A Better Way to Get Intelligent About Threats presented at BSidesDC 2014

by Adam Vincent,

Summary : There is a lot of talk about sharing and the security of our data. A recent Ponemon Report on Exchanging Cyber Threat Intelligence states that current threat sharing mechanisms are broken. Data is not timely enough, scalable or actionable as it often lacks context to a type of threat or actor. Today, government, military, and private organizations do share through unofficial channels (spreadsheets, email listservs, and “fight clubs”), but the time has come for security teams to have a tool to aggregate and analyze the influx of data coming in. More than a feed, and more than a SIEM, the future of threat intelligence lies in the threat intelligence platform.
A threat intelligence platform should achieve many things, but most importantly it should offer a singular platform to aggregate, analyze, and act on threat intelligence data as well as offer options for context, sharing, and privacy. Any mature security organization should consider how and from where they are gathering their data, and what they then do with it.
Attend this session to learn what a threat intelligence platform is and why you need one, and the real-life use-cases to sharing data, keeping it private to only those you wish to share with, and the benefit to collaboration at a large scale to achieve a predictive defense and ensure your threat data is being optimized to the fullest.