Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Measuring the IQ of Your Threat Intelligence Feeds

BSidesLV via YouTube

Overview

Explore the intricacies of evaluating threat intelligence feeds in this 56-minute conference talk from BSidesLV 2014. Delve into the mathematics behind IP addresses, metrics, and raw data analysis. Learn about inbound vs outbound experiments with IP addresses and DNS, and discover why mapping may not be the most effective approach. Examine three crucial tests: information asymmetry, novelty, and overlap. Investigate population testing, hypothesis testing, and confidence intervals for comparing different data sets. Gain insights on commercial feeds, false positives, and key takeaways to enhance your cybersecurity strategy. Engage with the speakers during the Q&A session to further your understanding of threat intelligence feed evaluation.

Syllabus

Intro
Who are we
What is threat intelligence
The math talk
IP addresses
Metrics
Raw data
Inbound vs Outbound
Experiments with IP Addresses
Experiments with DNS
Dont do maps
Three tests
Information asymmetry
Novelty tests
Daily or hourly
Overlap test
Outbound test
Population test
True population
Public outbound
Hypothesis testing
Confidence intervals
Comparing different populations
Google
GPL
Combine
Main Takeaway
QA
Commercial feeds
False positives

Taught by

BSidesLV

Reviews

Start your review of Measuring the IQ of Your Threat Intelligence Feeds

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.