A couple of weeks ago, DEFCON Toronto founder Nick Aleks messaged me on Twitter, out of the blue. He invited me to be a panelist for their Women Who Hack event. DEFCON Toronto started only about a year ago, and I had yet to attend any of their meetings, so I was really excited about the opportunity.
The meeting features women who work in cybersecurity. I’ve been doing an interview series for Tripwire’s State of Security blog about that topic, so I really felt in my element. I’ve met so many amazing women in my field, so I was hyped to meet a few more.
Enhancing Threat Intelligence
The event started with a talk by cybersecurity consultant Cheryl Biswas. Her presentation was on Enhancing Threat Intelligence.
Threat intelligence is a matter that overwhelms datacenters, even when they have the best security information and event management (SIEM) systems and log analysis software. One of the biggest issues is that you need intrusion detection system (IDS) sensors, firewalls, and other network security appliances to cover the scope that you’re responsible for. To be more likely to catch more threats, sensors need greater data capacity, and you also need more logs from many of your network components.
But casting wider nets means catching more garbage in your fish hauls – usually in the form of false positive alerts. False positives are a constant challenge, and having to sort through many of them every day to find true positives is something security practitioners cannot completely avoid. Plus, sometimes determining your scope in the first place can take some work.
Prioritize Your Own Data First
Cheryl had excellent advice: she emphasizes prioritizing your own data, first and foremost. Data that you’ve collected in systems you’ve configured yourself is always the most reliable. Then, analyze third-party (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog