1© 2016 ThreatConnect, Inc. All Rights Reserved

March 2016

Threat Intelligence Processes are a Journey; Not a Destination

2

Priorities?

3

David Bianco’s “Pyramid of Pain”Tough

Challenging

Annoying

Simple

Easy

Trivial

4

The Pyramid of Pain (Mirrored)Tough

Challenging

Annoying

Simple

Easy

Trivial

5

The Pyramid of Pain (Mirrored)Tough

Challenging

Annoying

Simple

Easy

Trivial

• TTP’s = Tactics, Techniques & Procedures

• For the “back office” types TTP’s can be translated as “business processes”

• I’m NOT talking about sharing the Adversary TTP’s (while that is always nice)

• I’m talking about Sharing My TTP’s as a Defender how do I do things like:• Create• Enrich• Analyze• Interpret• Decide• Act

6

The Business of Threat Intelligence• Mature businesses have

processes

• Businesses processes should be measurable

• Business processes should demonstrate value (save organizational resources - time & money)

7

The Paleolithic Age of Threat Intel: Tools of the Trade

8

9

10

Demo Videos

11

Conclusion• Threat Intelligence Sharing can

go beyond sharing atomic Indicators

• “Teach a man to fish” applies here

• Where do you place the most value, the process or the product?

• Attach your Threat Intelligence Processes to powerful engines that help security investments scale.

12

Check out the blog post:

www.threatconnect.com/threat-intelligence-processes-are-a-journey-not-a-destination/

Sign up for your free account:www.threatconnect.com/free

13

Questions?