Advanced SOCs and MSSPs and MDRs, Oh My! presented at BSidesVancouver 2018

by Shane Harsch,

Summary : Let’s talk meat and potatoes about advancing your SOC with threat hunting, threat intelligence, incident management, and live response. We will also look at how MSSPs and MDRs can make you successful (or not), and how to think about what kind of strategy you might need in today’s hyperkinetic, darkweb-laden, threat-actor-suffused, buzzword-embattled, cyber defense hot mess initiativesThis conversation is intended to:• Outline the principles of an effective threat detection and prevention program that organizations must operationalize in the new security paradigm.• Examine security automation and the continued role of manual analysis.• Recommend steps to assemble security operations and mature incident response capabilities, which are prerequisites for dedicated hunting capabilities.• Define threat intelligence in a way that is meaningful to your organization to better enable you to filter which companies and products are effective.• Outline how to be more proactive