Daniel BARBU is a Ph.D candidate in the field of Information Security who brings passion into his daily tasks. He enjoyed learning and growing while working at Electronic Arts, Dell Secureworks and now Adobe. As a member of OWASP Bucharest Chapter and RAISA (Romanian Association for Information Security Assurance) , Daniel is constantly seeking opportunities to popularize information security. On a personal note, he feels he owes his accomplishments to his wife and kid. Daniel is currently leading a team at Adobe Systems Romania where he focuses on the growth of the team members’ skill set.
Threat Intelligence! DIY!
Co-Presenter is Bryson Loughmiller, Information Security Engineer at Adobe.
Threat Intelligence! It’s a hot topic in information security news, and right now, you’ve probably got several vendors trying to sell you their latest and greatest solution. Whether you purchase intel from companies like Crowdstrike or you leverage open source threat lists, you end up with millions of IoCs that are not relevant for your environment or organization. However, in an effort to migrate from Security Operations Centers to Security Intelligence Centers, threat intelligence represents a critical aspect of a proactive approach towards tackling actors in the current information security landscape.
What if you could generate high-value threat indicators that were directly applicable to your organization, without dishing out any extra money? What if you could generate all those indicators using only what you already had in place at your organization? And finally, what if setting up this whole process only took you about a day to complete?
This talk will describe how to use IDS data ingested into Splunk to generate high-integrity threat intelligence. We will then discuss how to correlate those indicators with connection logs to identify communications with those actors who have previously attacked your systems. Finally we will discuss how to generate historical profiles about each actor in order to better understand the evolution of their techniques, tactics and procedures and how to automagically store those indicators to generate threat activity alerts in the future. As a bonus, we will show you how to build an eye-catching intelligence report for management.