Sign up to save your podcasts
Or
Share Modernize and Mature Your SOC with Risk-Based Alerting [Splunk Enterprise, Splunk Enterprise Security]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [All Products] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/922230/logo_300x300.png){kind=logo}
Modernize and Mature Your SOC with Risk-Based Alerting [Splunk Enterprise, Splunk Enterprise Security]
Today SOCs are in desperate need of a different alerting approach. Texas Instruments (TI) decided to transform its SOC by using risk-based alerting to generate fewer, higher fidelity alerts, and by aligning to the MITRE ATT&CK™ framework, which provides more situational awareness to analysts. This risk-based approach reduces false positives and the situational numbness associated with the legacy whitelisting process. Splunk and TI will walk you through TI's SOC successes as it transitioned to risk-based alerting. TI will detail a few real-life risk-based rule examples, discuss learning curves to fast track your transition, and discuss how MITRE ATT&CK™ fits in with this approach. After this session, you will have the foundation to embark on your risk-based alerting journey, allowing you to increase detection mechanisms, increase your coverage of the ATT&CK™ techniques, and improve the overall effectiveness of your SOC.
Speaker(s)
Jim Apger, Staff Security Architect, Splunk
Jimi Mills, Security Operations Center Manager, Texas Instruments
Jim Apger, Staff Security Architect, Splunk
Jimi Mills, Security Operations Center Manager, Texas Instruments
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1803.pdf?podcast=1577146225
Product: Splunk Enterprise, Splunk Enterprise Security
Track: Security, Compliance and Fraud
Level: Intermediate
View all episodes
By SplunkToday SOCs are in desperate need of a different alerting approach. Texas Instruments (TI) decided to transform its SOC by using risk-based alerting to generate fewer, higher fidelity alerts, and by aligning to the MITRE ATT&CK™ framework, which provides more situational awareness to analysts. This risk-based approach reduces false positives and the situational numbness associated with the legacy whitelisting process. Splunk and TI will walk you through TI's SOC successes as it transitioned to risk-based alerting. TI will detail a few real-life risk-based rule examples, discuss learning curves to fast track your transition, and discuss how MITRE ATT&CK™ fits in with this approach. After this session, you will have the foundation to embark on your risk-based alerting journey, allowing you to increase detection mechanisms, increase your coverage of the ATT&CK™ techniques, and improve the overall effectiveness of your SOC.
Speaker(s)
Jim Apger, Staff Security Architect, Splunk
Jimi Mills, Security Operations Center Manager, Texas Instruments
Jim Apger, Staff Security Architect, Splunk
Jimi Mills, Security Operations Center Manager, Texas Instruments
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1803.pdf?podcast=1577146225
Product: Splunk Enterprise, Splunk Enterprise Security
Track: Security, Compliance and Fraud
Level: Intermediate