BotConf'13 – Back to life, back to correlation

Intrinsec will present its work on botnet detection at BotConf 2013 in Nantes: https://www.botconf.eu/.

The Intrinsec SOC will describe the behavioral characteristics of botnets and, more specifically, the means to detect them through effective solutions while minimizing false positives and floods:

• How information (technical data, metadata, etc.) can be collected on the information system and then correlated at several levels to detect an active botnet; ;
• How to take advantage of this enrichment of raw data to build and deploy indicators of compromise (IOCs); ;
• How these indicators can be used to share information and improve the detection capabilities of a defense strategy.

This work is extracted from everyday uses of sensors, probes and SIEM-type correlation solutions.

The abstract is here https://www.botconf.eu/?page_id=225 ; THE registrations should open in early September.

See you in December!

——————————————————————————————————————–

Intrinsec will be presenting a short talk on Botnet malware detection at BotConf 2013 at Nantes: https://www.botconf.eu/

The SOC of Intrinsec will describe all the behavioral characteristics of botnet activity and more precisely, the procedures and the means used in order to be able to detect botnets in an efficient way, while minimizing false positives and avoiding over floods of data.

• How we can collect and centralize security related data across the entire IT infrastructure in order to correlate it and identify botnet activity,
• How we can use metadata enrichment in order to deploy indicators of compromise (IOC),
• How we can actually put in use the IOCs in order to further improve our defensive strategy and refine our detection model.

The technology allowing to implement this methodology is based on SIEM solutions.

The abstract can be found here: https://www.botconf.eu/?page_id=225
Registrations open the first week of September 2013.

Looking forward to seeing you!