There are enemies at the gate. We're overwhelmed by faceless adversaries with apparently endless time, resources and patience that just keeps sniping at us from the comfortably anonymous cover that the internet provides.
Feeding our insatiable hunger to 'Know Thy Enemy' are threat intelligence services, which have industrialized the supply of 'intelligence' about our adversaries. It is commonly commoditized as lists of IP addresses, domains, URLs, emails or file hashes that have been spotted being naughty elsewhere. Its purpose is ultimately to reveal something about how the bad guys operate, where they're coming from and the footprints we can use to use to find and stop them.
But a list of things is not 'intelligence', it's data. For your business to get value from this data and make your security program better, faster or cheaper, the data needs to be applied within your operations in a practical and meaningful way. As unit leader for Threat Detection, Vulnerability Management and Threat Intelligence at a major European security services provider, Guest Presenter Charl van der Walt, Founder of SensePost, feels it is his job to know figure out how to make that happen.
Unfortunately, he hasn't.
He has, however, accumulated some useful insights, developed some hopeful ideas, learned a lot of hard lessons and even had a few successes.
His purpose in this presentation is to share those insights with you so that you can also turn your data into intelligence and maybe even get out of the bad guy's head and under his skin.
Charl van der Walt was a co-founder of SensePost — a penetration testing company that has made a mark on the industry globally for two decades now. With the acquisition of SensePost by European giant Orange Cyberdefense, he now heads up a specialist security research unit that identifies, tracks, analyzes & communicates significant developments in the security landscape that may impact customers.
Charl and his team are globally recognized and frequently showcased at international security events such as Black Hat, RSA & BSides. Our access to authentic security data as an operator, and our deep focus on intelligence and research, place us in a unique position understand and comment on the fundamental dynamics of the security landscape.
Ashwin Radhakrishnan has been with Anomali for over three years and now serves as the Product Manager for Anomali's flagship product, Anomali ThreatStream. He has helped bring to market a variety of functionalities which include Investigations, Read-Only Accounts, the Software Development Kit Suite, and many other features. Ashwin also serves as a voting member of both the OASIS Cyber Threat Intelligence and Threat Actor Context Technical Committees which help promote widespread adoption of threat intelligence standards.
Ashwin's knowledge of the Anomali product suite allows him to interact with internal and external stakeholders to distill a variety of viewpoints into distinct features that help the Anomali install base.
Ashwin will focus on the overall drivers for adopting a Cyber Threat Intelligence (CTI) program and take a deeper dive into the fourth step of the CTI Lifecycle: Analysis & Production. He will explore how data visualization can benefit analysts by offering a means to expand on any individual observable to give a big picture view of the infrastructure employed by an attack.