
isk
Com
plia
nce
Ope
ratio
ns
Page 9
Intelligence-led Cybersecurity
Disclaimer
This presentation is proprietary to Ernst & Young LLP (‘Ernst & Young’). It is supplied in confidence and should not be disclosed, duplicated or otherwise revealed in whole or in part to any third parties without the prior consent of Ernst & YoungThe information in this pack is intended to provide only a general outline of the subjects covered. It should not be regarded as comprehensive or sufficient for making decisions, nor should it be used in place of professional advice. Accordingly, Ernst & Young LLP accepts no responsibility for loss arising from any action taken or not taken by anyone using this pack
© Ernst & Young LLP 2011. Published in the UK. All rights reserved.
Page 10
Thank youPhil [email protected]