In the SOC, defenders are often true to their name 'playing defense to manage detections, assess risk, and protect the network from an ever-evolving barrage of threats. Doing this assessment and response faster is often the main goal of most IR teams. However, attacks don't start with alerts'they start with the infrastructure that attackers set up to deliver the attack. '
In this Lunch and Learn, DomainTools ' VP of Product, Jackie Abrams, will use real-world attacks to show you how to create repeatable processes for not just assessing indicator risk to support faster triage and more effective threat escalation, but also for investigating threat actor infrastructure and creating profiles that you can use to hunt externally for threats relevant to your organization 'moving left in attack detection by finding threats before they find you.