BT-2034 Keeping Threat Intelligence in Pace with Continuous Monitoring

Presented at Texas Cyber Summit 2019, Oct. 12, 2019, 11:15 a.m. (45 minutes)

Cyber Threat Intelligence is a term that gets thrown around allot. But what does it look like to integrate it into your continuous monitoring program? What real world experience proven strategies and tactics can an organization adopt to start making intelligence driven choices? My talk covers what I think are the most appropriate parts of a threat intelligence program to start weaving into your operations depending on the maturity level of your organization. It is not threat intelligence 101, but it will cover fundamental items which an organization can start to use to be ready for a full Threat Intelligence team or engagement with an outside partner. **Description:** Threat Intelligence remains elusive and mysterious to many organizations. There is often little in the way of true CTI in many organization, new and old, aside from subscription feed services. This can lead to both complacency in the sense of “oh we have threat intel” as well as misplaced dissatisfaction with regards to the “threat intel’ they think they have and the true benefits it can provide. If you can evangelize and integrate Threat Intelligence as an organization is just getting its continuous monitoring going (i.e. A SOC and all that goes with it) then the growth of the CTI program will always be in step with the organizations capabilities as opposed to lagging behind it, or worse, out pacing it. The organizations who ask for our help are often understaffed, under-resourced, and begging for help. The suggestions that follow will help maximize their efforts as well as put them in a position to help us help them.

Presenters:

• Michael Rodriguez - FireEye
  Mr. Rodriguez is a Senior Consultant with the Government Security Programs group. In his role he provides security strategy and assessment services to public sector clients. Mr. Rodriguez assists on developing incident response processes and performing Cyber Defense Center transformations as well as security and readiness assessments. He also helps organizations actualize tactical recommendations based on strategic goals. Michael has over 18 years of IT experience, concentrating in the last 9 years in Cyber Security. He has worked with State and Municipal Governments, Fortune 500 Companies, and Public Health Organizations. Michael has experience with Security Operations and Continuous Monitoring, developing SOC procedures, best practices and policies. He also has extensive experience in communicating Security needs from hands-on operators to C-Level executives.

Links:

• https://texascybersummitii2019.sched.com/event/V6EV/bt-2034-keeping-threat-intelligence-in-pace-with-continuous-monitoring

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Information, Threat Intelligence, and Human Factors
• BSidesDC 2015 / Actionable Threat Intelligence: ISIS, SuperBall, SuperFish, and your less magical 8-ball
• 44CON 2016 / The Frugal Girl's Guide to Threat Intelligence