Add to collection(s) Add to saved
  1. Business

CTX Overview

advertisement 
OVERVIEW
March 13, 2015
Healthcare Solution for Automated
Threat Exchange and Collaboration
• Over 300 healthcare
organizations actively
sharing
“Limit infiltration of my organization and
exfiltration of data in an efficient and
effective manner.”
−CISO, Health Plan
“My organization needs the ability to
streamline processes and based on the
quality of the intel determine where best
to place capital and operating expenses
in defense of the organization.”
−CISO, Hospital
2
hitrustalliance.net/cyber-threat-xchange/
Industry Challenge
• Low quality intelligence combined with historical and low
Fidelity Data creates non-actionable alerts
– • Time to value – The timeliness of the data was a major concern
as they discovered they were several days behind the industry
– • Rather than focusing on the analysis analysts spent their time
fixing scripts and working on content in the SIEM
Lack of Collaboration – Unable to automate the desired
collaboration with other organizations in the industry
– • Not Consumable because of inherent lack of automation
Internal Development Cycles
– • Intelligence sourced contained many false positives including
hosting IP addresses and legitimate domain names
Collaboration is limited to conference calls and back of napkin
discussions lacking detection and response capability
Threat data packaged for human consumption
– PDF reports are being manually collected and triaged by
analysts who spend time copy and pasting observable data
3
hitrustalliance.net/cyber-threat-xchange/
Intelligence Driven Security
•  Proactive Detection
•  Situational Awareness
•  Community Collaboration
• Proactive
• Robust Set of IOCs
• Active and Timely
• Relevant to Healthcare
Analysis
Observable
Acquisition
Collaboration
4
Enterprise
Distribution
Security
Operations
hitrustalliance.net/cyber-threat-xchange/
Information Sharing and Collaboration
Proven benefits
• Provides Situational Awareness and context across
organizational and geographical boundaries
• Force multiplier – leverage your peers
• Data Classifications Rules
– TLP Protocol
• • • • Actor / Campaign Details
Automated distribution
Platform Agnostic
Anonymous and Secure
5
hitrustalliance.net/cyber-threat-xchange/
Collaboration in Action
6
hitrustalliance.net/cyber-threat-xchange/
Return on Investment
Cost your organization?
CTX Provides:
• Worst Case: A breach
• Analyst force multiplication
• Malware detection and
response?
• Speed of identification and accuracy of information.
• Decrease time to detection of malware and targeted attacks
Delayed access to threat
observables from industry
breaches?
• Reduce SIEM content and use case building costs
• Indicator consolidation reduced the man-hours spent acquiring and
operationalizing indicators
Inaccurate Intelligence?
• External context and enrichment in a single pane of glass
• • “To more rapidly identify and subsequently eradicate active threats in my environment is extremely valuable
and offers a much quicker ROI to the acquiring entity…”
−CISO, Major Healthcare
7
hitrustalliance.net/cyber-threat-xchange/
Summary Q&A
Proactive Detection and Situational Awareness
• Observables directly integrated into existing security infrastructure
Community Collaboration
• CTX customers benefit from receiving threat details that have already been tested and vetted.
• Relevant to healthcare
• Ability to share threat information in an efficient, managed and secure process
• CTX enables real-time controlled collaboration between trusted partners.
• Allows for organizational oversight and facilitation of sharing by CTX
Actionable and Timely
• Automated analytics removes invalid IOCs
Bi-Directional SIEM integration allows for threat validation by CTX
8
hitrustalliance.net/cyber-threat-xchange/
Appendix
9
hitrustalliance.net/cyber-threat-xchange/
Use Cases and Observables
Broad range of use cases: Malware, APT, Fraud, Phishing, DDoS
Observable Types
• User Agent String
• URLs
• MD5s
• Email
• IPs
• Domains
• File Names
Correlate With
• • • • • • • 10
HTTP
Email
DNS
Proxy
Firewall
IPS
Application
hitrustalliance.net/cyber-threat-xchange/
Legacy Process (1-2 weeks)
Threat Intel
Collected
Manual Analysis
Data:
Pre-Process/Format
Upload to
Internal Site
Retrieval of
Threat Intel
Manual Load
to SIEM
Analysis and
Feedback to
Threat Team
Threat Team
Threat Team
Threat Team
Threat Team
OPS Team
OPS Team
OPS Team
11
hitrustalliance.net/cyber-threat-xchange/
Operational Intelligence (1 hour or less)
Pre-Process, Aggregate, Analyze
Threat Intel
Collected
Security
Infrastructure
Upload to CTX
Alert Analysis
Threat Team
Analyst Feedback and Collaboration
12
hitrustalliance.net/cyber-threat-xchange/
Indicator Acquisition
• OPTIC / Research
• Trusted Collaboration
• Homeland Security
• Partners (APP Store)
• Sandbox
• Modern Honey Net
Threat
Indicator
Acquisition
13
hitrustalliance.net/cyber-threat-xchange/
Enterprise Integration
• Integrate to existing Security
Infrastructure
• Delivered from the Cloud
• Correlation Instructions
Enterprise
Distribution
– Rules, Reports, Dashboards
• One Click Browser
• Rest API
• STIX
14
hitrustalliance.net/cyber-threat-xchange/
Related documents
ex_buisness_expansion
ex_buisness_expansion
1984 Anticipation Guide
1984 Anticipation Guide
Apocalypse Assignment
Apocalypse Assignment
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
RULE
RULE
The Threat from Within
The Threat from Within
Download
advertisement