Practical Threat Hunting with SIEM - Security First CEE - Computerworld Poland
Вставка
- Опубліковано 2 жов 2024
- Our current cyber security paradigm dictates that we must assume the attacker is either already in our network or forcing its doors every chance it has. That makes threat hunting one of the routine periodic (if not continuous) security operations today. The need to monitor the endpoints is ever increasing, however, that does not diminish the value of network wide analytic reviews to identify the potential culprits in our networks. SIEM is still and it will be an essential tool for monitoring our networks, although it is not enough all by itself. The strongest capabilities of a SIEM tool are its analytic aggregation functionalities and stream processing of real life data. With those capabilities we are able to identify some of the real time malicious activities and analyze the past event patterns which are good signs of malicious behavior. Like any tool SIEM is only as effective as it user's skills. In this session we go through various use cases of a SIEM tool to demonstrate how we can identify suspicious activities and their sources. In those cases we will also testify the importance of understanding offensive techniques for an effective blue team.
