Sign up to save your podcasts
Or
Share Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Enterprise Security] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/926921/logo_300x300.png){kind=logo}
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]
Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole.
Speaker(s)
Rick McElroy, Principal Security Strategist , Carbon Black
Rick McElroy, Principal Security Strategist , Carbon Black
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146233
View all episodes
By SplunkHave you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole.
Speaker(s)
Rick McElroy, Principal Security Strategist , Carbon Black
Rick McElroy, Principal Security Strategist , Carbon Black
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146233