Topic: Effective Threat Intelligence Sharing
Many organizations struggle with creating threat intelligence for a variety of reasons – availability of data, trust of the data, and effective integration with other sources, among others. Further compounding the challenge is the need to convert the information into meaningful and actionable actions. With the possibility of mounting cyber threats to several densely populated areas, many municipalities across the world face a growing need for insightful information to act and react to real-time dangers.
In this presentation, we will present approaches to effective sharing of threat intelligence and how we create new threat intelligence every day using commercial data sources for malware, surface web, dark web and open data sources.
Speaker: Kevin Albano
Kevin Albano, Global Lead, Threat Intelligence, IBM X-Force IRIS
Kevin Albano has more than 17 years of experience working in information technology, law enforcement, and security consulting. Throughout his career, he has focused on investigating computer network intrusions, notifying impacted organizations, and disrupting some of the largest cyber espionage campaigns.
At IBM, Kevin is responsible for threat intelligence collections, managing advanced threat research and directing information analysis – all focused on helping customers understand their cyber threat risk and make decisions to protect their organization.
Prior to IBM, Kevin held prominent roles at the Federal Bureau of Investigation (FBI) and Mandiant. As a Special Agent at the Los Angeles FBI Field Office, Kevin developed the investigative process for examining computer network attack operations. He identified large-scale organized data theft operations and created the field guide for how cyber espionage investigators notify data breach victims.
Kevin joined Mandiant from the FBI to help defend commercial and government entities against cyber espionage. While at Mandiant, Kevin developed programs to analyze criminal attack infrastructures, notify victim commercial entities, and define threats. He also supported incident responders by categorizing and organizing threat information to identify sophisticated threat groups.
Kevin has also made significant contributions to the Information Sharing and Analysis Organization (ISAO) Standards Organization ISAO 300-1