4. Generating and Employing Threat Intelligence
Organisations around the world have understood the importance of collecting and integrating threat intelligence in their cybersecurity processes. The collection of low level threat intelligence (Indicators of Compromise like malware hashes and IP addresses) has become common practice, with organisations like Shadowserver collecting enormous amounts of data. Such data is easy to integrate within static detection tools, but it also tends be short lived and it has a limited impact on the adversaries. Higher level threat intelligence (like trend and campaign analysis, malware classification and discovery of new behaviors) is more valuable in the mid and long term, but expensive to produce manually and usually hard to integrate into existing defenses and threat intelligence platforms. In this webinar we present the SOCCRATES solution to these issues: a modular platform that enriches the existing low level threat intelligence with a special focus towards scalability, precision and automation.