Sign up to save your podcasts
Or
Share Building threat-driven use cases for the real world with iDefense intelligence [Splunk Enterprise, Splunk Enterprise Security]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/936940/logo_300x300.png){kind=logo}
Building threat-driven use cases for the real world with iDefense intelligence [Splunk Enterprise, Splunk Enterprise Security]
Where did you come up with the idea for your last use case? Traditional approaches to use case ideation focus on identifying new use cases based on the data already available to the security operations center. However, the threat landscape is constantly changing, and attackers are constantly getting more sophisticated. To detect these advanced threats, our use cases must be based on both business and threat context. In this session, we will share our approach to building innovative use cases based on real-world threats. Starting with industry-specific threat intelligence, we identify the threat actors and their specific tactics, techniques, and procedures. With these insights, we identify use cases relevant to the business, map them to both existing and new data sources, and prioritize implementation based on the specific threats.
Speaker(s)
John Rubey, Accenture
John Rubey, Accenture
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2797.pdf?podcast=1577146214
Product: Splunk Enterprise, Splunk Enterprise Security
Track: Security, Compliance and Fraud
Level: Good for all skill levels
View all episodes
By SplunkWhere did you come up with the idea for your last use case? Traditional approaches to use case ideation focus on identifying new use cases based on the data already available to the security operations center. However, the threat landscape is constantly changing, and attackers are constantly getting more sophisticated. To detect these advanced threats, our use cases must be based on both business and threat context. In this session, we will share our approach to building innovative use cases based on real-world threats. Starting with industry-specific threat intelligence, we identify the threat actors and their specific tactics, techniques, and procedures. With these insights, we identify use cases relevant to the business, map them to both existing and new data sources, and prioritize implementation based on the specific threats.
Speaker(s)
John Rubey, Accenture
John Rubey, Accenture
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2797.pdf?podcast=1577146214
Product: Splunk Enterprise, Splunk Enterprise Security
Track: Security, Compliance and Fraud
Level: Good for all skill levels