Adversary Detection Pipelines: Finally Making Your Threat Intel Useful

Presented at Black Hat Asia 2020 Virtual, Oct. 2, 2020, 10:20 a.m. (40 minutes).

Security teams often feel like they're in a losing battle with threat intel. They don't know how to make threat intel useful or operationalize it within their organizations, especially if there isn't a dedicated full-time team. In this talk, we'll help you extract more value out of your threat intel program, giving you an easy win to level up not just your team, but the other teams in your security department. First, we'll explore why true attribution is so hard, from false flag operations and proxy attackers to obtaining all the forensic data you would need and even possible coordination with law enforcement or government agencies to perform true attribution. We'll discuss TTPs and how they're a lower-cost way of tracking threat activity groups for most organizations. Then we'll introduce Adversary Detection Pipelines, how they can add value through prioritizing defensive and offensive activities as well as a discussion on the practical implementation of them in any organization. Finally, we'll conclude by looking at case studies of how purple teams can leverage Adversary Detection Pipelines to enhance their operations and encourage an intelligence driven security program.


Presenters:

  • Xena Olsen - Cyber Threat Intel Analyst, Financial Services Fortune 500
    Xena Olsen is a cyber threat intelligence analyst in the financial services industry. A graduate of SANS Women's Academy with seven GIAC certifications, an MBA IT Management, and a doctoral student in Cybersecurity at Marymount University.

Links:

Similar Presentations: