trusted and anonymized threat sharing using blockchain ......summary: the next generation threat...
TRANSCRIPT
![Page 1: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/1.jpg)
Trusted and Anonymized Threat Sharing Using Blockchain Technology
Feb 19, 2019
Dr. Yair Allouche
IBM Cyber Security Center of Excellence, Beer Sheva
![Page 2: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/2.jpg)
2 IBM Security
Agenda
Blockchain hype cycle Visibility
Source: Gartner
![Page 3: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/3.jpg)
3 IBM Security
Agenda
• Vision: Next generation threat sharing network
• Current Barriers for Threat Sharing
• Blockchain-based threat sharing platform
• Summary and Q&A Blockchain hype cycle Visibility
Source: Gartner
![Page 4: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/4.jpg)
4 IBM Security
Vision: Next Generation Threat Sharing Network
• Global and flexible
• Trusted and reliable
• Automated and well integrated within existing workflow
• Built in anonymity
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
CERT
CERT
CERT
ISAC
ISAC
ISAC
![Page 5: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/5.jpg)
5 IBM Security
Vision: Next Generation Threat Sharing Network
• Global and flexible
• Trusted and reliable
• Automated and well integrated within existing workflow
• Built-in anonymity
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
MI
CERT
CERT
CERT
ISAC
ISAC
ISAC
![Page 6: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/6.jpg)
6 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
configuration
configurationconfiguration
![Page 7: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/7.jpg)
7 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
rulesrules
![Page 8: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/8.jpg)
8 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
regex for PII
regex for PII
![Page 9: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/9.jpg)
9 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoC
IoC
IoC
![Page 10: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/10.jpg)
10 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoC
IoC
![Page 11: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/11.jpg)
11 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
IoCIoC
![Page 12: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/12.jpg)
12 IBM Security
Next Generation Threat Sharing Network, Example 1
SIEM network
SIEM
SIEM
SIEM
SIEM
SIEM
SIEM
mitigation
strategies
mitigation
strategies
mitigation
strategies
![Page 13: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/13.jpg)
13 IBM Security
Next Generation Threat Sharing Network, Example 2
• Leveraging collective knowledge, experience, and capabilities
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
IMDDOS
THLD
Collective STIX report
![Page 14: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/14.jpg)
14 IBM Security
Next Generation Threat Sharing Network, Example 2
Different views according to trust level
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
IMDDOS
THLD
Collective STIX report
![Page 15: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/15.jpg)
15 IBM Security
Next Generation Threat Sharing Network, Example 2
IMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS C2
Traffic
Collective STIX report
Different views according to trust level
![Page 16: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/16.jpg)
16 IBM Security
Next Generation Threat Sharing Network, Example 2
IMDDOS
THLD
TrafficIMDDOS
IMDDOS
Threat
Actor
IMDDOS
Botnet’
report
IMDDOS
Infected Host
IMDDOS
THLD
Collective STIX report
Different views according to trust level
![Page 17: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/17.jpg)
17 IBM Security
Current Barriers for Threat Sharing (Source: NIST SP 800-150)
• Establishing trust
• Achieving interoperability and automation
• Safeguarding sensitive info
• Protecting classified info
• Enabling information consumption and publication
Model 2:
Rely on Personal relationshipsModel 1:
Trusted Third Party
Threat Sharing Today: What are the Trust Models?
![Page 18: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/18.jpg)
18 IBM Security
Why Blockchain
Provides anonymity with trust
Enable dynamic and flexible data exchange between any two organizations in the network
Uses smart contracts to enforce data exchange agreement
Automatic, objective and immutable audit of exchanged information
Transparency
![Page 19: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/19.jpg)
19 IBM Security
Our Approach
• Blockchain is used to supervise access management
• Cyber Threat Intelligence is exchanged of chain
Blockchain Network
Org A Org B Org C
Org D Org E Org F
Access Permission
TokenCTI Server(s)
![Page 20: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/20.jpg)
20 IBM Security
Our Approach
Org profile
• Issuer: I-Cert
• Role: CISO
• Sector: Finance
• Headquarter: New York
• FS-ISAC Member
• Splunk costumer
• Reputation score….
Blockchain Network
![Page 21: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/21.jpg)
21 IBM Security
Our Approach
Consumption/ Sharing policy
• Issuer white/black list
• Reputation higher than …
Blockchain Network
![Page 22: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/22.jpg)
22 IBM Security
Our Approach
Consumption/ Sharing policy
• ISAC members
• Geo white/blacklist
Blockchain Network
![Page 23: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/23.jpg)
23 IBM Security
Our Approach
Consumption/ Sharing policy
• Splunk costumers
• white/black list of user
rule
Blockchain Network
![Page 24: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/24.jpg)
24 IBM Security
Our Approach
Blockchain Network
CTI producer CTI Consumer
Producer Profile
Access
Permission
Token
Consumer
Consumption
Policy
Consumer Profile Producer Sharing
Policy
![Page 25: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/25.jpg)
25 IBM Security
Our Approach
Sharing policy
• Issuer white/black list
• Reputation higher than …Blockchain Network
![Page 26: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/26.jpg)
26 IBM Security
Our Approach
Sharing policy
• ISAC members
• Geo white/blacklistBlockchain Network
![Page 27: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/27.jpg)
27 IBM Security
Our Approach
Sharing policy
• Splunk costumers
• white/black list of user
ruleBlockchain Network
![Page 28: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/28.jpg)
28 IBM Security
Summary: The Next Generation Threat Sharing Platform
• Blockchain can provide real benefits for threat sharing
• Reaching a critical mass is the key challenge
• IBM is running pilots with several stake holders
• Working with partners to promote the solution globally
Contact information: [email protected]
![Page 29: Trusted and Anonymized Threat Sharing Using Blockchain ......Summary: The Next Generation Threat Sharing Platform • Blockchain can provide real benefits for threat sharing • Reaching](https://reader033.vdocuments.site/reader033/viewer/2022060207/5f03d9c57e708231d40b12e1/html5/thumbnails/29.jpg)
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU