Holeman Lounge Oct 09, 2019
Borderless Cyber Track (BC) 13:30 - 14:00

The progression of Threat Intelligence (TI) data and use cases is a primary contributor to the blurring of the lines between TI and Incident Response (IR). Collaborative and cooperative workflows are increasingly needed to reap the overall cyber efficiencies promised by threat intelligence vendors.

First, the session will dissect an abstracted version of the "previous gen" (and quasi-independent) threat intelligence and incident response disciplines with special attention paid to their respective uses of threat intelligence data. Next, we'll dive into a detailed walk-through of a publicly-reported security breach, explicitly covering how the incident response and threat intelligence workflows operate independently. Synthesis naturally follows with an exploration of how the two workflows can cooperate. Sample Standard Operating Procedures (SOPs) that explicitly address analyst efficiency, analyst collaboration metrics will be introduced during the cooperative workflow that can be readily customized in an organization. 

Key objectives:
Explore the operational differences between Threat Intelligence (TI) and Incident Response (IR) use cases, and the use of STIX-based data models for both TI and IR use cases.

Senior Solutions Engineer


Discussion not started yet.