Network Data: Powering the Modern SOC presented at FutureConPrinceton 2019

by Dan Greer,

Summary : Data is a blessing and a curse. Get the right data, in the right amount, at the right time, and you are in the driver’s seat. The wrong data, too little data, too much data, or the wrong timing, and you are in the hot seat. The explosion of data and its byproduct, network traffic, create structural problems for the SOC. In this session, attendees will learn how taking a different approach to data – one that emphasizes speed, fidelity, and the elimination of data silos – can enable more successful threat hunting and incident response. Topics covered include the impact of TLS 1.3 and encryption on data and its ripple effect on security operations, as well as best practices for threat hunting. The session will also delve into how network traffic analysis can serve as the foundation of more effective security practices, data-driven decisions, and a mature, proactive SOC.