NEW2CTI | Connecting the Dots: Transforming Incident Data into Actionable Campaign Intelligence​

In today’s evolving threat landscape, Cyber Threat Intelligence (CTI) teams are often challenged by fragmented incident data and a lack of a structured analysis process. This talk focuses on a specific, actionable topic: how structured intrusion

analysis can transform scattered incident data into structured, intelligence-driven campaign narratives. ​

Many organizations struggle to move beyond reactive incident response. Without a structured approach, critical connections between incidents can be overlooked, resulting in missed opportunities to identify adversary campaigns or emerging threats. This presentation addresses that problem by demonstrating how a systematic, structured analysis methodology enables CTI teams to “connect the dots” across incidents and external reporting. ​

Attendees will learn practical techniques for implementing structured data collection and analysis workflows. We will discuss how to centralize incident data, apply analytical frameworks, and use structured methodologies to correlate related activities. By doing so, CTI teams can uncover trends, overlaps, and patterns that would otherwise remain hidden. This approach not only enhances situational awareness but also supports proactive threat hunting and more effective intelligence reporting. ​

Key takeaways from this session include:

- Strategies for identifying, collecting, and centralizing relevant data to enable long-term correlation and trend analysis. ​

- A repeatable process for structured intrusion analysis that can be adapted to any organization’s needs. ​

- Methods for identifying and building campaign narratives from seemingly isolated incidents and reporting. ​

- A real-world example of how Deloitte utilized this process to identify a campaign. ​

By leveraging structured analysis, organizations can move from reactive incident response to proactive intelligence generation, ultimately gaining a clearer understanding of the threat landscape and improving their overall security posture. This talk will provide actionable insights to help CTI teams make the most of their intelligence efforts. ​