2019-05-17, 12:00–12:40, Main Hall
Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team.
Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies - you will meet them all if you want to build an effective defense team. The talk will expend the next topics based on the experience we have:
- How to test the security team's detection and incident response processes
- Best practices for endpoint monitoring tools configuration
- Some problems, that defense team can encounter
- Additional resources that can help you detect threats
SOC Analyst at UnderDefense