A common refrain heard regarding Cyber Threat Intelligence (CTI) products and/or feeds is “we need more context!” However, it isn’t always clear what people mean when they ask for more context and different groups use the term to mean very different things. For some, context is technical, meaning timestamps indicating when a particular thing was known to be “bad” or in what way a domain is considered malicious. For others, context is at a much higher level, meaning intelligence about the strategic goals of adversaries or attribution to specific individuals, groups or nations. These two meanings define the ends of a continuum of context but what is between those endpoints?


This presentation discusses the importance of context (writ large) in CTI and introduces the concept of “behavioral context” actionable information about adversary tactics, techniques and procedures. The audience will learn ways in which behavioral context can augment technical and intelligence context and help organizations better assess their defensive posture and prevent and/or detect adversary actions within their networks.

Details

time: 12:20
speakers: Richard Struse

Other sessions:

Got hacked! Now what?


Abuse mitigation: an integrated approach


Who needs an IP-address anyway? The (in)security of non-IP connected IoT devices


Security for Safety, the holy grail of ICS is coming under attack


Deterrence in cyberspace: challenge or illusion?