Burning Down the Haystack to Find the Needle

Explore advanced network security techniques in this 41-minute LASCON conference talk. Learn how to detect and prevent contemporary malware, advanced persistent threats (APTs), and zero-day exploits using basic network flow pattern analysis. Discover how to build a comprehensive security analytics program by integrating various tools and data sources. Examine real-world attacks and indicators of compromise, and understand how to feed this information into a broader security analytics framework. Gain insights into creating effective patterns for data analysis, running regular analytics to identify threats, and implementing actionable and automated responses. Participate in discussions about security analytics practices suitable for both novice and experienced security professionals. Cover topics such as enterprise visibility, data types and their applications, pattern creation and analysis, specific analytics for threat detection, and automated response strategies.

Intro
The Problem
Flow Data
Malware Domain List
IP Address List
DNS
Data Exfiltration
System Analysis
St Detection Response
Connecting IP Address
Collective Intelligence Framework
RealTime Decision Making
Automating Detection