Presentations

Ryan Kazanciyan

Indicators of Compromise (IOCs) were meant to solve the failures of signature-based detection tools. Yet today's array of IOC standards, feeds, and products have hardly impeded attackers, and most intelligence remains shared in flat lists of hashes, IP addresses, domain names, or strings. Just as brittle as an anti-virus signature, and just as likely to fail - especially if used incorrectly.

This presentation will begin by contrasting the original intended design of IOCs with how they’re typically written and shared today. We’ll illustrate the challenges of building robust and reliable indicators, particularly when they need to be shared with 3rd parties. We’ll examine how organizations can compensate for these limitations and still get actionable results from brittle threat data. Finally, we’ll provide examples of endpoint outlier analysis and hunting techniques that can complement IOC searches and distinguish anomalies from the background noise of an environment.

Throughout the presentation, we’ll draw upon specific examples and lessons learned from responding to targeted attackers in real-world compromises.

Recent News

November 6, 2017

We are very please to welcome Chris Anderson as our guest MC for the third track of talks. Mr. Anderson has 30+ years of professional and corporate experience in financial services, telecommunications and the public sector in Business and IT Governance, Risk, Assurance and Compliance.

November 24, 2017

COUNTERMEASURE 2017 welcomed over 300 participants to discuss key topics in public sector IT security.  We have posted most of the presentation slides here, and two of our most talked about presentations are now available on our YouTube channel.  

Kelly Shortridge - The Red Pill of Resilience

Frode Hommedal - The Cyber Threat Intelligence Matrix: Taking the Red Pill of Attacker Eviction

Cancellation Policy

Substitutions can be made at any time. Unfortunately we cannot refund registration fees. Each course is subject to a minimum number of students. In the unlikely event that a course must be cancelled due to low enrolment, full refunds will be provided to registered students.

For more information on COUNTERMEASURE 2017, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or our office line at 613-725-2079.