Threat Intelligence –
Predict, Prepare, Prevent -Respond, Investigate
The Cyber Threat – Using Intelligence to Predict and Prevent
Identity and Access Management
people, processes and systems that are used to manage access to enterprise resources – Audit logs of activity such as successful and failed authentication and access attempts should be kept
Data Loss Prevention
monitoring, protecting and verifying the security of data –
software/appliance installation or via the cloud by proxying or redirecting web traffic to the cloud provider – Policy rules around the types of web access and the times this is acceptable also can be enforced
control over inbound and outbound e-mail – Digital signatures enabling identification and non-repudiation – policy-based encryption of e-mails
security assessments for infrastructure and applications and compliance audits are well defined and supported by multiple standards such as NIST, ISO and CIS
real time to stop/prevent an intrusion. The methods of intrusion detection, prevention and response in physical environments
creating new targets for intrusion and raises many questions about the implementation of the same protection in cloud environments.
Security Information and Event Management
systems accept log and event information. This information is then correlated and analyzed to provide real-time reporting
manage encryption and decryption, hashing, digital signatures, certificate generation and renewal and key exchange.
Business Continuity and Disaster Recovery
including those caused by natural or man-made disasters or disruptions. Cloud-centric business continuity and disaster recovery
In a cloud/virtual environment, network security is likely to be provided by virtual devices alongside traditional physical devices.
consists of security services that allocate access, distribute, monitor and protect the underlying resource services. Architecturally,
Some useful sites —
McAfee threat Intelligence Visualization Tool
FREE: This Tool is a must have for any Cyber Itelligence Team.
Asides from the custom search for most vulnerabilities it is updated from Computer World, InfoWorld, SANS Internet Storm Center & USCERT all the current activity feeds LIVE & FREE.
Malware Live Feed
Popular Domain – Attacked Live Feed
Popular Applications – Attacked Live Feed
Top Intrusion Attackers – the IP address of the Attackers ***Live Feed
Top Intrusion Attacks – Live Feed
Top Spam Senders – Ip address of spammers -Live Feed
Recent Vulnerabilities – Number of NEW Vulnerabilities (Monthly/Year) Live Feed
Cyber Threat Intelligence Coordinating Group (CTICG)
Since its establishment, the Multi-State Information Sharing and Analysis Center (MS-ISAC) — which serves as the central cyber security resource for our nation’s state, local, territorial and tribal governments — recognized the need for collaboration with physical security partners and actively pursued a collaborative relationship with physical security partners within the states — including homeland security directors and law enforcement–many of whom participate in the MS-ISAC.
Financial Service Cyber Dashboard
http://www.fsisac.com/ – Financial Service – Information Sharing and Analysis -Center
fsisac alert level
Computer Crime & Intellectual Property Section
United States Department of Justice
Federal Network Security
The Federal Network Security (FNS) Branch collaborates across the federal government to enhance the nation’s cybersecurity posture by:
- Identifying common requirements across the federal government
- Collaborating with components of the federal enterprise to identify solutions
- Implementing policy and technical solutions
- Monitoring the effectiveness of implemented solutions
Report Incidents 911 –
- Report Phishing (US-CERT)
- Report a Computer Incident (US-CERT)
- File a Complaint (OnGuard Online)
- Report a Cyber Vulnerability (e-mail)
Control Systems Security Program (CSSP)
Report Incidents 911 –The Internet Crime Complaint Center (IC3) is a medium through which you can report any cyber-related violations.
Below is a link to their website where you can find details about the organization, as well as instructions about filing a complaint and reporting a crime.
Therefore, if you feel you have been the victim of a cyber crime, please report the incident to IC3.
IC3’s website can be found here: http://www.ic3.gov/default.aspx
Predict, Prepare, Prevent -Respond, Investigate
Sample Leading Practices for a Cyber Threat Intelligence Function
- Resources dedicated toward reviewing and analyzing
- emerging threats.
- Annual budget for security control upgrades, new
- detection tools, and intelligence sources.
- Cyber command center
- Ability to rapidly collect and review forensic
- information from devices that are suspect.
- Automated, monitored, incremental feeds with aging
- Two-way, cross-industry intelligence sharing.
- Contingency plans for loss of intelligence sources.
- Capability to model and analyze the likelihood that an
- emerging threat will impact an organization and identify
- where the weaknesses are that will be exposed.
- Threat intelligence teams should work in conjunction with
- internal security teams to identify new strategies and
- solutions for testing and improving the security posture of
- Daily regimen to review and communicate emerging
- threat data.
- Threat matrix
- Scenario planning
- Network extrusion monitoring
- Network conversation recording and reconstruction
- Regular cyber bulletin updates.
- Threat briefings by line of business / delivery channel
- Automated custom alerting based on thresholds
- Case management tools to coordinate cyber incidents
- across multiple business areas and suppor organizations.
- Patch management
- Configuration management
- customer devices and banking applications.