Threat Mosaic: Using CTI to Improve Collaboration and ... · Threat Mosaic: The Importance of Threat Collaboration & Intelligence Sharing Jonathan Couch, SVP Strategy ... Adversary-focused

Threat Mosaic:The Importance of Threat Collaboration &

Intelligence Sharing

Jonathan Couch, SVP Strategy29 August 2019

2

Threat Intelligence: Understand Your Threat

©2019 ThreatQuotient - Confidential

3

The Threat Mosaic

©2019 ThreatQuotient - Confidential

4

The Threat Mosaic

©2019 ThreatQuotient - Confidential

5

Cyber Situation Room: Creating the Mosaic

©2019 ThreatQuotient - Confidential

6

Collaboration and Workflow

©2019 ThreatQuotient - Confidential

7©2019 ThreatQuotient - Confidential

SOC

Incident Response

Threat Intelligence

Hunt Team

Vuln Management

Maintain Security Monitoring Tools*Triage

Initial ScopeMinor RemediationCreate Incidents

ScopeRemediate

Recommend

ContextRelevance

IdentifyInform

IdentifyTargetDetect

Remediate

Patch Prioritization*Business Impact

Risk Management

ADDED VALUE OF INTEL:Context

RelevanceAdversary-focused Campaigns

Full-scope indicator sets

COLLABORATION:Sightings

Adversary Analysis“Single Source of Truth”

8

Overcoming Fragmentation

©2019 ThreatQuotient - Confidential

Internal System Events & Data

Endpoint

Detection &

Response

Network

Security

Malware

Analysis

SIEM

Log

Repository

Incident

Response /

Ticketing

Incident

Responders

Threat

Analysts

Network

Security

Analysts

Malware

Analysts

Security

Operators

End-User

Operations

Industry

Open

Source

Sharing

Commercial

Enrichment

Services

External Threat Data

Collaboration

Workflow

Automation

Integration

ThreatOperations

CENTRAL REPOSITORY

ANALYST WORKBENCH

SYSTEM INTEGRATION

9

Putting the Mosaic Together

©2019 ThreatQuotient - Confidential

Questions?

jonathan.couch@threatq.com