Security Bsides Las Vegas 2024

login

Intel-Driven Adversary Simulation for A Holistic Approach to Cybersecurity
.ical
2024-08-07 , Firenze

Our presentation delves into the utilization of an intelligence-driven adversary simulation approach as a pivotal tool for identifying and addressing actual risks faced by organizations in the realm of cybersecurity. This methodology involves the strategic integration of best practices frameworks, effectively merging threat intelligence with adversary simulation techniques to forge a comprehensive risk management strategy. Key aspects of the presentation include an emphasis on the importance of cross-functional team integration, the crucial role played by threat intelligence in formulating security strategies, and the provision of practical insights derived from real-world applications. Targeted at the full spectrum of the security workforce, including Chief Information Security Officers (CISOs), managers, and analysts, this presentation is designed to impart actionable knowledge. This knowledge aims to significantly enhance the cybersecurity posture and strategic decision-making capabilities within organizations.

  1. Introduction to Intel-Driven Adversary Simulation: We'll begin with an overview of the concept of Intel-Driven Adversary Simulation and its significance in achieving a comprehensive approach to cybersecurity. We'll explain the role of cyber threat intelligence in guiding cybersecurity strategies and simulations.

  2. CTI and Adversary Simulation: Next, we'll discuss how both internal and external threat intelligence sources are correlated and analyzed to pinpoint emerging threats and potential attack vectors, emphasizing the process of transforming intelligence data into actionable information for simulations run by the red team.

  3. Simulation of Real-World CTI-Based Threat Scenarios: Here we'll delve into how identified threats and its corresponding tactics, techniques, and procedures (TTPs), modeled on Mitre ATT&CK, are used to create realistic adversary simulation campaigns. Here we'll highlight the importance of these simulations in emulating actual cyber-attack scenarios.

  4. Collaborative Defense through Simulation Integration: When the adversary simulation is complete it's time for the defense team analyze the results, identifying gaps in the organization’s defense capabilities. For each of the succesfull attacks, it's possible to create short-term actions to mitigate the threats and enhances detection and mitigation strategies.

  5. Impact on Strategic Decision-Making: We'll discuss how the outcomes of these intel-driven simulations influence the implementation of security controls, risk calculation, policy adjustments, and solution acquisitions. The focus is on how these insights are crucial in aligning cybersecurity efforts with organizational goals.

  6. Advantages of an Intel-Driven Approach: We'll highlight the tangible benefits of this approach: effective testing of cybersecurity controls against real threats, proactive incident prevention, reduced risk exposure, enhanced security resilience, and efficient resource allocation.

  7. Lessons Learned and Future Perspectives: Finally, we'll finish by discussing the lessons learned from adopting this approach and its potential future developments. We'll explore the integration of cybersecurity into broader business strategies, ensuring secure digital transformation and the protection of critical assets.

The speaker’s profile picture
Carlos Gonçalves

Carlos Gonçalves has over 10 years of experience in the information security industry. Currently, he is the CTI Leader at a Fortune 500 financial company. Carlos also has experience conducting pentests, managing the red team, and the incident response teams.