The combined knowledge of the cyber security and intelligence community is vast and yet many teams still work in splendid isolation. This talk will work through an example, active intrusion set - worked on in separate teams - to show the highs and lows of parallel analysis. We investigate how multiple viewpoints increase intelligence quality but also introduce bias and data complexity - and then show how to solve that with (free) technology.
The method this talk will focus on applies the core concepts of search (elasticsearch), provenance (in a git-like way) and data modelling (purist STIX) to produce a truly global and collaborative threat intelligence repository.
Chris O'Brien, Former Senior Director of Intelligence