Professional Documents
Culture Documents
Sandeep Singh
OWASP Delhi & null Delhi
30 January 2015
Disclaimer
I am not an intelligence analyst but would love to be
The topic is close to my heart
Do not expect any FM (Freakin Magic )
The objective is to help attendees get familiar with the
world of threat intel
Agenda
Overview of Threat Intel
Understanding Threat Intel
What is Cyber Threat Intelligence
Types of Threat Intel
Intelligence Lifecycle
Threat Intel Classification & Vendor Landscape
Threat Intel Standards
Open Source Threat Data/Intel Sources
Bonus Agenda
What is Threat
Intelligence?
Overview
Buzzword
Growing field
- $250M in 2013
- $1.5B in 2018
Lots of new service providers entering the
market
and still maturing
Threat
Risk = Vulnerability * Threat * Impact
Threat = Intent * Capability
Intelligence Process
Key Elements of Threat Intel
Types of Threat Intel
Strategic TI
Target audience: decision-makers
Focus on changing risks, high level topics
Geopolitics
Foreign markets
Cultural background
Vision timeframe: years
Planning
What are you looking for?
Collection
OSINT/HUMINT
Logs/Data points inside the org
Honeypots/nets/docs, social networks
FM-5
Processing
Synthesizing the collected data so that intelligence analyst can
work
Analysis
Finished Intelligence
Dissemination
Present to the right audience
Threat Intel - Classification
Technical Intel
Adversary Intel
Vulnerability Intel
Strategic Intel
Vendors
Can you guess the price of commercial
threat Intel?
Symantec's 12-month retail subscription to its
reputation feed costs $95,300 (INR 6100000
approx.)
Thank you,
Sandeep Singh Chapter Leader, OWASP Delhi & null Delhi
sandeep.singh@owasp.org
san@null.co.in
@Sandy1sm