Save 37% off PRO during our Black Friday Sale! »

UNITED Security Summit: Fantastic Threat Intelligence and Where to Find it

UNITED Security Summit: Fantastic Threat Intelligence and Where to Find it

Threat intelligence supports incident prevention, detection, and response and can contribute to an organization’s risk-based security posture. However, there is a big difference between having intelligence and using intelligence. The value you get from threat intelligence depends not just on the intelligence itself, but how it is applied and used throughout the entire security process. This talk will cover how to select and implement a strategy that works for your environment, common pitfalls when applying intelligence, and how to develop meaningful metrics to measure success. We’ll discuss practical strategies for identifying how threat intelligence can best support the detection, validation, and investigation of known and unknown threats. Attendees will walk away armed with the knowledge and confidence to evolve their detection and response capabilities.


Rick Holland

November 03, 2016


  1. Fantastic Threat Intelligence and Where to Find it Rebekah Brown,

    Rapid7 Rick Holland, Digital Shadows
  2. None

  4. CISOs/Management You use threat intelligence to understand the threats facing

    you and make strategic decisions. 1 SET DIRECTION STRATEGIC 2 ANSWER TOUGH QUESTIONS 3
  5. Pentesters You use threat intelligence to emulate the attackers to

    make sure networks can stand up against real-world attacks. 1 2 3 CLEVER SNEAKY USE POWERS FOR GOOD
  6. Incident Responders You use threat intelligence to prevent, detect and

    respond to attacker activity. 1 2 3 FIND PROTECT ERADICATE
  7. Operations/IT You use threat intelligence to prioritize efforts and stay

    ahead of threats. 1 2 3 STEADFAST CONSISTENT CRITICAL
  8. WHAT HOUSE ARE YOU? •  Ravenclaw •  Slytherin •  Gryffindor

    •  Hufflepuff SURVEY TIME!
  9. None
  10. None
  11. None
  12. None
  13. “Threat intelligence helps make decisions about preventing and detecting attackers.”

    Rebekah Brown & Rick Holland
  14. None
  15. None
  16. None
  17. Everyone gets excited about Hungarian Horntails

  18. Meanwhile, dementors have actually attacked YOUR organization



  21. Motivations: Make Wizarding Great Again Target sector: Muggles, Half- Bloods,

    Ministry of Magic Tactics: Crucio, Imperio, Avada Kedavra Threat Actor Profile: Death Eaters
  22. Which critical business activities must you protect?

  23. SEC Form 10-K Risk Factors

  24. SURVEY TIME! Have you ever reviewed your company’s Form 10-

    K? •  A - Yes •  B – No
  25. What is the digital footprint for these risks?

  26. None
  27. None
  28. Where do you get threat intelligence? • A - Commercial Feeds

    • B – Open Source Feeds • C – Commercial Tools • D – Threat Actor Reports/Blogs • E – I don’t use it or I don’t know SURVEY TIME!
  29. “Never trust anything that can think for itself if you

    can’t see where it keeps its brain.” Harry Potter and the Chamber of Secrets
  30. • Not all created equal • Handling/maintenance varies • Nearly useless without

    context • Can be useful if implemented correctly
  31. None
  32. None
  33. None

  35. APT Notes – Strategic Intelligence

  36. Tying Everything Together

  37. Demo Slides for IDR • I WILL GET THESE NEXT WEEK!

  38. Demo Slide 2

  39. Demo Slide 3

  40. None