IOCs Are Dead—Long Live IOCs!
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.
Speakers
Ryan Kazanciyan ( @ryankaz42 )
Ryan Kazanciyan is the Chief Security Architect for Tanium and has twelve years of experience in incident response, forensic analysis, penetration testing and security architecture. Prior to joining Tanium, Ryan oversaw investigation and remediation efforts at Mandiant, a FireEye company, partnering with dozens of Fortune 500 organizations impacted by targeted attacks. Ryan is a frequent presenter at industry conferences, has taught classes for corporate security teams and federal law enforcement, and is a co-author of Incident Response and Computer Forensics, 3rd Edition (2014).
Detailed Presentation:
Comments