On the eve of the Cyber and Threat Intelligence Summit 2022 from 19-20 October, organiser Alexandre Dulaunoy (Security Researcher at CIRCL) shares the highlights of the conference and the global trends in cyber and threat intelligence.
The Cyber and Threat Intelligence Summit 2022 (CTIS) will be held at Luxexpo The Box from 19-20 October during CYBERSECURITY Week Luxembourg.
The event brings together experts, analysts, users and contributors specialising in cyber intelligence and threat intelligence in general.
CTIS includes the original MISP Summit, an open source threat intelligence platform project that develops utilities and documentation for more effective threat intelligence by sharing indicators of compromise.
CTIS is also dedicated to all other threat intelligence practices. Special emphasis is placed on projects connecting the intelligence communities and open source related projects.
Conference organiser Alexandre Dulaunoy, Security Researcher at the Computer Emergency Response Team (CIRCL), and Core Team Member at MISP talks about the event.
Alexandre Dulaunoy, what are the goals of this summit?
For many years we have organised the MISP Summit, around the free open source information and intelligence sharing software developed by the CIRCL and used all over the world. As this conference grew we expanded it a bit and renamed it the Cyber & Threat Intelligence Summit.
It brings together all the analysts and people from around the world who work on cyber intelligence to present their projects and works in progress.
The focus is not only on the integration of our platform, but also on other tools and models used to structure intelligence data so that it is ultimately usable.
During the conference, these experts will share their experiences in 20-minute talks.
What will the presentations focus on?
The idea is to create a certain connection between the participants and the audience, through the sharing of practices and experiences, both those that have succeeded and those that have failed.
Indeed, describing intelligence is complicated. And knowing how to use data and contextualise it is not simple. During these presentations, people will explain what they do, and the role of their work within their company and organisation. A 10-minute Q&A session, interacting with the audience, will follow each talk.
What will be the other highlights of this summit?
Two keynotes are also planned. The first will be led by Frenchman Patrice Auffret, CEO of ONYPHE, a company that operates a cyber defence search engine for open source intelligence and collected cyber threat data. This engine scans the various sources available on the Internet and listens to the Internet background noise, in order to discover vulnerabilities on servers.
ONYPHE sells a publicly accessible service which analyses the attack surface of the infrastructure. It is also about intelligence. Patrice Auffret has a long experience in everything related to data collection. This is the theme of his presentation.
Gregory Boddin from LeakIX will speak in the second keynote. LeakIX is the first platform combining a search engine indexing public information with an open reporting platform linked to the results. The goal of this collaborative website is to provide a preventive solution, trusting individual researchers and security companies on the most sensitive indexed data.
These topics are not particularly aimed at the general public, but rather reserved for experts in the field.
The conference is primarily aimed at IT security professionals, those who work in intelligence, threat intelligence, and all things cybersecurity, and who collect third-party information to share, reuse, and protect infrastructure.
These are really technical or organisational experts and analysts who practice intelligence at the strategic level. The topics discussed will focus on defence; there will also be case studies, such as mobile operators who do surveillance.
What will be the core focus of the 2022 summit, compared to the conferences of previous years?
The main theme will be collaboration. Under the motto that people working in intelligence cannot operate alone. We are indeed moving towards an increasingly collaborative approach.
We see it for example with the war in Ukraine, where data collection is done in an increasingly collaborative way and people are sharing information.
So we are no longer in a traditional model where analysts were working in their own corners. Sharing allows us to improve the data, to cross-check and to validate it. In my opinion, this model will evolve even more in this direction over the next few years. So collaboration in terms of information sharing is becoming a reality. This is a global trend.
What are the major challenges today in the collection and analysis of intelligence information?
Clearly, it is the volume of data: at the intelligence level, there is an enormous amount of data; it must therefore be qualified, evaluated, and we must know if it is usable.
Integrating and using it is the second challenge: knowing exactly what you can do with it, if and how to use it to defend yourself, by knowing your adversaries and what techniques they use, for example, in order to protect your own infrastructure.
