Today's cyber defenders face a constant barrage of persistent, motivated, and creative attackers. Defenders also face with an equally daunting "Fog of More" – more requirements, tools, guidance, threat feeds, training, and oversight than they can possibly absorb. To be a successful defender you need to prioritize based on an actionable understanding of successful attacks. Sadly, this challenge is beyond the ability of the vast majority of enterprises. And even the rare enterprise with the time, talent, and resources to do this successfully is highly dependent on many others who cannot.
It may seem overwhelming, but we at the Center for Internet Security (CIS) believe that this is our "teachable moment" in cybersecurity. This is a Community-wide problem - one that we all share – so we also need to share our ideas, labor, and action in an open way that empowers all defenders.
In this presentation, we'll describe the CIS Community Attack Model. It's an open framework to make sense of large masses of publicly available attack information and translate it into positive defensive action.
Tony Sager is a Senior VP and Chief Evangelist for the Center for Internet Security. He leads the development of the CIS Critical Security Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. As of December 21, 2015, more than 13,000 individuals and organizations have downloaded the CIS' Critical Security Controls for Effective Cyber Defense Version 6.0 since their release to the public on October 15, 2015. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute.
Matthew Wollenweber is a Senior Security Researcher at ThreatStream. He began his adventures in information security after receiving a Netbus Trojan in middle school. After reversing the malware and taking control of the hijacked systems, Matthew went on to Loyola University where he graduated with degrees in computer science and mathematics. His professional career began over 11 years ago as a penetration tester. Living in the DC metro quickly lead to roles for the government including the NSA red team as well as the lead software engineer for a network sensor program. Matthew spent almost six years at The George Washington University where he managed the team responsible for security monitoring and incident response. Later as principal security engineer, Matthew oversaw large security projects and wrote software to ingest and correlate threat intelligence to detect previously undetected network and cloud security events.