This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 29 September 2022, 09:30 - 10:00
John Alexander (Mayo Clinic)
The story starts with a familiar beginning, Logs4Shell, but then takes some unexpected turns. In doing some basic research into how these attacks are executed, and strategizing on how to detect attacks of this nature, I came up with some signals to look for in our logs. In researching the logs within our SIEM (Security Information and Event Management) system, not only did I find some new IOCs (indicators of compromise) that were not listed, at that time, in any of our threat intelligence feeds, but I also discovered some unexpected log sources. In this talk I will describe the journey that led to these novel discoveries. I hope this presentation inspires people be aware of potential sources of intel.
John Alexander is a senior information security engineer on the Cyber Security Engineering (CSE) team within the Office of Information Security (OIS) with Mayo Clinic. He has being working in information security for over 25 years. He has previously worked for Lockheed Martin and Wells Fargo (formerly Norwest). He is both a Certified Information Systems Security Professional (CISSP) and a HealthCare Information Security and Privacy Practitioner (HCISPP) in good standing with (ISC)2. His work experience includes anti-virus management, incident response, email security & deliverability, security architecture, threat intelligence, cloud & SAAS security, SIEM (security information and event management), log management, proxy management, and more. He has been attending Virus Bulletin conference since 1999. He was a founding member of AVIEN (Anti-Virus Information Exchange Network). He is a founding and current board member of Rochester Pride.
John lives in Rochester, Minnesota, USA with his husband, Joseph, and their German Shepherd, Eljay. His personal interests include science fiction, Eurovision, Virus Bulletin, travel and food.