There are two main critical components of intelligence gathering. The most widely accepted is external threat intelligence, gathered from monitoring and sharing malicious activity. But equally - if not more - important is the need to understand what your attackers know about you: "open source" information that is often freely available that can help them build a shockingly detailed picture of your staff, your infrastructure and your assets.
Part 1 - Threat Intelligence
Collecting security- and fraud-related data from multiple sources can often just result in creating a very large pool of unrelated facts. But begin to add context to that data and you now have information. Triangulate multiple pieces of information together and you can create intelligence, indicative of a real and active threat. This session will answer questions such as:
- How can I create coherent actionable intelligence from disparate data feeds?
- How will emerging threat information exchange specifications such as TAXII/STIX affect our ability to collect and share standardized threat information with the broader community?
- How do I best select and combine internal context and event information with the various open source and commercial external threat intelligence feeds available?
Part 2 - Open Source Intelligence (OSINT)
See how simple it is for your adversaries to build a very detailed picture of your organization and therefore create a highly targeted weapon and attack strategy. Without building this very same picture for yourself, you may have a profound misunderstanding of where your weaknesses are and miss the opportunity to protect them. In this session we will learn:
- How this information can be gathered and used against you;
- How to gather this information yourself;
- How to mitigate the vulnerabilities it exposes.