Detecting Malicious Activity in Large Enterprises

  • Thursday, 10 Sep 2020 1:00PM EDT (10 Sep 2020 17:00 UTC)
  • Speakers: Anton Chuvakin, Matt Bromiley

Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed.

In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:

  • In your current state, how much data are you ingesting/analyzing?
  • How is your team writing detections? What types of metadata points are they looking for?
  • How do you detect threats?
  • Can you effectively scale detections across your data sets?
  • How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant?

Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.