Creating REAL Threat Intelligence With Evernote

DEF CON 23

Presented by: grecs
Date: Friday August 07, 2015
Time: 00:00 - 00:00
Location:

In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing real actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions.

grecs

Salvador Grec (Twitter: @grecs) has almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite his formal training, grecs has always been more of a CS person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days improving and architecting SOC solutions. At night he runs a local infosec website where he discusses his latest security research and offers his commentary on the world of cyber.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats