Bootstrapping Threat Intelligence Out of Thin Air

BSidesDE 2015

Presented by: grecs
Date: Saturday November 14, 2015
Time: 14:30 - 15:20
Location: Track 1

In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses using what your already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, and an Indicator Database. By analyzing this data using techniques such as the Cyber Kill Chain and Diamond Model for Intrusion Analysis, organizations can create Campaign and Adversary tracking artifacts that evolve into actionable threat intelligence and guide other investigative activities such as Data Fusion and Hunting. And yeah … threat intel vendors still hold a role in ultimate threat intelligence nirvana but there is a lot you should do on your own first in order to better understand your requirements in searching for that ideal partner.

grecs

grecs has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days improving and architecting defensive solutions. At night he runs a local infosec website where he discusses his latest security research and offers his commentary on the world of cyber.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats