fs-isac security automation working group...
TRANSCRIPT
Visit www.fsisac.com/CyberIntelligenceRepository for more info
16-May-14 Structured Cyber Intelligence Sharing FS-ISAC Security Automation Working Group (SAWG) May 15, 2014 David Eilken, SAWG PM
Visit www.fsisac.com/CyberIntelligenceRepository for more info
TOPICS
• SAWG Vision - An Intelligence Network
• STIX Standard – Not Just IOCs
• Mitre’s Vision of a Standards Based Security Lifecycle
• Intelligence Aggregation Layers – Filtering Down to Action
• SAWG 2014 Roadmap
• Internal Member Integration
• SAWG Profile
Visit www.fsisac.com/CyberIntelligenceRepository for more info
SAWG – SECURITY AUTOMATION WORKING GROUP
Vision – One Organization’s Incident is Everyone’s Defense
Community Repository
ISAC
Organization Attacked
Community Repository
Enterprise Repository
Trusted Organizations
Protected
Automated Defense
FS-ISAC
Extended Trusted Organizations Protected
Enterprise Repository
Visit www.fsisac.com/CyberIntelligenceRepository for more info
STIX – STRUCTURED THREAT INTELLIGENCE EXPRESSION
Eight Constructs – Verbose Expression of Bad Things, Bad Events, and Bad People
Strategic “Higher Level Constructs”
Operational / Tactical Constructs
Visit www.fsisac.com/CyberIntelligenceRepository for more info
CYBER SECURITY MEASUREMENT AND MANAGEMENT ARCHITECTURE
Source: MITRE
Threat Analysis is Just the Beginning
Visit www.fsisac.com/CyberIntelligenceRepository for more info
INDUSTRY THREAT FUNNEL – FROM DATA TO ACTIONABLE INFORMATION
Operational Intelligence
Strategic Intelligence
Visit www.fsisac.com/CyberIntelligenceRepository for more info
SAWG ROADMAP
Visit www.fsisac.com/CyberIntelligenceRepository for more info
CONNECTING TO THE COMMUNITY – AN INTERNAL VIEW
Visit www.fsisac.com/CyberIntelligenceRepository for more info
FS-ISAC SECURITY AUTOMATION WORKING GROUP
SAWG
Membership as of May 2014
285 Members Providing Input/ Requirements
125 Individual FS-ISAC Member Institutions
Avalanche Pilot Program
30 Participants Contributing to Technology Development
2015 Q1 – Avalanche Release Date to other ISACs
SAWG Positioning Statement Develop a local threat repository of structured/ relational intelligence that can be communicated machine-to-machine between intel providers, security tools, and broader ISAC community • - Help achieve critical mass adoption of STIX/ TAXII threat standards • - Influence security market to create open/ interoperable tools based on standards • - Ultimately drive down costs of tools and intelligence, while expanding accessibility
to smaller ISAC member institutions