Enriching Threat Intelligence Data
Cyber Security Consultant
Threat Intel at KPMG
Cheryl is part of KPMG Canada's cybersecurity team in threat Intel. She is fascinated by APTs, and passionate about securing mainframes, and ICS Scada. She builds bridges as well as building security awareness. She holds a specialized honors degree in political science, and is ITIL designated. In addition to speaking at BSidesLV, Circle City, BSidesTO and the upcoming SecTor, Cheryl has been a guest on podcasts and television, and is an active writer and blogger. You'll find her on Twitter as @3ncr1pt3d.
Haydn has over 3 years of information security experience within the Big 4 firms, including network/web Penetration Testing, Vulnerability Assessments, Identity and Access Management, and Threat Intel. Haydn has a Masters in Information Technology, the OSCP and GXPN certifications and regularly contributes to the community primarily via Twitter. He has spoken at BSidesTO, BSidesLV and Circle City Con on talks ranging from Purple Teaming to Mainframes.
Director of Security Strategy
Travis Farral is the Director of Security Strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response, and Industrial Control Systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.
Security teams now have a wide variety of threat intelligence sources feeding them magical “indicators of compromise.” Yet, an IP address or domain name on its own only provides so much intelligence. Understanding the context around these indicators of compromise dramatically increases their value to analysts. Enriching indicator feeds with data from other sources can help analysts better identify patterns and other details that might otherwise be lost during an investigation or analysis.
In this webinar, you will learn
- Other sources to help you enrich data provided in indicators-of-compromise feeds
- Tactics for integrating that information into your analysis
- Tips for incorporating that information efficiently without being overwhelmed by a mountain of data