Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, August 5 • 11:00 - 11:55
TAPIOCA (TAPIOCA Automated Processing for IOC Analysis)

Sign up or log in to save this to your schedule and see who's attending!

These days, many security groups want to become "intel shops,” and threat intelligence is all the rage. An intel shop should ingest intel, analyze indicators, and pivot from correlated data. However, few understand how to begin the transition. How IS this accomplished? MAGIC, DAMNIT. Then again, if you’re not the slight of hand kind of guy or gal, we have an answer for you. Check behind your ear, and you’ll find a dollop of TAPIOCA!

In this talk, we will present our process for analyzing Indicators of Compromise (IOCs) at scale, correlating information from multiple sources, and pivoting to obtain information from deep within the bowels of our global network. We’ll talk about the technical challenges we have addressed in applying automated analysis to terabytes of data every day. We will also discuss the next-steps for this analysis, including applying machine learning techniques to help further classify our data. We are also releasing our automated IOC vetting tool, TAPIOCA (TAPIOCA Automated Processing for IOC Analysis), to help other security groups begin processing and benefiting from threat intelligence.

Speakers
avatar for Ryan Chapman

Ryan Chapman

Computer Incident Response Analyst, Bechtel Corporation
Ryan Chapman works as an incident response analyst for Bechtel Corporation. Ryan enjoys the challenge of handling incidents, reversing malware, and automating tasks for the security operations center. He also loves public speaking and has presented at venues such as BSides, CactusCon, Splunk .Conf, and others. Ryan has a fondness for doing stand-up comedy, retro gaming, and plays plenty of Street Fighter. Hadouken!
avatar for Moses Schwartz

Moses Schwartz

Sr. Network Security Analyst, Bechtel Corporation
Moses Schwartz is a security researcher with experience in cyber incident response, vulnerability assessment, industrial control system and SCADA security, and supply chain risk management. He is currently a senior network security monitoring analyst on the cyber incident response team (CIRT) for Bechtel Corporation. He was previously a senior member of technical staff at Sandia National Laboratories, where he researched and developed new... Read More →


Wednesday August 5, 2015 11:00 - 11:55
Breaking Ground Florentine A

Attendees (33)