Most security operations centers focus heavily on the “tactics, techniques, and procedures (TTPs)” of previously known data breaches. These are important to have and to mature over time however these have some substantial weaknesses in detection. These TTPs could be modified, changed, or multiple used in conjunction to evade detection. In addition, new research comes out frequently and staying ahead of these areas becomes extremely challenging. The industry needs to continue to strive for commodity detections but also focus on what a baseline of an organization is and what deviations from behavior looks like. This is hard to do because normalizing activity takes a lot of work and effort.
In this webinar, Binary Defense CTO David Kennedy, will go into the pros and cons and how to build out your security operation center to identify not just commodity attacks, but also focus on attacks that evade your traditional monitoring and detection programs.