The Future of Siem
- hadPresenter @jeannie-warner
- hasTopic
- User and Behavior Analysis
- need to collect more of the right data including creds
- manual investigations lead to an incomplete outcome
- "it's a whole new world", but our humans have a gap e.g. NTLM vs Kerberos
- Security Operations Center
- Four Attributes of Success:
- "Assumed Breach" posture
- "boring" is what wins
- "offensive posture" : what if? zero trust initiatives;
- NIST-800 needs teeth
- Understand What Normal Looks Like
- "over 3/4 of attacks are using valid credentials"; compromised credentials
- Embrace Automation
- "They'll yell at me" is a real reason IT won't do things
- Think Like the Business
- speak to the business in a language they understand
- adopt a risk-based approach for users, roles, and assets
- respond to cybersecurity events the way a good business responds to market conditions
- elevate cybersecurity as a strategic partner versus a cost center
- constant team education and improvement
- "Assumed Breach" posture
- Where to begin:
- audit existing capabilities
- assess your staff workflow and workloads
- determine the most business-critical use cases by asking
- can you support them with your existing skills, technology, data
- are you mapping log sources and events to the mitre attach chain
- "first times are interesting"
- communicate the business value you are driving
Backlinks