Presented at
CackalackyCon 1 (2019),
June 1, 2019, 2 p.m.
(60 minutes).
“You should be looking at Indicators of Compromise!” exclaims your CISO, regulator, vendor, and mom. No problem, right? You have the most expensive security intelligence vendor and all you have to do is correlate in your expensive SIEM! Well, if you have tried this, then you are laughing with me. Come hear my exploration into implementing IOCs at a major US insurance company and a major US bank. I’ll address the differences in Indicators of Compromise vs Indicators of Attack. I will show you how not to use the MITRE ATT&CK framework, plus some tips on how to use it well. My goal is to save you from falling into the same pitfalls when dealing with Indicators of Crap.
Presenters:
Similar Presentations: