Threat Intelligence (with Rob Gresham)

THREAT INTELLIGENCE (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 36

GUEST:Rob Gresham

February 13, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Threat Intelligence (WITH Rob Gresham)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

Rob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge  (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion.

ABOUT Rob

Threat Intelligence (with Rob Gresham)

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING Rob:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar


JOE’S Second BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault


JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required