Actionable Threat Intelligence: ISIS, SuperBall, SuperFish, and your less magical 8-ball

Presented at BSidesDC 2015, Oct. 17, 2015, 11:30 a.m. (50 minutes).

When adding a new threat intelligence feed into your threat model and security practice, one always has to ask: “what is the value?” Unfortunately, over the past couple of years, organizations have struggled with showing true value from standard threat intelligence feeds for several reasons, most of which coincide with the fact that the feeds are too generic, and do not directly relate to the operating environment of the organization. In this talk, we will discuss how to create a customized, organization-specific threat intelligence feed, which in turn will be used to actively increase the security posture of the organization in a measurable way. Some of the examples we will use, include dealing with DDoS attacks & social media account takeovers and adjusting to finding threats and threat actors in order to proactively tune defenses before an attack. Additionally, we’ll present actionable indicators that surrounded popular events in the past few months – from pro-ISIS attacks, Anonymous “ops”, the SuperBall, weaponizing the Lenovo SuperFish, as well as more recent ones.

Presenters:

  • Iftach Ian Amit - VP at ZeroFOX   as Ian Amit
    Iftach (Ian) Amit, Vice President at ZeroFox, has over a decade of experience in hands-on and strategic roles, working across a diversity of security fields: business, industry, marketing, technical and research. At ZeroFOX, Ian leads the company’s customer solutions offerings and runs ZeroFOX’s New York offices. Previously, Ian served as Director of Services at IOActive. His career also includes time at Security-Art, Aladdin, Finjan, and Datavantage, as well as speaking at conferences such as BlackHat, DefCon, and InfoSecurity. A skilled researcher, Ian has deep technical knowledge of programming, operating systems (particularly Unix and Win32), applications (including most network server applications), penetration testing, databases and infrastructures. He founded the Tel-Aviv DefCon chapter (DC9723) and also was a founding member of the Penetration Testing Execution Standard (PTES). Ian studied Computer Science and Business Administration at the Herzliya Interdisciplinary Center and lives in Manhattan.

Links:

Similar Presentations: