Overview
Explore the challenges and solutions in threat detection in this Security BSides London conference talk. Delve into why organizations struggle with effective threat detection despite significant investments. Examine key issues like reinventing the wheel, information sharing, traditional SOC models, and detection priorities. Learn about building and retaining skilled employees and get an honest assessment of detection tooling and deployment hurdles. Discover simple solutions to these complex problems, illustrated with technical examples from the Countercept hunt team's real-world experiences. Gain insights into improving threat detection capabilities, from collaboration and automation to metrics and making detection work more appealing. Understand how to shift focus from traditional SOCs to other valuable sources for more effective threat detection.
Syllabus
Introduction
Brief introduction
Hand waving
Threat detection in 2018
Offensive capabilities
Detection lags behind
Crossover point
Logistical problems
Technical problems
Everything is on fire
Small businesses
People
Collaboration
Collaboration Github
Meetups
Forums Notifications
Red Canary
Pipeline
Automation
Examples
Metrics
Other metrics
Making detection sexy
Imagine your job
Traditional socks
Focus on other sources
Summary
Taught by
Security BSides London