Cyber Threat Hunting, An Industry Example brought to you by IBM. In this video, you will learn to apply cyber threat hunting concepts to an industry solution. >> And then, of course, this helps put it in the full context as to what a cyber threat hunting team look like. You can see here when we sit in the center of the cyber intelligence organization, or the cyber threat hunting team center, you have, of course to your right, you have your traditional SOC operation with your SIM, your endpoint, all the normal endpoint protection type environments, security device management, etc. You have to your left data sources coming in from open-source, deep web, dark web, unstructured data OSINT, etc. And you need a team that sits outside of the SOC that is responsible for doing proactive cyber threat hunting, ingesting sources from each of these, ingesting the data from each of these environments. And then ultimately bringing it together in a centralized fashion to make better informed decisions proactively before they become a problem. Which then, of course, leads to a more productive and more efficient and a more mature SOC environment because now the red team and the cyber threat hunting team is sharing that information with the blue team, which of course is the SOC. And so it's a continuum. It's a process designed to help you evolve and mature. But understand that if you have good solid intelligence to work with, and data tools and technologies that you can use to help ingest and make sense of that, then maybe I could start making better decisions about what you're seing. So how do you build a cyber threat hunting team? And you can go back and review this at your leisure. You can go back to this webinar and listen to this again. But in summary in a very high level, as I said earlier, the cyber threat hunting team sits outside of and is independent of your traditional SOC. And that is, your SOC operation has its role and responsibility of providing 24 by 7 operations. That continues, however introducing a more, should I say, an advance team of cyber threat hunters that may have a combination of both security and intelligence backgrounds, can then start to create and build the foundation of a cyber threat hunting team that consists of cyber threat intelligence. A cyber red team that isn't designed to stimulate a tax on the organization. And then, of course, that cyber threaet hunting team is proactively identifying threats, sharing that information to the blue team within the SOC. Which they can then use to build better rules in their SIM platforms, better security device management, better protection, better defenses, etc. So please understand the cyber threat hunting team, generally speaking, needs to be outside of the SOC and independent of the SOC. But is the next gen of the SOC that then leads to better defenses for the organization. So the cyber threat hunting use cases or various use cases of how this can be applied. Please understand that today, when we talk about i2 EIA, Enterprise Insight Analysis, that i2 has been doing this for a number of years. But from cyber threat hunting to watch list, insider threat, we touched a number of organizations. And, of course, we have a number of different use cases that we can talk about as well. And these are all that we details that we can drill down into specifically with, from spear phishing to APTs to insider threat. Please understand that i2 EIA, Enterprise Insight Analysis, can map across the organization because it is data independent. And we can really start to help formulate what we call risk intelligence, risk insight to what's really going on. From internal to external, I'm starting to connect the dots on those different variables and vectors. So here are a couple of use cases as an example within the SOC of how this type of analysis for cyber forensic investigation reduced the number of events coming out of the SIM. Because the SOC team, the analysts, were able to more quickly and efficiently gain insight to what's happening and through that analysis was able to reduce the number of false alarms, or should I say false positives, [INAUDIBLE] within their SIM. And here's another example of a fraud situation where we were able to decrease the amount of fraud that was occurring. So these are just the different examples. But ultimately, as we kind of look to bring this into how to you now start to function and start to create your cyber threat hunting team, and what technologies do you need to be able to do that. Well, i2 Enterprise Insight Analysis is designed to help you do just that. i2's been around now for a number of years. We are deployed in a hundred plus countries. We work across government, military, law enforcement, private sector companies. We have presence in 18 industries. And of course, as I said, we are touching a number of different countries around the globe. As we go back to what we said earlier, cyber touches everything that we do. There is not an industry that is immune to the, what I call, the cyber pendulum as it swings back and forth as to how you deal with complexities of cyber. And then how do you identify the insight and the intelligence to identify the threat vectors before they become actual problems? So i2 has been doing this now, this type of analysis, now for several years. So as we introduce you to i2 Enterprise Insight Analysis, understand that in essence what it is is that it gives you the ability for both cyber forensic investigation and proactive cyber threat hunting to evolve your SOC, your GSI, your MSSP, your internal SOC operation to the next level, to the next gen SOC of cognitive analysis. And i2 gives you the ability to sit on top of those internal data sources, those external data sources. Bring them into an environment where you can start to make sense of the data, connect the dots, do entity link properties, start to really formulate what's really happening. As you see in the upper right-hand corner, connecting the people, which is the analyst, the driver, the intellect that's overseeing this. Ingesting those internal/external data sources and starting to produce actionable intelligence. And EIA gives you the ability to, of course, turn information to intelligence. Gives your cyber threat hunting team, as well as your SOC, the ability to have a centralized environment through i2 EIA. And then, of course, the ability to collaborate and share as part of this. Now, [COUGH] excuse me, the value proposition is the ability to optimize. It serves as a force multiplier and it also helps you predict and proactively identify the threats before they become an actual problem. Type of users in the world of cyber, of course these are examples of those. What's valuable about this is i2 EIA can guess all these different data sources internally and externally. You can roll this up and submit the intelligence to a CISO, to a CIO, to a Head of Risk. Please understand that i2 has been used by law enforcement globally to prosecute a number of criminal activities, and has stood up in the courts of law, including The Hague in the Netherlands. And so with i2 EIA, not only can you use it for traditional security cyber forensic investigation, proactive cyber threat hunting, and the analyst will lead to criminal intent, criminal investigation. Which then you need a technology that can stand up in the court of law as you work with your general counsel, legal, and law enforcement organizations to be able to talk about this.
