How to Automate Detection and Investigation of Security Incidents

Richard Cassidy, Exabeam

Reviewing a security incident in sequential order aids in threat hunting, investigation, and remediation by security analysts. The amount of data generated by security incidents on a network is overwhelming. With process and automation it is possible to find a security threat by identifying anomalous behaviour amongst millions of normal behaviour actions. This talk will look at how automating data input, benchmarking user and device behaviour reduces the time and specialisation required to detect attacker tactics, techniques, and procedures.

Objective of the talk

We’ll look into best practice to automate detection and investigation.

Required audience experience

Attendees familiar with alerting, monitoring and security tools would benefit from this talk.

Track 1
Location: Mountbatten Date: October 1, 2019 Time: 4:40 pm - 5:25 pm Richard Cassidy, Exabeam Richard Cassidy, Exabeam