Tactics to Transform Thinking by Tabulating Types and Tags of Indicators: Detect ‘18 Presentation Series

Watch Now

Register Now

Success Message
<h2>Insufficient Knowledge of How Indicators are Grouped Can Cause Confusion and Reduce Analyst Productivity</h2><p>While indicators help us understand threats to an enterprise, misconceptions exist due to an unclear understanding of what differentiates indicator groupings like the Advanced-Persistent-Threat (APT).</p><p>This data-driven presentation will focus on comparing indicator groups based on enrichment data and actor tactics. From these observations, we will identify situations where threat intelligence producers confuse threat groups. Some threat groups are easily confused based on enrichment data such as exploit, malware and phishing domains. Other threat types are not confused with other malicious threat groups such as spam domains. Disambiguating indicator groups and understanding indicator group characteristics can enable more rapid triage and better distinguish adversary patterns in threat intelligence.</p><p>We&#39;ll cover:</p><ul><li>Why understanding the indicator types is important in identifying threats</li><li>How we confuse threats in a short period of time</li><li>How threats change over a longer period of time</li><li>How well and what threats are identified by research and enrichment data</li></ul><h3>Watch this presentation to learn about large data analysis of threats and what we can conclude from them.</h3>