Threat-Driven Network Defense
- TYPE: Track START DATE: Wednesday, October 09, 2019 START TIME: 15:00 LOCATION: Holeman Lounge
Talks that show how to use automation, orchestration, and actionable threat intelligence to implement network defense actions.
Date: Wednesday, October 09, 2019 Time: 15:00-16:00
Automating Open-Source Zeek (Bro) for Threat Mitigation and Response
Allan Thomson, LookingGlass Cyber Solutions
This presentation describes how a common open-source tool Zeek (Bro) that has been used, until today, primarily for threat detection can be extended to provide threat response including mitigation of attacks including those aspects that can be tied to the MITRE ATT&CK framework. Today Zeek/Bro has a large open-source and active community that contributes using Zeek/Bro scripts that include detecting attacks such as Heartbleed and many other behavioral (TTP) based detections....
CACAO: Insights on Cybersecurity Orchestration Cooperative Collaboration
Allan Thomson, LookingGlass Cyber Solutions • Bret Jordan, Symantec
To defend against threat actors and their tactics, techniques, and procedures, organizations need to manually identify, create, and document prevention, mitigation, and remediation steps. These steps when grouped together into a course of action (COA) / playbook are used to protect systems, networks, data, and users. The problem is, once these steps have been created there is no standardized and structured way to document them, verify they were correctly executed, or easily share them across...
Date: Wednesday, October 09, 2019 Time: 16:00-17:00
Decision Automation: Teaching Machines to Hunt
Kumar Saurabh, LogicHub
Threat Detection in today's environment requires Security Operational Center (SOC) teams to go beyond SIEM rules and simple correlation. Yet, "blackbox" AI systems often fall short by creating too many false positives and often missing true incidents. Decision Automation is the new paradigm that brings the power of expert root-cause analysis using the 5 Whys approach, coupled with Machine Learning and easily-configured automation platforms, enabling security teams to create powerful...
Making Threat Intelligence a Shared Resource for Network Defense
Todd Weller, Bandura Cyber • Jason Mok, IACD, Johns Hopkins Applied Physics Laboratory
Can small to medium organizations use what the larger organizations learn about threats to take action in a prioritized, appropriate, and automated manner? Is there an incentive for an organization to share opinions and sightings about Indicators of Compromise (IOCs)? How can a service provider share the insight gained by all these contributors so organizations can directly use that insight? Bandura Cyber has partnered with the IACD team to demonstrate the potential value of: community...
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- Oct 08 - 10, 2019 Washington, D.C. - USA