A key tenant in any criminal investigation is building a case based on a broad array of data. Evidence around finances, phone records and surveillance are all used in the pursuit of justice and accountability for offenders. While occasionally someone will do something so egregious that the need for other evidence isn’t necessary, most criminals don’t work in plain sight. Cyber criminals are no exception, yet incident response teams typically rely on single-sources of digital evidence, rather than building a holistic view of the attacks based on multiple data sources.
In this presentation we will build the case for implementing surveillance strategies that use an array of data sources, including EDR, NDR and SIEM. We’ll examine how response timelines and threat resolution can be accelerated when multiple sets of detection data are compounded within the context of one another to shine light on the work criminals think they are doing in the dark.