Hackers of India

Unlocking Security Collaboration With Cyber Threat Intelligence

By  Avkash Kathiriya   Varun Singla   Mathan Babu Kasilingam   Amol Naik  on 06 Sep 2022 @ Nullcon


Presentation Material

AI Generated Summarymay contain errors

Here is a summarized version of the conversation:

The main topic of discussion is Threat Intelligence (TI) and how to reduce false positives. The speaker explains that TI feeds can sometimes trigger false positive alerts, and it’s essential to validate these alerts to ensure accurate results.

To achieve this, the speaker emphasizes the importance of integrating TI with other security pillars, such as identity, detect, respond, and predict. This integration enables a more comprehensive analysis of potential threats and helps eliminate false positives.

The speaker also highlights the need for dynamic scoring of intelligence, which takes into account various parameters like relevancy, relationship to ongoing campaigns, and more. This scoring should be adjusted based on changing circumstances, such as an IP address being blocked today but becoming less threatening tomorrow.

Additionally, the speaker stresses the importance of internal intelligence, which is generated by an organization’s own security systems, such as firewalls and proxies. This internal intelligence can provide valuable insights when correlated with external TI feeds.

The conversation also touches on the fraud analytics model, which prioritizes internal data relevance and adds value to external intelligence. The speaker suggests that this model can be applied to TI to improve its effectiveness.

Overall, the discussion emphasizes the need for a holistic approach to cybersecurity, where multiple pillars work together to provide accurate threat intelligence and minimize false positives.