The ability to quickly and accurately detect threat and high-risk activity is key to any information security program. In order to effectively perform this at scale over time, a dedicated program to develop, measure efficacy, and refine detection content is essential. In this session, we will share an approach to developing and implementing such a program, and the lessons learned along the way.
1: Learn the phases of the detection content development lifecycle.
2: Learn to set up processes to allow the program to be self-sustaining.
3: Learn to measure the efficacy of your detection content and act on it.
Awareness of security models such as the ATT&CK framework and Cyber Kill Chain. Interest or experience building processes associated with security operations. Understanding of building and refining detection content such as signatures and SIEM correlations will also be valuable.
Analytics Intelligence & Response Security Strategy & Architecture
Share With Your Community