14th Annual Security
& Compliance Summit
& Compliance Summit
Sharing What Matters: Accelerating Incident Response and Threat Hunting By Sharing Behavioral Data
When an intrusion happens, it is often hard to know when sharing intrusion data is appropriate. Additionally, it is often hard to know what to share. As a result, a majority of data sharing revolves around indicators usually at the expense of keeping critical behavioral signs of the attack internal. In this talk, we will look at how asset owners can share behavioral data observed during an intrusion with other asset owners. We will talk about what data might be valuable to other asset owners and how asset owners can sanitize data as not to leak inappropriate intrusion details. Finally, we will look at how the asset owner receiving the data can use the behavioral data in both a threat hunting and incident response scenario. Quicker sharing of information means less dwell time for an adversary in a victim network.
Dan Gunter is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Dan served in a variety of Information Security roles as a Cyber Warfare Officer in the United States Air Force with duties ranging from Incident Response at the Air Force Computer Emergency Response Team to developing innovative capabilities for multiple Department of Defense partners. Dan previously presented at Blackhat, s4x18, and Shmoocon.
Marc Seitz is a Threat Analyst, Threat Operations Center, at the industrial cyber security company Dragos, Inc. where he coordinates industrial control system cyber test lab functions as well as performing threat hunting services in ICS networks. Marc is a specialist in designing and implementing innovative simulated industrial environments to provide a safe and realistic training and attack simulation experience for internal and external analysts. He also conducts onsite vulnerability assessments and threat hunting services for customers in a variety of verticals.