Name
F2. Connecting the Dots: Cross-referencing Disparate Threat Intel
Date & Time
Thursday, May 11, 2017, 11:15 AM - 12:15 PM
Speakers
Andrew Brandt - Symantec
Waylon Grange - Symantec
Andrew Brandt Waylon Grange
Description
Session Description:
 
As important as threat intelligence can be, it's equally important to understand the limits that proscribe a single data source. Join Symantec Director of Threat Research Andrew Brandt and Senior Analyst Waylon Grange as they explain a research tool developed internally for Symantec+Blue Coat's Global Information Network lab that can draw correlations between disparate data sources and IoCs such as IP addresses, file hashes, domains, and malicious behavior. Attendees will also learn the results of several investigations into high-profile attack campaigns involving state-level threat actors and "ordinary" criminal activity.

 

 

Location Name
Room 705/707
Full Address
Colorado Convention Center
700 14th Street
Denver, CO 80202
United States
Category
Architecture
Learner Objectives
After completing this session, attendees will learn:
  • How to understand the relationships between attack behavior and malicious networks
  • What are some of the techniques employed by APT threat actors to cover their tracks
  • How to identify and connect the dots between the various phases of an attack campaign
  • The value of using multiple sources of threat intelligence, and how to evaluate their usefulness
 
Speaker Bio(s)
Andrew Brandt has been a speaker at BSidesLV, SaintCon, Defcon, and the RSA Conference over the past six years. In addition to working as a malware analyst he has extensive experience in network forensics and incident response, and work closely with the development teams for two of Symantec's (formerly Blue Coat's) product teams, as well as with the Global Information Network, a reputation service that underlies many of Blue Coat's products. In addition to security analysis work, he was editor at PC World magazine for 9 years, covering privacy and internet security topics, and write for the blogs of Symantec, as well as (in the past) writing for Blue Coat, Solera Networks, and Webroot.
 
Waylon Grange is an experienced reverse engineer, developer, and digital forensics examiner. He holds a graduate degree in Information Security from Johns Hopkins University, and has worked numerous computer incident investigations spanning the globe. Prior to Symantec we worked for Blue Coat Systems as a Senior Threat Researcher, and the National Security Agency performing vulnerability research, software development, and Computer Network Operations.
 
 
Sorting Order
3