FloCon 2017

The current number of active cyber threats is astounding. Do you know which threats are targeting you right now and which threats are likely tocause greatest harm to your company?
This session examines how correlating network flow data with cyber threat information during incident response provides knowledge of not only what threats are active or targeting you, but which of your assets are being targeted before or during an incident. We examine the many data types used in commonly-shared indicators of compromise and explore which provide for automating correlation with network flow data. The pros and cons of common correlation algorithms are discussed with a focus towards their contributions and limitations to enhancing threat intelligence efforts. Proper network flow correlation should provide a foundation for performing risk-based mitigation that identifies the threats that are creating the
greatest loss of value for your organization rather than chasing down the threats deemed most harmful by the industry.