Click here to close now.

Welcome!

Agile Computing Authors: Ruxit Blog, Elizabeth White, Rex Morrow, Datical, Michael Kanasoot, Liz McMillan

Blog Feed Post

RSA 2013 – The Year of Threat Intelligence

The RSA conference this year was abuzz with talk of threat intelligence and its usage in detecting and protecting against more advanced threats. There was re-branding of existing products and the entrance of new products, all of which claimed to support some type of “intelligence” capability.  As I walked around it struck me that usage of the term was not consistent. We need to have a detailed understanding of what it means to use intelligence to secure our enterprise from cyber attacks, and maintain business operations in the face of sophisticated threats.

Recolored

Defining Threat Intelligence

In April of 2011, Cyber Squared defined Threat Intelligence as “an emerging information security discipline that seeks to recognize and understand sophisticated cyber adversaries, specifically why and how they threaten data, networks, and business processes.  With enhanced knowledge of the threat develop better protective measures against them.”  Not many companies would use the word “emerging” as it relates to their primary business, but we did, because at the time most clients were not yet worried about sophisticated threats, nor did they know how they would use threat intelligence to protect themselves from them.  Almost two years later and Threat Intelligence has now become a market within the broader security space.  For you skeptics that think it is yet another marketing term, don’t take my word for it.    SANS has sponsored a Summit on this single topic.

The Cyber Threat Intelligence Summit will be held in March.  I’ll be presenting a lightning round presentation on the topic of crowdsourcing threat intelligence, and Rich Barger, Cyber Squared’s Chief Intelligence Officer, will be participating on a panel.  This is such an important topic for the industry that SANS is putting on this event, and in doing so have started the process for an industry wide definition of Threat Intelligence.

Why is it needed

The Advanced Persistent Threat (APT) facing many modern networked organizations has rendered intrusion detection systems, anti-virus and traditional incident response approaches insufficient. The APT represents well-resourced and trained adversary’s who use advanced tools and techniques designed to circumvent most conventional computer network defense mechanisms. Their multi-year intrusion campaigns target highly sensitive and valuable data for competitive edge.

What is it

Network defense techniques that leverage knowledge about these adversaries – known as cyber threat intelligence – can enable defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Threat intelligence can be a force multiplier and provide security managers accurate, timely and detailed information to continuously monitor new and evolving attacks. Earlier detection can minimize losses or disruption within the network, and lessen the cost of cleanup efforts.  With Threat Intelligence you can provide a more effective defensive posture then would be otherwise be possible.

Threat Intelligence Triangle

A Threat Intelligence Ecosystem can be broken down into the following basic functional areas: information collection and analysis, decision support, and mitigations.  All three must work in concert in order to keep pace with the threat.  So to make Threat Intelligence possible, we must connect the efforts of our decision makers with security personal, and provide them with a robust ability to leverage more comprehensive knowledge of their particular cyber threats. Taking the concept of a Threat Intelligence one step further. We must unite the efforts of the community around the threat, and crowdsource our need for threat intelligence. The Threat Intelligence Ecosystem is so much more knowledgeable and powerful than a single individual or organization.

How crowdsourcing can help

We know that responding quickly to cyber threats is of critical importance, and the only way to really change the game is to understand how the adversary works and predict where they might go next.  We realize that we can’t win this battle by fighting alone. While progress is being made to create and use Threat Intelligence within organizations, unfortunately today this is only possible with the more mature and resourced organizations.  It takes a significant investment to collect, create, enrich, and leverage Threat Intelligence, leaving less resourced businesses from protecting themselves in the same manner.  The adversary doesn’t discriminate between those organizations with and without resources.  The adversary  is targeting those who have sensitive and valuable data.

What if we applied the crowdsourcing model?   Applying a crowdsourcing approach to Threat Intelligence would involve being able to assemble an impromptu, virtual army of trusted cyber defenders to more quickly and comprehensively understand the threat and predict where they will go next.  It would require the ability to create dynamic relationships with trusted sharing partners who have common threat interests, and being able to register and receive notifications when threats change.  By transitioning today’s more static “sharing” model to a more dynamic “crowdsourcing” approach for Threat Intelligence, we could actually improve response times and predict attacks.  Furthermore, it is possible that an established, successful crowdsourcing Threat Intelligence solution could serve as a deterrent for cyber adversaries.  Benefits of crowdsourcing include:

  • Less time commitment to understand the threat
  • Lower costs to obtain a larger understanding of the threat
  • Obtain insights that would not be otherwise obvious
  • Connect with other stake holders who are also experiencing the same problem
  • Ability to track / measure the threat, effectively explaining and articulating the problem to decision makers

Based on established current day environmental factors, we should have at our disposal the necessary ingredients to create a successful crowdsourcing environment for threat intelligence.  For instance, the enormous popularity of social media has turned strangers into virtual friends.  Facebook’s “like” feature virtually binds people into a community via a common interest.  There is a growing awareness and acceptance of using crowdsourcing to solve problems.  We can bind these concepts into a crowdsourcing, internet-based solution for Threat Intelligence that includes rankings, statistics, and metrics to facilitate “co-ompetition”.

Conclusions

Unfortunately, there is going to be a great deal of confusion around Threat Intelligence for the foreseeable future.  Just remember that Threat Intelligence is not something you buy, it’s something you create.   You can streamline the process of building Threat Intelligence using security analysis products that support data feeds and crowdsourcing .  Please come out on March 22nd and see what I have to say about Crowdsourcing Threat Intelligence – the BIG (data) idea behind ThreatConnect.com.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

@ThingsExpo Stories
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Can call centers hang up the phones for good? Intuitive Solutions did. WebRTC enabled this contact center provider to eliminate antiquated telephony and desktop phone infrastructure with a pure web-based solution, allowing them to expand beyond brick-and-mortar confines to a home-based agent model. It also ensured scalability and better service for customers, including MUY! Companies, one of the country's largest franchise restaurant companies with 232 Pizza Hut locations. This is one example of WebRTC adoption today, but the potential is limitless when powered by IoT.
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, described an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-device experiences grounded in people's real needs and desires.
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue of profound change in the industry.
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust IT industrialization – allowing customers to provide amazing user experiences with optimized IT per...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, connected, and small. If your ambitions are big, so are ours. In his session at @ThingsExpo, Jack Hu, D...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data retrieval. They can easily adapt to new data sets and provide access to both structured and unstruc...
We’re entering a new era of computing technology that many are calling the Internet of Things (IoT). Machine to machine, machine to infrastructure, machine to environment, the Internet of Everything, the Internet of Intelligent Things, intelligent systems – call it what you want, but it’s happening, and its potential is huge. IoT is comprised of smart machines interacting and communicating with other machines, objects, environments and infrastructures. As a result, huge volumes of data are being generated, and that data is being processed into useful actions that can “command and control” thi...
As the Internet of Things unfolds, mobile and wearable devices are blurring the line between physical and digital, integrating ever more closely with our interests, our routines, our daily lives. Contextual computing and smart, sensor-equipped spaces bring the potential to walk through a world that recognizes us and responds accordingly. We become continuous transmitters and receivers of data. In his session at @ThingsExpo, Andrew Bolwell, Director of Innovation for HP's Printing and Personal Systems Group, discussed how key attributes of mobile technology – touch input, sensors, social, and ...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists will peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fil...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
Building low-cost wearable devices can enhance the quality of our lives. In his session at Internet of @ThingsExpo, Sai Yamanoor, Embedded Software Engineer at Altschool, provided an example of putting together a small keychain within a $50 budget that educates the user about the air quality in their surroundings. He also provided examples such as building a wearable device that provides transit or recreational information. He then reviewed the resources available to build wearable devices at home including open source hardware, the raw materials required and the options available to power s...