Summary
The Cyber Security Summit 2015 presentation Threat Intelligence 101: Introduction and Foundations by Matthew J. Harmon provides an entry level overview of the role and practice of cyber threat intelligence (CTI). Harmon begins by framing the inevitability of breaches citing high-profile incidents, and the principle that attackers need only one success, then introduces CTI as the structured collection and sharing of Indicators of Compromise (IoCs) enriched with context to support detection and response.
Foundations
He then explains the foundational CTI standards, CybOX (the vocabulary of observables), STIX (the XML based language for packaging observables into indicators, incidents, TTPs, and courses of action), and TAXII (the protocol for exchanging STIX packages) and walks through a real-world example: from spotting anomalous server traffic to extracting email, hash, IP, and URL indicators; packaging them into a STIX header; and sharing via TAXII to uncover a broader campaign.
DIY
Finally, Harmon showcases two CTI platforms ThreatConnect (expertcurated CybOX/STIX feeds) and CriticalStack Intel (aggregated open-source IoCs in TSV for Bro integration) and outlines a hands-on lab using Bro or Security Onion and CriticalStack feeds. This culmination demonstrates how organizations can do it themselves by deploying free tools, subscribing to feeds, automating IoC ingestion, and participating in community-driven neighborhood watch initiatives to elevate their collective security posture.