1© 2016 ThreatConnect, Inc. All Rights Reserved
March 2016
Threat Intelligence Processes are a Journey; Not a Destination
2
Priorities?
3
David Bianco’s “Pyramid of Pain”Tough
Challenging
Annoying
Simple
Easy
Trivial
4
The Pyramid of Pain (Mirrored)Tough
Challenging
Annoying
Simple
Easy
Trivial
5
The Pyramid of Pain (Mirrored)Tough
Challenging
Annoying
Simple
Easy
Trivial
• TTP’s = Tactics, Techniques & Procedures
• For the “back office” types TTP’s can be translated as “business processes”
• I’m NOT talking about sharing the Adversary TTP’s (while that is always nice)
• I’m talking about Sharing My TTP’s as a Defender how do I do things like:• Create• Enrich• Analyze• Interpret• Decide• Act
6
The Business of Threat Intelligence• Mature businesses have
processes
• Businesses processes should be measurable
• Business processes should demonstrate value (save organizational resources - time & money)
7
The Paleolithic Age of Threat Intel: Tools of the Trade
8
9
10
Demo Videos
11
Conclusion• Threat Intelligence Sharing can
go beyond sharing atomic Indicators
• “Teach a man to fish” applies here
• Where do you place the most value, the process or the product?
• Attach your Threat Intelligence Processes to powerful engines that help security investments scale.
12
Check out the blog post:
www.threatconnect.com/threat-intelligence-processes-are-a-journey-not-a-destination/
Sign up for your free account:www.threatconnect.com/free
13
Questions?