Detecting attacks in their earliest stages — before they impact your business — is a key element of an effective threat detection and incident response (TDIR) strategy. But according to Mandiant’s 2022 M-Trends Special Report, it still takes an average of 21 days to detect a successful cyberattack — and only an average of 92 minutes for threat actors to move laterally across a compromised network.
Of course, detection has come a long way since the early days of static signatures and IOCs, but the constant evolution of adversary techniques continues to be a major challenge for the modern Security Operations Center. Compounding this challenge is the inherent complexity of managing 50-100+ disparate security tools — required to address the need for broader and deeper visibility across a constantly expanding attack surface — but with each tool generating its own alerts and requiring specialized expertise to be properly configured.
In this Black Hat webinar with SecOps experts, we'll cover key topics including how to:
We'll also provide a technical demo of the CardinalOps detection posture management platform, showing how automation can:
Ken Tidwell has been involved with software startups for 40 years. He has been everything from a lowly intern to president. Most notably, Ken was the chief architect at ArcSight when the concept of a SIEM was first developed and contributed many of the ideas still found in SIEMs two decades later. He also led the ArcSight content team and was head of the correlation team, where he built the rule engine, report generation engine, and dashboards. The ArcSight correlation team built the first high-speed, high-throughput, time sequence-oriented rules engine. The team also built innovative engines for report generation – dealing with the automatic creation of long term aggregates to assist with periodic reporting – and a dashboard engine. The team also developed the first pattern discovery engine for security event streams.
Most recently, Ken co-founded FactorChain to build tools to assist in incident response and investigation. FactorChain was acquired by Sumo Logic, where Ken assisted in developing security analytics for their SIEM offering.
Other roles have included being head of user interface for one of the first commercial object-oriented AI development environments, and building the first instance of a Java-based micro-service architecture.
Phil Neray is VP of Cyber Defense Strategy at CardinalOps. With 20+ years of cybersecurity experience, Phil comes to CardinalOps from Microsoft Security, which he joined after the acquisition of CyberX, an early innovator in IoT/OT security monitoring. He previously held executive roles at IBM Security/Q1 Labs, Guardium (acquired by IBM), Veracode, and Symantec. Phil has a BSEE from McGill University, is certified in cloud security (CCSK), and has a black belt in American Jiu-Jitsu.
Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.