Cyber Security vs. Statistics: Fighting False Positives to Automate your Security Operations
There is simply too much information and threat intelligence out there for security operations analysts and incident responders to (consciously) consume. Therefore, we need to automate as much as possible and provide actionable incidents to them, and, in some cases, automate the incident response as well. This requires automation of various tasks that would normally be tedious manual labor. How does one do this in a way to avoid false positives? To fight the biggest enemy of automation, false positives, we need to have a clear set of strategies to correlate various detections and offer response actions that are based on context of the user, device and attacker.
In this session you will learn the various methods to do this correlation and take automated response actions. We will both review important statistical methods, as well as incident response and threat hunting operations. We will then put this together into a concrete use case. You will also see a demo of this use case, and all material will be available to you after the session to continue your learning and, hopefully, automation journey.
Check out our new channel:
NDC Clips:
‪@ndcclips‬
Check out more of our featured speakers and talks at
ndcconferences.com/
ndc-security.com/