IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 27, 2013, 1 p.m. (50 minutes)

A/V avoidance is pitifully easy. Even when you know what to look for, most compromise indicators come out well after infections have occurred. IOCAware is a new approach in collecting compromise intelligence (IOCs) in near-real-time. That intelligence is then tested across your enterprise – again, in near-real-time. These indicators incorporate attacker behavior that may not be tied to a binary. IOCAware also provides tools for managing your IOCs as well as positive hits for indicators across your enterprise. But that’s just your enterprise. We are also creating an entire infrastructure for compromise indicator collection and anonymous sharing.


Presenters:

  • Dennis Kuntz
    Dennis has been in IT and Information Security for 18 years doing various things. He has been an administrative assistant to a General at the NSA and cleaned bathrooms at the CIA. He is on the board of the Charlotte ISSA, even when he isn’t, and has spoken at a number of other conferences, including the first DerbyCon.
  • Matt Jezorek
    Matt is an information security professional focused on saying “Yes”. “Yes, I got a shell on that”, “Yes, we can do that, however…”. His experience ranges from small to large companies each of them with the same problems. “Yes, you have to patch”. His expertise is faking it till he makes it, mixed in with incident response, threat intelligence, security operations and asking people to do work they have no time or desire to do it.

Links:

Similar Presentations: