In 1983, Prince sang "A-U-T-O-MATIC, just tell me what to do," and discussed parallels between a physical relationship and the predicted brink of destruction set to occur in 1999. While said destruction did not occur, the internet experienced unprecedented growth in the late 90s, only to be upstaged by the maturation of cybercriminals and abuse of internet services. 40 years after the release of "Automatic," cybersecurity practitioners work daily to understand and outpace cybercriminals. Armed with cyber threat intelligence (CTI), cybersecurity teams collect, process, and analyze threat actor motives and tradecraft to detect suspicious activity and disrupt adversarial objectives. However, the number of threats drastically increase as technology continues to advance and more consumers own more internet-connected devices. How can CTI teams effectively contribute to business's cybersecurity posture and external customers while ingesting voluminous threat information? How do we ensure CTI analysts are not burdened by fatigue from performing repetitive, yet vital tasks? CTI teams should take a systematic approach to automate routine workflows. This presentation will provide guidance on implementing automation in common CTI practices, like maintaining awareness of threat actor tradecraft and detecting brand impersonation threats, while providing tangible examples using threat actor Muddled Libra. After attending this talk, attendees will have an understanding of how to identify, prioritize, and implement automation opportunities in CTI programs and proactively understand the limitations of these opportunities, impacting the effectiveness of CTI for their respective organizations.
View upcoming Summits: www.sans.org/u/DuS
SANS Cyber Threat Intelligence Summit 2024
Intellimation: Guidance for Integrating Automation in Your Cyber Threat Intelligence Program
Brett Tolbert, Senior Threat Intelligence Analyst, NBCUniversal