When adding a new threat intelligence feed into your threat model and security practice, one always has to ask: "what is the value?" Unfortunately, over the past couple of years, organizations have struggled with showing true value from standard threat intelligence feeds for several reasons, most of which coincide with the fact that the feeds are too generic, and do not directly relate to the operating environment of the organization.
In this talk, we will discuss how to create a customized, organization-specific threat intelligence feed, which in turn will be used to actively increase the security posture of the organization in a measurable way. Some of the examples we will use, include dealing with DDoS attacks & social media account takeovers and adjusting to finding threats and threat actors in order to proactively tune defenses before an attack. Additionally, we'll present actionable indicators that surrounded popular events in the past few months -- from pro-ISIS attacks, Anonymous "ops", the SuperBall, weaponizing the Lenovo SuperFish, as well as more recent ones.