Simple lessons to teach you how you can fill the knowledge gap within your staff…today!
Few industries are expanding faster or evolving more rapidly than IT security. There is no shortage of bad actors trying to outsmart you and get to your data. The bad guys are relentless in their never-ending pursuit to find a better, more successful attack method, tool or vector. Not only is their persistence never waning, the level of complexity behind today’s attacks and the scale of their infrastructures is remarkable. Unfortunately, malicious and nefarious activity and behavior is not abating.
Given the unrelenting adversaries we face, today’s security professionals are challenged to stay ahead of the curve, and it’s not easy. In addition to addressing the existing ‘classic’ and well known (yet not-so-well remediated) attack vectors, we must also keep up with all the new/evolving threats in the cyber domain – a daunting challenge.
Enterprise IT organizations have invested heavily in multiple layers of on-premise security equipment and solutions, employee education campaigns and increased security headcount. Even with all this investment, the security team is experiencing “alert fatigue” and finding it difficult to keep pace and to handle the constant pressure of endless potential threats, compromises or attacks. Frequently, they end up making mistakes and subsequently lose their motivation. To break this seemingly endless, downward spiral resulting in an increased turnover and lower overall job satisfaction, IT organizations must implement updated strategies and methodologies.
This session will include insights and lessons learned from 13 years as an officer in the elite intelligence unit 8200 of the Israel Defense Force. I will share solutions I learned from the hands-on experience in cybersecurity and intelligence operations including CD/CR – Continuous Detection / Continuous Remediation.
I will first review the most common mistakes in SecOps and outline what you need to know to maintain visibility into your entire environment including:
- How to create a variety of logs
- How to handle different and large volumes of logs
- What should a user-friendly interface provide
- Contextualize the data and make it actionable
- How to make the most out of your logs: baselines, algorithms, Machine Learning…
I will then outline the essential remaining elements/requirements:
- How to create auto-remediation
- How to find the relevant remediation
- How to implement auto-remediation in your workflow
- Should you trust this solution
- Does it scale
Okay, so I may not really be able to turn your toddlers into cyber warriors in one session. But what I can do is arm them with the lessons learned from more than a decade of front-line experience in SecOps and intelligence operations – a big step in the right direction.