Loading images...
Loading images...
Loading images...

How to Leverage Next Generation Threat Intelligence?

Date Venue Presentations
Wed, Mar 20th, 2013
2:00 - 5:00pm

STIX Overview – NYC ISSA Threat Intel Event – Mar 2013

CITP Summary of Key Findings 18JAN13

March 2013 – ISSA PROGRAM

Date Wednesday, March 20, 2013
Event Start Time – End Time 2:00 – 5:00 pm
Overall Event Title How to Leverage Next Generation Threat Intelligence?
Event abstract Learn from forward thinking organizations and leading researchers on the latest trends and techniques leveraged in malware attacks. Learn how an organization can leverage its existing infrastructure to better identify, investigate and recover from both mass malware and targeted attacks? What are new defensive strategies and technologies that help organizations combat the continual onslaught of new attack campaigns. Hear from our expert speakers for an insider’s look at these challenges.

Protiviti – 1290 Avenue of the America’s, 5th Floor, New York, NY 10104

Dress Code Business casual
Event kickoff opening remarks 2:00 – 2:10
Speaker NY ISSA Board Member
Session description Welcome attendees
Session Title Evolution of Cyber Threat Intelligence
Start Time – End Time 2:10 – 3:00
Session Description Evolution and Revolution of Cyber Threat Intelligence – This presentation will examine the evolution of cyber threat intelligence, the global militarization of cyberspace, what it means for firms and critical infrastructure sectors, and how crowdsourcing, automation, cloud technology and analytical collaboration are helping address these threats.
Speakers Byron Collie, FS-ISAC Director, Intelligence Adviser and Chair of the Threat Intelligence Committee
Session Title A year in the life of a MD5
Start Time – End Time 3:05 – 3:50
Session Description ThreatGRID conducted an extensive Malware analysis research effort. The same sample was analyzed numerous times throughout the course of a year without de-duplication. (This was done as droppers, root kits, etc. change characteristics, address space are reused, re-tasked over time.) The results give rise to how functionality can change over time. This particular sample and content was then cross-indexed and related to ThreatGRID’s global repository of malicious sample. This provided interesting derived analysis, building relationships based on timing, behavioral, structural, and communications characteristics. For example we were able to determine origin, aims, and targets of specific samples via second and third order relationships. The end result provides intelligence that can be leveraged across both network and host devices
Speakers Dean De Beer, cofounder & CTO, ThreatGRID
Bio(s) Dean is cofounder and CTO of ThreatGRID, a malware analysis and threat intelligence provider. When not looking at improving methods to analyze malware, he leads incident response and targeted threat analysis for a wide variety of client organizations including those in the financial, federal and energy sectors.Dean is a well sought after educator, leveraging his technical experience and his ability to communicate complex concepts and ideas. Previously he served as an instructor for NYU Polytechnic’s Network Security and Penetration Testing track. Dean is also a regular public speaker and has been invited to speak at organizations such as ASIS, Netwitness, Gartner, IANS, the ISSA and the NYPD’s Computer Crime Division. He is regularly quoted on malware and targeted attacks in publications such as the Register, Dark Reading, The New York Times, Reuters and SC Magazine.

Networking Break

3:50 – 4:10

Session Title TBD
Start Time – End Time 4:15 – 5:00 PM
Session Description
Session Title
Who should attend (customize to each session content) Who should attend this session:ISSA Members, ISACA Members and FS/ISAC Members (and other ISAC’s)Security Practitioners. Those involved in Security Operation Center (SOC) including Tier I,II, III analyst as well as managers.

Incident Response, Malware Analyst, Reverse Engineer as well as Threat Analyst teams

Management & Executives – With a goal of understanding industry practices trends, and seeking perspective on implementing technical assessment activities in the context of a broader application security program including Advanced Persistent Threats.