Overview
Syllabus
Cloud SIEM: What happened and what's next? Gunter Ollmann
A 20 Year Journey
Cloud Native SIEM
Overwhelmed with Data
Cutting-edge Today
Raw Events to High Fidelity Incidents
Changes in Hunter Thinking
Reactive Investigation vs Preemptive Hunting
Prioritizing Haystacks
Cloud-native Threat Hunting
Attack Timelines
User & Event Behavioral Analytics (UEBA)
Al-powered Threat Intelligence
(Auto) Threat Hunting
(Auto) Mitigation
Cloud Effects on Hunting
Cloud Effects on Response
Ditching Human Constraints
The Threat Hunter Role
Technology Constraints
Constraining Al in Security
Replicate the Human Expert?
Change the medium...
Evolving Machine Intelligence
Conclusion
Belgian Style Hacking
Taught by
BruCON Security Conference