The Cyber Ireland Threat Intel Group aims to build the expertise within the Cyber Ireland community to develop Threat Intelligence capabilities through the sharing of knowledge and experiences at a strategic level.
B) Implementation Phase:
5th Session: Active Defense with Incident Response
6th Session: How to build a Threat Intel Program
7th Session: The Pathway to a Successful threat Intelligence Function
8th Session: Threat Hunting and Playbooks
On the 30th June we were joined by Ismael Valenzuela, Sr. Principal Engineer and Carlos Diaz, Principal Engineer at McAfee to talk us about Threat Hunting and Playbooks. Carlos Diaz and Ismael Valenzuela, two seasoned blue teamers and part of McAfee’s technical leadership team, presented on the topic of ‘cyballistics‘, and how it’s used in the real world to hunt and defend against adversaries that are already in your networks.
This discussion included not only the philosophy and mindset behind cyballistics but also specific examples on how to implement it.
What means AC3?
– MITRE Readiness
– Product Engineering & Roadmap
– Defensive Innovation
– Ballistics & Firearm Vs. Cyballistics & Mimikatz
– Applied Countermeasures: Active & Passive
– Example of cyballistics structured analysis (see the image below)
– Hunting on ‘Git-Hub’ – Defending against Rouge Router Advertisement in IPv6
– Alejandro Houspanossian’s (AC3 Team Member) Threat Sighting Report
– How do you balance operation requirements versus security considerations? Watch the Answer
– What are the new challenges and threats that come from cloud native architectures and what do organizations need to do to combat these threats? Watch the Answer
About the Speakers:
As Sr. Principal Engineer, Ismael Valenzuela (@aboutsecurity) is part of McAfee’s senior technical leadership team, leading research on Security Operations and Threat Hunting using machine-learning and expert-system driven investigations. Author and contributor of numerous technical articles and open source tools, Ismael is also a regular speaker at International conferences and is one of the few Certified SANS Instructor for the Cyberdefense and Digital Forensics tracks
Carlos Diaz is a McAfee Principal Engineer focusing on defensive countermeasures, large scale information management and security visibility efficacy for endpoint technologies to represent the core capabilities of SOC detection, investigation and response.