Making Threat Intelligence Work for You

Tuesday, May 02 | 8:00AM–9:00AM | Penrose 1, Lower Level 1
Session Type: Breakout Session
Delivery Format: Concurrent Session
It is easy to download lists of bad IP addresses or bad domain names, but how can a resource-constrained IT security team make effective use of the data? How do we share locally generated threat data efficiently and with appropriate access controls? We will discuss how the University of Michigan is integrating open-source threat intelligence into our existing IT infrastructure using free software such as CIF, BIND, a custom anti-phishing Chrome plugin, honeypots, SpamAssassin, and other tools in order to implement effective security controls and share threat intelligence with a pilot group of peer institutions. This is a topic specific/intermediate level session.

Outcomes: See U-M’s approach and how that may be applicable in local environments * Learn about simple, low-cost approaches to using free threat intelligence * Learn how to implement threat intelligence sharing with peers


  • Kevin Cheek

    University Incident Response Lead, University of Michigan-Ann Arbor
  • Matthew Coons

    Incident Responder and Threat Analyst, University of Michigan-Ann Arbor