Assessing Targeted Attacks in Incident Response Threat Correlation

Presented by

Allan Thomson, CTO, and Jamison Day, Principal Data Science Engineer

About this talk

The current number of active cyber threats is astounding. Do you know which threats are targeting you right now and which threats are likely to cause greatest harm to your company? This session examines how correlating network flow data with cyber threat information during incident response provides knowledge of not only what threats are active or targeting you, but which of your assets are being targeted before or during an incident. We examine the many data types used in commonly-shared indicators of compromise and explore which provide for automating correlation with network flow data. The pros and cons of common correlation algorithms are discussed with a focus towards their contributions and limitations to enhancing threat intelligence efforts. Proper network flow correlation should provide a foundation for performing risk-based mitigation that identifies the threats that are creating the greatest loss of value for your organization rather than chasing down the threats deemed most harmful by the industry.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (57)
Subscribers (6453)
LookingGlass Cyber Solutions delivers comprehensive threat intelligence driven security through a scalable solution portfolio of machine readable threat intelligence (MRTI), threat intelligence management with 140+ data sources transformed into global Internet and threat intelligence, threat intelligence services, and network threat mitigation. By addressing risks across structured Indicators of Compromise (IoCs), unstructured and open source data (OSINT), internal network telemetry, and network threat mitigation, customers gain unprecedented understanding into threats that may impact their business including cyber, physical assets, and third party partners. Prioritized, relevant and timely insights enable customers to operationalize threat intelligence in an effective and efficient way throughout the threat lifecycle.