Will you detect it or not? How to check if security team is ready before incident happens
2019-05-17, 12:00–12:40, Main Hall

Before the real incident happens, security team must test their detection capabilities in different ways. An overview of MITRE ATT&CK Matrix, test environments and other friends of Blue Team.


Obstacles, unexpected discoveries, lack of information, a flood of logs, new technologies - you will meet them all if you want to build an effective defense team. The talk will expend the next topics based on the experience we have:

  • How to test the security team's detection and incident response processes
  • Best practices for endpoint monitoring tools configuration
  • Some problems, that defense team can encounter
  • Additional resources that can help you detect threats

SOC Analyst at UnderDefense