MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past few years, defenders have been increasing their security tooling and are detecting more adversarial techniques than ever before. Detecting events in your environment is only the first step. Going forward the focus isn’t going to be on if you detect or how you detect, but rather what you do with the alerts coming in.
What you do with alerts is what will set your organization up for success. How do you identify and reduce false positives or even false negatives? How are alerts triaged to differentiate between opportunistic versus more advanced malware? What procedures are in place for handling an outbreak? These questions and more are going to help dictate what happens after the breach. Digital forensics, incident response, and even threat hunting will all play important roles. In this session, Travis will go over key areas of importance and how to get started in identifying and implementing policies and procedures to set your security team up for success.