Measuring the IQ of your Threat Intelligence feeds

Presented at BSidesLV 2014, Aug. 5, 2014, 11:50 a.m. (50 minutes)

Threat Intelligence feeds are now being touted as the saving grace for SIEM and log management deployments, and as a way to supercharge incident detection and even response practices. We have heard similar promises before as an industry, so it is only fair to try to investigate. Since the actual number of breaches and attacks worldwide is unknown, it is impossible to measure how good threat intelligence feeds really are, right? Enter a new scientific breakthrough developed over the last 300 years: statistics!


Presenters:

  • Kyle Maxwell
    Kyle Maxwell is a private-sector threat intelligence analyst and malware researcher working with incident response and security operations. He is a GPL zealot, believes in UNIX uber alles, and supports his local CryptoParty. Kyle holds a degree in Mathematics from the University of Texas at Dallas.
  • Alex Pinto - Chief Data Scientist - MLSec Project
    Alex Pinto is the Chief Data Scientist of MLSec Project. He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for way too long. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is almost fully recovered.

Links:

Similar Presentations: