One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2010325 |
| Date de publication | 2020-11-02 12:00:00 (vue: 2020-11-02 12:06:23) |
| Titre | SecTor 2020, Canada\'s biggest cybersecurity event: Day one |
| Texte |
This blog was written by an independent guest blogger.
I live in Toronto, so I always try my best to get to SecTor, Canada’s most important cybersecurity event, every October. Most years, SecTor has taken place in the Metro Toronto Convention Centre. But because of the unusual circumstances affecting the world in 2020, this year the event took place online exclusively. SecTor organizers hope that conditions improve by October 2021 so they can resume hosting the event in-person. I admit I do miss the parties with delicious catering, and seeing people in our industry offline.
But the talks this year have lived up to the excellent standards set by talks in previous years. This year, the main event took place on Wednesday, October 21st, and Thursday, October 22nd. There was so much to cover, even though it was impossible for me to attend all of the talks. First, I’ll start with the talks I attended on day one. Interestingly enough, they all have to do with threat detection and analysis. Enjoy!
Threat Hunting Intelligently
The first talk I attended was titled “Threat Hunting Intelligently.” It was presented by Ryan Cobb, Senior Information Security Researcher at Secureworks.
Here’s the description of the talk, from SecTor’s web app:
“Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep customers safe through the intersection of technology, tools, and passionate professionals who provide the ultimate advantage over the adversary. Ryan will present how to combine the insights from threat modeling and intelligence to hunt purposefully and effectively without being limited by what third-party intelligence and strategies can provide for your organization.”
Proper threat hunting procedures can identify indications of compromise (IOCs) efficiently and produce intelligence that can help organizations mitigate a threat before it becomes a huge problem. Improper threat hunting wastes time, money, and effort, and misses data that could be leveraged to improve your organization’s defenses. So I paid close attention to what Cobb had to say. Here is an excerpt from his talk:
“(Threat) modelling is going in and out of vogue over the years has a rich history, especially in Academia. It's a collaborative process where we enumerate threats and prioritize mitigations for them. It's basically a way of looking at your business the technologies that you've chosen and what we know about the threat after from a certain perspective, so we can look at a threat model from the perspective of the after what are the steps. They need to complete to accomplish their goals.
What are the systems we are trying to protect and think about ways those assets to be to be attacked. The outcomes are many threat modeling exercise really should be a prioritized list of hypothetical scenarios and we want to organize them by which are the most plausible to actually occur.
And the steps or other mediations? Hunting is the natural complement to threat modelling, hunting is determining whether some modeled threat actually occurred and went undetected, and hunting is largely focused on collecting and analyzing evidence that supports this hypothesis. So there's a significant overlap between what we do a threat hunting.
The ultimate goal of for hunting is not simply finding the threat in the process of investigating the modeled threat. We are gauging the overal |
| Envoyé | Oui |
| Condensat | “a “although “mitre “security “threat “we “you ‘boots ‘cause ‘tanya 2020 2021 21st 22nd able about academia accomplish actions activity actors actually add added address admit advanced advantage adversarial adversary adversary’s affecting after again against alerts alice all also although always amazing analysis analyzing any apartment app: appearing apples application approach apt are areas around assess assessments asset assets att&ck att&ck” attacked attackers attend attended attention automated available awesome balance basically because becomes bedrock been before being best better between biggest blog blogger blue bob book bosses both breach bring business but campaign can can't canada canada’s cases categories catering centre ceo's certain change chosen circumstances clarify classification close cobb collaborative collecting collection combine come coming common company compare complement complete components compromise concludes conditions consultant context contribution controls convention cooperate cooperating could cover coverage created critical criticality customers cyber cybersecurity data day decision defence defenders defense defenses defensive delicious description detect detecting detection detections determine determining dictate did didn’t difference different differentiate digital director done drastically educating effect effective effectively efficiently effort employer enjoy enough enthusiastic enumerate environment equal especially even event event: events ever every evidence excellent excerpt excited exclusively executives exercise existing experienced extensively extremely false fans figured final finding first focus focused focusing followed forensics former forward found framework friend from gauging get glad goal goals going good got ground’ guest hack had handling happen happens has have having help her here here’s highly his history hope hoping horizon hosted hosting hosts hour how huge hunt hunting hypothesis hypothetical i'm i’ll i’m identify identifying ignore implementing importance important impossible improper improve improvement incident incidents increasing independent indications industry information insights intelligence intelligently interested interestingly internet intersection introverted inventory investigate iocs isn’t it's it’s janca janca’s java job join judgment just keep key kiosk know language laptop largely last layer lead learn learned leave level leveraged leveraging like limited list live lived logic look looking machine main making malicious malware management many map massive matter maybe mean means measure mediations meeting mentioned methodology metrics metro miss misses mitigate mitigations mitre model modeled modeling modelling money more most much natural need negatives never new newbies next nicely not note november obviously occur occurred october of investigating offensive offline one ones online only opportunistic oranges organization organization’s organizations organize organizers other out outbreak outcomes outnumbered over overall overlap own paid parties party passionate past people persistent person perspective phishing piece pieces place plausible play podcast policies positive positives post power practice preface present presented previous prioritize prioritized problem procedures process produce professional professionals proper protect protecting provide purple purposefully questions quickly rather reaching really reduce repeated report reporting research researcher resources response resume rich right roles ryan safe safely same savvy say saying scenarios schemes scope sector sector’s secureworks secureworks’ security seeing segues senior session set severity shares she shifted should significant simply simultaneously single smarter smith smith’s solved some soon source speaker specializes spot standards start started step steps strategies success super supports syste |
| Tags | Malware Hack Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.