SECurity FUNdamentals

Building Bespoke Threat Intelligence Enrichment Platforms

Security Fundamentals (714AB) October 2, 2018 2:40 pm - 3:40 pm Feedback     

Bookmark and Share

Sean Tierney

The aggregation, normalization, enrichment, and contextualization of threat data and intelligence en masse necessitates a robust mix of innovation, automation, and flexibility. The Threat Analyst Workbench should provide mechanisms for extracting data from internal and external sources and building catalogues of intelligence. It should facilitate the analyst to characterize threats, identify outcomes, develop courses of action and thereby create actionable intelligence. We will cover a mixture of high level and detailed discussion of how we built internal systems for performing these tasks. We will provide insight on architecture, design, and lessons learned.