SlideShare a Scribd company logo

Modernizing Your SOC: A CISO-led Training

Download as PPTX, PDF
Sqrrl
Sqrrl

Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection. Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations

Software
1 of 23
Modernizing Your SOC: It’s Hunting SeasonJanuary 2017
© 2017 Sqrrl Data, Inc. All rights reserved. 2 Presenters Edward Amoroso, David J. Bianco Sqrrl Security Technologist, Former lead threat hunter at GE CEO of TAG Cyber, Former CISO for AT&T
Dr. Edward G. Amoroso, CEO TAG Cyber eamoroso@tag-cyber.com Lessons Learned from Past, Present, and Future Security Operations Centers (SOCs)
Team Past SOCs Upgrade SOC Staff Capability Tools Improve Incident Response Tools Alarms Filter Endless False Alarms
Data Improve Quality of Data and Sources Tools Deploy Advanced Behavioral Analytics Team Hire and Nurture Expert Hunters Present SOCs
Workloads Distribute Local Control Tools Automate Security Prevention Management Virtualize Ops and Oversight Future SOCs
INVESTING I N A H U N T T E A M
© 2017 Sqrrl Data, Inc. All rights reserved. 8 The collective name for any manual or machine-assisted techniques used to detect security incidents missed by automated processes. What Do We Mean by “Threat Hunting”?
© 2017 Sqrrl Data, Inc. All rights reserved. 9 Proactive Iterative Human-driven Analytical What is Threat Hunting?
© 2017 Sqrrl Data, Inc. All rights reserved. 10 Why Hunt? The purpose of hunting is not to find new accidents. The purpose of hunting is to find new ways of finding incidents.
© 2017 Sqrrl Data, Inc. All rights reserved. 11 Detections IndicatorsFindings Detections Detection Improvements Hunting Intel Automated Detection Incident Response Detection Development Functions of a Modern SOC Incident Data
© 2017 Sqrrl Data, Inc. All rights reserved. 12 Detections IndicatorsFindings Detections Detection Improvements Hunting Intel Automated Detection Incident Response Detection Development Incident Data Functions of a Modern SOC Sqrrl‘s Focus
© 2017 Sqrrl Data, Inc. All rights reserved. 13 Fielding a Hunt Team Ad Hoc • Hunting in “spare” time • Can get a lot of hunters involved, but lacks strategy and coordination • Also, if “everyone” hunts, no one hunts Dedicated • “Go out and find me some bad guys!” • Enables strategic thinking, but concentrates expertise into the hands of a few Hybrid • The best of both! • The hunt function is dedicated, but team members rotate through • Encourages both strategic planning and broad participation
© 2017 Sqrrl Data, Inc. All rights reserved. 14 Team Skillsets: All Members Communication Business Knowledge Collaboration Critical Thinking
© 2017 Sqrrl Data, Inc. All rights reserved. 15 Data Analysis / Data Science Network Protocols OS Internals Security Logging Team Skillsets: Specialities Threat Internal
© 2017 Sqrrl Data, Inc. All rights reserved. 16 If possible, establish a core of experienced hunters with a demonstrated track record of mentorship. Procedures should encourage and require collaboration between analysts at all skill levels. Encourage “active mentorship” within the team: • Have members participate in creating and implementing a training/development plan each year, then give them the time and resources necessary to complete it. • Every team member has something they know more about than anyone else. Get them to document and share via blogs, brown bag lunch sessions, etc. • Involvement in the larger security community is great professional development! Growing Hunters and Hunt Teams
© 2017 Sqrrl Data, Inc. All rights reserved. 17 This Company Gets It Part of an actual job posting for a ”Hunt Team Analyst”. Skills enhancement is literally the second paragraph in the document. As a contributor to the team, this role will spend up to 30% of it’s time broadening skills by: • Participating in one-on-one hands-on mentoring with peers and senior team members • Researching new techniques for analysis & developing deeper technical analysis skills • Contributing to the security community through projects and presenting at conferences While spending 70% or more heads down doing the mission: • Hands-on hunting, event triage & analysis across NSM sensors & managed endpoints • Consumption, analysis, and production of tactical threat intelligence • Development & maintenance of detection scripts, rules, signatures and related logic • Finding evil, and generally having fun kicking it out of places it shouldn’t be
MAKING IT REALH U N T O P E R A T I O N S ( H U N T O P S )
© 2017 Sqrrl Data, Inc. All rights reserved. 19 Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Step 1: Choose Your Favorite Attack Model The Lockheed Martin Cyber Kill Chain: Intelligence-Driven Computer Network Defense Informed by Anwww.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf alysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http:// (Last checked January 20, 2017) MITRE ATT&CK: Adversarial Tactics, Techniques & Common Knowledge, MITRE, http://attack.mitre.org (Last checked January 20, 2017)
© 2017 Sqrrl Data, Inc. All rights reserved. 20 Example KC7 Activities • Lateral Movement • Data Staging & Exfiltration • Credential Dumping • Local Network Discovery • Disable Endpoint Security • Webshell Use • Email Theft • Malicious Data Encryption Factor in your own environment and business priorities! Step 2: Identify Malicious Behaviors Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives
© 2017 Sqrrl Data, Inc. All rights reserved. 21 Step 3: Align Your Strategy to Your Model Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Predict attacks Expand the stories you are able to tell High impact activity S O M E T I M E S D O T H I S R E G U L A R Y D O T H I S F R E Q U E N T L Y D O T H I S
© 2017 Sqrrl Data, Inc. All rights reserved. 22 Use this simple assessment to find out where you fall on the Hunting Maturity Model and what you can do to improve your SOC’s capabilities! How Mature Are Your Hunt Capabilities?
WRAP UP & QUESTIONS

Recommended

Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government TechnologySqrrl
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 

Recommended

Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsSqrrl
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government TechnologySqrrl
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
 
User and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphUser and Entity Behavior Analytics using the Sqrrl Behavior Graph
User and Entity Behavior Analytics using the Sqrrl Behavior GraphSqrrl
 
Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Threat Hunting Platforms (Collaboration with SANS Institute)
Threat Hunting Platforms (Collaboration with SANS Institute)Sqrrl
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedSqrrl
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresCloudera, Inc.
 
UserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedmanUserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedmanAaron Friedman
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?North Texas Chapter of the ISSA
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 

More Related Content

What's hot

The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedSqrrl
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityAI Frontiers
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New ScopeThreatConnect
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresCloudera, Inc.
 
UserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedmanUserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedmanAaron Friedman
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionInterset
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityData Science Thailand
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
 

What's hot (20)

The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting Started
 
Jisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in SecurityJisheng Wang at AI Frontiers: Deep Learning in Security
Jisheng Wang at AI Frontiers: Deep Learning in Security
 
Sqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big AppSqrrl March Webinar: How to Build a Big App
Sqrrl March Webinar: How to Build a Big App
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
 
Episode IV: A New Scope
Episode IV: A New ScopeEpisode IV: A New Scope
Episode IV: A New Scope
 
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera CaresGrace Hopper Open Source Day Findings | Thorn & Cloudera Cares
Grace Hopper Open Source Day Findings | Thorn & Cloudera Cares
 
UserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedmanUserEntityandBehaviorAnalyticsFriedman
UserEntityandBehaviorAnalyticsFriedman
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting Program
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the Cloud
 
Big Data Analytics to Enhance Security
Big Data Analytics to Enhance SecurityBig Data Analytics to Enhance Security
Big Data Analytics to Enhance Security
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 

Similar to Modernizing Your SOC: A CISO-led Training

How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsInterset
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsInterset
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasInterset
 
CWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurityCWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurityCapgemini
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics Interset
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayInterset
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk
 
Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1Priyanka Aash
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 

Similar to Modernizing Your SOC: A CISO-led Training (20)

How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
CWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurityCWIN17 Rome / A holostic cybersecurity
CWIN17 Rome / A holostic cybersecurity
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
 
A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics A New Approach to Threat Detection: Big Data Security Analytics
A New Approach to Threat Detection: Big Data Security Analytics
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
 
Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1Mastering next gen-siem-usecases-part1
Mastering next gen-siem-usecases-part1
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 

More from Sqrrl

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivitySqrrl
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivitySqrrl
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to KnowSqrrl
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data AdvantageSqrrl
 
Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl
 
Sqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreSqrrl
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelSqrrl
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTableSqrrl
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache AccumuloSqrrl
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl
 
Sqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl
 
Sqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl
 

More from Sqrrl (18)

How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
 
Reducing Mean Time to Know
Reducing Mean Time to KnowReducing Mean Time to Know
Reducing Mean Time to Know
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data Advantage
 
Sqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, AnalyzeSqrrl Enterprise: Integrate, Explore, Analyze
Sqrrl Enterprise: Integrate, Explore, Analyze
 
Sqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber HuntingSqrrl Datasheet: Cyber Hunting
Sqrrl Datasheet: Cyber Hunting
 
Benchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value StoreBenchmarking The Apache Accumulo Distributed Key–Value Store
Benchmarking The Apache Accumulo Distributed Key–Value Store
 
Scalable Graph Clustering with Pregel
Scalable Graph Clustering with PregelScalable Graph Clustering with Pregel
Scalable Graph Clustering with Pregel
 
What's Next for Google's BigTable
What's Next for Google's BigTableWhat's Next for Google's BigTable
What's Next for Google's BigTable
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache Accumulo
 
Sqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love StorySqrrl June Webinar: An Accumulo Love Story
Sqrrl June Webinar: An Accumulo Love Story
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
Sqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data SilosSqrrl February Webinar: Breaking Down Data Silos
Sqrrl February Webinar: Breaking Down Data Silos
 
Sqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in AccumuloSqrrl November Webinar: Encryption and Security in Accumulo
Sqrrl November Webinar: Encryption and Security in Accumulo
 
Sqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and IndexingSqrrl October Webinar: Data Modeling and Indexing
Sqrrl October Webinar: Data Modeling and Indexing
 

Recently uploaded

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 

Recently uploaded (20)

The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 

Modernizing Your SOC: A CISO-led Training

  • 2. © 2017 Sqrrl Data, Inc. All rights reserved. 2 Presenters Edward Amoroso, David J. Bianco Sqrrl Security Technologist, Former lead threat hunter at GE CEO of TAG Cyber, Former CISO for AT&T
  • 3. Dr. Edward G. Amoroso, CEO TAG Cyber eamoroso@tag-cyber.com Lessons Learned from Past, Present, and Future Security Operations Centers (SOCs)
  • 4. Team Past SOCs Upgrade SOC Staff Capability Tools Improve Incident Response Tools Alarms Filter Endless False Alarms
  • 5. Data Improve Quality of Data and Sources Tools Deploy Advanced Behavioral Analytics Team Hire and Nurture Expert Hunters Present SOCs
  • 7. INVESTING I N A H U N T T E A M
  • 8. © 2017 Sqrrl Data, Inc. All rights reserved. 8 The collective name for any manual or machine-assisted techniques used to detect security incidents missed by automated processes. What Do We Mean by “Threat Hunting”?
  • 9. © 2017 Sqrrl Data, Inc. All rights reserved. 9 Proactive Iterative Human-driven Analytical What is Threat Hunting?
  • 10. © 2017 Sqrrl Data, Inc. All rights reserved. 10 Why Hunt? The purpose of hunting is not to find new accidents. The purpose of hunting is to find new ways of finding incidents.
  • 11. © 2017 Sqrrl Data, Inc. All rights reserved. 11 Detections IndicatorsFindings Detections Detection Improvements Hunting Intel Automated Detection Incident Response Detection Development Functions of a Modern SOC Incident Data
  • 12. © 2017 Sqrrl Data, Inc. All rights reserved. 12 Detections IndicatorsFindings Detections Detection Improvements Hunting Intel Automated Detection Incident Response Detection Development Incident Data Functions of a Modern SOC Sqrrl‘s Focus
  • 13. © 2017 Sqrrl Data, Inc. All rights reserved. 13 Fielding a Hunt Team Ad Hoc • Hunting in “spare” time • Can get a lot of hunters involved, but lacks strategy and coordination • Also, if “everyone” hunts, no one hunts Dedicated • “Go out and find me some bad guys!” • Enables strategic thinking, but concentrates expertise into the hands of a few Hybrid • The best of both! • The hunt function is dedicated, but team members rotate through • Encourages both strategic planning and broad participation
  • 14. © 2017 Sqrrl Data, Inc. All rights reserved. 14 Team Skillsets: All Members Communication Business Knowledge Collaboration Critical Thinking
  • 15. © 2017 Sqrrl Data, Inc. All rights reserved. 15 Data Analysis / Data Science Network Protocols OS Internals Security Logging Team Skillsets: Specialities Threat Internal
  • 16. © 2017 Sqrrl Data, Inc. All rights reserved. 16 If possible, establish a core of experienced hunters with a demonstrated track record of mentorship. Procedures should encourage and require collaboration between analysts at all skill levels. Encourage “active mentorship” within the team: • Have members participate in creating and implementing a training/development plan each year, then give them the time and resources necessary to complete it. • Every team member has something they know more about than anyone else. Get them to document and share via blogs, brown bag lunch sessions, etc. • Involvement in the larger security community is great professional development! Growing Hunters and Hunt Teams
  • 17. © 2017 Sqrrl Data, Inc. All rights reserved. 17 This Company Gets It Part of an actual job posting for a ”Hunt Team Analyst”. Skills enhancement is literally the second paragraph in the document. As a contributor to the team, this role will spend up to 30% of it’s time broadening skills by: • Participating in one-on-one hands-on mentoring with peers and senior team members • Researching new techniques for analysis & developing deeper technical analysis skills • Contributing to the security community through projects and presenting at conferences While spending 70% or more heads down doing the mission: • Hands-on hunting, event triage & analysis across NSM sensors & managed endpoints • Consumption, analysis, and production of tactical threat intelligence • Development & maintenance of detection scripts, rules, signatures and related logic • Finding evil, and generally having fun kicking it out of places it shouldn’t be
  • 18. MAKING IT REALH U N T O P E R A T I O N S ( H U N T O P S )
  • 19. © 2017 Sqrrl Data, Inc. All rights reserved. 19 Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Step 1: Choose Your Favorite Attack Model The Lockheed Martin Cyber Kill Chain: Intelligence-Driven Computer Network Defense Informed by Anwww.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf alysis of Adversary Campaigns and Intrusion Kill Chains”, Hutchins, Cloppert, Amin, http:// (Last checked January 20, 2017) MITRE ATT&CK: Adversarial Tactics, Techniques & Common Knowledge, MITRE, http://attack.mitre.org (Last checked January 20, 2017)
  • 20. © 2017 Sqrrl Data, Inc. All rights reserved. 20 Example KC7 Activities • Lateral Movement • Data Staging & Exfiltration • Credential Dumping • Local Network Discovery • Disable Endpoint Security • Webshell Use • Email Theft • Malicious Data Encryption Factor in your own environment and business priorities! Step 2: Identify Malicious Behaviors Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives
  • 21. © 2017 Sqrrl Data, Inc. All rights reserved. 21 Step 3: Align Your Strategy to Your Model Reconnaissanc e Weaponization Delivery Exploitation Installation Command & Control (C2) Actions on Objectives Predict attacks Expand the stories you are able to tell High impact activity S O M E T I M E S D O T H I S R E G U L A R Y D O T H I S F R E Q U E N T L Y D O T H I S
  • 22. © 2017 Sqrrl Data, Inc. All rights reserved. 22 Use this simple assessment to find out where you fall on the Hunting Maturity Model and what you can do to improve your SOC’s capabilities! How Mature Are Your Hunt Capabilities?
  • 23. WRAP UP & QUESTIONS

Editor's Notes

  1. If you are big enough to have a SOC, you are big enough to start hunting. All SOCs should have some sort of hunt function.
  2. If you are big enough to have a SOC, you are big enough to start hunting. All SOCs should have some sort of hunt function.