Join Jamison Day at his presentation “Creating & Sharing Value with Network Activity and Threat Correlation” at FloCon in Tucson, AZ.!
We examine the key impediments to effective information sharing and explore how network activity and threat correlation can alter cyber economics to diminish threat actor return on investment.
Cyber threat management within an organization should include an automated cycle that leverages timely threat intelligence with both automated netflow correlation and packet-based signature detection. Automated netflow inspection can recognize interactions with resources that threat intelligence reports as malicious, alerting analysts as appropriate. Automated signature detection in network packet analysis should identify any new resources participating in malicious activity and inform netflow inspection. Automated techniques for spotting both known malicious behaviors and unknown anomalous patterns should alert analysts to investigate the identified activity. As new behavior patterns, signatures, and participating resources are discovered, these generate feedback into automated detection models.
This inside-the-organization cyber threat management cycle can integrate with others via information sharing to create inter-organizational cyber threat management communities that make a huge difference in our collective defense. Unfortunately, there are several impediments to information sharing; concerns about trust, privacy, legal issues, and value creation each play a role. We will delve deeper into each of these issues providing examples and technical action strategies to overcome them both within and between organizations.
Finally, we present a framework that integrates network activity, threat information, automated threat correlation, value-sharing networks, rights management, and social trust mechanisms that can overcome the key information sharing impediments and re-align cyber security community incentives towards information sharing and more effective threat mitigation.
Attendees Will Learn:
- The range of cyber security value-creation options that leverage network activity data
- How the value from each option synergistically supports the others in a cycle
- How organizations can link their network activity value-creation cycles
- Why organizations usually refrain from sharing this information
- Technical approaches for overcoming these sharing impediments
LookingGlass Cyber Solutions
Distinguished Data Scientist
Jamison M. Day is a Decision Science Ph.D. dedicated to improving information sharing among people and organizations. He was selected as 1 of 5 members nation-wide to serve on a Supply Chain Security Team for the U.S. Director of National Intelligence. His interactive analytics products have helped Microsoft and the Department of Homeland Security reduce business processes from days and hours to mere seconds. He has convened executives from government, military, for-profit, and non-profit organizations and facilitated several cross-sector projects. His work provides insights on overcoming some of the 21st century’s toughest challenges.
Dr. Day has presented his work at venues including the White House, National Science Foundation, Federal Emergency Management Agency, and U.S. Northern Command. Academic affiliations have included the University of Denver, Louisiana State University, the University of Houston, and Indiana University. He has written 20 articles appearing in academic journals and practitioner outlets including Decision Sciences Journal, Journal of the Association for Information Systems, and Journal of Supply Chain Management.