Burning Down the Haystack presented at BSidesKnoxville 2017

by Tim Frazier,

Summary : How do you find the needle in the haystack? Burn all the hay! In this talk, Tim aims to show how automation can help "burn the hay" and deal with the overwhelming volume of alerts that IR analysts deal with on a daily basis. Tim will give examples of Security Automation & Orchestration (SAO) speeding up the alert triage process through enrichment from internal and external tools, proceeding to a human decision in the loop and then going directly to take response action through integration with existing security tools such as firewalls, proxies, and endpoint solutions.