Organizing Security Intelligence for Effective Detection presented at BSidesDC 2013

by David J. Bianco,

Summary : This is a great time to be in the detection field! More and more organizations are waking up to the fact that an effective detection program is a “must-have” to protect themselves against sophisticated threats. This creates a market for high-quality threat intelligence, and many groups are stepping up to meet this demand. With very little effort, your organization can connect to any number of quality data feeds, both commercial and free. However, this can lead to it’s own problems. Now that you’re drowning in a sea of intel, how do you make sense of it all? How can you ensure that you are making maximum use of this information to provide the best possible detection strategies for your organization?

This presentation discusses some useful models for organizing the flood of intel, prioritizing your detection efforts and examining the effectiveness of your detection strategies. We’ll explore the Pyramid of Pain, the Kill Chain and see how to combine them to provide useful insights into your detection program.