Reviewing a security incident in sequential order aids in threat hunting, investigation, and remediation by security analysts. The amount of data generated by security incidents on a network is overwhelming. With process and automation it is possible to find a security threat by identifying anomalous behaviour amongst millions of normal behaviour actions. This talk will look at how automating data input, benchmarking user and device behaviour reduces the time and specialisation required to detect attacker tactics, techniques, and procedures.
We’ll look into best practice to automate detection and investigation.
Attendees familiar with alerting, monitoring and security tools would benefit from this talk.