As Infosec practitioners, how well do you really know and monitor your IT and business operations? Would you identify a data exfiltration event by a bandwidth increase without attendant malware alerts? Would you identify an employee staying late and attempting to gain physical access to a restricted area? Would you identify a successful VPN login from another country?
We will present effective monitoring methods we utilize and the resulting outputs that teach us what normal operations look like in order to identify suspicious activity. By reviewing these types of reports or tickets on a daily basis you will know your IT and business operations well enough to identify anomalies that may evade detection by your security tools. We will show example reports and tickets from our organization covering a variety of these topics and discuss how we analyze them, as well as how we use the information to better tune our monitoring tools.
@sm0kem Russell is an IT Infrastructure & Security Director for a Silver Spring software and outsourced accounting services company. Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the organization's compliance with SOC and FISMA requirements. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.
@r_stgermain Ryan is a Senior Information Security Engineer with ten years' experience, a Master's Degree, and CISSP certification.