Data-Driven Threat Intelligence - Metrics on Indicator Dissemination and Sharing

Explore data-driven threat intelligence metrics and indicator sharing in this Black Hat conference talk. Dive into an 18-month study analyzing threat intelligence indicator data from multiple sources to assess ecosystem efficiency and feed quality. Learn about open-source projects like Combine and TIQ-test, developed to gather and compare data from various threat intelligence sources. Examine insights from over 12 months of collected data, focusing on source overlap and uniqueness. Discover strategies for acquiring optimal feed numbers and understand the challenges highlighted in the 2015 Verizon DBIR. Investigate aggregated usage information from intelligence sharing communities to evaluate adoption rates and effectiveness in closing security gaps. Gain valuable insights from this data-driven analysis of threat intelligence indicators and their sharing communities, covering topics such as attribution, the affirming the consequent fallacy, and the concept of herd immunity in cybersecurity.

Intro
Presentation Metrics!!
What is Tl good for (1) Attribution
Affirming the Consequent Fallacy
Combine and TIQ-Test
Using TIQ-TEST-Data Prep
Population Test
Uniqueness Test
Key Takeaway #1
Key Takeaway #2
Herd Immunity, is it?
Threat Intelligence Sharing - Data