In this updated version of my threat intel framework presentation (using Evernote as a backend database) at TakeDownCon Capital Area, I have improved the organization and content flow and added an initial tag framework to help better organize data between Open Source feeds, a case management system, and an information sharing repository. Additionally, there are a few implementation examples. Thanks to the TakeDownCon crew for having me!
Creating REAL Threat Intelligence … with Evernote
In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing real actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions. And yeah … threat intel vendors still hold a role in ultimate threat intelligence nirvana but there is a lot you should do on your own first in order to better understand your requirements in searching for that ideal partner.
Today’s post pic is from SteamFeed.com. See ya!