Overview
Syllabus
Intro
Critical Assets
Short Game vs Long Game
Fundamentals
Asset Management
Our Own Battlefields
Defending the Unknown
Mapping Your Space
Collecting Data
Threat Intelligence
More data is not necessarily good
Where are you going to put that
What do you do
How many alerts
How many events can an analyst process
How long does it take to analyze an event
Do you drown in incidents
What threats are relevant
Everyones system is owned by malware
Three types of threats
Why does this matter
Tier 1 automated response
Destroy image
Human time expended
Containment analysis
Persistent threats
Human Time
Chess Match
Intelligent Prioritization
External Indicators
Internal External Content
Learning from Incidents
Raising Costs
The Goal
Real Security