T-Talk: Tactics to Transform Thinking Through Tabulating Types and Tags of Threat Indicators: Detect '18 Presentation Series | Anomali

Tactics to Transform Thinking by Tabulating Types and Tags of Indicators: Detect ‘18 Presentation Series

Insufficient Knowledge of How Indicators are Grouped Can Cause Confusion and Reduce Analyst Productivity

While indicators help us understand threats to an enterprise, misconceptions exist due to an unclear understanding of what differentiates indicator groupings like the Advanced-Persistent-Threat (APT).

This data-driven presentation will focus on comparing indicator groups based on enrichment data and actor tactics. From these observations, we will identify situations where threat intelligence producers confuse threat groups. Some threat groups are easily confused based on enrichment data such as exploit, malware and phishing domains. Other threat types are not confused with other malicious threat groups such as spam domains. Disambiguating indicator groups and understanding indicator group characteristics can enable more rapid triage and better distinguish adversary patterns in threat intelligence.

We'll cover:

  • Why understanding the indicator types is important in identifying threats
  • How we confuse threats in a short period of time
  • How threats change over a longer period of time
  • How well and what threats are identified by research and enrichment data

Watch this presentation to learn about large data analysis of threats and what we can conclude from them.

View Now!

NOTE: A valid email address is required to receive your requested asset.