There are enemies at the gate. We’re overwhelmed by faceless adversaries with apparently endless time, resources and patience that just keeps sniping at us from the comfortably anonymous cover that the internet provides.
Feeding our insatiable hunger to 'Know Thy Enemy' are threat intelligence services, which have industrialized the supply of 'intelligence' about our adversaries. It is commonly commoditized as lists of IP addresses, domains, URLs, emails or file hashes that have been spotted being naughty elsewhere. Its purpose is ultimately to reveal something about how the bad guys operate, where they're coming from and the footprints we can use to use to find and stop them.
But a list of things is not 'intelligence', it's data. For your business to get value from this data and make your security program better, faster or cheaper, the data needs to be applied within your operations in a practical and meaningful way. As unit leader for Threat Detection, Vulnerability Management and Threat Intelligence at a major European security services provider, Guest Presenter Charl van der Walt, Founder of SensePost, feels it is his job to know figure out how to make that happen.
Unfortunately, he hasn't.
He has, however, accumulated some useful insights, developed some hopeful ideas, learned a lot of hard lessons and even had a few successes.
His purpose in this presentation is to share those insights with you so that you can also turn your data into intelligence and maybe even get out of the bad guy's head and under his skin.