Dave Ahn
Dave is a technology leader and innovator with a distinguished track record in cybersecurity and healthcare informatics over three decades. He holds numerous patents in these fields, many of which have been successfully commercialized through groundbreaking startups. At his current endeavor, Centripetal, Dave focuses on new ways to leverage global intelligence and analytics to transform cybersecurity defenses, security operations and threat research. He has been honored to share his work on peer-reviewed articles, support steering committees and workgroups, and speak about learned insights at conferences.
Session
IOCs produced in 2024: 1.2 trillion. Projected for 2025: 2 trillion. Our ongoing research is one of the most expansive and comprehensive analyses of accessible global threat intelligence data from over 50 commercial providers spanning over 2 years. We will share insights about the CTI ecosystem including the number of CTI producers and their specializations, volume and rate of production of IOCs, and intersections and overlaps between feeds and threat context.
We will then delve into how quickly intelligence providers keep up with vulnerability disclosures and attackers who exploit them. A temporal analysis of IOC coverage for CVEs from 2023 and 2024 reveals the average delays between the time of disclosure and the time of attribution in intelligence, providing insights into how quickly attackers pivot existing infrastructure and TTPs to exploit new vulnerabilities and when they stand up new infrastructure to scale those attempts. A shocking observation is the high accuracy of aged-out IOCS, long thought to be useless, in predicting coverage over 90(!) days in advance.
We will conclude the session with thoughts on the underlying causes of this fragmentation in the CTI industry and how they may unintentionally be setting up defenders for failure.