Sharing is Caring: Understanding and measuring Threat Intelligence Sharing Effectiveness

Presented at BSidesSF 2016, Feb. 29, 2016, 11 a.m. (55 minutes).

For the last 18 months, MLSec Project and Niddel collected threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. On this talk, we have gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps. We propose a new set of metrics on the same vein as TIQ-test to help you understand what does a "healthy" threat intelligence sharing community looks like, and how to improve the ones you may be a part of today! We will be conducting this analysis with usage data from some high-profile threat intelligence platforms and sharing communities.


Presenters:

  • Alex Pinto - Chief Data Scientist - Niddel
    Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to support the information security monitoring practice. He has almost 15 years dedicated to all-things information security, and 3 years in Data Science related work. If you are into certifications, Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost 7 years, and still has nightmares about compensating controls.

Links:

Similar Presentations: