Author: Candid Wüest (@mylaocoon)
Date & Time: Thurs. 3, nov. - 9:45 to 10:30
Indicators of compromise (IOC) were once a useful tool in the fight against APTs; however, irrespective of how fast they are obtained or how many are available they are steadily losing their value. While IOCs may still prove useful in combating common cybercriminal attacks, sophisticated attacks in their current form are another matter completely. This talk will explain why this is the case, where IOCs might still be useful, and how they can be combined with other threat intelligence data.
This presentation will elaborate on which IOCs are still useful — such as exploits and mutexes — due to the fact that they are more difficult for attackers to change. Supported by real world examples and statistics from our own analysis of current attacks, we can show where current IOC sharing fails and where and how it still can be useful.
Biography: Candid Wüest works for Symantec's global security response team, where he has been going far beyond anti-virus signatures during the last thirteen years. He analyses new security threats, formulates mitigation strategies and creates research reports on new emerging security trends – for example, threats to the Internet of Things. For three years, he worked as a Virus Analyst in the anti-malware laboratory of Symantec in Dublin, Ireland.
Wüest has published various whitepapers and has been featured as a security expert in top-tier media outlets including Forbes, BBC and many others. He is also a frequent speaker at security-related conferences including RSA, BlackHat and Area41. He learned coding and the English language on a Commodore 64. He holds a master of computer science from the Swiss Federal Institute of Technology (ETH) and various certifications.