Bridging the Gap: Improving Rules Effectiveness by Integrating Detection and Response

Channel:
United States SANS Cyber Defense
Subscribers:
23,600
Published on ● Video Link: https://www.youtube.com/watch?v=BFOj5ULuLrQ


Duration: 33:31
190 views
4

SANS Blue Team Summit 2023
Bridging the Gap: Improving Rules Effectivenessby Integrating Detection and Response
Speaker: Paul Hutelmyer, Principal Engineer, Target Corporation

As cyber threats continue to evolve and become more sophisticated, organizations are deploying an increasing number of detection rules to help identify these threats. However, the management of these rules and the assurance that your rule set does not result in excessive false positives can be a challenge. In this talk, we'll explore the concepts and tools Target uses to fuse detection rules and detection case results to better understand rule effectiveness, gaps, and scope. We'll also share our observations and ideas about content tagging and standards that can help improve the effectiveness of threat detection and response. By combining detection and response data, organizations can achieve better outcomes and stay ahead of evolving cyber threats.

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Cyber Defense


2023-11-05The Growth of Global Election Disinformation: The Role & Methodology of Govt-linked Cyber Actors
2023-09-12Detection Engineering: The Blue Team Cheat Code | Host: Mark Orlando | September 12, 2023
2023-08-09Hunting for Suspicious HTTPS and TLS Connections
2023-08-03What does it take to author a cybersecurity book?
2023-07-31Join us for the SANS Open-Source Intelligence (OSINT) Summit 2023 - September 22!
2023-07-28The Risk to Space: Satellite Communications Systems and Ground Networks as Attack Targets
2023-07-28Drop It Like It's Qbot Separating malicious droppers, loaders, and crypters from their payloads
2023-07-28Panel | 1%: Tiny Gains producing Big Improvements
2023-07-28Zero Trust Architecture: Beyond Proxy or Point Solutions
2023-07-28Ecosystem of Insights: Building Operation Dashboards That Enable Teams
2023-07-28Bridging the Gap: Improving Rules Effectiveness by Integrating Detection and Response
2023-07-28Blueprint Live - 11 Strategies of a World-Class Cybersecurity Operations Center
2023-07-28Cloudy with a Chance of Breaches: OSINTAdventures in Tracing Exposed Credentials
2023-07-28Hunting OneNote Malware: A Practical Guide for Blue Teams
2023-07-28BlueHound: Blue Teams of the World Unite!
2023-07-28The Cyber Pilfer Chain: detecting and disrupting post-exploitation data theft
2023-07-28Keynote | How to Save Your SOC from Stagnation
2023-07-28Keynote | Leave Only Footprints: When Prevention Fails
2023-07-28Blurple Teaming: Open Source Continuous Security Testing in the SOC
2023-07-18Strategies of a World-Class SOC | Host: John Hubbard | July 18, 2023
2023-07-17Strategy 11: Turn up the Volume by Expanding SOC Functionality


Tags:
cyber defense
cyber security
cyber defense training
cyber security training
cybersecurity
cybersecurity training
paul hutelmyer
detection and responses
threat detection
incident response
blue team
sans blue team summit
blue team summit
blue teaming
blue teaming cyber security
detection rules
threat detection and response
cyber threats
integrated detection and response
integrating detection and response