Explore a comprehensive conference talk on active defense strategies in cybersecurity. Delve into the concept of winning long-term security wars despite losing individual battles. Learn about critical asset identification, the importance of asset management, and creating your own defensive battlefields. Discover techniques for mapping your digital space, collecting and analyzing threat intelligence, and dealing with data overload. Examine the challenges of alert fatigue, incident response, and analyst workload. Understand the three types of threats and their relevance to your organization. Investigate automated response systems, containment analysis, and persistent threat mitigation. Gain insights into intelligent prioritization, leveraging external indicators, and learning from security incidents. Explore strategies for raising costs for attackers and achieving real, sustainable security in an ever-evolving threat landscape.
Overview
Syllabus
Intro
Critical Assets
Short Game vs Long Game
Fundamentals
Asset Management
Our Own Battlefields
Defending the Unknown
Mapping Your Space
Collecting Data
Threat Intelligence
More data is not necessarily good
Where are you going to put that
What do you do
How many alerts
How many events can an analyst process
How long does it take to analyze an event
Do you drown in incidents
What threats are relevant
Everyones system is owned by malware
Three types of threats
Why does this matter
Tier 1 automated response
Destroy image
Human time expended
Containment analysis
Persistent threats
Human Time
Chess Match
Intelligent Prioritization
External Indicators
Internal External Content
Learning from Incidents
Raising Costs
The Goal
Real Security
