fs-isac security automation working group...
TRANSCRIPT
![Page 1: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/1.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
16-May-14 Structured Cyber Intelligence Sharing FS-ISAC Security Automation Working Group (SAWG) May 15, 2014 David Eilken, SAWG PM
![Page 2: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/2.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
TOPICS
• SAWG Vision - An Intelligence Network
• STIX Standard – Not Just IOCs
• Mitre’s Vision of a Standards Based Security Lifecycle
• Intelligence Aggregation Layers – Filtering Down to Action
• SAWG 2014 Roadmap
• Internal Member Integration
• SAWG Profile
![Page 3: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/3.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
SAWG – SECURITY AUTOMATION WORKING GROUP
Vision – One Organization’s Incident is Everyone’s Defense
Community Repository
ISAC
Organization Attacked
Community Repository
Enterprise Repository
Trusted Organizations
Protected
Automated Defense
FS-ISAC
Extended Trusted Organizations Protected
Enterprise Repository
![Page 4: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/4.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
STIX – STRUCTURED THREAT INTELLIGENCE EXPRESSION
Eight Constructs – Verbose Expression of Bad Things, Bad Events, and Bad People
Strategic “Higher Level Constructs”
Operational / Tactical Constructs
![Page 5: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/5.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
CYBER SECURITY MEASUREMENT AND MANAGEMENT ARCHITECTURE
Source: MITRE
Threat Analysis is Just the Beginning
![Page 6: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/6.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
INDUSTRY THREAT FUNNEL – FROM DATA TO ACTIONABLE INFORMATION
Operational Intelligence
Strategic Intelligence
![Page 7: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/7.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
SAWG ROADMAP
![Page 8: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/8.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
CONNECTING TO THE COMMUNITY – AN INTERNAL VIEW
![Page 9: FS-ISAC Security Automation Working Group (SAWG)making-security-measurable.1364806.n2.nabble.com... · 2020. 8. 17. · SAWG Membership as of May 2014 285 Members Providing Input](https://reader034.vdocuments.net/reader034/viewer/2022051810/601635be77348f15170090c8/html5/thumbnails/9.jpg)
Visit www.fsisac.com/CyberIntelligenceRepository for more info
FS-ISAC SECURITY AUTOMATION WORKING GROUP
SAWG
Membership as of May 2014
285 Members Providing Input/ Requirements
125 Individual FS-ISAC Member Institutions
Avalanche Pilot Program
30 Participants Contributing to Technology Development
2015 Q1 – Avalanche Release Date to other ISACs
SAWG Positioning Statement Develop a local threat repository of structured/ relational intelligence that can be communicated machine-to-machine between intel providers, security tools, and broader ISAC community • - Help achieve critical mass adoption of STIX/ TAXII threat standards • - Influence security market to create open/ interoperable tools based on standards • - Ultimately drive down costs of tools and intelligence, while expanding accessibility
to smaller ISAC member institutions