ThreatSTOP Blog

John Bambenek's Talk at SANSFIRE: War Stories on Automated Threat Intelligence for Defense

Written by Lauren Wilson | July 16, 2018

Between limited resources, lack of trained professionals and the increasing quantity/quality of attacks, securing enterprises and responding to incidents has dealt defenders a bad hand in the digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.


John's talk will cover the possibilities and perils of integrating all various sources of threat intelligence data to protect an organization. With all the open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy?

This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.

Session: Tuesday, July 17th. 7:15 PM - 8:15 PM. Learn more here.

About the Speaker

John Bambenek is the VP of Security, Research and Intelligence at ThreatSTOP, Lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign and a handler with the SANS Internet Storm Center.

He has over 18 years experience in information security and leads several international investigative efforts tracking cyber criminals, some of which have led to high profile arrests and legal action. 

He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He produces some of the largest bodies of open-source intelligence used by thousands of entities across the world