Threat intelligence brokerage revisited

Presented at VB2018, Oct. 5, 2018, 1:30 p.m. (30 minutes).

Private sector threat intelligence is a young industry teeming with unexpected perils. Anti-malware and infosec companies turned from technical analysis shops to political players overnight. While investigating state-sponsored or geopolitically significant threats brings notoriety, PR gains and sales gains, ethical conundrums also arise. At VB2015, we first discussed the uncomfortable subject of threat research as intelligence brokerage. Since then, the industry scenarios hypothesized therein have found expression in real-world clashes and ethical quandaries. Top-tier infosec firms continue to reinvent this nascent craft to provide greater protection capabilities and detect the next high-profile threat. But have we better defined the standards we hold ourselves to? What effect we should ultimately produce? And for whom? After three action-packed years of unbelievable high-profile cyber incidents, let's reassess the state of threat research as intelligence brokerage.


Presenters:

  • Juan Andrés Guerrero-Saade - Chronicle
    Juan Andrés Guerrero-Saade Juan Andrés specializes in tracking advanced threat actors and elucidating concepts of digital espionage. He was formerly Principal Security Researcher with Kaspersky Lab's GReAT team. Before joining Kaspersky, he worked as Senior Cybersecurity and National Security Advisor for the Ecuadorian government. Juan Andrés comes from a background of specialized research in philosophical logic. His latest publications include 'The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage', 'Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks', and 'Walking in your enemy's shadow: when fourth-party collection becomes attribution hell'. @juanandres_gs

Links:

Similar Presentations: