The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Citation preview
1. Big Data, SecurityIntelligence,(And Why I Hate This
Title)
2. Introduction / Who Am I Matt Yonchak Director of
SecurityServices Hurricane Labs Avid Clevelandsports cynic 3. What
are we going totalk about?Security Intelligence 4. Fact #1Attacks
are happening on our networks and we dont know:How it happenedWho
got inHow pervasive this attack is 5. Fact #2Traditional tools are
insufficient to the task of realsecurity analysis 6. Intrusion
PreventionSystems (IPS) 7. Firewalls 8. Incredible tool or amazing
distraction?SIEM 9. Fact #3All Data Is Security Relevant 10. WAF
IPS Proxy FirewallTypical Security Data 11. Non-Typical Data(but
still relevant to security) Web Application Data Voice and
Communication Email Performance Monitoring ID Management External
Data Sources 12. ProblemWeve Been Attacked 13. How Did It
Happen?Social EngineeringAttacking the User 14. What Does It Look
Like? Evades normal security controls Moves slow and stays quiet
Knows what data its after Propagates itself internally 15. Weve
Been Compromised 16. Looking At The ProblemDifferently 17. Security
Intelligence Is:Analysis Outside the Box 18. Security Intelligence
Is:Behavior-Based Analysis 19. Security Intelligence Is:Working a
Little Harder 20. Security Intelligence Is:Understanding theBig
Picture 21. Security Intelligence: HowDo We Get It?Understand the
Attack / Attackers 22. LogsSecurity Intelligence: HowDo We Get It?
23. Understand Your NetworkSecurity Intelligence: HowDo We Get It?
24. Understand Your NetworkSecurity Intelligence: HowDo We Get It?
25. Back to Our ProblemHow would we have detected/stopped
theattack? 26. Finding The Attack 27. Finding The AttackBring In
SomeExternal Data GeoIP Blacklists / Watchlists Our own
intelligence 28. Finding The AttackThink Outside the Box 29. Going
ForwardHow do we build out this practice withinour organizations?
30. Going ForwardAccept that what were doing now: Traditional
IncidentResponse Our typical securitycontrols Our SIEMs 31. Going
ForwardLegitimize the SecurityIntelligence Concept 32. Security
IntelligenceLegitimacyTrain For It 33. Security
IntelligenceLegitimacy SecurityIntelligenceAnalyst?
SecurityIntelligenceEngineer? SecurityIntelligence...Ninja? 34.
Security IntelligenceLegitimacy 35. Results 36. Results 37.
ClosingThe only way to really get where we need tobe in security
analysis is if we:Put in the work to get thereThink outside the
boxChange what is normal for security analysis 38. Questions?
Twitter: @mattyonchak Email: [email protected]
