Presented at
Kernelcon 2019,
April 6, 2019, 2 p.m.
(50 minutes).
SOC and IR professionals are required to use myriad different tools and services to handle alerts and investigate cases, including EDR, Sandboxes, SIEM, pDNS, TIPs and more. Working through all of these GUIs is time consuming and has a learning curve due to the hundreds of different tools and vendors out there - every environment will have different tools. False positives must often be identified manually due to the lack of direct communication between the siloed tools.
Presenters:
-
Lior Kolnik
- Demisto
Lior has spent the past decade working on various security projects, spanning from reverse engineering to designing and developing secure systems. Currently, Lior is working as Head of Security Research at Demisto, where he and his team investigate new threats and build security playbooks to arm the next generation of blue teams. Before joining Demisto in 2016, Lior served 7 years in an elite technological unit of the IDF and studied for his M.Sc in CompSci.
Links: