![Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]](https://s3.castbox.fm/42/b4/88/6de118a42264bad73e2611343fe123ff59_scaled_v1_400.jpg "Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]")
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]
Update: 2019-12-24
Description
Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole.
Speaker(s)
Rick McElroy, Principal Security Strategist , Carbon Black
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146238
Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Speaker(s)
Rick McElroy, Principal Security Strategist , Carbon Black
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146238
Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
