Threat Intelligence Practitioners Take on a Virtual Virus Bulletin
Earlier this month, CTA was all-hands on deck for the virtual Virus Bulletin conference, aka. ‘vblocalhost,’ where we coordinated and sponsored the Threat Intelligence Practitioners’ Summit (TIPS). TIPS spanned a range of perspectives from different corners of the world and highlighted distinct approaches to threat intelligence.
If you missed the event or haven’t yet had a chance to check it out, don’t worry! TIPS is still available free and on-demand at this link.
We were delighted to welcome Sophos CTO Joe Levy to kick off the summit. Joe gave a fascinating keynote on the challenges of threat intelligence sharing framed using game theory, an approach that models strategic interactions between rational decision-makers.
“The dynamics of threat sharing have much in common with core ideas in game theoretic analysis of cooperation under competition. We can change these dynamics by understanding sharing as a game and finding leverage points that lead to more and better sharing.” — Joe Levy, Sophos
Our concluding keynote from Noortje Henrichs of the Dutch National Cyber Security Center (NCSC) offered a great window onto the work of governments in the threat intelligence space. She described not only the obstacles that NCSC faces in operationalizing and distributing actionable threat intelligence with limited resources and to diverse recipients, but also how NCSC has worked to overcome those obstacles.
“CERTs need to be able to provide threat intelligence across all levels – technical, tactical, operational, strategic – so we have people with different kinds of expertise who work together to meet this need.” — Noortje Henrichs, Dutch NCSC
Also on the menu at the TIPS track?
- Palo Alto Networks’ Pete Renals on scalable attribution for business email compromise
- Andrea Limbago from Interos on security and threat intelligence sharing for global supply chains
- A conversation on diversity, collaboration, and how not to be “comfortably numb” to cyber threats
- Abdelkader Cornelius from RecordedFuture on cybercrime in the German-speaking countries of Europe
- A panel on “flattening the curve” of cyber risk through threat intelligence sharing
- Imelda Flores and Fernando Acosta from Scitum on the evolution of ransomware in Latin America
Of course, virtual conferences abound in 2020. Staying focused on our field and driving turnout through social media, our website, and a virtual CTA booth allowed us to get the message out about threat intelligence (and sharing) to a larger crowd than we would have reached in-person.
We are extremely grateful to both our individual speakers and panel discussion participants for all of the time and energy that they put into the event. Similarly, we are grateful to the organizers, Virus Bulletin, for their hard work and perseverance through the uncertainty of these past few months.