Beruflich Dokumente
Kultur Dokumente
Technical Operational
Infrastructure Infrastructure
Specialists & Organizations
Specialists & Organizations
Communication
Harvesting Fraud forum / chat room
Cash Out
Anti-establishment
Terrorists vigilantes
Non-state
PII, Government, “Hacktivists”
actors critical infrastructure Targets of opportunity
8.2.3.3
Scanning,
Reconnaissance None OSINT, targeted
opportunistic
Web Firewall
Reconnaissance
Analytics ACL
Vigilant
Delivery Proxy Filter In-Line AV Queuing
User
“chroot”
Installation HIDS AV
Jail
Firewall DNS
Command & Ctrl NIDS NIPS Tarpit
ACL Redirect
Quality of
Actions Audit Log Honeypot
Service
Late
Detection
Target Threat
Visibility &
Mitigation Goal
BREACH
EXPOSURE TIME “BET”
ADVANCED
CYBER
DEFENSE
APPROACH
CYBER
CYCLE Cyber Kill
Establish Chain
Network “Breach Life Cycle”
Threat Vector Foothold
“Malware”
(Undetected)
Actionable Scalable
Intelligence Infrastructure
“Need a flexible infrastructure
“Help me identify targets, to conduct short term and
threats & incidents” long term analysis”
RSA Security
SIEM Network Security
Analytics Monitoring
Compliance Reports
Fast & Powerful Analytics
Device XMLs High Powered Analytics
Logs & Packets
Log Parsing Big Data Infrastructure
Unified Interface
Integrated Intelligence
Analytics Warehouse
Type does
not match Hundreds of data points –
extension 0.2% of total
• Fuses open source, commercial, and confidential threat and fraud intelligence with an
organization’s live and recorded network traffic
Providing RSA Security Analytics customers covert tactical and strategic threat
intelligence on advanced threats & actors