Summary: The last 5 years have seen a marked shift inhow companies view cyber threat intelligence (CTI) as a building block of theirsecurity strategy, but there still is a lot of confusion about how to build aprogram that provides utility. At its core CTI aims to provide informationabout motivations, methods and characteristics of attackers. In today’s rapidlyevolving threat landscape having timely access to CTI can be of significantvalue to security analysts. By looking beyond your own four walls organizationscan take faster mitigation action and also reduce their attack surface. AddingCTI to enterprise security programs can be an effective strategy to go from areactive to a proactive response. But the value of CTI is constrained by theability of enterprise security operations to contextualize, manage and actionupon it. This presentation will cover some fundamental CTI concepts, real worldchallenges in operationalizing it, and some easy ways to try it out foryourself. Takeaways for the audience: 1. Overview of CTI concepts, frameworks,standards, and how they fit in the enterprise security model. 2. Clearer understanding of CTI data modelsand how they integrate with detection, protection and incident responseprocesses. 3. Practical ways to accelerate securityoperations and heighten defenses using CTI.
