Upgrade to Pro — share decks privately, control downloads, hide ads and more …

UNITED Security Summit: Fantastic Threat Intelligence and Where to Find it

UNITED Security Summit: Fantastic Threat Intelligence and Where to Find it

Threat intelligence supports incident prevention, detection, and response and can contribute to an organization’s risk-based security posture. However, there is a big difference between having intelligence and using intelligence. The value you get from threat intelligence depends not just on the intelligence itself, but how it is applied and used throughout the entire security process. This talk will cover how to select and implement a strategy that works for your environment, common pitfalls when applying intelligence, and how to develop meaningful metrics to measure success. We’ll discuss practical strategies for identifying how threat intelligence can best support the detection, validation, and investigation of known and unknown threats. Attendees will walk away armed with the knowledge and confidence to evolve their detection and response capabilities. https://www.unitedsummit.org/agenda.jsp

Rick Holland

November 03, 2016

More Decks by Rick Holland

Other Decks in Technology


  1. CISOs/Management You use threat intelligence to understand the threats facing

    you and make strategic decisions. 1 SET DIRECTION STRATEGIC 2 ANSWER TOUGH QUESTIONS 3
  2. Pentesters You use threat intelligence to emulate the attackers to

    make sure networks can stand up against real-world attacks. 1 2 3 CLEVER SNEAKY USE POWERS FOR GOOD
  3. Incident Responders You use threat intelligence to prevent, detect and

    respond to attacker activity. 1 2 3 FIND PROTECT ERADICATE
  4. Operations/IT You use threat intelligence to prioritize efforts and stay

    ahead of threats. 1 2 3 STEADFAST CONSISTENT CRITICAL
  5. Motivations: Make Wizarding Great Again Target sector: Muggles, Half- Bloods,

    Ministry of Magic Tactics: Crucio, Imperio, Avada Kedavra Threat Actor Profile: Death Eaters
  6. Where do you get threat intelligence? • A - Commercial Feeds

    • B – Open Source Feeds • C – Commercial Tools • D – Threat Actor Reports/Blogs • E – I don’t use it or I don’t know SURVEY TIME!
  7. “Never trust anything that can think for itself if you

    can’t see where it keeps its brain.” Harry Potter and the Chamber of Secrets