Cyber Threat Intelligence Research

Threat  Intelligence –

http://www.us-cert.gov/cas/signup.html#other

Predict, Prepare, Prevent -Respond, Investigate

The Cyber Threat – Using Intelligence to Predict and Prevent

Identity and Access Management

people, processes and systems that are used to manage access to enterprise resources – Audit logs of activity such as successful and failed authentication and access attempts should be kept

Data Loss Prevention

monitoring, protecting and verifying the security of data –

Web Security

software/appliance installation or via the cloud by proxying or redirecting web traffic to the cloud provider – Policy rules around the types of web access and the times this is acceptable also can be enforced

E-mail Security

control over inbound and outbound e-mail – Digital signatures enabling identification and non-repudiation – policy-based encryption of e-mails

Security Assessments

 security assessments for infrastructure and applications and compliance audits are well defined and supported by multiple standards such as NIST, ISO and CIS

Intrusion Management

real time to stop/prevent an intrusion. The methods of intrusion detection, prevention and response in physical environments

creating new targets for intrusion and raises many questions about the implementation of the same protection in cloud environments.

Security Information and Event Management

systems accept log and event information. This information is then correlated and analyzed to provide real-time reporting

Encryption

manage encryption and decryption, hashing, digital signatures, certificate generation and renewal and key exchange.

Business Continuity and Disaster Recovery

including those caused by natural or man-made disasters or disruptions. Cloud-centric business continuity and disaster recovery

Network Security

In a cloud/virtual environment, network security is likely to be provided by virtual devices alongside traditional physical devices.

Security

consists of security services that allocate access, distribute, monitor and protect the underlying resource services. Architecturally,

Some useful sites —

McAfee threat Intelligence Visualization Tool 

 – http://www.mcafee.com/us/mcafee-labs/threat-intelligence.aspx

FREE: This Tool is a must have for any Cyber Itelligence Team.

Asides from the custom search for most vulnerabilities it is updated from Computer World, InfoWorld, SANS Internet Storm Center & USCERT all the current activity feeds LIVE & FREE.

Malware Live Feed

Popular Domain – Attacked Live Feed

Popular Applications – Attacked Live Feed

Top Intrusion Attackers – the IP address of the Attackers ***Live Feed

Top Intrusion Attacks – Live Feed

Top Spam Senders – Ip address of spammers -Live Feed

Recent Vulnerabilities – Number of NEW Vulnerabilities (Monthly/Year) Live Feed

Cyber Threat Intelligence Coordinating Group (CTICG)

Since its establishment, the Multi-State Information Sharing and Analysis Center (MS-ISAC) — which serves as the central cyber security resource for our nation’s state, local, territorial and tribal governments — recognized the need for collaboration with physical security partners and actively pursued a collaborative relationship with physical security partners within the states — including homeland security directors and law enforcement–many of whom participate in the MS-ISAC.

http://msisac.cisecurity.org/partners/cticg.cfm

Financial Service Cyber Dashboard

http://www.fsisac.com/ – Financial Service – Information Sharing and Analysis -Center

fsisac alert level

Pasted Graphic 1.tiffPasted Graphic 2.tiff Current Financial Services Sector Threat Levels:

http://www.isaccouncil.org/

National Vulnerability Database CVSS Scoring

Pasted Graphic 3.tiff

http://nvd.nist.gov/

Pasted Graphic 4.tiffComputer Crime & Intellectual Property Section

United States Department of Justice

cybercrime.gov

Federal Network Security

The Federal Network Security (FNS) Branch collaborates across the federal government to enhance the nation’s cybersecurity posture by:

  • Identifying common requirements across the federal government
  • Collaborating with components of the federal enterprise to identify solutions
  • Implementing policy and technical solutions
  • Monitoring the effectiveness of implemented solutions

DHS | Federal Network Security

Report Incidents 911 – 

Control Systems Security Program (CSSP)

US-CERT: Control Systems – Training

Pasted Graphic 5.tiffhttp://www.us-cert.gov/control_systems/satool.html

Report Incidents 911 –The Internet Crime Complaint Center (IC3) is a medium through which you can report any cyber-related violations.

Below is a link to their website where you can find details about the organization, as well as instructions about filing a complaint and reporting a crime.

Therefore, if you feel you have been the victim of a cyber crime, please report the incident to IC3.

IC3’s website can be found here: http://www.ic3.gov/default.aspx

Predict, Prepare, Prevent -Respond, Investigate

Sample Leading Practices for a Cyber Threat Intelligence Function

Organization

  • Resources dedicated toward reviewing and analyzing
  • emerging threats.
  • Annual budget for security control upgrades, new
  • detection tools, and intelligence sources.
  • Cyber command center

MalwareForensicCapability

  • Ability to rapidly collect and review forensic
  • information from devices that are suspect.

 AllSourceIntelFusion

  • Automated, monitored, incremental feeds with aging
  • algorithm.
  • Two-way, cross-industry intelligence sharing.
  • Contingency plans for loss of intelligence sources.

 ThreatModeling

  • Capability to model and analyze the likelihood that an
  • emerging threat will impact an organization and identify
  • where the weaknesses are that will be exposed.

ResearchandDevelopment

  • Threat intelligence teams should work in conjunction with
  • internal security teams to identify new strategies and
  • solutions for testing and improving the security posture of

Process

  • Daily regimen to review and communicate emerging
  • threat data.
  • Threat matrix
  • Scenario planning

 PerimeterMonitoring

  • Network extrusion monitoring
  • Network conversation recording and reconstruction

MetricsandReporting

  • Regular cyber bulletin updates.
  • Threat briefings by line of business / delivery channel
  • Automated custom alerting based on thresholds

 ThreatLifecycleManagement

  • Case management tools to coordinate cyber incidents
  • across multiple business areas and suppor organizations.

 SupportingCapabilities

  • Patch management
  • Configuration management
  • customer devices and banking applications.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: