The missing piece in threat intelligence
Information sharing has become increasingly important to reduce risk against security threats. From public feeds to mechanisms for privately exchanging information between security researchers, the number of threat intelligence feeds may very well exceeds the number of actors being tracked. These information have proved to be useful for enterprise defense. However, from an infrastructure provider perspective, the current threat intelligence data and tools appear to be clearly insufficient.
In this presentation we will describe some shortcomings we found with threat intelligence feeds, and how their overall quality and relevance could be improved by engaging infrastructure providers. Finally, we will do a live demonstration of ERIS, an opensource implementation of our proposal, to be released during Botconf ’15.
Submitted