Sign up to save your podcasts
Or
Share Feed the Beast! Use Splunk to Address APTs At Speed and Scale By Utilizing Endpoint-Centric Threat Hunting Uses Cases [Splunk Enterprise]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/936940/logo_300x300.png){kind=logo}
Feed the Beast! Use Splunk to Address APTs At Speed and Scale By Utilizing Endpoint-Centric Threat Hunting Uses Cases [Splunk Enterprise]
Going beyond basic perimeter defense, Threat Hunting cuts through the noise of endpoint telemetry and anti-virus data to find nation-state level Advanced Persistent Threats (APTs) that hide below the alert threshold. We will demonstrate, through 4 hunt analytic use cases, how to overcome the legacy challenge of relying on Packet Capture (PCAP) data to detect adversaries, highlighting the need to transform Hunt operations by combining Endpoint Detection and Response (EDR) telemetry data with knowledge of APT behavior to find hidden adversaries. This talk will provide a framework for planning and executing hunts, demonstrate why focusing on EDR telemetry data can add additional value over and beyond traditional network data, and how to strengthen hunting through a Purple Team approach.
Speaker(s)
Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton
Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton
Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton
Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1250.pdf?podcast=1577146215
Product: Splunk Enterprise
Track: Security, Compliance and Fraud
Level: Good for all skill levels
View all episodes
By SplunkGoing beyond basic perimeter defense, Threat Hunting cuts through the noise of endpoint telemetry and anti-virus data to find nation-state level Advanced Persistent Threats (APTs) that hide below the alert threshold. We will demonstrate, through 4 hunt analytic use cases, how to overcome the legacy challenge of relying on Packet Capture (PCAP) data to detect adversaries, highlighting the need to transform Hunt operations by combining Endpoint Detection and Response (EDR) telemetry data with knowledge of APT behavior to find hidden adversaries. This talk will provide a framework for planning and executing hunts, demonstrate why focusing on EDR telemetry data can add additional value over and beyond traditional network data, and how to strengthen hunting through a Purple Team approach.
Speaker(s)
Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton
Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton
Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton
Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1250.pdf?podcast=1577146215
Product: Splunk Enterprise
Track: Security, Compliance and Fraud
Level: Good for all skill levels