improving intelligence community
play

Improving Intelligence Community MISP as an enabler for intelligence - PowerPoint PPT Presentation

Nov 13, 2023 •106 likes •348 views

Improving Intelligence Community MISP as an enabler for intelligence analysis MISP Project https://www.misp-project.org/ 20181117 Threat Sharing Alexandre Dulaunoy @adulau @MISPProject MISP and CIRCL CIRCL is mandated by the Ministry of

  1. Improving Intelligence Community MISP as an enabler for intelligence analysis MISP Project https://www.misp-project.org/ 20181117 Threat Sharing Alexandre Dulaunoy @adulau @MISPProject

  2. MISP and CIRCL CIRCL is mandated by the Ministry of Economy and acting as the Luxembourgish National CERT for private sector. CIRCL leads the development of the Open Source MISP threat intelligence platform which is used by a wide range of military or intelligence communities, private companies, the financial sector, National CERTs and LEAs globally. CIRCL runs multiple large MISP communities performing active daily threat-intelligence sharing . 1 20

  3. MISP P roject MISP Project is a completely open collaborative effort to support analysts and organisations in all efforts related to information sharing and threat intelligence . The project includes a range of open source software, composed of a threat intelligence platform with sharing capabilities, expansion modules, advanced API capabilities and situational awareness tools. It also includes a comprehensive intelligence library and knowledge base acting as reference material for common taxonomies and classifications, threat-actors, complex intelligence models and common false-positive warning libraries. Furthermore, the project encompasses a set of open standards , of which the reference implementation is MISP itself, designed to be freely reused by communities developing their own software and tools. In addition, the MISP project releases a set of best practises that can be used as guidelines meant to support closed, semi-open and open sharing communities . Open Source Intelligence Intelligence Open Standards Software & Knowledge Base & Sharing Community MISP core misp-taxonomies MISP exchange MISP OSINT feeds core format misp-modules misp-galaxy compliance documents such as GDPR, MISP objects template ISO 27010:2015 PyMISP misp-noticelist threat intelligence best practices & misp-dashboard training materials misp-warninglists ISAC/ISAO best practises 2 20

  4. MISP features MISP 1 is a threat information sharing free & open source software. MISP has a host of functionalities that assist users in creating, collaborating & sharing threat information - e.g. flexible sharing groups, automatic correlation , free-text import helper, event distribution & proposals. Many export formats which support IDSes / IPSes (e.g. Suricata, Bro, Snort), SIEMs (eg CEF), Host scanners (e.g. OpenIOC, STIX, CSV, yara, sigma), analysis tools (e.g. Maltego), DNS policies (e.g. RPZ). A rich set of MISP modules 2 to add expansion, import and export functionalities. A strong integration with other open source security projects such as TheHive , Cortex , cve-search, AIL framework . 1 https://github.com/MISP/MISP 2 https://www.github.com/MISP/misp-modules 3 20

  5. MISP core distributed sharing functionality MISPs’ core functionality is sharing where everyone can be a consumer and/or a contributor/producer." Starting a sharing community by installing MISP is simple and then you can synchronised with any other sharing community using MISP. Contributions can be done via proposals, sightings or extending events. 4 20

  6. C orrelation features: a tool for analysts To corroborate a finding (e.g. is this the same campaign?), reinforce an analysis (e.g. do other analysts have the same hypothesis?), confirm specific aspects (e.g. are the sinkhole IP addresses used for one campaign?) or just find whether the given threat is new or unknown in your community . 5 20

  7. Supporting custom shareable datamodels 6 20

  8. Sharing Attackers Techniques MISP integrates the MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) at both the event and attribute levels. 7 20

  9. When and where did the intelligence community become involved?

  10. MISP model of governance 8 20

  11. PMF methodology 3 3 https://github.com/adulau/pmf 9 20

  12. New users and use-cases in MISP There are many different types of users of MISP such as Malware reversers, incident responders, security analysts, intelligence analysts, LEAs, fraud and financial analysts (from 2012 until Today). IC community is not an island . They evaluated the ability to gather information from other sharing communities and in some cases even buildt their own internal community 4 . 4 MISP is designed to support various models such as disconnected sharing communities (e.g. military air-gapped ones), partially bridged or fully interconnected communities 10 20

  13. Secrecy in IC Secrecy of Methodologies Secrecy of Tools used Information Secrecy But finding the trade-off between secrecy and efficacy is hard and very often secrecy beats efficacy 5 . 5 Analytic Culture in the US Intelligence Community: An Ethnographic Study. Dr. Rob Johnston 11 20

  14. Social and political aspects a part of the secrecy (in methodologies), tooling decision or lack of information sharing is often linked to political or social aspects: 6 6 Information Sharing in Military Organizations: A Sociomaterial Perspective, Gijs Van den Heuvel 12 20

  15. C omplexity, efficacy and secrecy Secrecy and efficacy conflict. Secrecy interferes with analytic effectiveness by limiting access to information and sources that may be necessary for accurate or predictive analysis 7 OSINT increased in IC and takes a significant role in analytics nowadays. Purely open models where secrecy is limited (information is disclosed along with tools and methodologies used) such as bellingcat 8 or the systematic work of Pieter Van Ostaeyen 9 can be very efficient. 7 Analytic Culture in the US Intelligence Community: An Ethnographic Study. Dr. Rob Johnston 8 https://www.bellingcat.com/ 9 Tracking ISIS 13 20

  16. Sharing with potential hostile forces Information sharing among hostile forces is a different game, although it has been argued that, even among enemies, information sharing about their mutual strengths and intentions is conducive to preventing conflicts from occurring. Stated the other way around, military secrecy may stimulate violent encounters 1011 Large sharing communities might contain some hostile adversaries but often the sharing aspect outperforms the risk(s). 10 Parks, W. (1957). Secrecy and the public interest in military affairs. George Washington Law Review, 23-27. 11 Coser, L. (1963). The dysfunctions of military secrecy. Social Problems, 11(1),13-22. 14 20

  17. Sharing to support collaborative analysis Finally, the main problem of intelligence gathering seems not to be the sharing, but information credibility, which is nevertheless also linked to information exchange. To verify the credibility of information, crosschecking is essential and this task implies sharing with others. 12 Extensive taxonomies in estimative language(s) supports the crosschecking role of the analyst. Interoperable standard (such as MISP core exchange format and MISP) can improve the sharing aspect inter-agencies. 12 Information Sharing Among Military Operational Staff: The French Officers’ Experience, Barbara Jankowski 15 20

  18. C onclusion Information sharing practices come from usage and by example (e.g. learning by imitation from the shared information). MISP is just a tool. What matters is your sharing practices. The tool should be as transparent as possible to support you. Enable users to customize MISP to meet their community’s use-cases. IC community and threat intelligence community can both learn from each others . MISP project combines open source software, open standards, best practices and communities to make information sharing a reality. 16 20

  19. C ontact Getting started with building a new community can be daunting or want to provide feedback about MISP, don’t hesitate to contact us: Contact: info@circl.lu - info@misp-project.org https://www.circl.lu/ https://github.com/MISP - https://twitter.com/MISPProject https://github.com/CIRCL 17 20

  20. Some "not so funny" examples of the information sharing challenges in the military and IC.

  21. 13 13 Information Sharing in Military Operations ed. Irina Goldenberg Joseph Soeters Waylon H. Dean 18 20

  22. 14 14 Information Sharing in Military Operations ed. Irina Goldenberg Joseph Soeters Waylon H. Dean 19 20

  23. 15 15 Information Sharing in Military Operations ed. Irina Goldenberg Joseph Soeters Waylon H. Dean 20 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Skills Training: A Practical Guide To Improving Your Social Intelligence,

Communication Skills Training: A Practical Guide To Improving Your Social Intelligence,

Communication Skills Training: A Practical Guide To Improving Your Social Intelligence, Presentation, Persuasion And Public Speaking: Positive Psychology Coaching Series, Book 9 epubs Do You Know How to Communicate with People Effectively,

234 views • 5 slides
Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I?

Improving Cyber Resiliency using Intelligence-led Attack Simulations Vincent Yiu Who am I? @vysecurity Vincent Yiu vincent.yiu@syonsecurity.com Founder of SYON Security Offensive Operations including Adversary Simulaton and Penetration

344 views • 33 slides
Improving Performance on Intent Detection Maria Crosas Conversational Artificial Intelligence

Improving Performance on Intent Detection Maria Crosas Conversational Artificial Intelligence

Improving Performance on Intent Detection Maria Crosas Conversational Artificial Intelligence at Nestle Todays Agenda Chatbots @ Nestle. Overview, learnings and use cases Improving our chatbots performance Chatbots core :

583 views • 21 slides
Improving Interaction with Sonification: Applications from Science to Smart Environments Thomas

Improving Interaction with Sonification: Applications from Science to Smart Environments Thomas

Ambient Intelligence Group Improving Interaction with Sonification: Applications from Science to Smart Environments Thomas Hermann Ambient Intelligence Group CITEC Bielefeld University Germany 1 Ambient Intelligence Group Imagine

461 views • 43 slides
Improving TCP Congestion Control with Machine Intelligence Yiming Kong *, Hui Zang , and

Improving TCP Congestion Control with Machine Intelligence Yiming Kong *, Hui Zang , and

Improving TCP Congestion Control with Machine Intelligence Yiming Kong *, Hui Zang , and Xiaoli Ma* *School of ECE, Georgia Tech, USA Futurewei Technologies, USA 1 TCP congestion control Sender 1 A critical problem in TCP/IP

300 views • 19 slides
Communication A Practical Guide To Improving Your Social Intelligence Presentation Persuasion And

Communication A Practical Guide To Improving Your Social Intelligence Presentation Persuasion And

Communication A Practical Guide To Improving Your Social Intelligence Presentation Persuasion And Public Speaking Positive Psychology.pdf Communication A Practical Guide To Improving Your Social Intelligence Presentation Persuasion And Public

403 views • 24 slides
Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation Persuasion and Public Speaking Positive Psychology Coaching Series Book Volume 9 by Ian Tuhovsky You're readind a preview Communication Skills A Practical

266 views • 4 slides
Improving Constrained Glider Trajectories for Ocean Eddy Border Sampling within Extended

Improving Constrained Glider Trajectories for Ocean Eddy Border Sampling within Extended

Improving Constrained Glider Trajectories for Ocean Eddy Border Sampling within Extended Mission Planning Time 2016 IEEE World Congress on Computational Intelligence SS CDCI-18: Computational Intelligence for Unmanned Systems Session TM-18:

463 views • 23 slides
Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT |

Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT |

Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT | @FFTC_RCCL | #EcoNetworkCLT Internet: MINT-GUEST Password: Today123 Liveable Low-carbon Cities Synergetic urban landscape planning with Water

885 views • 50 slides
Thank you to ULI and all the development community here today who are committed to improving

Thank you to ULI and all the development community here today who are committed to improving

Thank you to ULI and all the development community here today who are committed to improving public health and the quality of our environment. Its an honor to be on the panel. We are thrilled to be a week away from completion of a

78 views • 4 slides
DRUG FREE COMMITTEE Improving our Community through being Proactive Why? WHY NOT? Drugs are

DRUG FREE COMMITTEE Improving our Community through being Proactive Why? WHY NOT? Drugs are

DRUG FREE COMMITTEE Improving our Community through being Proactive Why? WHY NOT? Drugs are in our community and we believe that together, we can start to make a positive impact and help our citizens make educated choices. We are tired

375 views • 11 slides
Creating a Healthy Beach Community 60 Years of Improving Health 60 Years of Improving Health 60

Creating a Healthy Beach Community 60 Years of Improving Health 60 Years of Improving Health 60

Creating a Healthy Beach Community 60 Years of Improving Health 60 Years of Improving Health 60 Years of Improving Health Prevention: keeping people healthy Prevention: keeping people healthy Infancy Childhood Adulthood Older Adults

404 views • 24 slides
PLAN FOR TODAY What is Emotional Intelligence/EQ? Why it Matters An Overview of the EQ

PLAN FOR TODAY What is Emotional Intelligence/EQ? Why it Matters An Overview of the EQ

PLAN FOR TODAY What is Emotional Intelligence/EQ? Why it Matters An Overview of the EQ Model Lots of ideas for improving your EQ EMOTIONAL INTELLIGENCE IS NOT Being Emotional Always Agreeable Optimistic Being

1.06k views • 40 slides
FY17 Budget Overview Improving Community Health Through Prevention and Local Access to the

FY17 Budget Overview Improving Community Health Through Prevention and Local Access to the

FY17 Budget Overview Improving Community Health Through Prevention and Local Access to the Right Care NMC s vision is to be nationally recognized for excellence and value as we partner to improve the wellness of our community and become a

654 views • 51 slides
Community Pilots Background The Improving Life Chances Strategy aims to provide support to

Community Pilots Background The Improving Life Chances Strategy aims to provide support to

Review of the Improving Life Chances Community Pilots Background The Improving Life Chances Strategy aims to provide support to move families out of poverty. Bidston St James, Beechwood and Seacombe were identified as key areas

302 views • 27 slides
Improving Patient Safety Across Michigan and Illinois Community Health Workers June 15, 2016 1

Improving Patient Safety Across Michigan and Illinois Community Health Workers June 15, 2016 1

Improving Patient Safety Across Michigan and Illinois Community Health Workers June 15, 2016 1 Agenda Community Health Networks (Pat Teske) Intro to Community Health Workers (Erika Saleski) National Programs and Best Practices

809 views • 34 slides
Cloud Interoperability and Open Standards for Digital India 5 th Nov 2019, Open Infrastructure

Cloud Interoperability and Open Standards for Digital India 5 th Nov 2019, Open Infrastructure

Cloud Computing Innovation Council of India Cloud Interoperability and Open Standards for Digital India 5 th Nov 2019, Open Infrastructure Summit Shanghai 2019 Krishna Kumar M CNCF Ambassador & Secretary CCICI Chengappa M R Technologist,

211 views • 10 slides
SHOP Advisory Group June 14, 2012 Agenda Welcome & Introductions 5 min Standard

SHOP Advisory Group June 14, 2012 Agenda Welcome & Introductions 5 min Standard

SHOP Advisory Group June 14, 2012 Agenda Welcome & Introductions 5 min Standard Operating Procedures 10 min Distribute & Discuss Assign Recorder SHOP AG Charter Review 10 min Policies 40 min Employer &

363 views • 12 slides
The FAIR paradigm as a key to Open Astronomical Data Fabio Pasian and Marco Molinaro INAF

The FAIR paradigm as a key to Open Astronomical Data Fabio Pasian and Marco Molinaro INAF

The FAIR paradigm as a key to Open Astronomical Data Fabio Pasian and Marco Molinaro INAF Osservatorio Astronomico di Trieste, Italy ASTERICS and EOSCpilot projects 20 Nov 2017 The FAIR paradigm as a key to Open Astronomical Data 1 How to

186 views • 16 slides
CODING ASSISTED ADAPTIVE THRESHOLDING FOR SNEAK-PATH MITIGATION IN RESISTIVE MEMORIES Zehui Chen

CODING ASSISTED ADAPTIVE THRESHOLDING FOR SNEAK-PATH MITIGATION IN RESISTIVE MEMORIES Zehui Chen

CODING ASSISTED ADAPTIVE THRESHOLDING FOR SNEAK-PATH MITIGATION IN RESISTIVE MEMORIES Zehui Chen UCLA Clayton Schoeny UCLA Lara Dolecek UCLA Resistive memory and the sneak-path problem Crossbar structure for emerging non- volatile

957 views • 32 slides
The SIENA European Roadmap on Grid and Cloud Standards for e-Science and and Cloud Standards for

The SIENA European Roadmap on Grid and Cloud Standards for e-Science and and Cloud Standards for

The SIENA European Roadmap on Grid and Cloud Standards for e-Science and and Cloud Standards for e-Science and Beyond Status and plans EGI User Forum, 11 th April 2001 Vilnius, Lithuania David Wallom, Associate Director - Innovation Oxford

230 views • 8 slides
Standards for Professional Learning Standards for Professional Learning Learning objectives

Standards for Professional Learning Standards for Professional Learning Learning objectives

Introduction to the Standards for Professional Learning Standards for Professional Learning Learning objectives Learners will be able to Explain the purpose of the Standards for Professional Learning. Identify the implications of

347 views • 15 slides
Non-Markovian Open Quantum Systems: Input-Output Theory Lajos Di osi, Budapest Hungarian

Non-Markovian Open Quantum Systems: Input-Output Theory Lajos Di osi, Budapest Hungarian

Non-Markovian Open Quantum Systems: Input-Output Theory Lajos Di osi, Budapest Hungarian Scientific Research Fund under Grant No. 75129 Bilateral Hungarian-South African R&D Collaboration Project EU COST Action Fundamental Problems in

668 views • 12 slides
FY 20-21 PROPOSED FINAL BUDGET JULY1, 2020 1 FY20-21 BUDGET Proposed FY20-21 GCTD Operating

FY 20-21 PROPOSED FINAL BUDGET JULY1, 2020 1 FY20-21 BUDGET Proposed FY20-21 GCTD Operating

GOLD COAST TRANSIT DISTRICT PUBLIC HEARING ON FY 20-21 PROPOSED FINAL BUDGET JULY1, 2020 1 FY20-21 BUDGET Proposed FY20-21 GCTD Operating Budget: $28.2 M May Budget Assumptions Presented to Board June Draft Budget Presented to Board

238 views • 12 slides

More recommend