Evaluating Indicators as Composite Objects

Posted on in Presentations

Indicators are increasingly derided within Cyber Threat Intelligence (CTI) as insufficient for defense and analysis, but this view is likely unfair and misunderstands the nature and purpose of atomic indicators. In this presentation, we will explore the idea of an indicator or IOC as an inherently composite object, and how this understanding can fuel robust analysis and detection mechanisms.

Joe Slowik


Senior Manager, Threat Intelligence & Detections, Gigamon

Share With Your Community