gavin reid - lancope - first · 6/15/2015 · cybersecurity threats. • reid also created and led...
TRANSCRIPT
![Page 1: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/1.jpg)
Threat Intelligence?
Gavin Reid - Lancope
![Page 2: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/2.jpg)
© 2015 Lancope, Inc. All rights reserved.
Presenter• Gavin Reid is Vice President of Threat Intelligence at
Lancope, With over 25 years of experience in threat intelligence, Reid was a driving force behind the development of big data analytics and threat identification.
• While serving at Cisco Systems as director of threat research for Security Intelligence Operations, he led a team that developed new data analytics technologies to detect and remediate advanced cybersecurity threats.
• Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization of information security professionals responsible for monitoring, investigating and responding to cybersecurity incidents.
• In addition to his time at Cisco, Reid also served as the vice president of threat intelligence at Fidelity Investments and oversaw IT security at NASA’s Johnson Space Center.
![Page 3: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/3.jpg)
© 2015 Lancope, Inc. All rights reserved.
Where are we with security 2015?
![Page 4: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/4.jpg)
© 2015 Lancope, Inc. All rights reserved.
State of the industry
![Page 5: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/5.jpg)
© 2015 Lancope, Inc. All rights reserved.
State of the industry
![Page 6: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/6.jpg)
© 2015 Lancope, Inc. All rights reserved.
What we need to do differently
![Page 7: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/7.jpg)
© 2015 Lancope, Inc. All rights reserved.
IP with no or invalid context
8.8.8.8
What is Threat?
What is intelligence
Malware: Dridex
Analysis:Attachment File Name: RZZA3440.docAttachment MD5s:b4fe7224da594703e78d62d9cb85c5f4c3a00c36ea51040c3a10c557154bc7b15b9acbcd65555398a7e3fd0f0a389cf9582b75b4f8855dbe555bff080c57808abe699ba4855340adf5c9d7092e9df08b
Payload URLs:hxxp://internetz1[.]com/03/39.exehxxp://gggrp[.]com/03/59.exehxxp://fefg[.]com/03/39.exehxxp://woofe[.]com/03/39.exehxxp://contestswin[.]net/03/39.exe
Payload MD5:5e91af2e44c17de55134ff935c0f30f1
C2:130.0.133[.]35
![Page 8: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/8.jpg)
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Can you protect what you can’t see?
010101001011
010101001011
010101001011
010101001011
![Page 9: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/9.jpg)
© 2015 Lancope, Inc. All rights reserved.
![Page 10: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/10.jpg)
© 2015 Lancope, Inc. All rights reserved.
Data Jockey
Getting data ready
vs
Working on data
![Page 11: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/11.jpg)
© 2015 Lancope, Inc. All rights reserved.
Concerns
![Page 12: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/12.jpg)
© 2015 Lancope, Inc. All rights reserved.
Make Sure you have deliverables beyond needle and haystack• Prove the negative• Deliver a
daily/weekly/monthly • Lead the organizations
perspective on threat
![Page 13: Gavin Reid - Lancope - FIRST · 6/15/2015 · cybersecurity threats. • Reid also created and led Cisco’s Computer Security Incident Response Team (CSIRT), a global organization](https://reader030.vdocuments.site/reader030/viewer/2022011914/5fc0229adad6d9115c35bdbd/html5/thumbnails/13.jpg)
Thanks!