An adversarial approach to improve detection capabilities

Presented at RomHack 2018, Sept. 22, 2018, 10:45 a.m. (45 minutes).

In this talk we will show an hybrid approach, Red / Blue Team, which allows improving detection and response capabilities using techniques, tactics, and procedures of known attackers; we will analyze how, starting from threat analysis and leveraging on integration and automation of attack and the defense Technologies, we can improve enterprise detection and response capabilities.

Presenters:

• Pietro Romano - Principal Security Engineer @ YOOX Net-A-Porter Group
  I mainly deal with the evolution of Tech Infrastructure and contents framework for Incident Prevention, Detection and Response. Ten years of experience in CyberSecurity consulting for important companies in the Banking & Financial services sector, focused on management of the Security Operation Center team and in the arrangement and evolution of CSIRT / CERT.
• Massimo Bozza - Ethical Hacker - Senior Security Engineer @ YOOX Net-A-Porter Group
  Electronic engineer, Ethical Hacker, I deal with penetration testing and threat and vulnerability management. Mainly focused on offensive security; planning research or business-driven activities always looking for the link of technology, people, teams, and targets.

Links:

• https://2018.romhack.io/program_en.html#first
• https://2018.romhack.io/slides/RomHack 2018 - Massimo Bozza Pietro Romano - Adversarial approach to Improve Detection capabilities.pdf

Similar Presentations:

• GrrCON 2016 / Threat Detection & Response with Hipara
• Diana Initiative 2023 / How I Learned to Stop Worrying and Build a Modern Detection & Response Program
• DerbyCon 6.0 Recharge (2016) / Better Network Defense Through Threat Injection and Hunting