IDENTIFYING EMERGING THREATS WITH SECURITY ANALYTICS
February 20, 2019 | (1:00 PM)
USA (United States of America)
An entire industry exists to serve threat feeds that are used within SIEM and SOAR platforms to identify infected systems and campaigns with known signatures (e.g. IP addresses, domain names, and file hashes). Indicator lists are used in a one-dimensional fashion: the raw data is correlated with threat feeds, and an alert is generated if theres a hit. Adversaries are aware of this level of maturity within enterprise SOCs. As such, attackers avoid re-using domain names and other indicators between campaigns. To defend against evolving threats and unknown actors, security teams must leverage analytics to dive into their data.