Overview
Explore operationalizing security intelligence in enterprise environments through this DerbyCon 3.0 conference talk. Delve into demonstrating value, real-time implementation, and leveraging internal sources like known assets and risk registers. Examine external information sources, threat intelligence acquisition models, and budget considerations. Learn about deduplication, data analysis techniques using Hadoop and MapReduce, and effective prioritization methods. Discover how to transform analysis into action with proportional threat responses and develop a strategy for continuous improvement in enterprise security.
Syllabus
Intro
Security Intelligence
Demonstrating Value
Operationalizing
Real Time
Internal Sources
Known Assets
Risk Register
Internal Picture
Pastebin
Security Industry
Business by Business
Information Sources
Threat Intel
Intelligence Acquisition Models
External Issues
Internal Relevance
Acquisition Methods
Budget Matters
Deduplication
Analyze Refine
Structured Unstructured Data
Hadoop MapReduce
Too Much Data
Prioritize
Decision Making
Scoring Process
Threat Index
Reacting
Analysis to Action
Response proportional to threat
Strategy
Continuous Improvement