Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
Thursday, January 21, 2016
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A
Brought to you by:
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing - by Alex Pinto & Alex Sieira
ThreatConnect - The Industry's Most Widely-Adopted Threat Intelligence Platform (TIP)
For the last 18 months, MLSec Project and Niddel collaborated to collect threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet.
Alex Sieira and his team have gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us on the right track to close these gaps. He proposes a new set of metrics on the same vein as TIQ-test to help you understand what a "healthy" threat intelligence sharing community looks like.
To better illustrate the points and metrics, Alex will be conducting part of this analysis using usage data from some high-profile threat intelligence platforms and sharing communities that have been kind enough to contribute with usage data for this research.
Alex Sieira is the CTO of Niddel and a principal at MLSec Project for the last year. He has over 12 years dedicated to information security consulting, managed security services and R&D teams. He is an MBA, CISSP, CISA, besides some other product-specific acronyms. Alex has experience with a great range of security technology and standards, and has gained many gray hairs establishing SOC and SIEM services for large enterprises. He is currently focused on building the information security product his past self would have killed for.
Bhaskar Karambelkar is Data Science Lead at ThreatConnect Inc. In his role Bhaskar leads the analytics and visualization efforts. Bhaskar has over 18 years of industry experience in IT, 10 of which are in InfoSec domain. Bhaskar loves to integrate traditional InfoSec research with data analytics and visualization for presenting a complete picture of the InfoSec landscape. Bhaskar has a Bachelors degree in electronics engineering and working on a Master’s degree in Predictive Analytics.