Mature your detection capabilities - Evolve your SIEM and know your priorities

Wednesday
 
27
 
November
3:50 pm
 - 
4:30 pm
Topic
Security Monitoring / Analytics / Reporting
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 207
Theme
Cyber Security Operations

Speakers

Mlaz Adlbi
Mlaz Adlbi

Mlaz Adlbi

Mlaz Adlbi

Cyber Security Consulting Lead
Crayon

Synopsis

In today's ever-evolving threat landscape, organizations face a constant battle to effectively detect and respond to cyber-attacks. Security Information and Event Management (SIEM) systems play a crucial role in this ongoing battle. However, simply deploying a SIEM is not enough. Building a mature SIEM environment that utilizes threat modelling is essential to maximise its effectiveness and continually improve your organization's security posture.

This presentation will explore the concept of “SIEM maturity” from a threat modelling perspective, and how threat modelling can be leveraged to identify potential security gaps and drive the development of targeted SIEM detection rules. The talk is split in 3 parts:

  • Harnessing Threat Modelling for Smarter SIEM Rules
  • Evolving Your Security Detection Capabilities: A Continuous Process
  • Conclusion

Harnessing Threat Modelling for Smarter SIEM Rules

Threat modelling is a systematic process for identifying potential security gaps in your IT systems, applications, and data. By understanding these gaps and taking the attacker's perspective, you can identify and prioritize threats and develop targeted detection rules within your SIEM. Threat Modelling benefits your SIEM maturity journey by:

  • Providing Targeted Detection: Prioritized threats identified through threat modelling inform the creation of targeted SIEM detection rules.
  • Reducing False Positives: By focusing on specific attack methods, you can create detection rules with lower false positive rates, allowing analysts to focus on real threats.

Evolving Your Security Detection Capabilities: A Continuous Process

Security threats and attacker tactics are constantly evolving. This presentation will highlight the importance of continuously improving your SIEM detection capabilities. Here are key strategies for achieving continuous improvement:

  • Regular Threat Intelligence Updates: Integrating threat intelligence feeds keeps your SIEM informed about the latest attack vectors and threat actor behaviours.
  • Ongoing Threat Modelling: Regularly revisiting your threat models ensures they remain relevant to your evolving IT environment and threat landscape.
  • SIEM Rule Tuning and Optimization: Continuously monitor and adjust SIEM rules to optimize their effectiveness and minimize false positives.
  • Security Team Training: Investing in ongoing training for security analysts empowers them to utilize the SIEM effectively and respond swiftly to incidents.

Conclusion

Building a mature SIEM environment that leverages threat modelling is a vital step towards achieving robust security posture. By aligning your detection capabilities with the most relevant threats, you can significantly enhance your organization's ability to identify, mitigate, and respond to cyberattacks. This presentation will equip you with the knowledge to embark on this journey, empowering you to safeguard your digital assets in today's ever-changing security landscape and enhance your SIEM detection rules.

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country