filmov
tv
Finding the Balance in Security Automation - SANS Threat Hunting Summit 2018
Показать описание
There is nearly a consensus in the broader security community that threat hunting is a fundamentally human activity. But even the most vocal proponents of this view believe that automation is necessary to continuously improve upon an existing security program and make the hunting activity scalable. When organizations can use automation to pull together the seams
in their security program and extend the current hunting framework, they see immediate gains in their security posture and enable junior analysts to operate at a level near that of more
experienced analysts. In this presentation, two speakers with opposing views on the subject will define the boundaries of what are fundamentally human activities (threat hunting) and what can
be reasonably automated (threat farming). This distinction allows for hunters to be continuously “fed” what is necessary for a robust security detection and response program. It also provides them with the resources and capacity to go out and hunt the big game.
This presentation will cover traditional network-based and ICS hunting, both manual and automated, in order to showcase examples where automation enabled the capabilities to hunt even more exciting and critical potential incidents. We’ll also look at a case or two where lousy automation meant everyone had a bad day.
Robert is the founder as well as the CEO of his own company, Dragos, Inc., which provides cybersecurity
solutions for industrial control system networks. He is also a SANS course author (FOR578 and ICS515)
and Certified Instructor.
Alex is responsible for data science, analytics and machine learning capabilities of the Verizon
Autonomous Threat Hunting product. He joined Verizon through the acquisition of Niddel, where
Alex was Co-Founder and Chief Data Scientist. Alex has over 20 years of experience in build security
solutions and products and the last 5 of those years have been solely dedicated to the application
of machine learning in cybersecurity detection and threat hunting activities. He also holds multiple cybersecurity certifications, such as CISSP-ISSAP, CISA, CISM, and was previously PMP and PCI-QSA certified. Before founding Niddel, Alex was a founder of Cipher Security, a global full-solution provider of Brazilian origin. He was born in Rio de Janeiro, but for a twist of fate can’t play any soccer. His spirit animal is the capybara.
in their security program and extend the current hunting framework, they see immediate gains in their security posture and enable junior analysts to operate at a level near that of more
experienced analysts. In this presentation, two speakers with opposing views on the subject will define the boundaries of what are fundamentally human activities (threat hunting) and what can
be reasonably automated (threat farming). This distinction allows for hunters to be continuously “fed” what is necessary for a robust security detection and response program. It also provides them with the resources and capacity to go out and hunt the big game.
This presentation will cover traditional network-based and ICS hunting, both manual and automated, in order to showcase examples where automation enabled the capabilities to hunt even more exciting and critical potential incidents. We’ll also look at a case or two where lousy automation meant everyone had a bad day.
Robert is the founder as well as the CEO of his own company, Dragos, Inc., which provides cybersecurity
solutions for industrial control system networks. He is also a SANS course author (FOR578 and ICS515)
and Certified Instructor.
Alex is responsible for data science, analytics and machine learning capabilities of the Verizon
Autonomous Threat Hunting product. He joined Verizon through the acquisition of Niddel, where
Alex was Co-Founder and Chief Data Scientist. Alex has over 20 years of experience in build security
solutions and products and the last 5 of those years have been solely dedicated to the application
of machine learning in cybersecurity detection and threat hunting activities. He also holds multiple cybersecurity certifications, such as CISSP-ISSAP, CISA, CISM, and was previously PMP and PCI-QSA certified. Before founding Niddel, Alex was a founder of Cipher Security, a global full-solution provider of Brazilian origin. He was born in Rio de Janeiro, but for a twist of fate can’t play any soccer. His spirit animal is the capybara.
0:39:44
0:03:05
0:16:44
0:01:08
0:11:21
0:04:42
0:18:12
0:06:11
1:48:39
0:52:17
0:20:31
0:04:29
0:21:19
0:03:41
0:44:42
2:04:08
0:31:00
0:04:53
0:18:48
0:03:41
0:02:26
0:00:32
0:01:00
0:00:34