Explore data-driven threat intelligence metrics and indicator sharing in this Black Hat conference talk. Dive into an 18-month study analyzing threat intelligence indicator data from multiple sources to assess ecosystem efficiency and feed quality. Learn about open-source projects like Combine and TIQ-test, developed to gather and compare data from various threat intelligence sources. Examine insights from over 12 months of collected data, focusing on source overlap and uniqueness. Discover strategies for acquiring optimal feed numbers and understand the challenges highlighted in the 2015 Verizon DBIR. Investigate aggregated usage information from intelligence sharing communities to evaluate adoption rates and effectiveness in closing security gaps. Gain valuable insights from this data-driven analysis of threat intelligence indicators and their sharing communities, covering topics such as attribution, the affirming the consequent fallacy, and the concept of herd immunity in cybersecurity.
Data-Driven Threat Intelligence - Metrics on Indicator Dissemination and Sharing
Overview
Syllabus
Intro
Presentation Metrics!!
What is Tl good for (1) Attribution
Affirming the Consequent Fallacy
Combine and TIQ-Test
Using TIQ-TEST-Data Prep
Population Test
Uniqueness Test
Key Takeaway #1
Key Takeaway #2
Herd Immunity, is it?
Threat Intelligence Sharing - Data
Taught by
Black Hat
Related Courses
-
Advanced Cyber Threat Intelligence
-
Sharing is Caring - Understanding and Measuring Threat Intelligence Sharing Effectiveness
-
Measuring the IQ of Your Threat Intelligence Feeds
-
Sharing is Caring - Understanding & Measuring TI Sharing Effectiveness
-
Threat Intelligence Zero to Basics in Presentation
-
Creating REAL Threat Intelligence with Evernote
