Firewalls, UEBA, network and endpoints, ingress and lateral movement. When all the indicators turn into a clutter of alerts on my SIEM, I feel the vendor fatigue deep inside. In this talk I will try to put a little order in the great chaos of our cyber threat detection world, and suggest to get back to the root questions. Who? Who is behind the behavior? Looking at identity as the new perimeter and anomaly activity as the new indicators. How behavior analytics in real-time can help answer that very basic question. Who?
Audience: Everyone...