A common refrain heard regarding Cyber Threat Intelligence (CTI) products and/or feeds is “we need more context!” However, it isn’t always clear what people mean when they ask for more context and different groups use the term to mean very different things. For some, context is technical, meaning timestamps indicating when a particular thing was known to be “bad” or in what way a domain is considered malicious. For others, context is at a much higher level, meaning intelligence about the strategic goals of adversaries or attribution to specific individuals, groups or nations. These two meanings define the ends of a continuum of context but what is between those endpoints?
This presentation discusses the importance of context (writ large) in CTI and introduces the concept of “behavioral context” actionable information about adversary tactics, techniques and procedures. The audience will learn ways in which behavioral context can augment technical and intelligence context and help organizations better assess their defensive posture and prevent and/or detect adversary actions within their networks.


time: 12:20

Other sessions:

Operating Large-scale Honeypot Sensor Networks For Fun and (non) Profit

Secure Agile Software Development

Detect & Respond to IoT Botnets as an ISP

Addressing Threats to Cyber Security in The Netherlands - Assessment - Ambition- Agenda

Making Sense of Cyber Crises

Who needs an IP-address anyway? The (in)security of non-IP connected IoT devices