Incident Response & Threat Intelligence

R2-2A. Moving From a Controls-Based to an Intelligence-Driven Security Program

Thursday, June 13, 2024 11:00 AM - 12:00 PM

Room 2A

Description

Many security programs put in controls such as EDR, firewalls, IPS, etc. And the security program is based on using those tools individually in a silo. To address today's threats, we need to implement a strategy that leverages vendors who have a large install base, detect threats, and then populate their customer's solution in real-time. This strategy takes advantage of the generated intelligence in an automated fashion and moves away from the old days of using threat intelligence manually. The strategy also leverages the ability of vendor partners to have visibility into other controls, to run that through their telemetry and coordinate security operations, as well as quickly remediate identified threats at the endpoint level.

Learner Objectives

After this session, learner will: Leave with a more strategic view of security controls and threat intelligence Understand how to find vendors who can help you achieve this strategy Understand how to tie controls together to achieve more of a centralized threat analysis