Finding the Best TI Provider for a Specific Purpose

Explore a comprehensive analysis of Threat Intelligence (TI) providers in this 40-minute conference talk from Hack.lu 2018. Dive into the mission of finding the most suitable TI provider for specific purposes, guided by A. Hickey and D. Roecher. Learn about the detection stack, threat modeling, and the approach to developing a standard model for evaluating TI vendors. Examine the process of pulling data for specific time windows, comparing APT Indicators of Compromise (IoCs) across different dimensions, and assessing timeliness and false positives. Gain valuable insights for TI vendors, Blue Teamers, and security researchers as the speakers share their findings and takeaways from this in-depth investigation into the effectiveness of various Threat Intelligence providers.

Intro
Mission Briefing
Mission Plan
Notable previous research
Detection Stack
Threat Model
Approach
Develop a Standard Model 1/2
Potential TI vendors
Pull data for a specific time window
Put data into a common platform
Progress Report
Compare APT loC's across different dimensions
Compare timeliness across vendors
Compare false positives
Compare distribution of loc's
Mission completed?
Takeaways for Tl vendors
Takeaways for Blue Teamers
Takeaways for data people & security researchers