mirror of https://github.com/MISP/misp-training
chg: [event:AusCERT24] Removing dots
Christian Studer
parent
2e7a162b24
commit
6f54651b84
|
|
@ -25,9 +25,9 @@
|
|||
\begin{frame}
|
||||
\frametitle{CIRCL's involvement}
|
||||
\begin{itemize}
|
||||
\item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg National CERT for private sector.
|
||||
\item \textbf{CIRCL leads the development} of the Open Source MISP threat intelligence platform which is used by many military or intelligence communities, private companies, financial sector, National CERTs and LEAs globally.
|
||||
\item \textbf{CIRCL runs multiple large MISP communities performing active daily threat-intelligence sharing}.
|
||||
\item CIRCL is mandated by the Ministry of Economy and acting as the Luxembourg National CERT for private sector
|
||||
\item \textbf{CIRCL leads the development} of the Open Source MISP threat intelligence platform which is used by many military or intelligence communities, private companies, financial sector, National CERTs and LEAs globally
|
||||
\item \textbf{CIRCL runs multiple large MISP communities performing active daily threat-intelligence sharing}
|
||||
\item []
|
||||
\item We use MISP as an \textbf{internal tool} to cover various day-to-day activities
|
||||
\item Whilst being the main driving force behind the development, we're also one of the largest consumers
|
||||
|
|
@ -82,12 +82,12 @@
|
|||
\begin{itemize}
|
||||
\item There are many different types of users of an information sharing platform like MISP:
|
||||
\begin{itemize}
|
||||
\item \textbf{Malware reversers} willing to share indicators of analysis with respective colleagues.
|
||||
\item \textbf{Security analysts} searching, validating and using indicators in operational security.
|
||||
\item \textbf{Intelligence analysts} gathering information about specific adversary groups.
|
||||
\item \textbf{Law-enforcement} relying on indicators to support or bootstrap their DFIR cases.
|
||||
\item \textbf{Risk analysis teams} willing to know about the new threats, likelyhood and occurences.
|
||||
\item \textbf{Fraud analysts} willing to share financial indicators to detect financial frauds.
|
||||
\item \textbf{Malware reversers} willing to share indicators of analysis with respective colleagues
|
||||
\item \textbf{Security analysts} searching, validating and using indicators in operational security
|
||||
\item \textbf{Intelligence analysts} gathering information about specific adversary groups
|
||||
\item \textbf{Law-enforcement} relying on indicators to support or bootstrap their DFIR cases
|
||||
\item \textbf{Risk analysis teams} willing to know about the new threats, likelyhood and occurences
|
||||
\item \textbf{Fraud analysts} willing to share financial indicators to detect financial frauds
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
|
@ -141,7 +141,7 @@
|
|||
\begin{frame}
|
||||
\frametitle{Bringing different sharing communities together}
|
||||
\begin{itemize}
|
||||
\item Getting your community to be active takes \textbf{time and effort}, but with persistence your chances are great.
|
||||
\item Getting your community to be active takes \textbf{time and effort}, but with persistence your chances are great
|
||||
\item We generally all \textbf{end up sharing with peers that face similar threats}
|
||||
\item Division is either \textbf{sectorial or geographical}
|
||||
\item So why even bother with trying to bridge these communities?
|
||||
|
|
@ -269,7 +269,7 @@
|
|||
\begin{frame}
|
||||
\frametitle{Dispelling the myths around blockers when it comes to information sharing}
|
||||
\begin{itemize}
|
||||
\item Sharing difficulties are not really technical issues but often it's a matter of \textbf{social interactions} (e.g. \textbf{trust}).
|
||||
\item Sharing difficulties are not really technical issues but often it's a matter of \textbf{social interactions} (e.g. \textbf{trust})
|
||||
\begin{itemize}
|
||||
\item You can play a role here: organise regular workshops, conferences, have face to face meetings
|
||||
\end{itemize}
|
||||
|
|
@ -293,10 +293,10 @@
|
|||
\begin{itemize}
|
||||
\item MISP project collaborated with legal advisory services
|
||||
\begin{itemize}
|
||||
\item Information sharing and cooperation \textbf{enabled by GDPR};
|
||||
\item \textbf{ISO/IEC 27010:2015} - Information security management for inter-sector and inter-organizational communications;
|
||||
\item How MISP enables stakeholders identified by the \textbf{NISD} to perform key activities;
|
||||
\item Guidelines to setting up an information sharing community such as an ISAC or ISAO;
|
||||
\item Information sharing and cooperation \textbf{enabled by GDPR}
|
||||
\item \textbf{ISO/IEC 27010:2015} - Information security management for inter-sector and inter-organizational communications
|
||||
\item How MISP enables stakeholders identified by the \textbf{NISD} to perform key activities
|
||||
\item Guidelines to setting up an information sharing community such as an ISAC or ISAO
|
||||
\end{itemize}
|
||||
\item For more information: https://www.misp-project.org/compliance/
|
||||
\end{itemize}
|
||||
|
|
@ -307,8 +307,8 @@
|
|||
\begin{frame}
|
||||
\frametitle{MISP feature - correlation}
|
||||
\begin{itemize}
|
||||
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes.
|
||||
\item Getting a direct benefit from shared information by other ISAC members.
|
||||
\item MISP includes a \textbf{powerful engine for correlation} which allows analysts to discover correlating values between attributes
|
||||
\item Getting a direct benefit from shared information by other ISAC members
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/correlation.png}
|
||||
\end{frame}
|
||||
|
|
@ -316,8 +316,8 @@
|
|||
\begin{frame}
|
||||
\frametitle{MISP feature - event graph}
|
||||
\begin{itemize}
|
||||
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes.
|
||||
\item ISACs users can directly understand the information shared.
|
||||
\item \textbf{Analysts can create stories} based on graph relationships between objects, attributes
|
||||
\item ISACs users can directly understand the information shared
|
||||
\end{itemize}
|
||||
\includegraphics[scale=0.20]{../images/event-graph.png}
|
||||
\end{frame}
|
||||
|
|
@ -390,15 +390,15 @@
|
|||
\begin{frame}
|
||||
\frametitle{Many objectives from different user-groups}
|
||||
\begin{itemize}
|
||||
\item Sharing indicators for a \textbf{detection} matter.
|
||||
\item Sharing indicators for a \textbf{detection} matter
|
||||
\begin{itemize}
|
||||
\item 'Do I have infected systems in my infrastructure or the ones I operate?'
|
||||
\end{itemize}
|
||||
\item Sharing indicators to \textbf{block}.
|
||||
\item Sharing indicators to \textbf{block}
|
||||
\begin{itemize}
|
||||
\item 'I use these attributes to block, sinkhole or divert traffic.'
|
||||
\item 'I use these attributes to block, sinkhole or divert traffic'
|
||||
\end{itemize}
|
||||
\item Sharing indicators to \textbf{perform intelligence}.
|
||||
\item Sharing indicators to \textbf{perform intelligence}
|
||||
\begin{itemize}
|
||||
\item 'Gathering information about campaigns and attacks. Are they related? Who is targeting me? Who are the adversaries?'
|
||||
\end{itemize}
|
||||
|
|
|
|||
Loading…
Reference in New Issue