1 / 18

Threat Intelligence

Threat Intelligence. A quick glace at Intelligence Led Risk Management. A brief history of me……. Former Child Former Military Police NCO Former Military Intelligence NCO Former Bus Driver – got into InfoSec 5 years ago Worked for DXC on the MoD Contract

greenr
Download Presentation

Threat Intelligence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat Intelligence A quick glace at Intelligence Led Risk Management

  2. A brief history of me…… • Former Child • Former Military Police NCO • Former Military Intelligence NCO • Former Bus Driver – got into InfoSec 5 years ago • Worked for DXC on the MoD Contract • Worked at Auriga Consulting on the Nuclear Decommissioning Authority contract • Worked at Virgin Money in 2nd Line Risk • Currently working for Infinium as an IT Security Specialist • RNLI volunteer • All round “good egg”

  3. Agenda • What is “Threat intelligence” • Information, Misinformation, Intelligence and Actionable Intelligence • What's the difference between information and intelligence • What does threat intelligence mean to business? • Threat Intelligence & Risk Management • Techniques, tactics and procedures (TTPs) • Symmetric TTPs in digital business • Asymmetric TTPs in digital business • Application of Intelligence led risk management in digital business • Conclusions • Questions

  4. Threat Intelligence Utilisation

  5. What is Threat Intelligence? Threat intelligence is inferred, evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice about an existing or emerging threat or hazard to assets. It can be used to inform decisions regarding the subject's deployment of countermeasures or response to that hazard or threat or target adversarial assets. If its Done Well!

  6. Intelligence Terminology Information Misinformation Intelligence Actionable Intelligence

  7. Information vs Intelligence

  8. Intelligence Tools • Intelligence Collection Plans • PoL Analysis • Link Analysis • F3EA • Money Tracing • OSINT Tools • Forming a working Hypothesis • Murder groups (its not what you think)

  9. Intelligence Products

  10. Threat Intelligence in the Business World Threat Intelligence will identify, categorise and draw recommendations in relation to threats from a number of malicious sources A robust business threat intelligence program, done well, will assist with strategic decisions affecting any number of business critical processes

  11. Threat Intelligence in Risk Management • Ad – Hoc • Threat Based • Formal Risk Management Frameworks • Intelligence Led………………….?

  12. Intelligence Led Risk Management

  13. Tactics, Techniques & Procedures

  14. Symmetric TTPs Supported Live Environment Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector

  15. Asymmetric TTPs Supported Live Environment Offensive Capability or Toolset Malicious Actor Environment Defensive Control or Countermeasure Attack Vector Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Offensive Capability or Toolset IneffectiveControl or Countermeasure Attack Vector Compromise of Environment Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector

  16. Deploy countermeasures • Apply Intelligence Process • Understand your defensive capabilities • Understand your Vulnerabilities • Know your Foe • Understand your infrastructure • Protect

  17. Conclusions • Threat intelligence should be at the forefront of everything we do • Threat Intelligence is the processing of information into actionable intelligence • Intelligence Led Risk Management can save significant sums of money by applying budget only where it is required • The key to effective threat intelligence is understanding our estate, vulnerabilities, adversaries and countermeasures • Understanding adversarial asymmetric TTPs is vital to understanding which exploits pose most the significant risk • Intelligence Led Risk management could be the single most effective means of managing risk to any organisation….. If its done well!

  18. Questions?The Fewer you ask, the quicker we’re in the pub…….. #justsayin

More Related