search menu icon-carat-right cmu-wordmark

Creating & Sharing Value with Network Activity &Threat Correlation

January 2018 Presentation
Dr. Jamison Day (Looking Glass)

In this presentation, the author examines the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.

Abstract

Cyber threat management within an organization should include an automated cycle that leverages timely threat intelligence with both automated netflow correlation and packet-based signature detection. Automated netflow inspection can recognize interactions with resources that threat intelligence reports as malicious, alerting analysts as appropriate. Automated signature detection in network packet analysis should identify any new resources participating in malicious activity and inform netflow inspection. Automated techniques for spotting both known malicious behaviors and unknown anomalous patterns should alert analysts to investigate the identified activity. As new behavior patterns, signatures, and participating resources are discovered, these generate feedback into automated detection models.