Actionable threat intelligence should provide organizations with the ability to quickly detect (and react to) current threats beyond using the traditional signature and behavior-based security tools. Many organizations, however, currently only view threat intelligence as generic free or paid feeds containing indicators of compromise related to historical attacks used to enrich their own data. Although this approach is common, information gathered through it is of limited use for the organizations and cannot be thought of as “actionable intelligence”.
In this presentation, we will look at how raw, freely available data and tools may be used in a DIY fashion to create a tailored threat intelligence program that supplies the organization with data of real actionable value.
Create an effective threat intelligence program tailored to the needs of their organization.
Differentiate between specific types of threat intelligence.
Select appropriate tools for use in security architectures that will provide both detection and/or reaction capability as well as threat intelligence data.