Threat Intelligence
Threat intelligence is a niche field in cybersecurity where security pros monitor and investigate the ever-changing landscape of threats to organizations. Whether its new tools, new players, or new rules, the risks on the internet don't stay the same for long. This talk will discuss the current state of play, how threats have grown in size, sophistication, and complexity over the last ten years, and where this all could be leading for the next ten years. Presentation Importance: This talk captures a few interesting tidbits: - Who are the current players in the threat landscape - How do you begin to approach a complex web of interconnected threat actors? - What is cyber threat intel, and why does it matter? How does it actually help people? Rough outline: - What is threat intelligence? - How does it work? - How is it impactful? - What's a threat/actor/APT/jargon? - The historical threat landscape - 3 big APT actors: Russia, China, Iran - Problems: very Western-centric, very espionage focused - Changes over time - More actors to care about: NK, US, others - Non-APT actors start making impact (criminals) - Private industry evolves (vuln vendors, malware vendors) - Result: Boundaries start to blur - Difference in intent between gov and criminal becomes less distinct - Difference in capability shrinks - Criminal Underground Shifts - More specialization in dark web markets = stronger products - Decentralization of markets = harder to track - Evolution of affiliate model = less risk taken by highest risk actors - Current state of play: Higher impact, faster changes, less certainty - Many more actors in the threat landscape in general - Much higher sophistication floor for all actors - Wider aperture of affected entities by threat actor activity - Where is this all going? - Increasingly automated threat actor activity possibly disrupted by advent of AI - Ephemeral threat actor groups makes law enforcement tougher, less impactful - To some extent, this is all a return to the 90s, where everyone fends for themselves - Unless...increased collaboration yields economies of scale in cyber defense - Questions
Charles DeBeck is a Cyber Threat Intel Expert @ GoogleCloud where he develops Google’s public Threat Horizon reports. He brings overa decade of cyber threat intel experience from the National Security Agency,Deloitte & Touche LLP, and IBM X-Force. He focuses his research on threatactor trends, trying to understand where threats will evolve and change intothe future. It's pretty great.
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!