filmov
tv
Order Through Chaos: Data-Driven Hypothesis Creation Using Security Chaos Engineering
Показать описание
All hunts start with a hypothesis. What takes hunting from an art to a science is the method a hunter uses to generate this "educated guess".
Often times, we see hunters rely on intuition, experience, and a little bit of luck to find evil. These three elements can be a powerful combination. But what happens when you bring a new hunter into your organization and they haven't had time to build that intuition or experience yet? What happens when someone asks you to make your hunting process repeatable? What happens when you have more hunts to perform than you have hunters to run them?
That's where Security Chaos Engineering comes in! By baselining the detection and prevention capabilities of an organization, we can proactively identify gaps in coverage and unknown attack vectors and use that data to help inform hunters where potential problem areas may exist.
By marrying up the science of baselining with the art of hunting, we can provide robust, informed, and defensible threat hunts that maximize our chances of finding evil. In this talk, we'll walk you through a real-life example of how we can take outputs from security chaos engineering, convert them into actionable hypotheses, and apply them in a hunt operation. We'll leave you with lessons we learned from applying this methodology in our own environment, and recommendations for how to apply this methodology to your own hunts to make the process faster, more repeatable, and more likely to find evil.
Presenter: Cari Cistola, Director of Threat Hunting, Capital One
Presenter: David Lavezzo, Director of Security Chaos Engineering, Capital One
Often times, we see hunters rely on intuition, experience, and a little bit of luck to find evil. These three elements can be a powerful combination. But what happens when you bring a new hunter into your organization and they haven't had time to build that intuition or experience yet? What happens when someone asks you to make your hunting process repeatable? What happens when you have more hunts to perform than you have hunters to run them?
That's where Security Chaos Engineering comes in! By baselining the detection and prevention capabilities of an organization, we can proactively identify gaps in coverage and unknown attack vectors and use that data to help inform hunters where potential problem areas may exist.
By marrying up the science of baselining with the art of hunting, we can provide robust, informed, and defensible threat hunts that maximize our chances of finding evil. In this talk, we'll walk you through a real-life example of how we can take outputs from security chaos engineering, convert them into actionable hypotheses, and apply them in a hunt operation. We'll leave you with lessons we learned from applying this methodology in our own environment, and recommendations for how to apply this methodology to your own hunts to make the process faster, more repeatable, and more likely to find evil.
Presenter: Cari Cistola, Director of Threat Hunting, Capital One
Presenter: David Lavezzo, Director of Security Chaos Engineering, Capital One
0:26:09
0:54:06
0:31:09
0:18:17
0:39:12
0:01:22
0:33:50
0:48:28
0:22:48
0:55:24
0:02:36
1:04:43
1:24:49
0:56:56
0:50:09
0:18:28
![[Security DNA] Navigating](https://i.ytimg.com/vi/QGc2uO4hAJE/hqdefault.jpg)
0:06:51
0:38:39
0:03:06
0:35:12
0:34:01
0:08:42
0:10:36
0:55:03