Shimon Modi, Value of Cyber Threat Intelligence in Modern Security Operations

The last 5 years have seen a marked shift inhow companies view cyber threat intelligence (CTI) as a building block of theirsecurity strategy, but there still is a lot of confusion about how to build aprogram that provides utility. At its core CTI aims to provide informationabout motivations, methods and characteristics of attackers. In today's rapidlyevolving threat landscape having timely access to CTI can be of significantvalue to security analysts. By looking beyond your own four walls organizationscan take faster mitigation action and also reduce their attack surface. AddingCTI to enterprise security programs can be an effective strategy to go from areactive to a proactive response. But the value of CTI is constrained by theability of enterprise security operations to contextualize, manage and actionupon it. This presentation will cover some fundamental CTI concepts, real worldchallenges in operationalizing it, and some easy ways to try it out foryourself.  Takeaways for the audience:1. Overview of CTI concepts, frameworks,standards, and how they fit in the enterprise security model.2. Clearer understanding of CTI data modelsand how they integrate with detection, protection and incident responseprocesses. 3. Practical ways to accelerate securityoperations and heighten defenses using CTI. About the speaker: Shimon Modi is a seasonedcloud cybersecurity products and people leader with 10+ years experience andproven record of launching leading edge B2B SaaS solutions. Throughout his career Dr. Modi has worked in technical and leadershiproles on a wide range of cyber security initiatives in industry, government andacademia.  Dr. Modi is currently a Principal ProductManager at Elastic focused on building security solutions. Previously he wasHead of Product at TruSTAR Technology where he led PM, Engineering and DataScience teams in building an innovative cyber intelligence management platform.He was also a member of Accenture Technology Labs  where he led cybersecurity initiativesfocused on threat intelligence and the Internet of Things. Dr. Modi has also served as a technical experton US National standards and a delegate for the US National Body for ISObiometrics standards. He has authored a book, co-authored several book chaptersand published over 15 technical journal and conference articles. He has alsobeen invited to speak as subject matter expert at IEEE conferences and hackerconferences, including Black Hat & ShmooCon.

The last 5 years have seen a marked shift inhow companies view cyber threat intelligence (CTI) as a building block of theirsecurity strategy, but there still is a lot of confusion about how to build aprogram that provides utility. At its core CTI aims to provide informationabout motivations, methods and characteristics of attackers. In today's rapidlyevolving threat landscape having timely access to CTI can be of significantvalue to security analysts. By looking beyond your own four walls organizationscan take faster mitigation action and also reduce their attack surface. AddingCTI to enterprise security programs can be an effective strategy to go from areactive to a proactive response. But the value of CTI is constrained by theability of enterprise security operations to contextualize, manage and actionupon it. This presentation will cover some fundamental CTI concepts, real worldchallenges in operationalizing it, and some easy ways to try it out foryourself.  Takeaways for the audience:1. Overview of CTI concepts, frameworks,standards, and how they fit in the enterprise security model.2. Clearer understanding of CTI data modelsand how they integrate with detection, protection and incident responseprocesses. 3. Practical ways to accelerate securityoperations and heighten defenses using CTI. About the speaker: Shimon Modi is a seasonedcloud cybersecurity products and people leader with 10+ years experience andproven record of launching leading edge B2B SaaS solutions. Throughout his career Dr. Modi has worked in technical and leadershiproles on a wide range of cyber security initiatives in industry, government andacademia.  Dr. Modi is currently a Principal ProductManager at Elastic focused on building security solutions. Previously he wasHead of Product at TruSTAR Technology where he led PM, Engineering and DataScience teams in building an innovative cyber intelligence management platform.He was also a member of Accenture Technology Labs  where he led cybersecurity initiativesfocused on threat intelligence and the Internet of Things. Dr. Modi has also served as a technical experton US National standards and a delegate for the US National Body for ISObiometrics standards. He has authored a book, co-authored several book chaptersand published over 15 technical journal and conference articles. He has alsobeen invited to speak as subject matter expert at IEEE conferences and hackerconferences, including Black Hat & ShmooCon.