The Organized Mess & Business Ethics of Cyber Threat Intel Ron - - PowerPoint PPT Presentation

the organized mess business ethics of cyber threat intel
SMART_READER_LITE
LIVE PREVIEW

The Organized Mess & Business Ethics of Cyber Threat Intel Ron - - PowerPoint PPT Presentation

Jan 04, 2023 117 likes •294 views

The Organized Mess & Business Ethics of Cyber Threat Intel Ron Schlecht Introduction Ron Schlecht , Managing Partner 18 years of Information Security experience G Contracting, Law Enforcement, Consulting, CISO Founded BTB

slide-1
SLIDE 1

The Organized Mess & Business Ethics of Cyber Threat Intel

Ron Schlecht

slide-2
SLIDE 2

Introduction

  • Ron Schlecht, Managing Partner

– 18 years of Information Security experience

  • G Contracting, Law Enforcement, Consulting, CISO
  • Founded BTB Security in 2006
slide-3
SLIDE 3

Company Profile

  • The BTB Group, LLC / BTB Security

– Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners

  • Brian Bailey, Managing Partner (Chicago)
  • Chris McGinley, Managing Partner (Philly)
  • Ron Schlecht, Founder / Managing Partner (Philly/Chicago)

Company Profile

slide-4
SLIDE 4

Cyber Threat Intel

  • Gartner definition:

– evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.

slide-5
SLIDE 5

Current State

…with less yelling

slide-6
SLIDE 6

Velocity and Volume

  • Disturbing Trends (continue)

– Commercialization of malware – Attack kits readily available – Botnets readily available – spam/attack/DDoS – Adaptation is now the norm for attackers…not NEW

slide-7
SLIDE 7

Who’s doing it?

  • National Governments
  • Terrorists
  • Organized Crime
  • Hacktivists
  • Hackers
slide-8
SLIDE 8

What are ”WE” doing about it?

ecurity Woman (or Man if you are one

slide-9
SLIDE 9

Sources of Cyber Threat Intel (CTI)

  • Endpoint Security Vendor
  • UTM/Firewall/IDS Vendor
  • Vulnerability Management Vendor
  • SIEM Vendor
  • Application Security Vendor
  • Log Management Vendor
  • Forensics Vendor
  • Identity and Access Management Vendor
  • CTI Intel Platform Vendor
  • CTI Intel Subscription Feed Vendor
slide-10
SLIDE 10

Improvements

  • Better context, accuracy and/or speed in handling

incidents

  • Improved visibility into attack methodologies
  • Faster and more accurate detection and response
  • Reduction in incidents through early prevention
  • Plus it sounds really cool
slide-11
SLIDE 11

The Problems

  • Vendor Driven
  • Standards and Interoperability around feeds
  • Ethics

– G and Commercial won’t share! – Research input – Dark Web

slide-12
SLIDE 12

Company Profile

slide-13
SLIDE 13

What do we do?

  • Open Threat Exchange – Alienvault
  • OpenIOC - FireEye
  • STIX – Structured Threat Information Expression
  • Cybox – Cyber Observable eXpression
  • TAXII – Trusted Automated eXchange of Indicator

Information

  • OASIS – A nonprofit consortium that drives the

development, convergence and adoption of open standards for the global information security

slide-14
SLIDE 14

OASIS

slide-15
SLIDE 15

Why Is This Important?

  • Malware
  • Attack Kits
  • Botnets / Bad networks
  • Security data correlation
  • Plus it sounds really cool
slide-16
SLIDE 16

Ron Schlecht

ron.schlecht@btbsecurity.com

Questions?