The Future of Siem

  • hadPresenter @jeannie-warner
  • hasTopic
  • Four Attributes of Success:
    • "Assumed Breach" posture
      • "boring" is what wins
      • "offensive posture" : what if? zero trust initiatives;
      • NIST-800 needs teeth
    • Understand What Normal Looks Like
      • "over 3/4 of attacks are using valid credentials"; compromised credentials
    • Embrace Automation
      • "They'll yell at me" is a real reason IT won't do things
    • Think Like the Business
      • speak to the business in a language they understand
      • adopt a risk-based approach for users, roles, and assets
      • respond to cybersecurity events the way a good business responds to market conditions
      • elevate cybersecurity as a strategic partner versus a cost center
      • constant team education and improvement
  • Where to begin:
    • audit existing capabilities
    • assess your staff workflow and workloads
    • determine the most business-critical use cases by asking
      • can you support them with your existing skills, technology, data
      • are you mapping log sources and events to the mitre attach chain
      • "first times are interesting"
    • communicate the business value you are driving

Backlinks