Cymon – An Open Threat Intelligence System

Expo Theatre (Hall G) October 20, 2015 - Feedback     

Bookmark and Share

Roy Firestein

Threat Intelligence is a term frequently discussed within information security circles, with many firms offering commercial threat data feeds, using different frameworks and transport mechanisms detailed (including STIX and TAXII). Beyond the threat data generally offered, there are questions about exactly how useful and actionable such data can be. In this talk we will debut the first formal public offering of a new cyber monitoring tool we have called Cymon. It is a freely-available tracker of open-source security reports on malware, botnets, phishing and other malicious activities. At the time this abstract was written, on a daily basis Cymon was ingesting well over 60K events and 17K unique IP’s from almost 200 sources across the Internet to build a threat profile and timeline for IP’s, Domains and URLs. This talk will demonstrate some of the system’s capabilities and show examples of how you can use Cymon to research suspected malicious sources. The architecture and lessons learned when building a scalable system for big data analysis will also be discussed in detail.