BSidesLV 2015 has ended
View analytic
Wednesday, August 5 • 11:00 - 11:55
TAPIOCA (TAPIOCA Automated Processing for IOC Analysis)

Sign up or log in to save this to your schedule and see who's attending!

These days, many security groups want to become "intel shops,” and threat intelligence is all the rage. An intel shop should ingest intel, analyze indicators, and pivot from correlated data. However, few understand how to begin the transition. How IS this accomplished? MAGIC, DAMNIT. Then again, if you’re not the slight of hand kind of guy or gal, we have an answer for you. Check behind your ear, and you’ll find a dollop of TAPIOCA!

In this talk, we will present our process for analyzing Indicators of Compromise (IOCs) at scale, correlating information from multiple sources, and pivoting to obtain information from deep within the bowels of our global network. We’ll talk about the technical challenges we have addressed in applying automated analysis to terabytes of data every day. We will also discuss the next-steps for this analysis, including applying machine learning techniques to help further classify our data. We are also releasing our automated IOC vetting tool, TAPIOCA (TAPIOCA Automated Processing for IOC Analysis), to help other security groups begin processing and benefiting from threat intelligence.

avatar for Ryan Chapman

Ryan Chapman

Computer Incident Response Analyst, Bechtel Corporation
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon... Read More →
avatar for Moses Schwartz

Moses Schwartz

Sr. Network Security Analyst, Bechtel Corporation
Moses Schwartz is a security researcher with experience in cyber incident response, vulnerability assessment, industrial control system and SCADA security, and supply chain risk management. He is currently a senior network security monitoring analyst on the cyber incident response... Read More →

Wednesday August 5, 2015 11:00 - 11:55
Breaking Ground Florentine A

Attendees (0)