Confidence 2009.02 – Fusing 3rd party threat feeds to obtain better threat intelligence – Eddie Schwartz
Eddie started with a good overview of why feeds are available from D-Shield to Bluetack and U.S Department of Treasury and the properties of them, good/bad and why.
The he showed us how you can normalize the feeds and integrate them into NetWitness.
By tying infosec intelligence feeds and combining them with things like traffic statistics events on the network start making more sense. In stead of a random dynamic dns call you now all of a sudden you can tie that to a botnet infection on your network.
Categories: Conferences, Confidence 2009.02, Security confidence0902, eddie schwatrz, netwitness, Security, threat feeds