A common refrain heard regarding Cyber Threat Intelligence (CTI) products and/or feeds is “we need more context!” However, it isn’t always clear what people mean when they ask for more context and different groups use the term to mean very different things. For some, context is technical, meaning timestamps indicating when a particular thing was known to be “bad” or in what way a domain is considered malicious. For others, context is at a much higher level, meaning intelligence about the strategic goals of adversaries or attribution to specific individuals, groups or nations. These two meanings define the ends of a continuum of context but what is between those endpoints?
This presentation discusses the importance of context (writ large) in CTI and introduces the concept of “behavioral context” actionable information about adversary tactics, techniques and procedures. The audience will learn ways in which behavioral context can augment technical and intelligence context and help organizations better assess their defensive posture and prevent and/or detect adversary actions within their networks.


time: 12:20

Other sessions:

How to solve DDoS attacks

Making Sense of Cyber Crises

Got hacked! Now what?

Professionalizing Incident Response & Network Defense Ethics, Standards and Self-Governance

Deterrence in cyberspace: challenge or illusion?

Multi-party Vulnerability Disclosure: How we got here and where we are going (panel discussion)