Understand Your Attackers: The Role of Sandboxing in Threat Intelligence

In the face of a rapidly evolving threat landscape, understanding attackers and proactively mitigating threats has become imperative. This technical talk delves into the symbiotic relationship between sandboxing technologies and cyber threat intelligence (CTI), emphasizing the use of dynamic malware analysis to gain a deeper understanding of attackers and fortify organizational defenses. On 11 July 2024 at 1:00 p.m. BST, VMRay and ISC2 will discuss: 1. The Significance of Threat Intelligence: Exploring the fundamental reasons for CTI and its practical applications. 2. Choosing the Right Sandbox: How to consider factors such as integration capabilities, avoiding vendor lock-in, and effective benchmarking. 3. The Value of Indicators of Compromise: Comparing public and in-house sources, and understanding how IOCs contribute to a comprehensive understanding of threats. 4. Maximizing the Value of Threat Intelligence: Utilizing CTI effectively, including the automation of threat data collection via platforms like MISP, and the deployment of block rules to devices such as routers and proxy servers to prevent threats from advancing. By the end of this session, attendees will have a clear understanding of how to integrate sandboxing technologies into their threat intelligence workflows, enabling a transition from reactive response measures to proactive defense strategies.