After recent public hacks, there's been a great deal of public discussion around the value of attribution, particularly in public cases where indicators of compromise were publicly outed, and it was found that these IoCs were very hard to attribute back to a particular group or individual.
So, what is attribution and why does it matter?
We take a look at how you can contextualize the threat intelligence that you do have and determine if you can ever attribute with confidence, or if it is only possible when you have access to a much larger and hidden world. In this webcast, we ask the question - is it worthwhile to bother with attribution or is it better to spend your energy elsewhere? Do you ask who, or do you focus on what, why and when? This talk will discuss the challenges of attribution and where the actionable intelligence may lead you.
Andrew van der Stock, CTO of Threat Intelligence, is an in-demand speaker and trainer, with past speaking engagements at AusCERT, linux.conf.au, Black Hat, OWASP AppSec EU and AppSec USA, and training many thousands of developers and information security professionals through public and private training offerings. Andrew is an acknowledged leader of the application security field, with nearly 20 years of application security experience in Australia and the USA, and over 20 years' experience in the IT and System Administration fields.
Andrew joined OWASP in 2002, and continued sharing his passion for information sharing by participating in and then leading the Developer Guide project, culminating in the OWASP Guide to Building Secure Software 2.0 in 2005. He led the OWASP Top 10 2007, OWASP ESAPI for PHP and was an early contributor to the OWASP Proactive Controls. Andrew is currently the project lead of the OWASP Application Security Verification Standard. He is the long-time moderator of the Symantec SecurityFocus webappsec mailing list. Andrew is currently on the global Board of Directors of OWASP, and has previously held the Executive Director position at OWASP and been a member of the OWASP Global Chapters Committee.
Travis Farral is the Director of Security Strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response, and Industrial Control Systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.