#1277502: API houston cyber security 2019
Join LookingGlass CTO Allan Thomson at the API conference this November, where he will be presenting:
Zeek-Based Threat Detection & Hunting
This presentation describes how a common open-source tool Zeek (Bro) that has been used, until today, been used primarily for threat detection and visibility can be extended for threat hunting as well providing threat response including mitigation of attacks.
Today Zeek/Bro has a large open-source and active community that contributes using Zeek/Bro scripts that include detecting attacks including Heartbleed
and many other behavioral based detections.
This presentation will have the following structure:
Introduction to Zeek/Bro event-based detection techniques including behavioral detection aspects
Show those detection techniques can be applied to Threat Hunting
Show how detection can be mapped to MITRE ATT&CK framework to provide the audience with a common taxonomy on what Zeek/Bro does
Introduction how Zeek/Bro event-based programming model can be extended for threat mitigation and response and what the benefits of those
extensions would provide orgs
Show specific Zeek/Bro examples that highlight the power of extending the Zeek/Bro paradigm.
including simple actions such as being able to respond to Heartbleed after it is detected to then respond with a mitigation action to stop the behavior
progressing through the kill-chain.
Highlight how this framework can be further extended for automation across a network of sensors and mitigation driven by orchestration tools
show how Zeek/Bro fits into orchestration tools including possible playbooks that are written for security operations that tie detection with automated mitigation
Summarize the approach to detection & threat hunting with Zeek/Bro
|Date added||Sept. 20, 2019, 4:59 p.m.|
|Source||Looking Glass Cyber|
|Venue||The Woodlands, Texas, Nov. 12, 2019, midnight - Nov. 13, 2019, midnight|