The Marriage of Threat Intelligence and Incident Response or Threat Hunting for the Rest of Us

Explore the intersection of threat intelligence and incident response in this comprehensive conference talk from BSides Cleveland 2018. Delve into the differences between threat intelligence and threat hunting, and learn how these concepts integrate with traditional incident response models. Discover the Pyramid of Pain and its relevance to cybersecurity strategies. Gain insights into key processes such as detection, analysis, containment, and eradication. Understand the importance of tools like OTX and techniques like host isolation. Examine the concept of full disclosure and its implications. By the end of this talk, acquire a deeper understanding of modern cybersecurity practices and how to effectively implement threat hunting in your organization's security framework.

Introduction
Threat Intelligence vs Threat Hunting
Threat Hunting Incident Response
Traditional Incident Response Model
Detection
Analysis
OTX
What Should We Do
Stop the Bleeding Containment
Threat Hunting
Pyramid of Pain
File hashes
Full disclosure
What is Threat Hunting
Eradication
Host Isolation
Post Incident
Preparation
Conclusion