Presentations

Ryan Kazanciyan

Indicators of Compromise (IOCs) were meant to solve the failures of signature-based detection tools. Yet today's array of IOC standards, feeds, and products have hardly impeded attackers, and most intelligence remains shared in flat lists of hashes, IP addresses, domain names, or strings. Just as brittle as an anti-virus signature, and just as likely to fail - especially if used incorrectly.

This presentation will begin by contrasting the original intended design of IOCs with how they’re typically written and shared today. We’ll illustrate the challenges of building robust and reliable indicators, particularly when they need to be shared with 3rd parties. We’ll examine how organizations can compensate for these limitations and still get actionable results from brittle threat data. Finally, we’ll provide examples of endpoint outlier analysis and hunting techniques that can complement IOC searches and distinguish anomalies from the background noise of an environment.

Throughout the presentation, we’ll draw upon specific examples and lessons learned from responding to targeted attackers in real-world compromises.

Recent News

September 13, 2017

SciBabe, Ryan Kazanciyan and more added as speakers at the 2017 COUNTERMEASURE IT Security Conference. Here top security specialists from the public and private sector, in both technical and management tracks. For more information on this year's speakers, click here.

Cancellation Policy

Substitutions can be made at any time. Unfortunately we cannot refund registration fees. Each course is subject to a minimum number of students. In the unlikely event that a course must be cancelled due to low enrolment, full refunds will be provided to registered students.

For more information on COUNTERMEASURE 2017, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or our office line at 613-725-2079.