Explore advanced security automation strategies in this 28-minute RSA Conference talk by Tomasz Bania, Cyber Defense Manager at Dolby. Learn how to transition from basic automation to implementing comprehensive end-to-end security solutions. Discover real-world insights on scaling defenses to address the increasing workload of security teams without additional resources. Gain knowledge on measuring automation capabilities, implementing key components such as alert ingestion, data collection, and remediation, and leveraging automated alert analysis. Understand the process of implementing heuristic analysis and machine learning models for more sophisticated threat detection. Explore practical use cases, including VirusTotal file, URL, and domain reputation scoring. Learn how to calculate ROI for automation initiatives and get guidance on implementing these strategies in your own environment.
Scaling Your Defenses - Next Level Security Automation for Enterprise
Overview
Syllabus
Intro
Intro Questions
What do "Automations" Look like today?
How can I measure my organizations Automation Capabilities?
What can Automations look like, and where do we start?
Component One: Alert Ingestion
Component Two: Data Collection
Component Four: Alert Remediation
Component Five: Reporting
The Missing Component: Automated Alert Analysis (Component Three)
Reviewing the Manual Analysis Process for Indicator Scoring
Simple Scoring Use Case: Virustotal File/URL Reputation
Simple Scoring Summary
Implementing Heuristic Analysis
Detailed Scoring Use Case: VirusTotal Domain Reputation
Heuristic Scoring Summary
Uplifting from Heuristic Analysis to Machine Learning Models
Training the Machine Learning
Tuning the Automations
How to Calculate ROI
Real-World Automation Return on Investment
How do I implement this in my environment?
Taught by
RSA Conference
