Shrinking Attack Dwell Times - A Phishing Case Study Demo

  • Tuesday, 03 Oct 2017 1:00PM EDT (03 Oct 2017 17:00 UTC)
  • Speakers: John Pescatore, John Jolly

Security Operations team struggle to quickly prioritize their alert queues to find true positives and rapidly respond to minimize damage. Quickly finding the alerts that represent real attacks presenting the most risk, is key to reducing business disruption as attack surface increases with cloud and mobile, and alert surface increases with new tools like EDR.'this session will demonstrate a practical approach to accelerate this process through thoughtful automation and risk scoring using a user-submitted phishing email use case. 'Attendees will see how the attack dwell time can be compressed using a Security Automation & Orchestration platform, that leverages the existing security stack and SOC tribal knowledge.