It is easy to download lists of bad IP addresses or bad domain names, but how can a resource-constrained IT security team make effective use of the data? How do we share locally generated threat data efficiently and with appropriate access controls? We will discuss how the University of Michigan is integrating open-source threat intelligence into our existing IT infrastructure using free software such as CIF, BIND, a custom anti-phishing Chrome plugin, honeypots, SpamAssassin, and other tools in order to implement effective security controls and share threat intelligence with a pilot group of peer institutions. This is a topic specific/intermediate level session.
Outcomes: See U-M’s approach and how that may be applicable in local environments * Learn about simple, low-cost approaches to using free threat intelligence * Learn how to implement threat intelligence sharing with peers
University Incident Response Lead, University of Michigan-Ann Arbor
Incident Responder and Threat Analyst, University of Michigan-Ann Arbor