Threat-Informed Detection Engineering

Thursday, 12 May 2022 10:30AM EDT (12 May 2022 14:30 UTC)
Speakers: Jorge Orchilles, Chris Peacock, Adversary Emulation - Detection Engineer at SCYTHE

Have you conducted a purple team exercise that’s left you wanting greater detection coverage? Perhaps it’s to catch threat actors earlier in the attack. Maybe, it’s to cover more detection opportunities in case a threat changes some procedures. In any instance, detection engineering should be driven by intelligence to ensure coverage of real-world threats targeting your organization.

This webinar will cover the detection engineering process and how operationalized purple teaming drives it. Every environment is unique and needs custom detections tailored to the environment and its threats. Operationalized purple teaming shows us, with a certain degree of confidence, what it would look like if a threat were to attack. Purple team emulations allow Blue Teams and Detection Engineers to check log sources and develop detections around common questions like, “is it normal for the targeted process to behave this way in our environment?” Join us to learn more about threat-informed detection engineering and how it fits into Purple Teaming.

Chris Peacock

Chris is an Adversary Emulation - Detection Engineer at SCYTHE, specializing in Purple Team Exercises and Detection Engineering. His previous experience includes multiple roles such as Cyber Threat Intelligence Analyst, Cyber Threat Hunter, Tier 3 SOC Analyst, Incident Responder, Cyber Security Consultant, and Purple Team Lead. He previously worked at Raytheon Intelligence & Space as well as General Dynamics Ordnance and Tactical Systems. Additionally, he has experience in multiple industries, including Energy, Finance, Healthcare, Technology, and Defense. Current certifications include GCTI, GCFA, GCED, eJPT, and CSIS.

Twitter: https://twitter.com/SecurePeacock

LinkedIn: https://www.linkedin.com/in/securepeacock/

View the first in this webcast series: Running Your First Purple Team Exercise: Understand the Cyber Kill Chain, Cyber Threat Intelligence, Emulation, and Response

View the second in this webcast series: Operationalized Purple Teaming

Login to Register

PurpleTeamWebcast_Threat-Informed_Detection_-_5_12_20225.jpg

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

January 31, 2024

Continuous Purple Teaming: A Practical Approach for Strengthening Your Offensive Capabilities

This post will guide you through actionable strategies to implement adversary emulation effectively with some concrete examples.

Jeroen Vandeleur

Purple Team, Offensive Operations, Pen Testing, and Red Teaming

Purple Teaming and Threat-Informed Detection Engineering

In the first two webcasts of this Purple Team series, we covered how to run your first Purple Team Exercise and how to Operationalize your Purple Team. You may have noticed that a common process in Purple Teaming is detection engineering. In this blog, we go into the items discussed in our third...

Jorge Orchilles