My take away from the talks from today:
Keynote: Taking Your Detection Program to the Next Level
Engineering is difficult - stop lying to yourself and others about what the SOC needs to engineer, and
engineer those items.
Building the Better Playbook: Techniques to Improve Repeatability
Build your playbooks in a repeatable manner to drive maturity and consistency.
Rob van Os
Metrics on Steroids: Improving SOC Maturity using the SOC-CMM
SOC-CMM is an exhaustive model for (self-)assessment of SOC Maturity and Capability.
Steve Turner, Ben Tyminski
XDR - The Hidden Pitfalls of Evaluation and Deployment
XDR deployments have distinct limitations and capabilities. Leverage standard best
practices while covering new ground.
And Then There Were None (More False Positives): Writing Better EDR Detections
Dan shreds his guitar - he also has obviously spent many hours eliminating the noise from his signal.
Resolve Security Alerts with Adaptive Intelligence and Guided Response
Augmented Intelligence is available for scenarios you frequently encounter.
Analysis 101 for Incident Responders
Develop your team's analytical methodology, and be ready to deal with the reality of not always being right.
Yochana Henderson, Mark Morowczynski
Hiding in the clouds:How attackers can use applications for sustained persistence and how to find it
"****** [devil|god|good god] is in the details." Flaubert, Mies van der Rohe, proverb...
Make sure you understand what that configuration (button) does!
Ransomware Defense and Response: Minimizing Risk of an Increasing Threat
Gabriel Currie, Will Oram
The main reasons for ransomware increasing : big money (140M pounds+ in 6 years) and many more leak sites that have driven organizations to pay ransoms.
Apurv Singh Gautam
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Deep web? Data you're not allowed to see. Dark web? That's where your adversaries are coordinating their attacks on you and selling their illicit goods.
Asking Questions and Writing Effectively
Are you asking the correct questions and capturing the appropriate information? Don't constrain yourself with needless process.
Resource Smart Detection with YARA and osquery
Yara : (Chess) If you see a good move, look for a better one.
New Tools for your Threat Hunting Toolbox
Do what Mark does - save yourself one command a day, eventually, you'll be bored and start to automate other stuff.