TeamT5 Asia Cyber Channel Summit - B2B Session
10
TeamT5 Introduction Tsai Sung-Ting ( TT )
Transcript of TeamT5 Asia Cyber Channel Summit - B2B Session
TeamT5 IntroductionTsai Sung-Ting ( TT )
Global CustomersClient / Partner regions• Japan, Taiwan, ASEAN, Korea, US
50+ Clients• Government agencies• Leading CTI Firms• Security vendors• MSSP• Telecom / ISP• Accounting firms / Financial sectors• Semiconductor / Manufacturing• International Trading
TeamT5 Solutions
Elegant Threat Hunting TechnologyUncover hidden threats• Threat hunting platform and service.• Incident response, malware analysis, and forensics.• Threat mitigation and consulting service.
World-leading Threat IntelligenceKnow your enemies• Tracking and monitoring to 100+ cyber attack groups.• Leader in espionage threat research, especially threats from Asia.• Not only tracking and analyzing, we are also hunting actors.
WORLD-LEADINGCTI RESEARCH
TeamT5 Threat Intelligence
Many people are talking about Threat Intelligence,
we actually do it.
10+ years experience
Language & Culture
Hunting ActorsThreat Visibility AnalysisAutomation
THE SOLUTION TO MODERN THREATS
An elegant threat hunting solution
Elegant and Efficientl Light-weight with high
detection ratel Low cost, less effortsl Low risk, non-intrusive
On premise
Orchestration• SIEM Integration• HTTP Restful API
Auto Investigation• Infection Timeline• Lateral movement analysis
Threat Hunting• Behavior Modeling• Threat Intelligence• Outlier
Use Case (1) – Threat Hunting Tool
Powerful remote forensics• Compromise assessment on risks• Incident response, especially cyber
espionage• Auditing riskware, shadow IT
(unauthorized servers)Simple and efficient• Simply bring a server to IR-site• Dispatch scanner using AD or existing
mechanism• IR Scan 2000+ PC per hour / per
server• Centralized Dashboard & Reports
from server
Target clients• CSIRT team of large enterprises• MSSP, SOC, *-ISAC, CERT service
providers• Computer Auditing or Accounting
firms• Cybersecurity insurance
Identify infected computers instantly• Much more efficient than
traditional incident response.• Automatic investigation, log
analysis, malware analysis.
Use Case (2) – Endpoint Protection
Daily endpoint health check• Installed dedicated ThreatSonar
server• Regular scan (e.g. 1 time / day)• Dashboard shows high level
suspicious PC• If threats detected, start investigation
with information provided by ThreatSonar.
Target clients
• Enterprises, especially with oversea subsidiaries
• Financial firms with ATM, need on-premise
• Cybersecurity insurance companies
• Who need lightweight endpoint visibility
Fusion of Threat Hunting & Threat Intelligence
T5 Intelligence
