Power Breakfast Session: Enrich All the Things and Create Your Own Threat Intelligence presented at ThreatIntelligence 2016

by Mark Kendrick,

Summary : Your own network can be a powerful source of data for incident response and proactive hunting, if you can figure out how to make sense of it. Enrichment at strategic points can help you turn your threat data into threat intelligence. Combine that with the right tools to investigate threat actors and their infrastructure, and you’ll be better equipped to fight targeted attacks and persistent threats. In this session, we’ll share proven techniques to enrich domain name data on a network, and we’ll pivot through a real attacker’s Internet infrastructure to learn how that knowledge informed a proactive response. You’ll leave with a clearer concept of the value of self-sourced threat intel, and you’ll have a good plan on how to start realizing that value in the near term.