Do you SOC? If so, you probably know how hard it can be to make the most of your existing security technologies in a way that supports your mission. Chances are you didn't have the opportunity to design and build your security architecture from scratch either, and that you have a mix of endpoint, network, and cloud security solutions to defend both legacy and newer mission-critical systems. At this point, you have also probably realized that prevention will often fail, and that, ironically, traditional security architectures were built with a focus on protection, not detection, hunting or response. That's why it's important that we, as all-around defenders, learn how to architect and engineer with security operations in mind. '
Using the concepts presented in Security 530: Defensible Security Architecture and Engineering, and leveraging community projects like MITRE ATT&CK and TTP0, Ismael Valenzuela & Rob Gresham will explain how 'divide & conquer ' aka. architecting around 'zones ' and 'tiers ' can help blue teamers to defend their organization, considering both IT and business context, to simplify building effective Use-Cases, as well as setting the stage to build efficient processes for prevention, detection, threat hunting, and response.