In this webinar, Janne Pirttilahti, Director, New Services from F-Secure Cyber Security Services, will explain essential predictive measures, how to acquire evidence-based knowledge about existing or emerging adversaries and threats, and how to turn that insight into actions to better protect your organization.
Article URL: https://business.f-secure.com/webinar-how-to-predict-threat-landscape
3. CYBERSECURITYISAPROCESS
3
Understand your risk,
know your attack surface,
uncover weak spots
React to breaches,
mitigate the damage,
analyze and learn
Minimize attack surface,
prevent incidents
Recognize incidents and
threats, isolate and
contain them
4. CYBERSECURITYISAPROCESS
4
Understand your risk,
know your attack surface,
uncover weak spots
React to breaches,
mitigate the damage,
analyze and learn
Minimize attack surface,
prevent incidents
Recognize incidents and
threats, isolate and
contain them
5. PREDICT
Pri-`dikt
To declare or indicate in advance; especially : foretell on
the basis of observation, experience, or scientific reason
Source: Merriam Webster
5
6. 6
Top three behaviors that impact us?
What do future attacks look like?
Where to invest next?
How to train our people?
How to prepare oneself and for what?
PREDICTIVECAPABILITIESARENEEDED
TOANSWERMANYQUESTIONS
18. 18
“Threat intelligence is evidence-based knowledge
(e.g. context, mechanisms, indicators, implications
and action-oriented advice) about existing or
emerging menaces or hazards to assets.
CISOs should plan for current threats, as well as those
that could emerge in the long term (e.g. in three
years).”
Gartner, February 2016
20. 20
STRATEGIC / EXECUTIVE LEVEL
THEDIFFERENT LEVELSOF
THREATINTELLIGENCE
– Strategic, high level information of changing risk
– Geopolitics, Foreign Markets, Cultural Background
– Vision timeframe: years
21. 21
OPERATIONAL / TACTICAL
STRATEGIC / EXECUTIVE LEVEL
THEDIFFERENT LEVELSOF
THREATINTELLIGENCE
– Strategic, high level information of changing risk
– Geopolitics, Foreign Markets, Cultural Background
– Vision timeframe: years
– Details of specific incoming risk: who, what, when?
– Attacker’s methods, tools and tactics, their modus operandi
– Early warnings of incoming attacks
– Vision timeframe: months, weeks, hours
22. 22
OPERATIONAL / TACTICAL
STRATEGIC / EXECUTIVE LEVEL
TECHNICAL
THEDIFFERENT LEVELSOF
THREATINTELLIGENCE
– Strategic, high level information of changing risk
– Geopolitics, Foreign Markets, Cultural Background
– Vision timeframe: years
– Details of specific incoming risk: who, what, when?
– Attacker’s methods, tools and tactics, their modus operandi
– Early warnings of incoming attacks
– Vision timeframe: months, weeks, hours
– Specific IOCs (for SIEM, FW, etc. integration)
– More data, less intel
– Automated processing is paramount
– Vision timeframe: hours, minutes (but also long lasting)
28. STRATEGICALLYRELEVANTDATAIS
UNIQUETOEACHCOMPANY
28
All threat data:
Vulnerability feeds
Exploit kit feeds
Malicious software feeds
Indicators of compromise feeds
Bad IP address feeds
Botnet activities feeds
DNS changes feeds
Reputation feeds (URL & content)
Known threat actor behavior data
All ”breadcrumb” data from
company personnel
…
Global
landscape
Business area
landscape
Possibly relevant
data
Strategically
important data
30. CYBERSECURITYISAPROCESS
30
Understand your risk,
know your attack surface,
uncover weak spots
React to breaches,
mitigate the damage,
analyze and learn
Minimize attack surface,
prevent incidents
Recognize incidents and
threats, isolate and
contain them
32. Understanding your own environment is the foundation
There are both commercial and free options available
32
CLOSINGWORDS
33. Understanding your own environment is the foundation
There are both commercial and free options available
Start from figuring out what benefits you the most
33
CLOSINGWORDS
34. Understanding your own environment is the foundation
There are both commercial and free options available
Start from figuring out what benefits you the most
Threat Intelligence can strengthen your security posture
34
CLOSINGWORDS