Threat Intelligence (with Rob Gresham)

Feb 13, 2017

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 36

GUEST:Rob Gresham

February 13, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Threat Intelligence (WITH Rob Gresham)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy. Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew). Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

Rob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion.

ABOUT Rob

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING Rob:

Twitter: @rwgresham

Team Email: foundstone@intel.com

Webinar

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner