While everyone else is trying to rack servers, build API’s, client tools, documentation and billing systems, you’re already way ahead of them, spending the majority of your time hunting…
You should assume your customers are smart. You should be challenging them every day to be better. Use those metrics to retain the good ones and drive everyone else towards the competition.
I've seen presentations that prove this, and the AI does a better job at crafting phishing urls with a higher success rates than most humans do. This is where we start thinking of the larger AI frameworks as layers..
The main focus of the last ~60 hours has been APIs, feeds and real-time streaming. This includes the HTTP REST API the realtime ZeroMQ streaming API and to some extent, WebHooks…
If you're looking to build and deploy your own #ThreatIntel platform, these are the things you should be thinking about.. It should take months, not years.. and you should learn from our mistakes, not just your own.
Just about every single "TIPS" platform I come across solves one problem; getting users into their ecosystem where they can hunt for things in the past. These platforms are designed to FIND breaches, thwarting them seems to be an afterthought, if at-all. I can bring vulnerability data and passive dns data into my view to see that i've been owned, if I figured that out- why can't that logic just go into my network and keep me from getting owned in the first place?
Who knows- maybe with your ear close to the ground, you'll hear a more lucrative opportunity. Maybe you'll then be the next big unicorn… or more likely, create something where you are free to do whatever you want for the rest of your life.. Isn't that the point?
The real problem we're trying to solve here is context. We're lifting a bunch of "tokens", that usually have more than 3 characters, surrounding them with context and applying a probability value to them. All this with the express purpose of taking the high value indicators and applying them to our defenses in real-time. Not trivial, but not hard either. I'm not an SKLearn or NLTK expert- but I do know what it feels like to block accidentally netflix.com at the border….
Pretty soon, you find yourself back, staring at this "snort signatures" pattern problem. A small, elegant mathematical formula representing something your sensors should be detecting. All it's missing is a little normalization and a bit of an ever evolving data model behind it, representing the current state of the Internet…
Applied research, content and tools to help you solve real problems.
Did you learn something new? How much is that worth to you?