TAPIOCA (TAPIOCA Automated Processing for IOC Analysis)

Presented at BSidesLV 2015, Aug. 5, 2015, 11 a.m. (55 minutes)

These days, many security groups want to become "intel shops," and threat intelligence is all the rage. An intel shop should ingest intel, analyze indicators, and pivot from correlated data. However, few understand how to begin the transition. How IS this accomplished? MAGIC, DAMNIT. Then again, if you're not the slight of hand kind of guy or gal, we have an answer for you. Check behind your ear, and you'll find a dollop of TAPIOCA! In this talk, we will present our process for analyzing Indicators of Compromise (IOCs) at scale, correlating information from multiple sources, and pivoting to obtain information from deep within the bowels of our global network. We'll talk about the technical challenges we have addressed in applying automated analysis to terabytes of data every day. We will also discuss the next-steps for this analysis, including applying machine learning techniques to help further classify our data. We are also releasing our automated IOC vetting tool, TAPIOCA (TAPIOCA Automated Processing for IOC Analysis), to help other security groups begin processing and benefiting from threat intelligence.

Presenters:

• Moses Schwartz - Sr. Network Security Analyst - Bechtel Corporation
  Moses Schwartz is a security researcher with experience in cyber incident response, vulnerability assessment, industrial control system and SCADA security, and supply chain risk management. He is currently a senior network security monitoring analyst on the cyber incident response team (CIRT) for Bechtel Corporation. He was previously a senior member of technical staff at Sandia National Laboratories, where he researched and developed new capabilities for defending critical infrastructure. He holds a B.S. and M.S. in Computer Science from the New Mexico Institute of Mining & Technology.
• Ryan Chapman - Computer Incident Response Analyst - Bechtel Corporation
  Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!

Links:

• https://bsideslv2015.sched.com/event/3ufI/tapioca-tapioca-automated-processing-for-ioc-analysis
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2015/TAPIOCA TAPIOCA Automated Processing for IOC Analysis Ryan J Chapman Moses Schwartz.mp4

Similar Presentations:

• Black Hat Asia 2016 / The Security Wolf of Wall Street: Fighting Crime with High-Frequency Classification and Natural Language Processing
• Black Hat USA 2015 / Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
• BSidesDC 2014 / Agile Defense