Collect All the Data - Protect All the Things

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 9 a.m. (45 minutes).

Protecting all the things, all the time requires the collection and analysis of all the data. The range of threats is wide and can be highly advanced. To bring the sexy back to blue team, the next generation security operations team has too look across all the available data sources. Correlating of network, application, machine, and endpoint OS data events to find anomalous behavior and reduce false positives. This talk covers application of different methods of collection and analysis as well as the use of machine learning to generate behavioral anomalies that are incorporated into overall continuous monitoring capabilities to catch a variety of apt activity before a signature has been developed. This is not a vendor talk and nearly all tools discussed are open source and free.


Presenters:

  • Aaron Rosenmund
    I am a full-time author with Pluralsight focusing on security operations and incident response conducting research and producing advanced level video courses and demonstration content for Pluralsight. A part time member of the Florida Air National Guard, I built and operated one of the first mission defense teams for the 601 AOC Tyndall and now focus on the development of security monitoring, detection, and threat hunting.Certs: GCED, GCIA, CCNA Cyber Operations, Comptia Sec+, and the new Comptia Pentest+; more found at www.aaronrosenmund.com. Sec dev work at www.github.com/arosenmund

Links:

Similar Presentations: