RSAC 2022 Session Wrap Up Series: Analytics, Intelligence & Response


Posted on by RSAC Editorial Team

In this six-part blog series, the RSAC editorial team highlights the six buzz topics featured at RSAC 2022. Each blog will highlight one of the most popular topics and trends seen within related sessions. Our final topic is analytics, intelligence & response.

Preparation for OT Incident Response
Lesley Carhart, Principal Industrial Incident Responder at Dragos, Inc.

Carhart drops some big facts and figures right off the bat, mentioning that cybercrime is a multi-trillion-dollar industry, and every vertical is a target, and every size organization is a target. She mentions that cybersecurity incident response is a “when,” not an “if.” Incident response base rates currently run $350–$600 an hour, which adds up quickly.

It can be an overwhelming prospect, but Carhart says to start with the basics, leverage easy wins when you can grab them, project long-term efforts, invest now, and that will save quantifiable resources during an incident, and utilize outside resources when needed for proactive tasks.

Expect More: Realizing the True Impact of Your Intelligence Program
Stu Solomon, President at Recorded Future

Solomon shares some insightful nuggets surrounding intelligence throughout his presentation and great reminders. Intelligence is not just for the government, and everything eventually ends up on the Internet. 

In a world of aggressive uncertainty, intelligence is the only equalizer. Situational awareness requires internal and external participation—basically total buy-in from the top down. When discussing AI, Solomon reminds us that automation in intelligence is critical to creating measurable operational outcomes.

Use the Force, Luke: Harnessing Shodan to Hunt for Threats to ICS Systems
Dan Gunter, Founder and CEO of Insane Forensics
Paul Mathis, Lead Cybersecurity Analyst at Insane Forensics

Threat hunting is a “proactive, analyst-driven process to search for attacker tactics, techniques, and procedures (TTP) within an environment” and incorporates detection and prevention. Threat hunting is one of many possible controls an organization might use to counter a threat to the organization. The threat surface extends beyond the enterprise network boundary if a network boundary event exists. Gunter and Mathis remind us that time and money are finite resources for a security program.

When going back to your organization, it’s important to identify threat hunting program maturity and identity opportunities to influence your organization. Incorporating new analysis tools and techniques to cover wider threat surfaces in the first three months is a good place to start.

 

 

Read all of the series:

RSAC 2022 Session Wrap Up Series: Analytics, Intelligence & Response

RSAC 2022 Session Wrap Up Series: Cloud Security & CloudSecOps

RSAC 2022 Session Wrap Up Series: Security Strategy & Architecture

RSAC 2022 Session Wrap Up Series: Risk Management & Governance

RSAC 2022 Session Wrap Up Series: Hackers & Threats

RSAC 2022 Session Wrap Up Series: Zero Trust


Contributors
RSAC Editorial Team

Editorial, RSA Conference

Human Element RSAC Insights Hackers & Threats Technology Infrastructure & Operations

risk management security intelligence threat intelligence critical infrastructure incident response threat visualization industrial control security business continuity & disaster recovery

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs