Welcome!

Agile Computing Authors: Yeshim Deniz, Mehdi Daoudi, Jyoti Bansal, Elizabeth White, Liz McMillan

Blog Feed Post

RSA 2013 – The Year of Threat Intelligence

The RSA conference this year was abuzz with talk of threat intelligence and its usage in detecting and protecting against more advanced threats. There was re-branding of existing products and the entrance of new products, all of which claimed to support some type of “intelligence” capability.  As I walked around it struck me that usage of the term was not consistent. We need to have a detailed understanding of what it means to use intelligence to secure our enterprise from cyber attacks, and maintain business operations in the face of sophisticated threats.

Recolored

Defining Threat Intelligence

In April of 2011, Cyber Squared defined Threat Intelligence as “an emerging information security discipline that seeks to recognize and understand sophisticated cyber adversaries, specifically why and how they threaten data, networks, and business processes.  With enhanced knowledge of the threat develop better protective measures against them.”  Not many companies would use the word “emerging” as it relates to their primary business, but we did, because at the time most clients were not yet worried about sophisticated threats, nor did they know how they would use threat intelligence to protect themselves from them.  Almost two years later and Threat Intelligence has now become a market within the broader security space.  For you skeptics that think it is yet another marketing term, don’t take my word for it.    SANS has sponsored a Summit on this single topic.

The Cyber Threat Intelligence Summit will be held in March.  I’ll be presenting a lightning round presentation on the topic of crowdsourcing threat intelligence, and Rich Barger, Cyber Squared’s Chief Intelligence Officer, will be participating on a panel.  This is such an important topic for the industry that SANS is putting on this event, and in doing so have started the process for an industry wide definition of Threat Intelligence.

Why is it needed

The Advanced Persistent Threat (APT) facing many modern networked organizations has rendered intrusion detection systems, anti-virus and traditional incident response approaches insufficient. The APT represents well-resourced and trained adversary’s who use advanced tools and techniques designed to circumvent most conventional computer network defense mechanisms. Their multi-year intrusion campaigns target highly sensitive and valuable data for competitive edge.

What is it

Network defense techniques that leverage knowledge about these adversaries – known as cyber threat intelligence – can enable defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Threat intelligence can be a force multiplier and provide security managers accurate, timely and detailed information to continuously monitor new and evolving attacks. Earlier detection can minimize losses or disruption within the network, and lessen the cost of cleanup efforts.  With Threat Intelligence you can provide a more effective defensive posture then would be otherwise be possible.

Threat Intelligence Triangle

A Threat Intelligence Ecosystem can be broken down into the following basic functional areas: information collection and analysis, decision support, and mitigations.  All three must work in concert in order to keep pace with the threat.  So to make Threat Intelligence possible, we must connect the efforts of our decision makers with security personal, and provide them with a robust ability to leverage more comprehensive knowledge of their particular cyber threats. Taking the concept of a Threat Intelligence one step further. We must unite the efforts of the community around the threat, and crowdsource our need for threat intelligence. The Threat Intelligence Ecosystem is so much more knowledgeable and powerful than a single individual or organization.

How crowdsourcing can help

We know that responding quickly to cyber threats is of critical importance, and the only way to really change the game is to understand how the adversary works and predict where they might go next.  We realize that we can’t win this battle by fighting alone. While progress is being made to create and use Threat Intelligence within organizations, unfortunately today this is only possible with the more mature and resourced organizations.  It takes a significant investment to collect, create, enrich, and leverage Threat Intelligence, leaving less resourced businesses from protecting themselves in the same manner.  The adversary doesn’t discriminate between those organizations with and without resources.  The adversary  is targeting those who have sensitive and valuable data.

What if we applied the crowdsourcing model?   Applying a crowdsourcing approach to Threat Intelligence would involve being able to assemble an impromptu, virtual army of trusted cyber defenders to more quickly and comprehensively understand the threat and predict where they will go next.  It would require the ability to create dynamic relationships with trusted sharing partners who have common threat interests, and being able to register and receive notifications when threats change.  By transitioning today’s more static “sharing” model to a more dynamic “crowdsourcing” approach for Threat Intelligence, we could actually improve response times and predict attacks.  Furthermore, it is possible that an established, successful crowdsourcing Threat Intelligence solution could serve as a deterrent for cyber adversaries.  Benefits of crowdsourcing include:

  • Less time commitment to understand the threat
  • Lower costs to obtain a larger understanding of the threat
  • Obtain insights that would not be otherwise obvious
  • Connect with other stake holders who are also experiencing the same problem
  • Ability to track / measure the threat, effectively explaining and articulating the problem to decision makers

Based on established current day environmental factors, we should have at our disposal the necessary ingredients to create a successful crowdsourcing environment for threat intelligence.  For instance, the enormous popularity of social media has turned strangers into virtual friends.  Facebook’s “like” feature virtually binds people into a community via a common interest.  There is a growing awareness and acceptance of using crowdsourcing to solve problems.  We can bind these concepts into a crowdsourcing, internet-based solution for Threat Intelligence that includes rankings, statistics, and metrics to facilitate “co-ompetition”.

Conclusions

Unfortunately, there is going to be a great deal of confusion around Threat Intelligence for the foreseeable future.  Just remember that Threat Intelligence is not something you buy, it’s something you create.   You can streamline the process of building Threat Intelligence using security analysis products that support data feeds and crowdsourcing .  Please come out on March 22nd and see what I have to say about Crowdsourcing Threat Intelligence – the BIG (data) idea behind ThreatConnect.com.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

@ThingsExpo Stories
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, will discuss new ways of thinking and the approaches needed to address the emerging challenges of securit...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...