Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
RSA Conference: Joe Slowik, Adversary Hunter, Dragos
Cyber-defense centers on “what” a technology is designed to look for, with capabilities and limitations depending on method. Three distinct approaches have emerged: traditional IOCs, anomaly detection and behavioral analytics. Unfortunately, marketing has muddied these terms beyond recognition—this presentation will correct this by critically examining each approach and its capabilities.Learning Objectives:1: Gain understanding of defense detection methodologies.2: Evaluate the costs and benefits inherent to different detection approaches.3: Make decisions for the organization relevant to the organization's security needs.Pre-Requisites:General knowledge of detection methodology and technologies, awareness of current product types performing threat detection and alerting, and broad knowledge of general security incidents.
Completed 20191216
ReplyDelete