Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Measuring the IQ of Your Threat Intelligence Feeds

via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the effectiveness of threat intelligence feeds in this BSidesLV 2014 conference talk. Dive into the concept of measuring the IQ of threat intelligence feeds, covering topics such as the pyramid of pain, mathematical approaches, and various measurement techniques. Learn about experiments with IP addresses and DNS, data set analysis, novelty tests, and information asymmetry. Examine outbound data, population tests, hypothesis testing, and confidence intervals. Gain insights into comparing different populations, GPL, and combining data sources. Conclude with main takeaways and a Q&A session addressing false positives and other critical aspects of threat intelligence evaluation.

Syllabus

Intro
who are we
lets go
the basics
the pyramid of pain
math talk
can we measure this
IP addresses
Can we measure
What are we measuring
Separate inbound and outbound
Experiment with IP addresses
Experiment with DNS
Dont do maps
Data set
Novelty test
Information asymmetry
Novelty tests
Overlap test
Outbound data
Population test
True population
Hypothesis testing
Confidence intervals
Animal names
Comparing different populations
GPL
Combine
Conclusion
Main takeaway
QA
False positives

Reviews

Start your review of Measuring the IQ of Your Threat Intelligence Feeds

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.