Better Network Defense Through Threat Injection and Hunting

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 5 p.m. (50 minutes).

Traditional penetration testing and red team engagements typically focus on identifying single attack paths and how organizations can fix vulnerabilities to shut those paths down. The results of these engagements are a reduced risk from eliminating a single attack path, but rarely lead to an improved defensive skill set. This talk will introduce the Threat Detection Maturity Model, a security detection and testing framework to more closely integrate red and blue team operations with the goal of measurably improving defensive capabilities. The framework is designed to measure the effectiveness of the blue team’s defensive capabilities using a capability maturity model across the attack lifecycle. We’ll demonstrate how “threats” are injected into an environment to enable a hunt team or SOC to improve their skill sets and validate the effectiveness of their security tooling.

Presenters:

Similar Presentations: