FloCon 2018 has ended
Tucson, AZ – January 8-11, 2018


Watch this space for details on the technical program for FloCon 2018. In the meantime, see the FloCon website at www.cert.org/flocon.
Back To Schedule
Tuesday, January 9 • 10:00am - 10:30am
Creating & Sharing Value with Network Activity and Threat Correlation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
We examine the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.
Cyber threat management within an organization should include an automated cycle that leverages timely threat intelligence with both automated netflow correlation and packet-based signature detection. Automated netflow inspection can recognize interactions with resources that threat intelligence reports as malicious, alerting analysts as appropriate. Automated signature detection in network packet analysis should identify any new resources participating in malicious activity and inform netflow inspection. Automated techniques for spotting both known malicious behaviors and unknown anomalous patterns should alert analysts to investigate the identified activity. As new behavior patterns, signatures, and participating resources are discovered, these generate feedback into automated detection models.
This inside-the-organization cyber threat management cycle can integrate with others via information sharing to create inter-organizational cyber threat management communities that make a huge difference in our collective defense. Unfortunately, there are several impediments to information sharing; concerns about trust, privacy, legal issues, and value creation each play a role. We will delve deeper into each of these issues providing examples and technical action strategies to overcome them both within and between organizations.
Finally, we present a framework that integrates network activity, threat information, automated threat correlation, value-sharing networks, rights management, and social trust mechanisms that can overcome the key information sharing impediments and re-align cyber security community incentives towards information sharing and more effective threat mitigation.

Attendees Will Learn:
We will discuss:
   1. The range of cyber security value-creation options that leverage network activity data
   2. How the value from each option synergistically supports the others in a cycle
   3. How organizations can link their network activity value-creation cycles
   4. Why organizations usually refrain from sharing this information
   5. Technical approaches for overcoming these sharing impediments

avatar for Jamison Day

Jamison Day

Distinguished Data Scientist, Lookingglass Cyber Solutions
Jamison M. Day is a Decision Science Ph.D. dedicated to improving information sharing among people and organizations. He was selected as 1 of 5 members nation-wide to serve on a Supply Chain Security Team for the U.S. Director of National Intelligence. His interactive analytics products... Read More →

Tuesday January 9, 2018 10:00am - 10:30am MST
Presidio III, IV, V