{"id":1273,"date":"2013-09-05T14:50:38","date_gmt":"2013-09-05T12:50:38","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=1273"},"modified":"2013-09-05T14:50:38","modified_gmt":"2013-09-05T12:50:38","slug":"botconf13-back-to-life-back-to-correlation","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","title":{"rendered":"BotConf&#039;13 \u2013 Back to life, back to correlation"},"content":{"rendered":"<p>Intrinsec will present its work on botnet detection at BotConf 2013 in Nantes:\u00a0<a href=\"https:\/\/www.botconf.eu\/\">https:\/\/www.botconf.eu\/<\/a>.<\/p>\n<p>The Intrinsec SOC will describe the behavioral characteristics of botnets and, more specifically, the means to detect them through effective solutions while minimizing false positives and floods:<\/p>\n<ul>\n<li>How information (technical data, metadata, etc.) can be collected on the information system and then correlated at several levels to detect an active botnet; ;<\/li>\n<li>How to take advantage of this enrichment of raw data to build and deploy indicators of compromise (IOCs); ;<\/li>\n<li>How these indicators can be used to share information and improve the detection capabilities of a defense strategy.<\/li>\n<\/ul>\n<p>This work is extracted from everyday uses of sensors, probes and SIEM-type correlation solutions.<\/p>\n<p>The abstract is here\u00a0<a href=\"https:\/\/www.botconf.eu\/?page_id=225\">https:\/\/www.botconf.eu\/?page_id=225<\/a> ; THE <a href=\"https:\/\/www.botconf.eu\/?page_id=91\">registrations<\/a> should open in early September.<\/p>\n<p>See you in December!<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>Intrinsec will be presenting a short talk on Botnet malware detection at BotConf 2013 at Nantes: <a title=\"https:\/\/www.botconf.eu\" href=\"https:\/\/www.botconf.eu\" target=\"_blank\">https:\/\/www.botconf.eu\/<\/a><\/p>\n<p>The SOC of Intrinsec will describe all the behavioral characteristics of botnet activity and more precisely, the procedures and the means used in order to be able to detect botnets in an efficient way, while minimizing false positives and avoiding over floods of data.<\/p>\n<ul>\n<li>How we can collect and centralize security related data across the entire IT infrastructure in order to correlate it and identify botnet activity,<\/li>\n<li>How we can use metadata enrichment in order to deploy indicators of compromise (IOC),<\/li>\n<li>How we can actually put in use the IOCs in order to further improve our defensive strategy and refine our detection model.<\/li>\n<\/ul>\n<p>The technology allowing to implement this methodology is based on SIEM solutions.<\/p>\n<p>The abstract can be found here: <a title=\"https:\/\/www.botconf.eu\/?page_id=225\" href=\"https:\/\/www.botconf.eu\/?page_id=225\" target=\"_blank\">https:\/\/www.botconf.eu\/?page_id=225<\/a><br \/>\nRegistrations open the first week of September 2013.<\/p>\n<p>Looking forward to seeing you!<\/p>","protected":false},"excerpt":{"rendered":"<p>Intrinsec will present its work on botnet detection at BotConf 2013 in Nantes [\u2026]<\/p>","protected":false},"author":10,"featured_media":1274,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[103,104,60,105,61],"class_list":["post-1273","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-soc-securite-operationnelle","tag-botconf","tag-botnet","tag-cert-en","tag-i-soc","tag-soc-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>BotConf&#039;13 - Back to life, back to correlation - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BotConf&#039;13 - Back to life, back to correlation\" \/>\n<meta property=\"og:description\" content=\"Intrinsec pr\u00e9sentera ses travaux sur la d\u00e9tection de botnets \u00e0 la BotConf 2013 \u00e0 Nantes [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2013-09-05T12:50:38+00:00\" \/>\n<meta name=\"author\" content=\"Cyrille BARTHELEMY\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cyrille BARTHELEMY\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"},\"author\":{\"name\":\"Cyrille BARTHELEMY\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"headline\":\"BotConf&#039;13 &#8211; Back to life, back to correlation\",\"datePublished\":\"2013-09-05T12:50:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"},\"wordCount\":335,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"botconf\",\"botnet\",\"CERT\",\"i-soc\",\"SOC\"],\"articleSection\":[\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\",\"name\":\"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2013-09-05T12:50:38+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BotConf&#039;13 &#8211; Back to life, back to correlation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\",\"name\":\"Cyrille BARTHELEMY\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"caption\":\"Cyrille BARTHELEMY\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/cby\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","og_locale":"en_US","og_type":"article","og_title":"BotConf&#039;13 - Back to life, back to correlation","og_description":"Intrinsec pr\u00e9sentera ses travaux sur la d\u00e9tection de botnets \u00e0 la BotConf 2013 \u00e0 Nantes [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","og_site_name":"INTRINSEC","article_published_time":"2013-09-05T12:50:38+00:00","author":"Cyrille BARTHELEMY","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cyrille BARTHELEMY","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"},"author":{"name":"Cyrille BARTHELEMY","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"headline":"BotConf&#039;13 &#8211; Back to life, back to correlation","datePublished":"2013-09-05T12:50:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"},"wordCount":335,"commentCount":0,"image":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"thumbnailUrl":"","keywords":["botconf","botnet","CERT","i-soc","SOC"],"articleSection":["SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/","url":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/","name":"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"thumbnailUrl":"","datePublished":"2013-09-05T12:50:38+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"BotConf&#039;13 &#8211; Back to life, back to correlation"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109","name":"Cyrille BARTHELEMY","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","caption":"Cyrille BARTHELEMY"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/cby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/1273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=1273"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/1273\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}