Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

The Future of Risk-Based Detection

  • Tue, Jun 20, 2023
  • 3:30PM - 4:30PM UTC
  • English
  • Phil Neray & Ken Tidwell
  • Technical Presentation
Login to register
Webcast Hero

Detecting attacks in their earliest stages — before they impact your business — is a key element of an effective threat detection and incident response (TDIR) strategy. But according to  Mandiant’s 2022 M-Trends Special Report, it still takes an average of 21 days to detect a successful cyberattack — and only an average of 92 minutes for threat actors to move laterally across a compromised network.

Of course, detection has come a long way since the early days of static signatures and IOCs, but the constant evolution of adversary techniques continues to be a major challenge for the modern Security Operations Center. Compounding this challenge is the inherent complexity of managing 50-100+ disparate security tools — required to address the need for broader and deeper visibility across a constantly expanding attack surface — but with each tool generating its own alerts and requiring specialized expertise to be properly configured.

In this webinar with SecOps experts, we'll cover key topics including how to:

  • Incorporate risk-based detection to reduce noise and quickly respond when time is a limiting factor.
  • Operationalize MITRE ATT&CK to build a threat-informed defense and establish risk-based metrics.
  • Enrich alerts with internal business context for increased actionability, less time spent on investigations, and better utilization of existing staff.
  • Break down silos and establish relationships with a wider circle of leaders within an organization, in order to be better aligned with the business and address under resourced security teams.

We'll also provide a technical demo of the CardinalOps detection posture management platform, showing how automation can:

Eliminate detection coverage gaps, prioritized according to your business priorities and MITRE ATT&CK techniques most relevant to your organization.

Ensure your detections are working as intended and have not become "silently" broken or misconfigured over time.

Drive cost savings by tuning noisy and inefficient queries, reducing logging volume, and eliminating underused tools in your stack.

Meet the speakers

Phil Neray

Phil Neray

VP of Cyber Defense Strategy

Phil is VP of Cyber Defense Strategy at Gem Security, the Cloud Detection & Response (CDR) company. Prior to Gem, he held executive roles at innovative startups like CardinalOps, CyberX, Veracode, and Guardium as well as at larger organizations like Microsoft Security, IBM Security, and Symantec. Phil has a BSEE from McGill University, is certified in cloud security (CCSK), and has a black belt in American Jiu-Jitsu.

Learn more

Ken Tidwell

Ken Tidwell has been involved with software startups for 40 years. He has been everything from a lowly intern to president. Most notably, Ken was the chief architect at ArcSight when the concept of a SIEM was first developed and contributed many of the ideas still found in SIEMs two decades later. He also led the ArcSight content team and was head of the correlation team, where he built the rule engine, report generation engine, and dashboards. Most recently, Ken co-founded FactorChain to build tools to assist in incident response and investigation. FactorChain was acquired by Sumo Logic, where Ken assisted in developing security analytics for their SIEM offering.

Learn more