Threat-Informed Detection Engineering

Relevant Courses: https://www.sans.org/sec599, https://www.sans.org/sec699 Presented by: Jorge Orchilles and Chris Peacock Follow here: https://twitter.com/jorgeorchilles Follow here: https://twitter.com/SecurePeacock Have you conducted a purple team exercise that’s left you wanting greater detection coverage? Perhaps it’s to catch threat actors earlier in the attack. Maybe, it’s to cover more detection opportunities in case a threat changes some procedures. In any instance, detection engineering should be driven by intelligence to ensure coverage of real-world threats targeting your organization. This webinar will cover the detection engineering process and how operationalized purple teaming drives it. Every environment is unique and needs custom detections tailored to the environment and its threats. Operationalized purple teaming shows us, with a certain degree of confidence, what it would look like if a threat were to attack. Purple team emulations allow Blue Teams and Detection Engineers to check log sources and develop detections around common questions like, “is it normal for the targeted process to behave this way in our environment?” Join us to learn more about threat-informed detection engineering and how it fits into Purple Teaming.