This year’s RSA Conference is now just a few weeks away and the theme for this year’s conference is Now Matters. We couldn’t think of a better theme to the conference that supports the information being presented by two of MKACyber’s executives, Mischel Kwon and Justin Monti, during a session on Wednesday, April 18, 2018.
More now than ever, organizations are seeking data-driven, cost effective security programs. Threat intelligence can quickly and easily climb to the top of the expenditures list. As security professionals, we’ve been trained to think that more is better, but too much threat intelligence places undue strain on tooling and analysts. Conversely, too little threat intelligence leaves an organization unnecessarily exposed to risk. At the end of the day, what really matters is that your security operations center (SOC) has the right threat intelligence.
Their talk titled, Threat Intel and Content Curation: Organizing the Path to Successful Detection will address how the security operations center (SOC) can better analyze its internal and external threat intelligence to develop tailored defensive content that is specific to the organization’s threat model, risk profile, and business mission.
If you want to more accurately detect threats in your organization and ensure that your analysts are investigating relevant alerts, then this session will teach you how you can curate your threat intel and content so they actually work for your individual security architecture. Threat intelligence management strategies that enable security teams to map external threat intelligence to their internal threat models, including ways of curating threat intelligence content—IoCs, SIEM correlation rules, protocol parsers, filters, and more—in ways that allow security professionals to create high-functioning SOCs with the ability to both detect threats and holistically defend against cyberattacks more efficiently.
By managing your threat intelligence so the external intel maps to your internal threat models while curating your content sensibly, you can create a high-functioning SOC that both detects and defends against cyberattacks.
The objectives of this 2018 RSA Conference session include:
- Understanding that effective threat intel is not just ingesting more indicators;
- Understanding a pragmatic approach to threat intel management and;
- Attendees will leave with an actionable approach to improve your SOC through content curation.
If you’re interested in learning more about MKACyber’s content curation services or setting up a meeting while the team is in San Francisco, you can reach us here. If you’re attending the 2018 RSA Conference and interested in attending this session it is being held on Wednesday, April 18 from 1:45 p.m. – 2:30 p.m. PT (session code AIR-W12).