John Pirc and David DeSanto - Threat Forecasting Leveraging Big Data for Predictive Analysis

THREAT FORECASTING THREAT FORECASTING Leveraging Big Data for Predictive

Analysis

JOHN PIRC

DAVID DESANTO

IAIN DAVISON

WILL GRAGIDO

AMSTERDAM BOSTON HEIDELBERG LONDON

NEW YORK OXFORD PARIS SAN DIEGO

SAN FRANCISCO SINGAPORE SYDNEY TOKYO

Syngress is an Imprint of Elsevier

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA

Copyright # 2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions . This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-0-12-800006-9

Publisher: Todd Green

Acquisition Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Production Project Manager: Punithavathy Govindaradjane

Designer: Mark Rogers

Typeset by SPi Global, India

ABOUT THE AUTHORS

John Pirc has more than 19 years of experience in Security R&D,

worldwide security product management, marketing, testing,

forensics, consulting, and critical infrastructure architecting and deployment. Additionally, John is an advisor to HPs CISO on Cyber Security and has lectured at the US Naval Post Graduate School.

John extensive expertise in the security field stems from past

work experience with the US Intelligence Community, as Chief

Technology Officer at CSG LTD, Product Manager at Cisco,

Product Line Executive for all security products at IBM Internet

Security Systems, Director at McAfees Network Defense Business Unit, Director of Product Management at HP Enterprise Security Products, Chief Technology Officer at NSS Labs, Co-Founder and Chief Strategy Officer at Bricata, LLC and, most recently as Director of Security Solutions for Forsythe Technology.

In addition to a BBA from the University of Texas, John also

holds the NSA-IAM and CEH certifications. He has been named

security thought leader from SANS Institute and speaks at top tier security conferences worldwide and has been published in Time Magazine, Bloomberg, CNN and other tier 1 media outlets.

David DeSanto is a network security professional with over

15 years of security research, security testing, software develop-

ment and product strategy experience. He is a strong technical

leader with a firm understanding of TCP/IP, software develop-

ment experience, including automation frameworks, and a deep knowledge in securing the enterprise network.

David is the Director, Products and Threat Research for Spirent

Communications where he drives product strategy for all applica-tion security testing solutions. He also manages the security engi-neering team responsible for the research, development and validation of new security attacks (i.e., exploits, malware, DDoS attacks) as well as development of all engine components that support them. Prior to Spirent, Davids career included roles at the industrys top security research and testing labs, where his expertise guided these organizations in creating industry-leading security tests and solutions for enterprises, services providers and network equipment vendors.

David holds a Master of Science in Cybersecurity from New

York University School of Engineering and Bachelor of Science

in Computer Science from Millersville University. He is a frequent speaker at major international conferences on topics including

threat intelligence, cloud security, GNSS security issues and the

impacts of SSL decryption on todays next generation security

products.

Iain Davison has over 16 years of security experience, with

many skills ranging from penetration testing to creating and

building intrusion prevention devices. This includes knowledge of programming languages, scripting, and compiling software. In his last position, Iain performed network architecture, hard-ware design, software design, and implementation.

He currently lives in Clinton, MD, with his wife Laura and two

kids Shaun age 6 and Emma age 1; he also has a dog and a cat. Iain

enjoys creating home automation devices from raspberry pi kits

along with home media and simple robotics.

Along with his experience in the cyber-security industry, Iain

has also written a book with a few of colleagues on threat forecast-

ing, it will be published in the second quarter of this year. The

book discusses some techniques used to gather intelligence, the

importance of all data not just the obvious. Looking at data from

a different perspective, something other than the norm.

Now that he is on the Exabeam team, he may be willing to write

yet another book based around UBA and all the things it can do in

the enterprise.

Will Gragido possesses over 21 years of information security

experience. A former United States Marine, Mr. Gragido began

his career in the data communications information security and

intelligence communities. After USMC, Mr. Gragido worked within several information security consultancy roles performing and leading red teaming, penetration testing, incident response, security assessments, ethical hacking, malware analysis and risk management program development. Mr. Gragido has worked with a variety of industry leading research organizations including International Network Services, Internet Security Systems/IBM Internet Security Systems X-Force, Damballa, Cassandra Security, HP DVLabs, RSA NetWitness, and now Digital Shadows. Will has deep expertise and knowledge in operations, analysis, man-agement, professional services and consultancy, pre-sales/ architecture and has a strong desire to see the industry mature, and enterprises and individuals become more secure. Will holds a CISSP and has accreditations with the National Security Agencys Information Security Assessment Methodology (IAM) and Information Security Evaluation Methodology (IEM). Mr. Gragido is a graduate of DePaul University and is currently in graduate school. An internationally sought after speaker, Will is the co-author of Cybercrime and Espionage : An Analysis of Subversive Multi - Vector Threats and Blackhatonomics : An Inside Look At The Economics of Cybercrime .