Threat intelligence brokerage revisited

Friday 5 October 13:30 - 14:00, TIS room

Juan Andrés Guerrero-Saade (Chronicle)

Private sector threat intelligence is a young industry teeming with unexpected perils. Anti-malware and infosec companies turned from technical analysis shops to political players overnight. While investigating state-sponsored or geopolitically significant threats brings notoriety, PR gains and sales gains, ethical conundrums also arise. At VB2015, we first discussed the uncomfortable subject of threat research as intelligence brokerage. Since then, the industry scenarios hypothesized therein have found expression in real-world clashes and ethical quandaries. Top-tier infosec firms continue to reinvent this nascent craft to provide greater protection capabilities and detect the next high-profile threat. But have we better defined the standards we hold ourselves to? What effect we should ultimately produce? And for whom? After three action-packed years of unbelievable high-profile cyber incidents, let’s reassess the state of threat research as intelligence brokerage.



Juan Andrés Guerrero-Saade

Juan Andrés specializes in tracking advanced threat actors and elucidating concepts of digital espionage. He was formerly Principal Security Researcher with Kaspersky Lab's GReAT team. Before joining Kaspersky, he worked as Senior Cybersecurity and National Security Advisor for the Ecuadorian government. Juan Andrés comes from a background of specialized research in philosophical logic. His latest publications include 'The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage', 'Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks', and 'Walking in your enemy's shadow: when fourth-party collection becomes attribution hell'.



Back to VB2018 Programme page

Other VB2018 papers

Panel discussion: Will WHOIS go dark? Threat intelligence in the post GDPR era.

Michael Osterman (Osterman Research)
Norm Ritchie (Secure Domain Foundation)
Tom Bartel (Return Path Data Services)
Mark Kendrick (DomainTools)

Since the hacking of Sony Pictures

Minseok (Jacky) Cha (AhnLab)

Keynote address: Customers, suppliers, and the adversaries that come with them

John Lambert (Microsoft)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.