Blackhat, Defcon and B-Sides wrap-up
How are we advancing security?
As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences. Some of the key take-aways align directly with the vision and products of ThreatStream so we would like to take time to share our thoughts and overview of the latest trends and research emerging from the conferences.
Threat Intelligence is the future of security defense.
With over 25 talks focused directly on Threat Intelligence and more specifically MRTI (Machine Readable Threat Intelligence), Thanks Gartner for creating distinguishing descriptions for the non-human stuff! ;ThreatStream has been the clear leader in this space and with all the talk about STIX/TAXII and automation of IOC -> SIEM -> DFIR -> WIN, we don't know a better solution than Optic to start operationalizing your Threat Intelligence into MRTI and integrate with SIEM. I think the most interesting talks this year are about how to measure data-quality, how threat intelligence feeds are continually becoming commoditzed and overlapping which calls for a platform centric approach to getting value and distinguishing signal from noise.
Machine Learning to save the day.
ML is one of those funny things that even I considered another empty buzzword that security companies jumped on to sell more product. Well... that was before we actually had working ML models in our product! I'm now a complete believer and have seen the outstanding benefits of applying ML to threat intelligence. I will say it now: This is the future of cyber security defense.
There were several interesting talks about ML, applied to Raw data in SIEM 2.0, my favorite research/project around this is Cisco and HortonWork's OpenSOC. Very interesting path and exactly where the market needs to move in-terms of adopting a robust solution for real-time correlation and long-term reporting and indicator hunting leveraging the latest scalable data tech (hive/spark/elk). http://www.slideshare.net/JamesSirota/cisco-opensoc
If there is one interesting technology trend happening in security today it's the emergence of machine learning and how it will contribute to automation and enablement of the modern security analyst.
Honeypots become a Enterprise defense!
Sadly we released MHN our groundbreaking enteprise honeypot management tool just a bit late to get in a talk at BH or Defcon but there were already several amazing talks about the benefits of Honeypots as an enterprise defensive tool especially running on internal rfc-1918 space looking for attack pivotting behaviour. If you have not seen some of the latest work around honeypots, check out the awesome open-source project "MHN" we released recently: http://threatstream.github.io/mhn/
If you were not able to attend, all material and videos from Blackhat are already available online!
Blackhat Video and Materials:
Slides from Defcon 22: