An Alert Has Fired. Now what?

  • Tuesday, 13 Jul 2021 12:45PM EDT (13 Jul 2021 16:45 UTC)
  • Speaker: Alex Kirk, Global Principal

While the security industry spends a lot of time and energy getting more and/or better alerts, comparatively little investment has gone into helping analysts operationalize and contextualize those alerts. This talk will discuss how a solid foundation of network telemetry can enable not only high-velocity, high-confidence processing of alerts of all stripes, but also a host of other critical security applications, from fundamentals like asset management to advanced techniques like proactive threat hunting. Real-world examples and code will be used throughout the talk, along with practical considerations for operating in an enterprise environment.