The Future of Risk-Based Detection

Tuesday, 20 Jun 2023 3:30PM EDT (20 Jun 2023 19:30 UTC)
Speakers: Phil Neray, Ken Tidwell

Detecting attacks in their earliest stages — before they impact your business — is a key element of an effective threat detection and incident response (TDIR) strategy. But according to Mandiant’s 2022 M-Trends Special Report, it still takes an average of 21 days to detect a successful cyberattack — and only an average of 92 minutes for threat actors to move laterally across a compromised network.

Of course, detection has come a long way since the early days of static signatures and IOCs, but the constant evolution of adversary techniques continues to be a major challenge for the modern Security Operations Center. Compounding this challenge is the inherent complexity of managing 50-100+ disparate security tools — required to address the need for broader and deeper visibility across a constantly expanding attack surface — but with each tool generating its own alerts and requiring specialized expertise to be properly configured.

In this webinar with SecOps experts, we'll cover key topics including how to:

Incorporate risk-based detection to reduce noise and quickly respond when time is a limiting factor.
Operationalize MITRE ATT&CK to build a threat-informed defense and establish risk-based metrics.
Enrich alerts with internal business context for increased actionability, less time spent on investigations, and better utilization of existing staff.
Break down silos and establish relationships with a wider circle of leaders within an organization, in order to be better aligned with the business and address under resourced security teams.

We'll also provide a technical demo of the CardinalOps detection posture management platform, showing how automation can:

Eliminate detection coverage gaps, prioritized according to your business priorities and MITRE ATT&CK techniques most relevant to your organization.

Ensure your detections are working as intended and have not become "silently" broken or misconfigured over time.

Drive cost savings by tuning noisy and inefficient queries, reducing logging volume, and eliminating underused tools in your stack.

Login to Register

Thank You to our Sponsor

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

January 31, 2024

Continuous Purple Teaming: A Practical Approach for Strengthening Your Offensive Capabilities

This post will guide you through actionable strategies to implement adversary emulation effectively with some concrete examples.

Jeroen Vandeleur

Purple Team, Offensive Operations, Pen Testing, and Red Teaming

Purple Teaming and Threat-Informed Detection Engineering

In the first two webcasts of this Purple Team series, we covered how to run your first Purple Team Exercise and how to Operationalize your Purple Team. You may have noticed that a common process in Purple Teaming is detection engineering. In this blog, we go into the items discussed in our third...

Jorge Orchilles