Confidence - (19-20.11 2009 Warszawa)
Language: polski | engish

Eddie Schwartz

Topic: Fusing Third Party Threat Feeds to Obtain Better Threat Intelligence

Language: English

Mr. Schwartz is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was CTO of ManTech Security Technologies Corporation, EVP and General Manager for Global Integrity, SVP of Operations at Guardent, CISO for Nationwide Insurance; and as a Senior Computer Scientist at CSC he was Technical Director of the DSS Information Security Laboratory.   Mr. Schwartz has advised a number of security companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.


Many organizations have built network threat intelligence models to defend against botnets, dynamic DNS, nation-sponsored and organized criminal groups and other advanced threats. Advanced models are beginning to rely upon the integration of 3rd party threat data feeds from organizations such as SANS, Symantec, SRI, Shadow Server, Verizon, Spamhaus, and other open, closed, and commercial sources. This session discusses the relative value of specific threat feed providers, methodologies for enriching this data to make it useful in real-time network forensics, and techniques for fusing this data with live network traffic.

Attendees will learn the following:

  1. Understand the value of live threat intelligence and threat feeds relative to incident management and situational awareness.
  2. Develop a framework for analysis and comparison of threat feeds relative to specific threat analysis and data protection objectives.
  3. Choose trustworthy and reliable threat feeds, and learn how to separate useful information from noise.
  4. Integrate threat feeds with current security processes and technology telemetry such as logs, network behavior, and packet sniffing.