Webinar

Automated Threat Actor Profiling

This event took place on 25 May 2021, PCSI online

During this webinar, ABN AMRO and TNO will jointly present the outcome of their investigation on automating the processing of narrative threat information.

https://pcsi.nl/uploads/afbeeldingen/pcsi-webinair-banner-threat-actor-profiing-zonder-button.jpg

To stay abreast of present and emerging (cyber) threats, intelligence teams collect and analyse vast amounts of threat information. Much of this threat information comes in the form of natural language, i.e. as written text that a skilled analyst needs to work through meticulously to extract the specific threat characteristics that might be of interest to their organisation. 

To relieve pressure on threat intelligence resources an increase their ingestion capacity, the PCSI partners explored technologies to automate the processing of such narrative threat information. More specifically, we assessed the feasibility of extracting and classifying threat actor attributes through Natural Language Processing (NLP) - a branch of Artificial Intelligence (AI) and Machine Learning (ML) technology that focuses on the analysis of natural language data. 

In this webinar, ABN AMRO and TNO will jointly present the outcome of this investigation. The session will feature an explanation of (the state-of-the-art in) NLP technology, the solution that was designed to process threat information and feed the outcome into a Threat Intelligence Platform (TIP) and ABN AMRO’s deployment of this solution in actual intelligence working processes. The workflow of the NLP solution will also be shown in a live demonstration.

The webinar is interesting for people with a broad interest in cyber security in general and threat intelligence in particular. 

The session is English spoken.

Q & A

Recording

Photo of Reinder Wolthuis

Reinder Wolthuis

Reinder is an experienced cyber security innovator and leader, that preferably is in the lead of large and challenging cyber security innovation programs and projects. He considers himself capable of combining a strategic view with concrete ideas on how to realize tangible and usable results. He is loyal and reliable, likes to stimulate cooperation and tries to put in humor where possible. 

Photo of Nicole Gervasoni

Nicole Gervasoni

Nicole is a Cyber Security researcher at The Netherlands Organisation of Applied Sciences (TNO). She has a Computer Science and Engineering Msc degree from Politecnico di Milano. Her main interested is vulnerability research automation. At TNO she also focuses on applied cryptography, mainly secure multi- party computation and post-quantum algorithms.

Photo of Lalit Bhakuni

Lalit Bhakuni

Lalit is heading up the Global Cyber Intelligence Center at ABN AMRO Bank N.V. He has a study background in cyber security, completed his masters back in 2006. His current role involves on identifying cyber threats which can impact Bank and its subsidiaries and advise on creating cyber resilience against those threats. He is active in Cyber security world since 2016 and performed major security advisory and project leads roles for organizations like ING Bank and SWIFT in past, he specialize in security operations, threat intelligence and risk management functions.

Lalit has been involved in variety of Threat Intelligence & Research innovation projects which primarily focus on automating intelligence to risk analytics and intelligence auto collection.

Photo of Richard Kerkdijk

Richard Kerkdijk

Richard is a Senior Security Consultant at TNO. He obtained his master’s degree in applied physics in 1997 and has been an active player in cyber security ever since. His present role involves strategic advisory work, technical and non-technical security evaluations and coordination of cyber security research and innovation projects. Richard mostly conducts assignments for (CISOs of) telecoms providers (across Europe) and financial institutions (NL), but he has also done commissions for the Dutch National Cyber Security Center (NCSC) and other governmental departments.

In addition he acts as vice-chair of the ETIS Information Security WG, an industry body that facilitates collaboration among the CISOs of European telecoms providers. Richard has been involved in a variety of CTI oriented research and advisory projects, among other things oriented at automated community sharing of cyber threat intelligence, and also has a strong interest in novel automation solutions for SOC and CSIRT operations.