Know the Enemy - How to Make Threat Intelligence Work

Explore the intricacies of effective threat intelligence in this BSides Detroit 2018 conference talk. Delve into the importance of attribution, the varying quality of threat feeds and indicators, and the enduring relevance of the kill chain. Examine the attack phases of APT 28 (Fancy Bear) and learn how to develop a robust threat intelligence program. Discover key steps in the process, including knowing yourself, identifying relevant threats, and disseminating information effectively. Gain insights into intelligence requirements, processing techniques, and analysis methods. Understand the maturity levels of threat intelligence programs and essential functions to consider. Equip yourself with the knowledge to ask critical questions and enhance your organization's cybersecurity posture through strategic threat intelligence implementation.

Intro
INTELLIGENCE IS A FEED
ATTRIBUTION IS A MUST
NOT ALL THREAT FEEDS CREATED EQUAL
NOT ALL INDICATORS CREATED EQUAL
APT 28 (Fancy Bear)
THE KILL CHAIN IS NOT DEAD
APT 28 Attack Phases
STEP 1 - KNOW YOURSELF
KNOW YOUR ENEMY
FIND RELEVANT THREATS
DISSEMINATE
REQUIREMENTS (EXAMPLES)
PROCESSING (EXAMPLES)
ANALYSIS (EXAMPLES)
DISSEMINATION (EXAMPLE)
THREAT INTEL PROGRAM MATURITY
KEY THREAT INTELLIGENCE FUNCTIONS
ASK YOURSELF