Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Finding the Best TI Provider for a Specific Purpose

Cooper via YouTube

Overview

Explore a comprehensive analysis of Threat Intelligence (TI) providers in this 40-minute conference talk from Hack.lu 2018. Dive into the mission of finding the most suitable TI provider for specific purposes, guided by A. Hickey and D. Roecher. Learn about the detection stack, threat modeling, and the approach to developing a standard model for evaluating TI vendors. Examine the process of pulling data for specific time windows, comparing APT Indicators of Compromise (IoCs) across different dimensions, and assessing timeliness and false positives. Gain valuable insights for TI vendors, Blue Teamers, and security researchers as the speakers share their findings and takeaways from this in-depth investigation into the effectiveness of various Threat Intelligence providers.

Syllabus

Intro
Mission Briefing
Mission Plan
Notable previous research
Detection Stack
Threat Model
Approach
Develop a Standard Model 1/2
Potential TI vendors
Pull data for a specific time window
Put data into a common platform
Progress Report
Compare APT loC's across different dimensions
Compare timeliness across vendors
Compare false positives
Compare distribution of loc's
Mission completed?
Takeaways for Tl vendors
Takeaways for Blue Teamers
Takeaways for data people & security researchers

Taught by

Cooper

Reviews

Start your review of Finding the Best TI Provider for a Specific Purpose

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.