Presented at
CarolinaCon 12 (2016),
March 6, 2016, 10 a.m.
(Unknown duration).
In the presentation that threat intel vendors do not want you to see, open source and internal data meets home grown resources to produce actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses and shows examples of using what you already have to bootstrap this capability using existing data management platforms with open and flexible schemas to ease identification of advanced threats. Specific topics covered include the advantages of using open and flexible platforms that can be molded into a data repository, a case tracking system, an indicator database, and more. By analyzing this data organizations can discovery trends across attacks that help them understand their adversaries. An example nosql schema will be release to help attendees create their own implementations.
Presenters:
-
grecs
grecs has two decades of industry experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days as a senior cyber intelligence analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time grecs is an international speaker and blogger covering a range of topics, including incident response, malware analysis, and threat intelligence.
Links:
Similar Presentations: